Guten Abend zusammen,
habe ein kleines bis großes Probelm mit meinem Browser (Firefox). Seit einiger Zeit gehen beim surfen irgendweilche Tabs, Coupons und auch Pop Ups auf. Habe schon nach etwas Recherche ein Programm namens Safe Saver deinstalliert, das Problem ist aber nach wie vor vorhanden.

Irgendein eBook browse ist als Link im Browser als Button integriert. Auch das Programm habe ich unter Systemsteuerung - Software deinstalliert, leider ebenso ohne erfolg, da es immer noch angezeigt wird.

Meine Frage ist nun: kann mor da jemand hier weiter helfen? Bin etwas ratlos. Zumal das surfen echt ausgebremst ist.


Danke im Voraus und viele Grüße

Hi,

gleich folgt eine Anweisung zum erstellen von 2 FRST Logs, in der Additions.txt benötige ich folgene Infos.
Empfehlungen fürs Deinstallieren
Bitte kopiere die Liste der installierten Programme aus der additions.txt hier in deinen Thread. Notiere mir bitte
hinter jede Zeile, ob folgendes Kategorie zutrifft: Unbekannt, Nötig, Unnötig
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

• Starte jetzt FRST.
• Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
• Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
• Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

so... hier die FRST:

FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-08-2013
Ran by name (administrator) on 06-08-2013 22:19:06
Running from C:\Users\name\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(McAfee, Inc.) c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(IDT, Inc.) C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe
(Hewlett-Packard Company) C:\windows\system32\Hpservice.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(DigitalPersona, Inc.) c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Andrea Electronics Corporation) C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Development Company, L.P) c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
(Hewlett-Packard Company) c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(McAfee, Inc.) c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-01-08] (Intel Corporation)
HKLM\...\Run: [HPPowerAssistant] - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [1691192 2010-04-05] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-04-05] (Hewlett-Packard)
HKLM\...\Run: [acevents] - C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-04] (ActivIdentity)
HKLM\...\Run: [accrdsub] - C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [483880 2009-06-04] (ActivIdentity)
HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [204584 2011-03-26] (Trend Micro Inc.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-17] (IDT, Inc.)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-11-03] (Google Inc.)
HKLM-x32\...\Run: [File Sanitizer] - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11266048 2010-01-19] (Hewlett-Packard)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111640 2010-03-04] ()
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-02-25] (PDF Complete Inc)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [79192 2011-02-18] (Research In Motion Limited)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2011-11-13] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QLBController] - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [333728 2012-06-20] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] -  [x]
HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-10] ()
HKU\Default User\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-10] ()
HKU\Mahler\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-10] ()
HKU\Mahler\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-05-19] (Hewlett-Packard Company)
HKU\User\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-05-19] (Hewlett-Packard Company)
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCOM/10
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCOM/10
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCOM/10
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1165\6.6.1081\TmIEPlg.dll (Trend Micro Inc.)
BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.)
BHO-x32: EabookBiRoowsEu - {13AD5579-1C22-1DE7-0A2C-07D793B33C27} - C:\ProgramData\EabookBiRoowsEu\51cc80ddecbaf.dll No File
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1165\6.6.1081\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: safEE  save - {95A8BE25-6AC6-5B5F-5296-7C0F67939A04} - C:\ProgramData\safEE  save\51cc75326a286.dll No File
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {00134F72-5284-44F7-95A8-52A619F70751} https://dc1:4343/officescan/console/ClientInstall/WinNTChk.cab
DPF: HKLM-x32 {08D75BB0-D2B5-11D1-88FC-0080C859833B} https://dc1:4343/officescan/console/ClientInstall/setupini.cab
DPF: HKLM-x32 {08D75BC1-D2B5-11D1-88FC-0080C859833B} https://dc1:4343/officescan/console/ClientInstall/setup.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {5EFE8CB1-D095-11D1-88FC-0080C859833B} https://dc1:4343/officescan/console/ClientInstall/RemoveCtrl.cab
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1165\6.6.1081\TmIEPlg.dll (Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1165\6.6.1081\TmIEPlg32.dll (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Client Server Security Agent\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\name\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: safEE  save - C:\Users\name\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\Extensions\eauo0rclt@araisc.com
FF Extension: EabookBiRoowsEu - C:\Users\name\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\Extensions\txlxmkuioy@lauuy.org
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1165\6.6.1081\firefoxextension\
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1165\6.6.1081\firefoxextension\

Chrome: 
=======
CHR Extension: (EabookBiRoowsEu) - C:\Users\name\AppData\Local\Google\Chrome\User Data\Default\Extensions\liljpidhppdkgliaemeklpldheaipbed\1
CHR Extension: (safEE  save) - C:\Users\name\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkdghpecpoghdgcnakclaikdceeofbd\1

==================== Services (Whitelisted) =================

R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-04] (ActivIdentity)
R2 AESTFilters; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
S2 CCALib8; C:\Program Files (x86)\Canon\CAL\CALMAIN.exe [96341 2005-09-30] (Canon Inc.)
R3 DEBridge; c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [704512 2010-02-02] (McAfee, Inc.)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [462088 2010-03-31] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [362040 2009-12-07] (Hewlett-Packard Ltd)
R2 HP ProtectTools Service; c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2010-03-17] (Hewlett-Packard Development Company, L.P)
R2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [281192 2010-02-02] (McAfee, Inc.)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [523680 2012-06-20] (Hewlett-Packard Company)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-02-25] (PDF Complete Inc)
R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe [244736 2010-03-17] (IDT, Inc.)
S3 TmListen; C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe [1007120 2011-03-29] (Trend Micro Inc.)
S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=qb -dt=60000 [x]

==================== Drivers (Whitelisted) ====================

S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [40760 2009-10-21] (Hewlett-Packard Development Company L.P.)
R1 DNE; C:\Windows\System32\DRIVERS\dnelwf64.sys [131672 2010-12-06] (Deterministic Networks, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74240 2011-02-16] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [58184 2010-02-02] (McAfee, Inc.)
S3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [89344 2010-01-30] (Realtek Semiconductor Corp.)
R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [56648 2010-02-02] ()
R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [60160 2009-06-04] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15688 2010-02-02] (McAfee, Inc.)
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90896 2011-02-25] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [146192 2011-02-25] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [69904 2011-02-25] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2010-09-30] (Trend Micro Inc.)
S3 catchme; \??\C:\uninstall.exe\catchme.sys [x]
U3 tmpfw; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-06 22:19 - 2013-08-06 22:19 - 00000000 ____D C:\FRST
2013-08-06 22:18 - 2013-08-06 22:18 - 01788685 _____ (Farbar) C:\Users\name\Desktop\FRST64.exe
2013-08-06 22:14 - 2013-08-06 22:15 - 00002413 _____ C:\DelFix.txt
2013-08-06 22:13 - 2013-08-06 22:13 - 00000000 ___SD C:\uninstall.exe
2013-08-06 22:10 - 2013-08-06 22:10 - 00000249 _____ C:\Users\name\Desktop\Safe Saver und eBook Browse - Trojaner-Board.URL
2013-08-06 07:43 - 2013-08-06 22:14 - 00000000 ____D C:\windows\ERUNT
2013-07-26 22:55 - 2013-08-06 07:33 - 00000282 _____ C:\Users\name\Desktop\spontaner Tab Sponsorship mit URL httptv.channel157news.com - Trojaner-Board.URL
2013-07-26 22:39 - 2013-08-06 22:14 - 00000000 ____D C:\Qoobox
2013-07-26 22:39 - 2013-07-26 22:52 - 00000000 ____D C:\windows\erdnt
2013-07-19 06:47 - 2013-05-27 07:54 - 01188864 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-07-19 06:47 - 2013-05-27 07:53 - 01492992 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-07-19 06:47 - 2013-05-27 07:53 - 00134144 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2013-07-19 06:47 - 2013-05-27 07:50 - 12295680 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-07-19 06:47 - 2013-05-27 07:50 - 02458112 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-07-19 06:47 - 2013-05-27 07:50 - 00735232 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-07-19 06:47 - 2013-05-27 07:50 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-07-19 06:47 - 2013-05-27 07:50 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2013-07-19 06:47 - 2013-05-27 07:50 - 00064512 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-07-19 06:47 - 2013-05-27 07:02 - 00981504 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-07-19 06:47 - 2013-05-27 07:01 - 01231872 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-07-19 06:47 - 2013-05-27 07:01 - 00132096 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2013-07-19 06:47 - 2013-05-27 06:57 - 00627712 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-07-19 06:47 - 2013-05-27 06:57 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2013-07-19 06:47 - 2013-05-27 06:56 - 11020800 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-07-19 06:47 - 2013-05-27 06:56 - 02078208 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-07-19 06:47 - 2013-05-27 06:56 - 00176640 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-07-19 06:47 - 2013-05-27 06:56 - 00048128 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-07-19 06:47 - 2013-05-27 05:58 - 01638912 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-07-19 06:47 - 2013-05-27 05:20 - 01638912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-07-19 06:46 - 2013-05-27 07:50 - 09070080 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-07-19 06:46 - 2013-05-27 06:57 - 06035456 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-07-19 06:43 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2013-07-19 06:43 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2013-07-19 06:42 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-07-19 06:42 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2013-07-19 06:41 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-07-19 06:41 - 2013-04-10 07:45 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2013-07-19 06:41 - 2013-04-10 07:02 - 01077760 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll

==================== One Month Modified Files and Folders =======

2013-08-06 22:19 - 2011-11-03 22:34 - 00001114 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-06 22:18 - 2013-08-06 22:18 - 01788685 _____ (Farbar) C:\Users\name\Desktop\FRST64.exe
2013-08-06 22:15 - 2013-08-06 22:14 - 00002413 _____ C:\DelFix.txt
2013-08-06 22:14 - 2013-08-06 07:43 - 00000000 ____D C:\windows\ERUNT
2013-08-06 22:14 - 2013-07-26 22:39 - 00000000 ____D C:\Qoobox
2013-08-06 22:13 - 2013-08-06 22:13 - 00000000 ___SD C:\uninstall.exe
2013-08-06 22:10 - 2013-08-06 22:10 - 00000249 _____ C:\Users\name\Desktop\Safe Saver und eBook Browse - Trojaner-Board.URL
2013-08-06 21:36 - 2012-09-19 22:50 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-08-06 18:47 - 2009-07-14 04:34 - 00000215 _____ C:\windows\system.ini
2013-08-06 18:33 - 2011-03-07 23:09 - 01228961 _____ C:\windows\WindowsUpdate.log
2013-08-06 18:01 - 2011-04-24 10:45 - 00003926 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{DCD7CC38-A14C-4F68-9043-5B448CE8B444}
2013-08-06 07:45 - 2009-07-14 06:45 - 00020720 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-06 07:45 - 2009-07-14 06:45 - 00020720 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-06 07:44 - 2011-04-13 18:27 - 00000052 _____ C:\windows\SysWOW64\DOErrors.log
2013-08-06 07:43 - 2010-09-12 22:06 - 00656734 _____ C:\windows\system32\perfh007.dat
2013-08-06 07:43 - 2010-09-12 22:06 - 00130510 _____ C:\windows\system32\perfc007.dat
2013-08-06 07:43 - 2009-07-14 07:13 - 01501362 _____ C:\windows\system32\PerfStringBackup.INI
2013-08-06 07:39 - 2011-11-03 22:34 - 00001110 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-06 07:38 - 2010-09-12 22:05 - 00000000 ____D C:\ProgramData\PDFC
2013-08-06 07:38 - 2010-09-12 22:05 - 00000000 ____D C:\ProgramData\HPQLOG
2013-08-06 07:37 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-08-06 07:37 - 2009-07-14 06:51 - 00081230 _____ C:\windows\setupact.log
2013-08-06 07:33 - 2013-07-26 22:55 - 00000282 _____ C:\Users\name\Desktop\spontaner Tab Sponsorship mit URL httptv.channel157news.com - Trojaner-Board.URL
2013-08-05 17:22 - 2011-04-14 08:53 - 00000136 _____ C:\windows\system32\config\netlogon.ftl
2013-07-27 22:41 - 2010-09-12 22:43 - 00910026 _____ C:\windows\PFRO.log
2013-07-26 22:52 - 2013-07-26 22:39 - 00000000 ____D C:\windows\erdnt
2013-07-22 19:48 - 2009-07-14 06:45 - 00458448 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-22 19:47 - 2009-07-27 16:36 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-22 19:47 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-22 19:47 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-19 06:44 - 2011-04-13 20:55 - 78185248 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-07-19 06:43 - 2011-04-14 10:21 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-18 23:14 - 2011-11-03 22:34 - 00004110 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-18 23:14 - 2011-11-03 22:34 - 00003858 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-08 21:54 - 2012-11-16 08:34 - 00003204 _____ C:\windows\System32\Tasks\HPCeeScheduleForname
2013-07-08 21:54 - 2012-11-16 08:34 - 00000344 _____ C:\windows\Tasks\HPCeeScheduleForname.job

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-04 16:04

==================== End Of Log ============================
         

--- --- ---
und hier die Addition:

FRST Additions Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-08-2013
Ran by name at 2013-08-06 22:19:59
Running from C:\Users\name\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
 Update for Microsoft Office 2007 (KB2508958) (x32)   |wohl nötig
ActivClient x64 (Version: 6.2)   |unbekannt
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)   |wohl nötig
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)   |wohl nötig
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)   |wohl nötig
Adobe Shockwave Player 11.6 (x32 Version: 11.6.0.626)   |wohl nötig
Apple Application Support (x32 Version: 2.1.5)   |wohl nötig
Apple Mobile Device Support (Version: 4.0.0.97)   |wohl nötig
Apple Software Update (x32 Version: 2.1.3.127)   |wohl nötig
BlackBerry Desktop Software 6.1 (x32 Version: 6.1.0.35)   |wohl nötig
Bonjour (Version: 3.0.0.10)   |unbekannt
Broadcom 2070 Bluetooth 2.1 + EDR (Version: 6.2.1.1100)   |   |wohl nötig
Broadcom 802.11 Wireless LAN Adapter (Version: 5.60.48.35)   |wohl nötig
Canon Camera Access Library (x32 Version: 8.1.1.17)   |nötig
Canon Camera Support Core Library (x32 Version: 7.3.1.6)   |nötig
Canon Camera Window DC_DV 5 for ZoomBrowser EX (x32 Version: 5.4.5.17)   |nötig
Canon Camera Window DC_DV 6 for ZoomBrowser EX (x32 Version: 6.2.0.8)   |nötig
Canon Camera Window MC 6 for ZoomBrowser EX (x32 Version: 6.1.0.7)   |nötig
CANON iMAGE GATEWAY Task for ZoomBrowser EX (x32 Version: 1.2.0.5)   |nötig
Canon Internet Library for ZoomBrowser EX (x32 Version: 1.4.2.6)   |nötig
Canon RAW Image Task for ZoomBrowser EX (x32 Version: 2.4.0.7)   |nötig
Canon RemoteCapture Task for ZoomBrowser EX (x32 Version: 1.5.0.5)   |nötig
Canon Utilities Digital Photo Professional 2.2 (x32 Version: 2.2.0.1)   |nötig
Canon Utilities EOS Utility (x32 Version: 1.1.0.8)   |nötig
Canon Utilities PhotoStitch (x32 Version: 3.1.18.42)   |nötig
Canon Utilities ZoomBrowser EX (x32 Version: 5.7.0.74)   |nötig
Device Access Manager for HP ProtectTools (Version: 5.0.1.6)   |nötig
DirectX 9 Runtime (x32 Version: 1.00.0000)   |nötig
dows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800)   | unbekannt
Drive Encryption for HP ProtectTools (Version: 5.0.6.0)   |nötig
Drive Encryption for HP ProtectTools (x32 Version: 5.0.6.0)   |nötig
Energy Star Digital Logo (x32 Version: 1.0.1)     | unbekannt
File Sanitizer For HP ProtectTools (x32 Version: 5.0.1.3)    | unbekannt aber HP
Free WMA to MP3 Converter 1.16 (x32)     | nötig
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)    | nicht zwingend nötig
Google Toolbar for Internet Explorer (x32 Version: 7.5.4209.2358)    | nicht zwingend nötig
Google Update Helper (x32 Version: 1.3.21.153)    | nicht zwingend nötig
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)    | bei allen folgenden mit HP keine Einschätzung
HP 3D DriveGuard (Version: 4.1.10.1)
HP Advisor (x32 Version: 3.4.10262.3295)
HP Customer Experience Enhancements (x32 Version: 6.0.1.4)
HP Documentation (x32 Version: 1.1.0.0)
HP ESU for Microsoft Windows 7 (x32 Version: 2.0.2.1)
HP Hotkey Support (x32 Version: 4.6.4.1)
HP Power Assistant (Version: 1.0.6.0)
HP Power Data (Version: 1.0.21.158)
HP ProtectTools Security Manager (Version: 5.07.711)
HP QuickLook (Version: 3.3.1.4)
HP QuickWeb (x32 Version: 1.0.1.62)
HP Setup (x32 Version: 8.2.4130.3367)
HP SoftPaq Download Manager (x32 Version: 3.0.5.0)
HP Software Framework (x32 Version: 4.5.10.1)
HP Software Setup (x32 Version: 7.0.1.6)
HP Support Assistant (x32 Version: 7.0.39.15)
HP Web Camera (Version: 1.0.0)
HP Webcam (x32 Version: 1.0.26.3)
HP Wireless Assistant (Version: 4.0.6.0)
IDT Audio (x32 Version: 1.0.6275.0)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Graphics Media Accelerator Driver (x32 Version: 8.15.10.2119)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)
Intel(R) Network Connections Drivers (Version: 16.3)
Intel® Matrix Storage Manager
iTunes (Version: 10.5.1.42)     | nötig
Java Card Security for HP ProtectTools (Version: 5.0.4.1)       | unbekannt
LightScribe System Software (x32 Version: 1.18.15.1)     | unbekannt
LSI HDA Modem (Version: 2.2.98)      |unbekannt
Microsoft Office 2007 Service Pack 3 (SP3) (x32)    |nötig
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000)    |nötig
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)    |nötig0
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)    |nötig
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000)    |nötig
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)    |nötig
Microsoft Office Professional 2007 (x32 Version: 12.0.6612.1000)    |nötig
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)    |nötig
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)    |nötig
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)    |nötig
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)    |nötig
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)    |nötig
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)    |nötig
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.10    |nötig00)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)    |nötig
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)    |nötig
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)    |nötig
Microsoft Silverlight (x32 Version: 4.0.60129.0)    |nötig
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)    |nötig
Mozilla Maintenance Service (x32 Version: 22.0)    |nötig
PDF Complete Special Edition (x32 Version: 4.0.38)   | unbekannt
Privacy Manager for HP ProtectTools (Version: 5.10.796)   | wohl nötig
Realtek PC Camera (x32 Version: 6.1.7600.0028)    | unbekannt
RICOH Media Driver (x32 Version: 2.14.00.05)     | unbekannt
Roxio Activation Module (x32 Version: 1.0)     | unbekannt
Roxio Creator Audio (x32 Version: 3.8.0)     | unbekannt
Roxio Creator Business (x32 Version: 10.3.56.20)     | unbekannt
Roxio Creator Business v10 (x32 Version: 3.8.0)     | unbekannt
Roxio Creator Copy (x32 Version: 3.8.0)     | unbekannt
Roxio Creator Data (x32 Version: 3.8.0)     | unbekannt
Roxio Creator Tools (x32 Version: 3.8.0)     | unbekannt
Roxio Express Labeler 3 (x32 Version: 3.2.2)     | unbekannt
Roxio MyDVD (x32 Version: 10.3.349)     | unbekannt
Skype™ 4.1 (x32 Version: 4.1.179)     | unnötig
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0)     | unbekannt
Synaptics Pointing Device Driver (Version: 15.0.24.0)     | unbekannt
Theft Recovery (x32 Version: 5.1.0.21)     | unbekannt
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
Validity Fingerprint Driver (Version: 4.0.15.0)     | unbekannt
VD64Inst (Version: 1.00.0000)     | unbekannt
Windows 7 Default Setting (x32 Version: 1.0.1.6)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (Version: 07/30/2009 6.2.0.9405)
Windows Driver Package - Broadcom Bluetooth  (12/16/2009 6.2.0.9414) (Version: 12/16/2009 6.2.0.9414)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)

==================== Restore Points  =========================

06-08-2013 20:15:14 Ende der Bereinigung

==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-08-06 16:35 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {04D8F893-D2AA-40FE-B19E-26F00927145D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSFUpdaterRedux => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company)
Task: {1E563059-AE6B-4770-94EB-C2A19729470A} - System32\Tasks\WPD\SqmUpload_S-1-5-21-2979344955-3751320461-1264610957-1390 => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {2C3346E7-90EE-43E3-9E98-259A57995159} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {3623D6C4-B0AA-4FED-8B41-A2A1C8A765A5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-03] (Google Inc.)
Task: {3E58EB89-9741-4C54-88AE-1F704C781EA7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Assistant Restart => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {3F1D4383-B1D5-479B-98A5-F2D5F550D7CA} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {516A4C00-63E4-4424-98D5-F07DA9E32762} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-18] (Adobe Systems Incorporated)
Task: {558B75BF-F1A1-4D21-849E-F408F83AA118} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5B59CCFD-A2F3-4675-9492-4292EF7ACC34} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {5F249200-501D-42C7-A7E0-6DE08409EA7D} - System32\Tasks\HPCeeScheduleForname => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05] (Hewlett-Packard)
Task: {5FC308BD-612F-405F-85EB-12D0CCFC3C43} - System32\Tasks\User_Feed_Synchronization-{DCD7CC38-A14C-4F68-9043-5B448CE8B444} => C:\windows\system32\msfeedssync.exe [2010-11-20] (Microsoft Corporation)
Task: {7705C5C2-8247-4CE4-86F8-026D8EA37D24} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-03] (Google Inc.)
Task: {B38E50FE-20BE-42DB-8137-893BEE43D52E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {D55F1C04-AA69-4EEF-840E-B8B3FC9012FA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {EEE467C9-3582-4558-9980-8B19BCDE3F0D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForname.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Faulty Device Manager Devices =============

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.



==================== Event log errors: =========================

Application errors:
==================
Error: (08/06/2013 03:47:23 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: uiWatchDog.exe, Version: 1.6.0.1122, Zeitstempel: 0x4d8cdaf8
Name des fehlerhaften Moduls: uiWatchDog.exe, Version: 1.6.0.1122, Zeitstempel: 0x4d8cdaf8
Ausnahmecode: 0xc000000d
Fehleroffset: 0x0000000000009275
ID des fehlerhaften Prozesses: 0x68c
Startzeit der fehlerhaften Anwendung: 0xuiWatchDog.exe0
Pfad der fehlerhaften Anwendung: uiWatchDog.exe1
Pfad des fehlerhaften Moduls: uiWatchDog.exe2
Berichtskennung: uiWatchDog.exe3

Error: (08/06/2013 07:53:18 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/06/2013 07:53:15 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/06/2013 07:52:11 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: CALMAIN.exe, Version: 8.1.0.14, Zeitstempel: 0x433d11f9
Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744, Zeitstempel: 0x4eeaf722
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00009966
ID des fehlerhaften Prozesses: 0xbbc
Startzeit der fehlerhaften Anwendung: 0xCALMAIN.exe0
Pfad der fehlerhaften Anwendung: CALMAIN.exe1
Pfad des fehlerhaften Moduls: CALMAIN.exe2
Berichtskennung: CALMAIN.exe3


System errors:
=============
Error: (08/06/2013 07:42:45 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (08/06/2013 06:47:09 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (08/06/2013 06:40:56 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (08/06/2013 04:35:23 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (08/06/2013 04:31:22 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\uninstall.exe\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (08/06/2013 04:22:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (08/06/2013 07:52:11 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Canon Camera Access Library 8" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (12/13/2012 05:59:58 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 27370 seconds with 9900 seconds of active time.  This session ended with a crash.

Error: (11/27/2012 02:11:26 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 14499 seconds with 6540 seconds of active time.  This session ended with a crash.

Error: (11/08/2012 04:53:40 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 2780 seconds with 1440 seconds of active time.  This session ended with a crash.

Error: (04/24/2012 10:40:03 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 98402 seconds with 4320 seconds of active time.  This session ended with a crash.

Error: (04/12/2012 08:41:25 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 39384 seconds with 4680 seconds of active time.  This session ended with a crash.

Error: (08/12/2011 02:15:57 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 5869 seconds with 1500 seconds of active time.  This session ended with a crash.

Error: (08/10/2011 00:59:30 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 277 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (05/07/2011 07:03:52 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 36202 seconds with 420 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2013-08-06 16:31:22.063
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\uninstall.exe\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-08-06 16:31:21.938
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\uninstall.exe\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-26 22:48:43.113
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-26 22:48:43.004
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 51%
Total physical RAM: 3887.43 MB
Available physical RAM: 1871.55 MB
Total Pagefile: 7773.04 MB
Available Pagefile: 5514.78 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Win7Pro64) (Fixed) (Total:280.79 GB) (Free:202.28 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.48 GB) FAT32 (Disk=0 Partition=4)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 8C949010)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=281 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)

==================== End Of Log ============================
         

--- --- ---

Hi,
es sind 3 Arbeitsschritte auszuführen und 2 Logs zu posten, Ergebnisse bitte gleichzeitig posten.
1.
deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen
bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:
Google Toolbar : bitte verzichte auf toolbars, sie sind ein zusätzliches Risiko.
PDF Complete
Skype™

Starte bitte neu.
2.
Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

• WICHTIG: Speichere Combofix auf deinem Desktop.
• Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
• Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
• Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
• Wenn Combofix fertig ist, wird es ein Logfile erstellen.
• Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

3.
Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop

• Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
• Drücke Start Scan
  
• Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
  TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
  Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

b

Moin moin,

hier zunächst die ComboFix.txt:

Combofix Logfile:

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 13-08-05.03 - name 06.08.2013  23:29:16.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3887.1800 [GMT 2:00]
ausgeführt von:: c:\users\name\Desktop\ComboFix.exe
AV: Trend Micro Security Agent *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Security Agent *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\uninstall.exe
c:\uninstall.exe\023.dat
c:\uninstall.exe\023v.dat
c:\uninstall.exe\023w7.dat
c:\uninstall.exe\ActiveDrv.vbs
c:\uninstall.exe\AppDataFile.cfx
c:\uninstall.exe\AppDataFolder.cfx
c:\uninstall.exe\appinit.bad
c:\uninstall.exe\asp.str
c:\uninstall.exe\Assoc.cmd
c:\uninstall.exe\ATTRIB.3XE
c:\uninstall.exe\Auto-RC.cmd
c:\uninstall.exe\av.cmd
c:\uninstall.exe\av.vbs
c:\uninstall.exe\AWF.cmd
c:\uninstall.exe\badclsid
c:\uninstall.exe\BFE.dat
c:\uninstall.exe\Boot-Rk.cmd
c:\uninstall.exe\Boot.bat
c:\uninstall.exe\BootDrv.vbs
c:\uninstall.exe\c.bat
c:\uninstall.exe\c.mrk
c:\uninstall.exe\Catch-sub.cmd
c:\uninstall.exe\catchme.3XE
c:\uninstall.exe\CCS.bat
c:\uninstall.exe\CF-Script.cmd
c:\uninstall.exe\CF28707.3XE
c:\uninstall.exe\CHCP.bat
c:\uninstall.exe\clsid.c
c:\uninstall.exe\clsid.dat
c:\uninstall.exe\clsid.hiv
c:\uninstall.exe\Combobatch.bat
c:\uninstall.exe\ComboFix-Download.3XE
c:\uninstall.exe\Create.cmd
c:\uninstall.exe\Creg.dat
c:\uninstall.exe\CregC.cmd
c:\uninstall.exe\CregC.dat
c:\uninstall.exe\CregC_.dat
c:\uninstall.exe\CSCRIPT.3XE
c:\uninstall.exe\d-delA.dat
c:\uninstall.exe\dd.3XE
c:\uninstall.exe\ddsDo.sed
c:\uninstall.exe\de-DE\ATTRIB.3XE.mui
c:\uninstall.exe\de-DE\CF28707.3XE.mui
c:\uninstall.exe\de-DE\cmd.3XE.mui
c:\uninstall.exe\de-DE\CSCRIPT.3XE.mui
c:\uninstall.exe\de-DE\PING.3XE.mui
c:\uninstall.exe\de-DE\REGT.3XE.mui
c:\uninstall.exe\de-DE\ROUTE.3XE.mui
c:\uninstall.exe\DelClsid.bat
c:\uninstall.exe\DelClsid64.bat
c:\uninstall.exe\desktop.ini
c:\uninstall.exe\DesktopFile.cfx
c:\uninstall.exe\DisclaimED.dat
c:\uninstall.exe\DPF.str
c:\uninstall.exe\DrvRun.vbs
c:\uninstall.exe\dumphive.3XE
c:\uninstall.exe\embedded.sed
c:\uninstall.exe\en-US\iexplore.exe
c:\uninstall.exe\ERDNT.e_e
c:\uninstall.exe\ERDNTDOS.LOC
c:\uninstall.exe\ERDNTWIN.LOC
c:\uninstall.exe\ERUNT.3XE
c:\uninstall.exe\erunt.dat
c:\uninstall.exe\ERUNT.LOC
c:\uninstall.exe\Exe.reg
c:\uninstall.exe\extract.3XE
c:\uninstall.exe\FavoriteFolder.cfx
c:\uninstall.exe\FavoritesFile.cfx
c:\uninstall.exe\FD-SV.cmd
c:\uninstall.exe\ffdefstr.dll
c:\uninstall.exe\ffext.pif
c:\uninstall.exe\FileKill.3XE
c:\uninstall.exe\files.pif
c:\uninstall.exe\Fin.dat
c:\uninstall.exe\FIND3M.bat
c:\uninstall.exe\FIXLSP.bat
c:\uninstall.exe\FIXLSP64.cmd
c:\uninstall.exe\FKMGen.cmd
c:\uninstall.exe\ForeignWht
c:\uninstall.exe\GetHive.cmd
c:\uninstall.exe\grep.3XE
c:\uninstall.exe\gsar.3XE
c:\uninstall.exe\handle.3XE
c:\uninstall.exe\hidec.3XE
c:\uninstall.exe\history.bat
c:\uninstall.exe\hwid.pif
c:\uninstall.exe\iexplore.exe
c:\uninstall.exe\image001.gif
c:\uninstall.exe\Imefile.dat
c:\uninstall.exe\Install-RC.cmd
c:\uninstall.exe\iphlpsvc.vista.dat
c:\uninstall.exe\iphlpsvc.w7.dat
c:\uninstall.exe\iphlpsvc.w8.dat
c:\uninstall.exe\katch.cmd
c:\uninstall.exe\Kill-All.cmd
c:\uninstall.exe\kmd.dat
c:\uninstall.exe\KNetSvcs.vbs
c:\uninstall.exe\Lang.bat
c:\uninstall.exe\List-B.bat
c:\uninstall.exe\List-C.bat
c:\uninstall.exe\List-D.bat
c:\uninstall.exe\List.bat
c:\uninstall.exe\lnkread.vbs
c:\uninstall.exe\LocalAppDataFile.cfx
c:\uninstall.exe\LocalAppDataFolder.cfx
c:\uninstall.exe\LocalService.dat
c:\uninstall.exe\LocalServiceNetworkRestricted.dat
c:\uninstall.exe\LocalSettingsFile.cfx
c:\uninstall.exe\LocalSettingsFolder.cfx
c:\uninstall.exe\LocalSystemNetworkRestricted.dat
c:\uninstall.exe\mbr.3XE
c:\uninstall.exe\mbr.chk
c:\uninstall.exe\md5sum.pif
c:\uninstall.exe\MDWht.dat
c:\uninstall.exe\MoveIt.bat
c:\uninstall.exe\MpsSvc.dat
c:\uninstall.exe\mtee.3XE
c:\uninstall.exe\MUI
c:\uninstall.exe\MWindows.dat
c:\uninstall.exe\mynul.dat
c:\uninstall.exe\MZChanged.dat
c:\uninstall.exe\N_\15049
c:\uninstall.exe\N_\15971
c:\uninstall.exe\N_\200
c:\uninstall.exe\N_\23421
c:\uninstall.exe\N_\24221
c:\uninstall.exe\N_\27334
c:\uninstall.exe\N_\27400
c:\uninstall.exe\N_\30313
c:\uninstall.exe\N_\31377
c:\uninstall.exe\N_\32334
c:\uninstall.exe\N_\32344
c:\uninstall.exe\N_\4289
c:\uninstall.exe\N_\4850
c:\uninstall.exe\N_\697
c:\uninstall.exe\N_\7802
c:\uninstall.exe\N_\813
c:\uninstall.exe\N_\Path$
c:\uninstall.exe\ncmd.com
c:\uninstall.exe\ND_.bat
c:\uninstall.exe\ND_64.bat
c:\uninstall.exe\ndis_combofix.dat
c:\uninstall.exe\netsvc.bad.dat
c:\uninstall.exe\netsvc.dat
c:\uninstall.exe\NetworkService.dat
c:\uninstall.exe\NirCmd.3XE
c:\uninstall.exe\NircmdB.exe
c:\uninstall.exe\NirCmdC.3XE
c:\uninstall.exe\NIRKMD.3XE
c:\uninstall.exe\NlsLanguageDefault
c:\uninstall.exe\NT-OS.cmd
c:\uninstall.exe\NULL
c:\uninstall.exe\OSid.vbs
c:\uninstall.exe\pausep.3XE
c:\uninstall.exe\PersonalFile.cfx
c:\uninstall.exe\PersonalFolder.cfx
c:\uninstall.exe\pev.3XE
c:\uninstall.exe\PEV.exe
c:\uninstall.exe\pevb.3XE
c:\uninstall.exe\PING.3XE
c:\uninstall.exe\Policies.dat
c:\uninstall.exe\powp.dat
c:\uninstall.exe\Prep.inf
c:\uninstall.exe\ProfilesFile.cfx
c:\uninstall.exe\ProfilesFolder.cfx
c:\uninstall.exe\ProgramsFile.cfx
c:\uninstall.exe\ProgramsFolder.cfx
c:\uninstall.exe\Purity.dat
c:\uninstall.exe\PV.3XE
c:\uninstall.exe\pv.com
c:\uninstall.exe\rar_sfx.cmd
c:\uninstall.exe\RCLink.dat
c:\uninstall.exe\REGDACL.sed
c:\uninstall.exe\RegDo.sed
c:\uninstall.exe\region.dat
c:\uninstall.exe\RegScan.cmd
c:\uninstall.exe\RegScan64.cmd
c:\uninstall.exe\REGT.3XE
c:\uninstall.exe\Resident.txt
c:\uninstall.exe\restore_pt.vbs
c:\uninstall.exe\Rkey.cmd
c:\uninstall.exe\rmbr.3XE
c:\uninstall.exe\rogues.dat
c:\uninstall.exe\ROUTE.3XE
c:\uninstall.exe\run2.sed
c:\uninstall.exe\Rust.str
c:\uninstall.exe\s0rt.3XE
c:\uninstall.exe\safeboot.dat
c:\uninstall.exe\safeboot.def.dat
c:\uninstall.exe\sed.3XE
c:\uninstall.exe\SetEnvmt.bat
c:\uninstall.exe\setpath.3XE
c:\uninstall.exe\setpath_N.cmd
c:\uninstall.exe\SF.exe
c:\uninstall.exe\sfx.cmd
c:\uninstall.exe\ShAccess.dat
c:\uninstall.exe\SnapShot.cmd
c:\uninstall.exe\sqlite3.3XE
c:\uninstall.exe\SRestore.cmd
c:\uninstall.exe\srizbi.md5
c:\uninstall.exe\Start_dat
c:\uninstall.exe\StartMenuFile.cfx
c:\uninstall.exe\StartMenuFolder.cfx
c:\uninstall.exe\StartUpFile.cfx
c:\uninstall.exe\SuppScan.cmd
c:\uninstall.exe\svc_wht.dat
c:\uninstall.exe\SvcDrv.vbs
c:\uninstall.exe\svchost.dat
c:\uninstall.exe\swreg.3XE
c:\uninstall.exe\swsc.3XE
c:\uninstall.exe\swxcacls.3XE
c:\uninstall.exe\system_ini.dat
c:\uninstall.exe\tail.3XE
c:\uninstall.exe\TemplatesFile.cfx
c:\uninstall.exe\TemplatesFolder.cfx
c:\uninstall.exe\toolbar.sed
c:\uninstall.exe\Update-CF.cmd
c:\uninstall.exe\VBR.pif
c:\uninstall.exe\VerCF.bat
c:\uninstall.exe\VikPev00
c:\uninstall.exe\VInfo
c:\uninstall.exe\VInfo2
c:\uninstall.exe\VINFO3
c:\uninstall.exe\Vipev.dat
c:\uninstall.exe\Vista.krl
c:\uninstall.exe\vistaMcode.dat
c:\uninstall.exe\vun.dat
c:\uninstall.exe\VwinTemp.dacl
c:\uninstall.exe\w_sock.dll
c:\uninstall.exe\W6432.dat
c:\uninstall.exe\W7.mac
c:\uninstall.exe\w7Mcode.dat
c:\uninstall.exe\w7reg.dat
c:\uninstall.exe\w8reg.dat
c:\uninstall.exe\Wmi_rem.vbs
c:\uninstall.exe\xpmcode.dat
c:\uninstall.exe\XPSBoot.reg
c:\uninstall.exe\zDomain.dat
c:\uninstall.exe\zhsvc.dat
c:\uninstall.exe\zip.3XE
c:\users\name\AppData\Local\Temp\HP Support Framework\HPSF_Config1.dll
c:\windows\TEMP\ACLM\HP.ActiveCheckLocalMode.DetectEngine.DetectManager_dea10e5e-ac37-4eea-8956-9e3dc867c1f0\HP.ActiveCheckLocalMode.Ccl.dll
c:\windows\TEMP\ACLM\HP.ActiveCheckLocalMode.DetectEngine.DetectManager_dea10e5e-ac37-4eea-8956-9e3dc867c1f0\HP.ActiveCheckLocalMode.DetectEngine.dll
c:\windows\TEMP\ACLM\HP.ActiveCheckLocalMode.DetectEngine.DetectManager_dea10e5e-ac37-4eea-8956-9e3dc867c1f0\HP.ActiveCheckLocalMode.SharedObjects.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-07-06 bis 2013-08-06  ))))))))))))))))))))))))))))))
.
.
2013-08-06 21:37 . 2013-08-06 21:37    --------    d-----w-    c:\users\User\AppData\Local\temp
2013-08-06 21:37 . 2013-08-06 21:37    --------    d-----w-    c:\users\Mahler\AppData\Local\temp
2013-08-06 21:37 . 2013-08-06 21:37    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-08-06 21:37 . 2013-08-06 21:37    --------    d-----w-    c:\users\administrator\AppData\Local\temp
2013-08-06 21:19 . 2013-08-06 21:19    --------    d-----w-    c:\programdata\PDFC
2013-08-06 21:11 . 2013-08-06 21:11    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-06 21:11 . 2013-08-06 21:11    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-06 21:10 . 2013-08-06 21:10    --------    d-----w-    c:\program files (x86)\Common Files\Adobe
2013-08-06 20:19 . 2013-08-06 20:19    --------    d-----w-    C:\FRST
2013-08-06 05:43 . 2013-08-06 20:14    --------    d-----w-    c:\windows\ERUNT
2013-08-05 15:32 . 2013-07-15 01:34    9460976    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{682527EA-9AC5-47DC-8FA2-F37343FCFE43}\mpengine.dll
2013-07-19 04:46 . 2013-05-27 05:50    9070080    ----a-w-    c:\windows\system32\mshtml.dll
2013-07-19 04:43 . 2013-05-27 05:50    1011712    ----a-w-    c:\program files\Windows Defender\MpSvc.dll
2013-07-19 04:43 . 2013-05-27 05:50    571904    ----a-w-    c:\program files\Windows Defender\MpClient.dll
2013-07-19 04:43 . 2013-05-27 05:50    314880    ----a-w-    c:\program files\Windows Defender\MpCommu.dll
2013-07-19 04:43 . 2013-05-27 04:57    4608    ----a-w-    c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-19 04:43 . 2013-05-27 04:57    54784    ----a-w-    c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-19 04:43 . 2013-05-27 04:57    392704    ----a-w-    c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-19 04:43 . 2013-05-27 03:15    9216    ----a-w-    c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-19 04:43 . 2013-06-04 06:00    624128    ----a-w-    c:\windows\system32\qedit.dll
2013-07-19 04:43 . 2013-06-04 04:53    509440    ----a-w-    c:\windows\SysWow64\qedit.dll
2013-07-19 04:42 . 2013-05-06 06:03    1887744    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-07-19 04:42 . 2013-05-06 04:56    1620480    ----a-w-    c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 04:41 . 2013-06-05 03:34    3153920    ----a-w-    c:\windows\system32\win32k.sys
2013-07-19 04:41 . 2013-04-10 05:46    1402880    ----a-w-    c:\program files\Windows Journal\JNWDRV.dll
2013-07-19 04:41 . 2013-04-10 05:46    1393152    ----a-w-    c:\program files\Windows Journal\JNTFiltr.dll
2013-07-19 04:41 . 2013-04-10 05:48    1732608    ----a-w-    c:\program files\Windows Journal\NBDoc.DLL
2013-07-19 04:41 . 2013-04-10 05:46    1367040    ----a-w-    c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-19 04:41 . 2013-04-10 05:03    936448    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-19 04:41 . 2013-04-10 05:45    1545728    ----a-w-    c:\windows\system32\DWrite.dll
2013-07-19 04:41 . 2013-04-10 05:02    1077760    ----a-w-    c:\windows\SysWow64\DWrite.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-19 04:44 . 2011-04-13 18:55    78185248    ----a-w-    c:\windows\system32\MRT.exe
2013-05-13 05:51 . 2013-06-16 07:31    184320    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-16 07:31    139776    ----a-w-    c:\windows\system32\cryptnet.dll
2013-05-13 05:51 . 2013-06-16 07:31    1464320    ----a-w-    c:\windows\system32\crypt32.dll
2013-05-13 05:50 . 2013-06-16 07:31    52224    ----a-w-    c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-16 07:31    140288    ----a-w-    c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-16 07:31    1160192    ----a-w-    c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-16 07:31    103936    ----a-w-    c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-16 07:31    1192448    ----a-w-    c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-16 07:31    903168    ----a-w-    c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-16 07:31    43008    ----a-w-    c:\windows\SysWow64\certenc.dll
2013-05-10 05:49 . 2013-06-16 07:32    30720    ----a-w-    c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-16 07:32    24576    ----a-w-    c:\windows\SysWow64\cryptdlg.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{13AD5579-1C22-1DE7-0A2C-07D793B33C27}]
c:\programdata\EabookBiRoowsEu\51cc80ddecbaf.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95A8BE25-6AC6-5B5F-5296-7C0F67939A04}]
c:\programdata\safEE  save\51cc75326a286.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2010-01-19 11266048]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2010-03-03 111640]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-12 421736]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" [2012-06-20 333728]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-30 1082656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2009-12-07 18:36    75320    ----a-w-    c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages    REG_MULTI_SZ       DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2979344955-3751320461-1264610957-1144\Scripts\Logon\0\0]
"Script"=Default_ohne.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2979344955-3751320461-1264610957-1390\Scripts\Logon\0\0]
"Script"=\\DC1\Anmeldescripts$\aussendienst_neu.bat
.
R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys;c:\windows\SYSNATIVE\DRIVERS\DAMDrv64.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe;c:\windows\SysWOW64\flcdlock.exe [x]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]
R3 rtsuvc;Realtek USB2.0 PC Camera;c:\windows\system32\DRIVERS\rtsuvc.sys;c:\windows\SYSNATIVE\DRIVERS\rtsuvc.sys [x]
R3 SWVNIC;SonicWALL Virtual Miniport;c:\windows\system32\DRIVERS\swvnic.sys;c:\windows\SYSNATIVE\DRIVERS\swvnic.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 RsvLock;RsvLock; [x]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe [x]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [x]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe;c:\program files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [x]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [x]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys;c:\windows\SYSNATIVE\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\rixdpe64.sys [x]
S2 SWIPsec;SonicWALL IPsec Driver;c:\windows\system32\Drivers\SWIPsec.sys;c:\windows\SYSNATIVE\Drivers\SWIPsec.sys [x]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 DEBridge;DEBridge;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [x]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-05-19 08:36    451872    ----a-w-    c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-06 21:11]
.
2013-07-08 c:\windows\Tasks\HPCeeScheduleForname.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-01-08 186904]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" [2010-04-05 1691192]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-04-05 8192]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 196648]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 483880]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-26 413208]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-03-26 204584]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-17 487424]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\name\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - ExtSQL: 2013-06-27 19:24; eauo0rclt@araisc.com; c:\users\name\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\extensions\eauo0rclt@araisc.com
FF - ExtSQL: 2013-06-27 20:13; txlxmkuioy@lauuy.org; c:\users\name\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\extensions\txlxmkuioy@lauuy.org
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\*]
@="?"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\¸*t*˜*t*]
@="?t?t"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\HP9*8—9*]
@="?9?9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\€Q9*]
@="?9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\€Q9*´0*]
@="?9?0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\¸R9*¨˜4*]
@="?9?4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\˜W2*]
@="?2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\ÐX2*]
@="?2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\ÐX2*Õ+*]
@="?2?+"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\Z2*®1*]
@="?2?1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\8]n*]n*]
@="?n?n"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\P^n*0^n*]
@="?n?n"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\@o-* o-*]
@="?-?-"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\pq-*Pq-*]
@="?-?-"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\ s-*€s-*]
@="?-?-"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\Ðu-*°u-*]
@="?-?-"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-08-06  23:41:32
ComboFix-quarantined-files.txt  2013-08-06 21:41
.
Vor Suchlauf: 17 Verzeichnis(se), 216.952.635.392 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 216.878.215.168 Bytes frei
.
- - End Of File - - 59E298F0AA6E8E0F59C9B35A719A6D48
         

--- --- ---
A36C5E4F47E84449FF07ED3517B43A31
und hier das TDSS Killer Log:

Code: Alles auswählenAufklappen

ATTFilter

07:18:08.0612 3144  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
07:18:08.0822 3144  ============================================================
07:18:08.0822 3144  Current date / time: 2013/08/07 07:18:08.0822
07:18:08.0822 3144  SystemInfo:
07:18:08.0822 3144  
07:18:08.0822 3144  OS Version: 6.1.7601 ServicePack: 1.0
07:18:08.0822 3144  Product type: Workstation
07:18:08.0822 3144  ComputerName: 6550B01
07:18:08.0822 3144  UserName: name
07:18:08.0822 3144  Windows directory: C:\windows
07:18:08.0822 3144  System windows directory: C:\windows
07:18:08.0822 3144  Running under WOW64
07:18:08.0822 3144  Processor architecture: Intel x64
07:18:08.0822 3144  Number of processors: 4
07:18:08.0822 3144  Page size: 0x1000
07:18:08.0822 3144  Boot type: Normal boot
07:18:08.0822 3144  ============================================================
07:18:09.0128 3144  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:18:09.0138 3144  ============================================================
07:18:09.0138 3144  \Device\Harddisk0\DR0:
07:18:09.0138 3144  MBR partitions:
07:18:09.0138 3144  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x96000
07:18:09.0138 3144  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x96800, BlocksNum 0x23197000
07:18:09.0138 3144  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2322D800, BlocksNum 0x1E00000
07:18:09.0138 3144  \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x2502D800, BlocksNum 0x3FD800
07:18:09.0138 3144  ============================================================
07:18:09.0168 3144  C: <-> \Device\Harddisk0\DR0\Partition2
07:18:09.0198 3144  F: <-> \Device\Harddisk0\DR0\Partition4
07:18:09.0198 3144  ============================================================
07:18:09.0198 3144  Initialize success
07:18:09.0198 3144  ============================================================
07:18:13.0879 4328  ============================================================
07:18:13.0879 4328  Scan started
07:18:13.0879 4328  Mode: Manual; 
07:18:13.0879 4328  ============================================================
07:18:14.0119 4328  ================ Scan system memory ========================
07:18:14.0119 4328  System memory - ok
07:18:14.0119 4328  ================ Scan services =============================
07:18:14.0319 4328  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
07:18:14.0319 4328  1394ohci - ok
07:18:14.0399 4328  [ 5E8EFEB338DEB1F485420B090FE6C85E ] ac.sharedstore  C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
07:18:14.0409 4328  ac.sharedstore - ok
07:18:14.0459 4328  [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer   C:\windows\system32\DRIVERS\Accelerometer.sys
07:18:14.0459 4328  Accelerometer - ok
07:18:14.0499 4328  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\windows\system32\drivers\ACPI.sys
07:18:14.0499 4328  ACPI - ok
07:18:14.0539 4328  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
07:18:14.0549 4328  AcpiPmi - ok
07:18:14.0629 4328  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
07:18:14.0629 4328  AdobeARMservice - ok
07:18:14.0779 4328  [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
07:18:14.0779 4328  AdobeFlashPlayerUpdateSvc - ok
07:18:14.0839 4328  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\windows\system32\DRIVERS\adp94xx.sys
07:18:14.0849 4328  adp94xx - ok
07:18:14.0909 4328  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\windows\system32\DRIVERS\adpahci.sys
07:18:14.0909 4328  adpahci - ok
07:18:14.0949 4328  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\windows\system32\DRIVERS\adpu320.sys
07:18:14.0949 4328  adpu320 - ok
07:18:14.0989 4328  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
07:18:14.0989 4328  AeLookupSvc - ok
07:18:15.0079 4328  [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters     C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe
07:18:15.0079 4328  AESTFilters - ok
07:18:15.0119 4328  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\windows\system32\drivers\afd.sys
07:18:15.0129 4328  AFD - ok
07:18:15.0179 4328  [ B65F8DBA54F251906BBE8611B5A0E7AB ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
07:18:15.0179 4328  AgereModemAudio - ok
07:18:15.0219 4328  [ A6AB6F0ACE87DA76B4C401813D18BE95 ] AgereSoftModem  C:\windows\system32\DRIVERS\agrsm64.sys
07:18:15.0239 4328  AgereSoftModem - ok
07:18:15.0259 4328  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\windows\system32\drivers\agp440.sys
07:18:15.0259 4328  agp440 - ok
07:18:15.0299 4328  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\windows\System32\alg.exe
07:18:15.0299 4328  ALG - ok
07:18:15.0339 4328  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\windows\system32\drivers\aliide.sys
07:18:15.0339 4328  aliide - ok
07:18:15.0349 4328  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\windows\system32\drivers\amdide.sys
07:18:15.0349 4328  amdide - ok
07:18:15.0389 4328  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\windows\system32\DRIVERS\amdk8.sys
07:18:15.0389 4328  AmdK8 - ok
07:18:15.0409 4328  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
07:18:15.0419 4328  AmdPPM - ok
07:18:15.0439 4328  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\windows\system32\drivers\amdsata.sys
07:18:15.0439 4328  amdsata - ok
07:18:15.0489 4328  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\windows\system32\DRIVERS\amdsbs.sys
07:18:15.0489 4328  amdsbs - ok
07:18:15.0519 4328  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\windows\system32\drivers\amdxata.sys
07:18:15.0519 4328  amdxata - ok
07:18:15.0589 4328  [ 25E9C505A8DB1B5EFE631E43718FDB22 ] Amsp            C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
07:18:15.0599 4328  Amsp - ok
07:18:15.0639 4328  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\windows\system32\drivers\appid.sys
07:18:15.0639 4328  AppID - ok
07:18:15.0669 4328  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\windows\System32\appidsvc.dll
07:18:15.0669 4328  AppIDSvc - ok
07:18:15.0699 4328  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\windows\System32\appinfo.dll
07:18:15.0699 4328  Appinfo - ok
07:18:15.0759 4328  [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
07:18:15.0759 4328  Apple Mobile Device - ok
07:18:15.0799 4328  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\windows\System32\appmgmts.dll
07:18:15.0799 4328  AppMgmt - ok
07:18:15.0839 4328  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\windows\system32\DRIVERS\arc.sys
07:18:15.0839 4328  arc - ok
07:18:15.0869 4328  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\windows\system32\DRIVERS\arcsas.sys
07:18:15.0869 4328  arcsas - ok
07:18:15.0909 4328  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
07:18:15.0909 4328  AsyncMac - ok
07:18:15.0929 4328  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\windows\system32\drivers\atapi.sys
07:18:15.0929 4328  atapi - ok
07:18:15.0979 4328  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
07:18:16.0009 4328  AudioEndpointBuilder - ok
07:18:16.0039 4328  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\windows\System32\Audiosrv.dll
07:18:16.0049 4328  AudioSrv - ok
07:18:16.0079 4328  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\windows\System32\AxInstSV.dll
07:18:16.0079 4328  AxInstSV - ok
07:18:16.0119 4328  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\windows\system32\DRIVERS\bxvbda.sys
07:18:16.0129 4328  b06bdrv - ok
07:18:16.0169 4328  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
07:18:16.0169 4328  b57nd60a - ok
07:18:16.0269 4328  [ 35756E37D5FDEE22FBF27090A14FE608 ] BCM43XX         C:\windows\system32\DRIVERS\bcmwl664.sys
07:18:16.0309 4328  BCM43XX - ok
07:18:16.0329 4328  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\windows\System32\bdesvc.dll
07:18:16.0339 4328  BDESVC - ok
07:18:16.0349 4328  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\windows\system32\drivers\Beep.sys
07:18:16.0349 4328  Beep - ok
07:18:16.0409 4328  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\windows\System32\bfe.dll
07:18:16.0419 4328  BFE - ok
07:18:16.0459 4328  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\windows\system32\qmgr.dll
07:18:16.0469 4328  BITS - ok
07:18:16.0499 4328  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
07:18:16.0499 4328  blbdrive - ok
07:18:16.0559 4328  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
07:18:16.0559 4328  Bonjour Service - ok
07:18:16.0589 4328  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
07:18:16.0599 4328  bowser - ok
07:18:16.0629 4328  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\windows\system32\DRIVERS\BrFiltLo.sys
07:18:16.0629 4328  BrFiltLo - ok
07:18:16.0639 4328  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\windows\system32\DRIVERS\BrFiltUp.sys
07:18:16.0639 4328  BrFiltUp - ok
07:18:16.0689 4328  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\windows\system32\DRIVERS\bridge.sys
07:18:16.0689 4328  BridgeMP - ok
07:18:16.0719 4328  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\windows\System32\browser.dll
07:18:16.0719 4328  Browser - ok
07:18:16.0739 4328  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\windows\System32\Drivers\Brserid.sys
07:18:16.0739 4328  Brserid - ok
07:18:16.0759 4328  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
07:18:16.0759 4328  BrSerWdm - ok
07:18:16.0769 4328  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
07:18:16.0769 4328  BrUsbMdm - ok
07:18:16.0789 4328  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
07:18:16.0789 4328  BrUsbSer - ok
07:18:16.0819 4328  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\windows\system32\drivers\BthEnum.sys
07:18:16.0819 4328  BthEnum - ok
07:18:16.0839 4328  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
07:18:16.0849 4328  BTHMODEM - ok
07:18:16.0869 4328  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
07:18:16.0869 4328  BthPan - ok
07:18:16.0909 4328  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys
07:18:16.0919 4328  BTHPORT - ok
07:18:16.0949 4328  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\windows\system32\bthserv.dll
07:18:16.0959 4328  bthserv - ok
07:18:16.0969 4328  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
07:18:16.0969 4328  BTHUSB - ok
07:18:17.0019 4328  [ AF838D8029AE7C27470862D63FA54D24 ] btwaudio        C:\windows\system32\drivers\btwaudio.sys
07:18:17.0019 4328  btwaudio - ok
07:18:17.0059 4328  [ 5C849BD7C78791C5CEE9F4651D7FE38D ] btwavdt         C:\windows\system32\DRIVERS\btwavdt.sys
07:18:17.0059 4328  btwavdt - ok
07:18:17.0129 4328  [ 10FFB5FA51D5713D872B41A59DFC2213 ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
07:18:17.0139 4328  btwdins - ok
07:18:17.0149 4328  [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap        C:\windows\system32\DRIVERS\btwl2cap.sys
07:18:17.0149 4328  btwl2cap - ok
07:18:17.0169 4328  [ 3E1991AFA851A36DC978B0A1B0535C8B ] btwrchid        C:\windows\system32\DRIVERS\btwrchid.sys
07:18:17.0169 4328  btwrchid - ok
07:18:17.0189 4328  catchme - ok
07:18:17.0259 4328  [ 5753532C476B83119D85AA43B1B10AB3 ] CCALib8         C:\Program Files (x86)\Canon\CAL\CALMAIN.exe
07:18:17.0259 4328  CCALib8 - ok
07:18:17.0289 4328  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
07:18:17.0289 4328  cdfs - ok
07:18:17.0339 4328  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
07:18:17.0339 4328  cdrom - ok
07:18:17.0379 4328  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\windows\System32\certprop.dll
07:18:17.0379 4328  CertPropSvc - ok
07:18:17.0419 4328  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\windows\system32\DRIVERS\circlass.sys
07:18:17.0419 4328  circlass - ok
07:18:17.0449 4328  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\windows\system32\CLFS.sys
07:18:17.0459 4328  CLFS - ok
07:18:17.0519 4328  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:18:17.0519 4328  clr_optimization_v2.0.50727_32 - ok
07:18:17.0579 4328  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
07:18:17.0579 4328  clr_optimization_v2.0.50727_64 - ok
07:18:17.0599 4328  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
07:18:17.0599 4328  CmBatt - ok
07:18:17.0629 4328  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\windows\system32\drivers\cmdide.sys
07:18:17.0629 4328  cmdide - ok
07:18:17.0679 4328  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\windows\system32\Drivers\cng.sys
07:18:17.0679 4328  CNG - ok
07:18:17.0709 4328  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
07:18:17.0709 4328  Compbatt - ok
07:18:17.0739 4328  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
07:18:17.0739 4328  CompositeBus - ok
07:18:17.0759 4328  COMSysApp - ok
07:18:17.0779 4328  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\windows\system32\DRIVERS\crcdisk.sys
07:18:17.0779 4328  crcdisk - ok
07:18:17.0819 4328  [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc        C:\windows\system32\cryptsvc.dll
07:18:17.0819 4328  CryptSvc - ok
07:18:17.0859 4328  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\windows\system32\drivers\csc.sys
07:18:17.0869 4328  CSC - ok
07:18:17.0899 4328  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\windows\System32\cscsvc.dll
07:18:17.0909 4328  CscService - ok
07:18:17.0959 4328  [ A8BA4DA23AC20BDA23CA15234D42A3FA ] DAMDrv          C:\windows\system32\DRIVERS\DAMDrv64.sys
07:18:17.0959 4328  DAMDrv - ok
07:18:18.0009 4328  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\windows\system32\rpcss.dll
07:18:18.0019 4328  DcomLaunch - ok
07:18:18.0089 4328  [ E6E9610D76418357A7EC725989687CB4 ] DEBridge        c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
07:18:18.0089 4328  DEBridge - ok
07:18:18.0119 4328  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\windows\System32\defragsvc.dll
07:18:18.0129 4328  defragsvc - ok
07:18:18.0149 4328  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
07:18:18.0149 4328  DfsC - ok
07:18:18.0179 4328  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\windows\system32\dhcpcore.dll
07:18:18.0189 4328  Dhcp - ok
07:18:18.0229 4328  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\windows\system32\drivers\discache.sys
07:18:18.0229 4328  discache - ok
07:18:18.0249 4328  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\windows\system32\DRIVERS\disk.sys
07:18:18.0249 4328  Disk - ok
07:18:18.0289 4328  [ 599864BDC6D2D769E5FF53E960C6B3BD ] DNE             C:\windows\system32\DRIVERS\dnelwf64.sys
07:18:18.0289 4328  DNE - ok
07:18:18.0319 4328  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\windows\System32\dnsrslvr.dll
07:18:18.0319 4328  Dnscache - ok
07:18:18.0349 4328  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\windows\System32\dot3svc.dll
07:18:18.0349 4328  dot3svc - ok
07:18:18.0409 4328  [ 723E663FD14A7FBE4B1C8C8FDE1C406C ] DpHost          c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
07:18:18.0419 4328  DpHost - ok
07:18:18.0449 4328  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\windows\system32\dps.dll
07:18:18.0449 4328  DPS - ok
07:18:18.0489 4328  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
07:18:18.0489 4328  drmkaud - ok
07:18:18.0529 4328  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
07:18:18.0549 4328  DXGKrnl - ok
07:18:18.0589 4328  [ 14F16F95C1347BD50CA4FA4DFDA7E806 ] e1kexpress      C:\windows\system32\DRIVERS\e1k62x64.sys
07:18:18.0599 4328  e1kexpress - ok
07:18:18.0629 4328  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\windows\System32\eapsvc.dll
07:18:18.0629 4328  EapHost - ok
07:18:18.0719 4328  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\windows\system32\DRIVERS\evbda.sys
07:18:18.0759 4328  ebdrv - ok
07:18:18.0779 4328  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\windows\System32\lsass.exe
07:18:18.0779 4328  EFS - ok
07:18:18.0829 4328  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
07:18:18.0839 4328  ehRecvr - ok
07:18:18.0869 4328  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\windows\ehome\ehsched.exe
07:18:18.0869 4328  ehSched - ok
07:18:18.0909 4328  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\windows\system32\DRIVERS\elxstor.sys
07:18:18.0919 4328  elxstor - ok
07:18:18.0949 4328  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\windows\system32\drivers\errdev.sys
07:18:18.0949 4328  ErrDev - ok
07:18:18.0999 4328  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\windows\system32\es.dll
07:18:19.0009 4328  EventSystem - ok
07:18:19.0049 4328  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\windows\system32\drivers\exfat.sys
07:18:19.0049 4328  exfat - ok
07:18:19.0069 4328  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\windows\system32\drivers\fastfat.sys
07:18:19.0079 4328  fastfat - ok
07:18:19.0119 4328  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\windows\system32\fxssvc.exe
07:18:19.0129 4328  Fax - ok
07:18:19.0149 4328  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\windows\system32\DRIVERS\fdc.sys
07:18:19.0149 4328  fdc - ok
07:18:19.0159 4328  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\windows\system32\fdPHost.dll
07:18:19.0169 4328  fdPHost - ok
07:18:19.0189 4328  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\windows\system32\fdrespub.dll
07:18:19.0189 4328  FDResPub - ok
07:18:19.0209 4328  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
07:18:19.0209 4328  FileInfo - ok
07:18:19.0219 4328  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
07:18:19.0219 4328  Filetrace - ok
07:18:19.0309 4328  [ 614B050875190FFE7ABBAF0CBB4FBBBA ] FLCDLOCK        c:\Windows\SysWOW64\flcdlock.exe
07:18:19.0319 4328  FLCDLOCK - ok
07:18:19.0329 4328  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
07:18:19.0329 4328  flpydisk - ok
07:18:19.0379 4328  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
07:18:19.0379 4328  FltMgr - ok
07:18:19.0429 4328  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\windows\system32\FntCache.dll
07:18:19.0439 4328  FontCache - ok
07:18:19.0479 4328  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
07:18:19.0489 4328  FontCache3.0.0.0 - ok
07:18:19.0519 4328  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
07:18:19.0519 4328  FsDepends - ok
07:18:19.0549 4328  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
07:18:19.0549 4328  Fs_Rec - ok
07:18:19.0599 4328  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
07:18:19.0599 4328  fvevol - ok
07:18:19.0649 4328  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\windows\system32\DRIVERS\gagp30kx.sys
07:18:19.0649 4328  gagp30kx - ok
07:18:19.0679 4328  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM     C:\windows\system32\DRIVERS\GEARAspiWDM.sys
07:18:19.0679 4328  GEARAspiWDM - ok
07:18:19.0719 4328  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\windows\System32\gpsvc.dll
07:18:19.0729 4328  gpsvc - ok
07:18:19.0759 4328  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
07:18:19.0759 4328  hcw85cir - ok
07:18:19.0829 4328  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
07:18:19.0829 4328  HdAudAddService - ok
07:18:19.0859 4328  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
07:18:19.0859 4328  HDAudBus - ok
07:18:19.0889 4328  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\windows\system32\DRIVERS\HECIx64.sys
07:18:19.0889 4328  HECIx64 - ok
07:18:19.0919 4328  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\windows\system32\DRIVERS\HidBatt.sys
07:18:19.0919 4328  HidBatt - ok
07:18:19.0939 4328  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
07:18:19.0949 4328  HidBth - ok
07:18:19.0969 4328  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\windows\system32\DRIVERS\hidir.sys
07:18:19.0969 4328  HidIr - ok
07:18:19.0999 4328  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\windows\System32\hidserv.dll
07:18:19.0999 4328  hidserv - ok
07:18:20.0029 4328  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
07:18:20.0029 4328  HidUsb - ok
07:18:20.0059 4328  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\windows\system32\kmsvc.dll
07:18:20.0059 4328  hkmsvc - ok
07:18:20.0079 4328  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
07:18:20.0089 4328  HomeGroupListener - ok
07:18:20.0119 4328  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
07:18:20.0129 4328  HomeGroupProvider - ok
07:18:20.0199 4328  [ F2889318AB3CD87CCA17CB3769CDC1E4 ] HP Power Assistant Service C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
07:18:20.0199 4328  HP Power Assistant Service - ok
07:18:20.0239 4328  [ 3891D3993065D392E0DE541BEA0A9EA5 ] HP ProtectTools Service c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
07:18:20.0249 4328  HP ProtectTools Service - ok
07:18:20.0309 4328  [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
07:18:20.0309 4328  HP Support Assistant Service - ok
07:18:20.0339 4328  [ 58CC11D14D88EF70EF7ABBC75B5EEBD8 ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
07:18:20.0339 4328  HP Wireless Assistant Service - ok
07:18:20.0409 4328  [ A4A0E006A1826EA2629E59DE2008BB9D ] HPDayStarterService c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
07:18:20.0409 4328  HPDayStarterService - ok
07:18:20.0489 4328  [ B7382BEC806B7B00FC84B3E2061FF48E ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
07:18:20.0489 4328  HPDrvMntSvc.exe - ok
07:18:20.0529 4328  [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt        C:\windows\system32\DRIVERS\hpdskflt.sys
07:18:20.0529 4328  hpdskflt - ok
07:18:20.0549 4328  [ 5AFB3F9B74553BD933555E1C800D2CE1 ] HpFkCryptService c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
07:18:20.0559 4328  HpFkCryptService - ok
07:18:20.0609 4328  [ 8205DA7B4191ACD96F76B81E42945754 ] HPFSService     C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
07:18:20.0609 4328  HPFSService - ok
07:18:20.0679 4328  [ 4968C0728E257B3B6210244A9CDE2A08 ] hpHotkeyMonitor C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
07:18:20.0679 4328  hpHotkeyMonitor - ok
07:18:20.0709 4328  [ B98EE5D4535A685634B90F7E04DE0DF7 ] HpqKbFiltr      C:\windows\system32\DRIVERS\HpqKbFiltr.sys
07:18:20.0709 4328  HpqKbFiltr - ok
07:18:20.0769 4328  [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
07:18:20.0779 4328  hpqwmiex - ok
07:18:20.0819 4328  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
07:18:20.0829 4328  HpSAMD - ok
07:18:20.0869 4328  [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv           C:\windows\system32\Hpservice.exe
07:18:20.0869 4328  hpsrv - ok
07:18:20.0919 4328  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\windows\system32\drivers\HTTP.sys
07:18:20.0939 4328  HTTP - ok
07:18:20.0969 4328  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
07:18:20.0969 4328  hwpolicy - ok
07:18:21.0009 4328  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\windows\system32\drivers\i8042prt.sys
07:18:21.0009 4328  i8042prt - ok
07:18:21.0099 4328  [ D782F0C741EE2D50AC8D38774597FB2B ] IAANTMON        C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
07:18:21.0099 4328  IAANTMON - ok
07:18:21.0129 4328  [ DC0B4553D089E2BD07AEBD9EA30BEAFB ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
07:18:21.0139 4328  iaStor - ok
07:18:21.0179 4328  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
07:18:21.0189 4328  iaStorV - ok
07:18:21.0249 4328  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
07:18:21.0259 4328  idsvc - ok
07:18:21.0479 4328  [ 2A22AB054F4630D2EF4BAB2853F6D5F6 ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
07:18:21.0629 4328  igfx - ok
07:18:21.0649 4328  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\windows\system32\DRIVERS\iirsp.sys
07:18:21.0659 4328  iirsp - ok
07:18:21.0689 4328  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\windows\System32\ikeext.dll
07:18:21.0699 4328  IKEEXT - ok
07:18:21.0739 4328  [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd           C:\windows\system32\DRIVERS\Impcd.sys
07:18:21.0739 4328  Impcd - ok
07:18:21.0769 4328  [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud        C:\windows\system32\DRIVERS\IntcDAud.sys
07:18:21.0769 4328  IntcDAud - ok
07:18:21.0799 4328  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\windows\system32\drivers\intelide.sys
07:18:21.0799 4328  intelide - ok
07:18:21.0839 4328  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
07:18:21.0839 4328  intelppm - ok
07:18:21.0870 4328  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\windows\system32\ipbusenum.dll
07:18:21.0870 4328  IPBusEnum - ok
07:18:21.0910 4328  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
07:18:21.0910 4328  IpFilterDriver - ok
07:18:21.0950 4328  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
07:18:21.0960 4328  iphlpsvc - ok
07:18:21.0990 4328  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
07:18:21.0990 4328  IPMIDRV - ok
07:18:22.0010 4328  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\windows\system32\drivers\ipnat.sys
07:18:22.0010 4328  IPNAT - ok
07:18:22.0080 4328  [ 4472C8825B5E41D8697D5962F47AB1C9 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
07:18:22.0090 4328  iPod Service - ok
07:18:22.0110 4328  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\windows\system32\drivers\irenum.sys
07:18:22.0110 4328  IRENUM - ok
07:18:22.0130 4328  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\windows\system32\drivers\isapnp.sys
07:18:22.0130 4328  isapnp - ok
07:18:22.0150 4328  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
07:18:22.0160 4328  iScsiPrt - ok
07:18:22.0180 4328  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
07:18:22.0180 4328  kbdclass - ok
07:18:22.0200 4328  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\windows\system32\DRIVERS\kbdhid.sys
07:18:22.0200 4328  kbdhid - ok
07:18:22.0220 4328  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\windows\system32\lsass.exe
07:18:22.0230 4328  KeyIso - ok
07:18:22.0250 4328  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
07:18:22.0250 4328  KSecDD - ok
07:18:22.0280 4328  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
07:18:22.0290 4328  KSecPkg - ok
07:18:22.0310 4328  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
07:18:22.0320 4328  ksthunk - ok
07:18:22.0350 4328  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\windows\system32\msdtckrm.dll
07:18:22.0360 4328  KtmRm - ok
07:18:22.0400 4328  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\windows\System32\srvsvc.dll
07:18:22.0410 4328  LanmanServer - ok
07:18:22.0430 4328  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
07:18:22.0430 4328  LanmanWorkstation - ok
07:18:22.0510 4328  [ 7550D101BF49FDB1F92666A233EE36C4 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
07:18:22.0510 4328  LightScribeService - ok
07:18:22.0540 4328  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
07:18:22.0540 4328  lltdio - ok
07:18:22.0570 4328  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\windows\System32\lltdsvc.dll
07:18:22.0580 4328  lltdsvc - ok
07:18:22.0590 4328  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\windows\System32\lmhsvc.dll
07:18:22.0600 4328  lmhosts - ok
07:18:22.0650 4328  [ 271F79326CD571BD271D45C47148ED78 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
07:18:22.0650 4328  LMS - ok
07:18:22.0690 4328  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\windows\system32\DRIVERS\lsi_fc.sys
07:18:22.0690 4328  LSI_FC - ok
07:18:22.0710 4328  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\windows\system32\DRIVERS\lsi_sas.sys
07:18:22.0720 4328  LSI_SAS - ok
07:18:22.0730 4328  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\windows\system32\DRIVERS\lsi_sas2.sys
07:18:22.0730 4328  LSI_SAS2 - ok
07:18:22.0760 4328  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\windows\system32\DRIVERS\lsi_scsi.sys
07:18:22.0760 4328  LSI_SCSI - ok
07:18:22.0790 4328  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\windows\system32\drivers\luafv.sys
07:18:22.0790 4328  luafv - ok
07:18:22.0820 4328  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
07:18:22.0820 4328  Mcx2Svc - ok
07:18:22.0850 4328  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\windows\system32\DRIVERS\megasas.sys
07:18:22.0850 4328  megasas - ok
07:18:22.0870 4328  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\windows\system32\DRIVERS\MegaSR.sys
07:18:22.0870 4328  MegaSR - ok
07:18:22.0910 4328  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\windows\system32\mmcss.dll
07:18:22.0910 4328  MMCSS - ok
07:18:22.0930 4328  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\windows\system32\drivers\modem.sys
07:18:22.0930 4328  Modem - ok
07:18:22.0960 4328  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\windows\system32\DRIVERS\monitor.sys
07:18:22.0960 4328  monitor - ok
07:18:23.0000 4328  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
07:18:23.0010 4328  mouclass - ok
07:18:23.0020 4328  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
07:18:23.0030 4328  mouhid - ok
07:18:23.0050 4328  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
07:18:23.0060 4328  mountmgr - ok
07:18:23.0110 4328  [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
07:18:23.0110 4328  MozillaMaintenance - ok
07:18:23.0140 4328  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\windows\system32\drivers\mpio.sys
07:18:23.0140 4328  mpio - ok
07:18:23.0170 4328  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
07:18:23.0170 4328  mpsdrv - ok
07:18:23.0220 4328  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\windows\system32\mpssvc.dll
07:18:23.0230 4328  MpsSvc - ok
07:18:23.0250 4328  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
07:18:23.0250 4328  MRxDAV - ok
07:18:23.0280 4328  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
07:18:23.0280 4328  mrxsmb - ok
07:18:23.0310 4328  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
07:18:23.0310 4328  mrxsmb10 - ok
07:18:23.0340 4328  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
07:18:23.0340 4328  mrxsmb20 - ok
07:18:23.0380 4328  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\windows\system32\drivers\msahci.sys
07:18:23.0380 4328  msahci - ok
07:18:23.0400 4328  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\windows\system32\drivers\msdsm.sys
07:18:23.0400 4328  msdsm - ok
07:18:23.0430 4328  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\windows\System32\msdtc.exe
07:18:23.0430 4328  MSDTC - ok
07:18:23.0490 4328  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\windows\system32\drivers\Msfs.sys
07:18:23.0490 4328  Msfs - ok
07:18:23.0520 4328  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
07:18:23.0520 4328  mshidkmdf - ok
07:18:23.0540 4328  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
07:18:23.0550 4328  msisadrv - ok
07:18:23.0580 4328  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
07:18:23.0580 4328  MSiSCSI - ok
07:18:23.0590 4328  msiserver - ok
07:18:23.0620 4328  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
07:18:23.0620 4328  MSKSSRV - ok
07:18:23.0640 4328  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
07:18:23.0640 4328  MSPCLOCK - ok
07:18:23.0660 4328  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
07:18:23.0660 4328  MSPQM - ok
07:18:23.0690 4328  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
07:18:23.0700 4328  MsRPC - ok
07:18:23.0730 4328  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
07:18:23.0730 4328  mssmbios - ok
07:18:23.0760 4328  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
07:18:23.0760 4328  MSTEE - ok
07:18:23.0790 4328  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\windows\system32\DRIVERS\MTConfig.sys
07:18:23.0790 4328  MTConfig - ok
07:18:23.0830 4328  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\windows\system32\Drivers\mup.sys
07:18:23.0830 4328  Mup - ok
07:18:23.0860 4328  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\windows\system32\qagentRT.dll
07:18:23.0870 4328  napagent - ok
07:18:23.0920 4328  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
07:18:23.0920 4328  NativeWifiP - ok
07:18:23.0960 4328  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\windows\system32\drivers\ndis.sys
07:18:23.0970 4328  NDIS - ok
07:18:24.0000 4328  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
07:18:24.0000 4328  NdisCap - ok
07:18:24.0030 4328  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
07:18:24.0030 4328  NdisTapi - ok
07:18:24.0060 4328  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
07:18:24.0060 4328  Ndisuio - ok
07:18:24.0070 4328  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
07:18:24.0080 4328  NdisWan - ok
07:18:24.0100 4328  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
07:18:24.0110 4328  NDProxy - ok
07:18:24.0120 4328  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
07:18:24.0120 4328  NetBIOS - ok
07:18:24.0160 4328  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
07:18:24.0160 4328  NetBT - ok
07:18:24.0170 4328  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\windows\system32\lsass.exe
07:18:24.0180 4328  Netlogon - ok
07:18:24.0210 4328  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\windows\System32\netman.dll
07:18:24.0210 4328  Netman - ok
07:18:24.0230 4328  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\windows\System32\netprofm.dll
07:18:24.0230 4328  netprofm - ok
07:18:24.0250 4328  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:18:24.0260 4328  NetTcpPortSharing - ok
07:18:24.0430 4328  [ 39EDE676D17F37AF4573C2B33EC28ACA ] NETw5s64        C:\windows\system32\DRIVERS\NETw5s64.sys
07:18:24.0530 4328  NETw5s64 - ok
07:18:24.0570 4328  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\windows\system32\DRIVERS\nfrd960.sys
07:18:24.0570 4328  nfrd960 - ok
07:18:24.0610 4328  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\windows\System32\nlasvc.dll
07:18:24.0610 4328  NlaSvc - ok
07:18:24.0640 4328  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\windows\system32\drivers\Npfs.sys
07:18:24.0640 4328  Npfs - ok
07:18:24.0670 4328  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\windows\system32\nsisvc.dll
07:18:24.0680 4328  nsi - ok
07:18:24.0690 4328  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
07:18:24.0690 4328  nsiproxy - ok
07:18:24.0740 4328  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
07:18:24.0770 4328  Ntfs - ok
07:18:24.0780 4328  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\windows\system32\drivers\Null.sys
07:18:24.0780 4328  Null - ok
07:18:24.0810 4328  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\windows\system32\drivers\nvraid.sys
07:18:24.0820 4328  nvraid - ok
07:18:24.0850 4328  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\windows\system32\drivers\nvstor.sys
07:18:24.0850 4328  nvstor - ok
07:18:24.0890 4328  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
07:18:24.0890 4328  nv_agp - ok
07:18:24.0960 4328  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
07:18:24.0970 4328  odserv - ok
07:18:25.0010 4328  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
07:18:25.0010 4328  ohci1394 - ok
07:18:25.0040 4328  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:18:25.0040 4328  ose - ok
07:18:25.0070 4328  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
07:18:25.0080 4328  p2pimsvc - ok
07:18:25.0100 4328  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\windows\system32\p2psvc.dll
07:18:25.0110 4328  p2psvc - ok
07:18:25.0130 4328  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\windows\system32\DRIVERS\parport.sys
07:18:25.0130 4328  Parport - ok
07:18:25.0160 4328  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\windows\system32\drivers\partmgr.sys
07:18:25.0160 4328  partmgr - ok
07:18:25.0170 4328  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\windows\System32\pcasvc.dll
07:18:25.0180 4328  PcaSvc - ok
07:18:25.0190 4328  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\windows\system32\drivers\pci.sys
07:18:25.0190 4328  pci - ok
07:18:25.0220 4328  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\windows\system32\drivers\pciide.sys
07:18:25.0230 4328  pciide - ok
07:18:25.0260 4328  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
07:18:25.0260 4328  pcmcia - ok
07:18:25.0290 4328  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\windows\system32\drivers\pcw.sys
07:18:25.0290 4328  pcw - ok
07:18:25.0310 4328  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\windows\system32\drivers\peauth.sys
07:18:25.0320 4328  PEAUTH - ok
07:18:25.0370 4328  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\windows\system32\peerdistsvc.dll
07:18:25.0390 4328  PeerDistSvc - ok
07:18:25.0460 4328  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\windows\SysWow64\perfhost.exe
07:18:25.0470 4328  PerfHost - ok
07:18:25.0540 4328  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\windows\system32\pla.dll
07:18:25.0560 4328  pla - ok
07:18:25.0600 4328  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
07:18:25.0610 4328  PlugPlay - ok
07:18:25.0640 4328  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
07:18:25.0650 4328  PNRPAutoReg - ok
07:18:25.0670 4328  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
07:18:25.0670 4328  PNRPsvc - ok
07:18:25.0700 4328  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
07:18:25.0710 4328  PolicyAgent - ok
07:18:25.0720 4328  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\windows\system32\umpo.dll
07:18:25.0730 4328  Power - ok
07:18:25.0770 4328  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
07:18:25.0780 4328  PptpMiniport - ok
07:18:25.0800 4328  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\windows\system32\DRIVERS\processr.sys
07:18:25.0800 4328  Processor - ok
07:18:25.0840 4328  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\windows\system32\profsvc.dll
07:18:25.0850 4328  ProfSvc - ok
07:18:25.0860 4328  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
07:18:25.0860 4328  ProtectedStorage - ok
07:18:25.0890 4328  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\windows\system32\DRIVERS\pacer.sys
07:18:25.0890 4328  Psched - ok
07:18:25.0920 4328  [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64        C:\windows\system32\Drivers\PxHlpa64.sys
07:18:25.0920 4328  PxHlpa64 - ok
07:18:25.0980 4328  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\windows\system32\DRIVERS\ql2300.sys
07:18:26.0000 4328  ql2300 - ok
07:18:26.0020 4328  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\windows\system32\DRIVERS\ql40xx.sys
07:18:26.0020 4328  ql40xx - ok
07:18:26.0040 4328  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\windows\system32\qwave.dll
07:18:26.0050 4328  QWAVE - ok
07:18:26.0070 4328  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
07:18:26.0070 4328  QWAVEdrv - ok
07:18:26.0080 4328  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
07:18:26.0090 4328  RasAcd - ok
07:18:26.0130 4328  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
07:18:26.0130 4328  RasAgileVpn - ok
07:18:26.0140 4328  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\windows\System32\rasauto.dll
07:18:26.0140 4328  RasAuto - ok
07:18:26.0170 4328  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
07:18:26.0180 4328  Rasl2tp - ok
07:18:26.0200 4328  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\windows\System32\rasmans.dll
07:18:26.0210 4328  RasMan - ok
07:18:26.0220 4328  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
07:18:26.0220 4328  RasPppoe - ok
07:18:26.0240 4328  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
07:18:26.0240 4328  RasSstp - ok
07:18:26.0250 4328  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
07:18:26.0260 4328  rdbss - ok
07:18:26.0270 4328  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
07:18:26.0270 4328  rdpbus - ok
07:18:26.0290 4328  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
07:18:26.0290 4328  RDPCDD - ok
07:18:26.0320 4328  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\windows\system32\drivers\rdpdr.sys
07:18:26.0330 4328  RDPDR - ok
07:18:26.0350 4328  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
07:18:26.0350 4328  RDPENCDD - ok
07:18:26.0360 4328  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
07:18:26.0360 4328  RDPREFMP - ok
07:18:26.0400 4328  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
07:18:26.0400 4328  RdpVideoMiniport - ok
07:18:26.0420 4328  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
07:18:26.0430 4328  RDPWD - ok
07:18:26.0480 4328  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
07:18:26.0480 4328  rdyboost - ok
07:18:26.0500 4328  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\windows\System32\mprdim.dll
07:18:26.0500 4328  RemoteAccess - ok
07:18:26.0530 4328  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\windows\system32\regsvc.dll
07:18:26.0530 4328  RemoteRegistry - ok
07:18:26.0570 4328  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
07:18:26.0570 4328  RFCOMM - ok
07:18:26.0620 4328  [ 3DCA561AAF776AA2E356FB5B142AA5F8 ] rimspci         C:\windows\system32\DRIVERS\rimspe64.sys
07:18:26.0620 4328  rimspci - ok
07:18:26.0650 4328  [ 71B48DDAF5E9C2B40E64DE5C405F5AAC ] RimUsb          C:\windows\system32\Drivers\RimUsb_AMD64.sys
07:18:26.0660 4328  RimUsb - ok
07:18:26.0680 4328  [ C903D49655B4AAE46673F0AAA6BE0F58 ] RimVSerPort     C:\windows\system32\DRIVERS\RimSerial_AMD64.sys
07:18:26.0680 4328  RimVSerPort - ok
07:18:26.0690 4328  [ C4581F04AA130892555B821F1FBAA151 ] risdpcie        C:\windows\system32\DRIVERS\risdpe64.sys
07:18:26.0690 4328  risdpcie - ok
07:18:26.0720 4328  [ A4579105A3C5B6290701EAD0C153E07A ] rixdpcie        C:\windows\system32\DRIVERS\rixdpe64.sys
07:18:26.0720 4328  rixdpcie - ok
07:18:26.0750 4328  [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM       C:\windows\system32\Drivers\RootMdm.sys
07:18:26.0750 4328  ROOTMODEM - ok
07:18:26.0850 4328  [ C48AE8B3067261A48FCC31979A3A1EB9 ] RoxMediaDB10    c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
07:18:26.0870 4328  RoxMediaDB10 - ok
07:18:26.0900 4328  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
07:18:26.0910 4328  RpcEptMapper - ok
07:18:26.0940 4328  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\windows\system32\locator.exe
07:18:26.0940 4328  RpcLocator - ok
07:18:26.0970 4328  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\windows\system32\rpcss.dll
07:18:26.0980 4328  RpcSs - ok
07:18:27.0000 4328  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
07:18:27.0000 4328  rspndr - ok
07:18:27.0030 4328  [ 26E0D15FB1835F7ED638F157CCD2E04D ] RsvLock         C:\windows\system32\drivers\RsvLock.sys
07:18:27.0030 4328  RsvLock - ok
07:18:27.0050 4328  [ 39A1CF40AA29A16FE176B825195A3E0B ] rtsuvc          C:\windows\system32\DRIVERS\rtsuvc.sys
07:18:27.0050 4328  rtsuvc - ok
07:18:27.0090 4328  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\windows\system32\drivers\vms3cap.sys
07:18:27.0090 4328  s3cap - ok
07:18:27.0100 4328  [ 6EF8E5E3A079C97C70915CF740E89977 ] SafeBoot        C:\windows\system32\drivers\SafeBoot.sys
07:18:27.0100 4328  Suspicious file (NoAccess): C:\windows\system32\drivers\SafeBoot.sys. md5: 6EF8E5E3A079C97C70915CF740E89977
07:18:27.0110 4328  SafeBoot ( LockedFile.Multi.Generic ) - warning
07:18:27.0110 4328  SafeBoot - detected LockedFile.Multi.Generic (1)
07:18:27.0120 4328  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\windows\system32\lsass.exe
07:18:27.0120 4328  SamSs - ok
07:18:27.0140 4328  [ FD8714A36C4646DE22DDC7E36F6D09EF ] SbAlg           C:\windows\system32\drivers\SbAlg.sys
07:18:27.0140 4328  SbAlg - ok
07:18:27.0170 4328  [ 43027F1996F3AC6BD54B8A871996B7B3 ] SbFsLock        C:\windows\system32\drivers\SbFsLock.sys
07:18:27.0170 4328  SbFsLock - ok
07:18:27.0190 4328  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
07:18:27.0200 4328  sbp2port - ok
07:18:27.0230 4328  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\windows\System32\SCardSvr.dll
07:18:27.0240 4328  SCardSvr - ok
07:18:27.0260 4328  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
07:18:27.0260 4328  scfilter - ok
07:18:27.0300 4328  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\windows\system32\schedsvc.dll
07:18:27.0320 4328  Schedule - ok
07:18:27.0350 4328  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\windows\System32\certprop.dll
07:18:27.0360 4328  SCPolicySvc - ok
07:18:27.0390 4328  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\windows\system32\drivers\sdbus.sys
07:18:27.0400 4328  sdbus - ok
07:18:27.0430 4328  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\windows\System32\SDRSVC.dll
07:18:27.0430 4328  SDRSVC - ok
07:18:27.0460 4328  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\windows\system32\drivers\secdrv.sys
07:18:27.0460 4328  secdrv - ok
07:18:27.0470 4328  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\windows\system32\seclogon.dll
07:18:27.0480 4328  seclogon - ok
07:18:27.0500 4328  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\windows\system32\sens.dll
07:18:27.0500 4328  SENS - ok
07:18:27.0530 4328  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\windows\system32\sensrsvc.dll
07:18:27.0540 4328  SensrSvc - ok
07:18:27.0580 4328  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\windows\system32\DRIVERS\serenum.sys
07:18:27.0580 4328  Serenum - ok
07:18:27.0590 4328  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\windows\system32\DRIVERS\serial.sys
07:18:27.0590 4328  Serial - ok
07:18:27.0620 4328  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
07:18:27.0620 4328  sermouse - ok
07:18:27.0670 4328  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\windows\system32\sessenv.dll
07:18:27.0670 4328  SessionEnv - ok
07:18:27.0700 4328  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
07:18:27.0700 4328  sffdisk - ok
07:18:27.0720 4328  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
07:18:27.0720 4328  sffp_mmc - ok
07:18:27.0730 4328  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
07:18:27.0730 4328  sffp_sd - ok
07:18:27.0750 4328  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\windows\system32\DRIVERS\sfloppy.sys
07:18:27.0750 4328  sfloppy - ok
07:18:27.0790 4328  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\windows\System32\ipnathlp.dll
07:18:27.0790 4328  SharedAccess - ok
07:18:27.0820 4328  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
07:18:27.0830 4328  ShellHWDetection - ok
07:18:27.0850 4328  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\windows\system32\DRIVERS\SiSRaid2.sys
07:18:27.0860 4328  SiSRaid2 - ok
07:18:27.0880 4328  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\windows\system32\DRIVERS\sisraid4.sys
07:18:27.0880 4328  SiSRaid4 - ok
07:18:27.0920 4328  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\windows\system32\DRIVERS\smb.sys
07:18:27.0920 4328  Smb - ok
07:18:27.0960 4328  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\windows\System32\snmptrap.exe
07:18:27.0960 4328  SNMPTRAP - ok
07:18:27.0970 4328  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\windows\system32\drivers\spldr.sys
07:18:27.0970 4328  spldr - ok
07:18:28.0010 4328  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\windows\System32\spoolsv.exe
07:18:28.0020 4328  Spooler - ok
07:18:28.0110 4328  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\windows\system32\sppsvc.exe
07:18:28.0160 4328  sppsvc - ok
07:18:28.0190 4328  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\windows\system32\sppuinotify.dll
07:18:28.0190 4328  sppuinotify - ok
07:18:28.0230 4328  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\windows\system32\DRIVERS\srv.sys
07:18:28.0230 4328  srv - ok
07:18:28.0260 4328  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
07:18:28.0260 4328  srv2 - ok
07:18:28.0270 4328  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
07:18:28.0280 4328  srvnet - ok
07:18:28.0300 4328  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
07:18:28.0300 4328  SSDPSRV - ok
07:18:28.0320 4328  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\windows\system32\sstpsvc.dll
07:18:28.0320 4328  SstpSvc - ok
07:18:28.0420 4328  [ E455F5FE92EDC3CAD3F2963C5CCA47E6 ] STacSV          C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe
07:18:28.0430 4328  STacSV - ok
07:18:28.0450 4328  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\windows\system32\DRIVERS\stexstor.sys
07:18:28.0450 4328  stexstor - ok
07:18:28.0500 4328  [ 4A9D087C9A97071B9D06DB38567DA906 ] STHDA           C:\windows\system32\DRIVERS\stwrt64.sys
07:18:28.0500 4328  STHDA - ok
07:18:28.0550 4328  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\windows\System32\wiaservc.dll
07:18:28.0560 4328  stisvc - ok
07:18:28.0600 4328  [ AD989072596AB313D7FA13BCF69573F7 ] stllssvr        c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
07:18:28.0610 4328  stllssvr - ok
07:18:28.0630 4328  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\windows\system32\drivers\vmstorfl.sys
07:18:28.0630 4328  storflt - ok
07:18:28.0660 4328  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\windows\system32\storsvc.dll
07:18:28.0660 4328  StorSvc - ok
07:18:28.0700 4328  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\windows\system32\drivers\storvsc.sys
07:18:28.0700 4328  storvsc - ok
07:18:28.0720 4328  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\windows\system32\drivers\swenum.sys
07:18:28.0720 4328  swenum - ok
07:18:28.0840 4328  [ 62EAC9FB03C327654608070FA78BA84D ] SWIPsec         C:\windows\system32\Drivers\SWIPsec.sys
07:18:28.0840 4328  SWIPsec - ok
07:18:28.0881 4328  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\windows\System32\swprv.dll
07:18:28.0891 4328  swprv - ok
07:18:28.0931 4328  [ DCF11E08A8524B19EC47515C22BE492E ] SWVNIC          C:\windows\system32\DRIVERS\swvnic.sys
07:18:28.0931 4328  SWVNIC - ok
07:18:28.0991 4328  [ D268D2A0DB2A2BBE963E688D0B039267 ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
07:18:29.0011 4328  SynTP - ok
07:18:29.0071 4328  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\windows\system32\sysmain.dll
07:18:29.0101 4328  SysMain - ok
07:18:29.0121 4328  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
07:18:29.0131 4328  TabletInputService - ok
07:18:29.0161 4328  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\windows\System32\tapisrv.dll
07:18:29.0171 4328  TapiSrv - ok
07:18:29.0191 4328  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\windows\System32\tbssvc.dll
07:18:29.0201 4328  TBS - ok
07:18:29.0251 4328  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip           C:\windows\system32\drivers\tcpip.sys
07:18:29.0281 4328  Tcpip - ok
07:18:29.0321 4328  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
07:18:29.0331 4328  TCPIP6 - ok
07:18:29.0361 4328  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
07:18:29.0361 4328  tcpipreg - ok
07:18:29.0391 4328  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
07:18:29.0391 4328  TDPIPE - ok
07:18:29.0411 4328  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
07:18:29.0421 4328  TDTCP - ok
07:18:29.0451 4328  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
07:18:29.0461 4328  tdx - ok
07:18:29.0481 4328  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\windows\system32\drivers\termdd.sys
07:18:29.0481 4328  TermDD - ok
07:18:29.0511 4328  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\windows\System32\termsrv.dll
07:18:29.0521 4328  TermService - ok
07:18:29.0541 4328  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\windows\system32\themeservice.dll
07:18:29.0541 4328  Themes - ok
07:18:29.0581 4328  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\windows\system32\mmcss.dll
07:18:29.0581 4328  THREADORDER - ok
07:18:29.0621 4328  [ BA4030F56AACECD0E6D413565B4AED75 ] tmactmon        C:\windows\system32\DRIVERS\tmactmon.sys
07:18:29.0621 4328  tmactmon - ok
07:18:29.0661 4328  [ ED866799CA62626341632DA9EDECFD04 ] tmcomm          C:\windows\system32\DRIVERS\tmcomm.sys
07:18:29.0661 4328  tmcomm - ok
07:18:29.0671 4328  [ 84FB4B5C8DCD78163C440431FEF3E096 ] tmevtmgr        C:\windows\system32\DRIVERS\tmevtmgr.sys
07:18:29.0671 4328  tmevtmgr - ok
07:18:29.0731 4328  [ 14AAD1604C9386899485758C05A1757E ] TmListen        C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
07:18:29.0741 4328  TmListen - ok
07:18:29.0811 4328  [ 77B9BEBB0769F45EF770297196EF3506 ] tmtdi           C:\windows\system32\DRIVERS\tmtdi.sys
07:18:29.0811 4328  tmtdi - ok
07:18:29.0841 4328  [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM             C:\windows\system32\drivers\tpm.sys
07:18:29.0841 4328  TPM - ok
07:18:29.0871 4328  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\windows\System32\trkwks.dll
07:18:29.0871 4328  TrkWks - ok
07:18:29.0922 4328  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
07:18:29.0932 4328  TrustedInstaller - ok
07:18:29.0952 4328  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
07:18:29.0952 4328  tssecsrv - ok
07:18:29.0992 4328  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
07:18:29.0992 4328  TsUsbFlt - ok
07:18:30.0022 4328  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
07:18:30.0022 4328  tunnel - ok
07:18:30.0042 4328  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\windows\system32\DRIVERS\uagp35.sys
07:18:30.0042 4328  uagp35 - ok
07:18:30.0062 4328  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
07:18:30.0072 4328  udfs - ok
07:18:30.0112 4328  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\windows\system32\UI0Detect.exe
07:18:30.0112 4328  UI0Detect - ok
07:18:30.0142 4328  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
07:18:30.0142 4328  uliagpkx - ok
07:18:30.0182 4328  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\windows\system32\DRIVERS\umbus.sys
07:18:30.0182 4328  umbus - ok
07:18:30.0202 4328  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
07:18:30.0212 4328  UmPass - ok
07:18:30.0242 4328  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\windows\System32\umrdp.dll
07:18:30.0252 4328  UmRdpService - ok
07:18:30.0372 4328  [ 5713E039C0622F40347735CBA460B8FC ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
07:18:30.0392 4328  UNS - ok
07:18:30.0422 4328  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\windows\System32\upnphost.dll
07:18:30.0432 4328  upnphost - ok
07:18:30.0472 4328  [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64       C:\windows\system32\Drivers\usbaapl64.sys
07:18:30.0472 4328  USBAAPL64 - ok
07:18:30.0492 4328  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
07:18:30.0492 4328  usbccgp - ok
07:18:30.0512 4328  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\windows\system32\drivers\usbcir.sys
07:18:30.0522 4328  usbcir - ok
07:18:30.0532 4328  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\windows\system32\drivers\usbehci.sys
07:18:30.0532 4328  usbehci - ok
07:18:30.0562 4328  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
07:18:30.0572 4328  usbhub - ok
07:18:30.0582 4328  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\windows\system32\drivers\usbohci.sys
07:18:30.0592 4328  usbohci - ok
07:18:30.0612 4328  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
07:18:30.0612 4328  usbprint - ok
07:18:30.0642 4328  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
07:18:30.0642 4328  USBSTOR - ok
07:18:30.0662 4328  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
07:18:30.0662 4328  usbuhci - ok
07:18:30.0702 4328  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
07:18:30.0702 4328  usbvideo - ok
07:18:30.0732 4328  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\windows\System32\uxsms.dll
07:18:30.0732 4328  UxSms - ok
07:18:30.0752 4328  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\windows\system32\lsass.exe
07:18:30.0752 4328  VaultSvc - ok
07:18:30.0812 4328  [ BBE2B5036D2FF45458C747FB2513591D ] vcsFPService    C:\windows\system32\vcsFPService.exe
07:18:30.0842 4328  vcsFPService - ok
07:18:30.0862 4328  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
07:18:30.0862 4328  vdrvroot - ok
07:18:30.0892 4328  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\windows\System32\vds.exe
07:18:30.0903 4328  vds - ok
07:18:30.0933 4328  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
07:18:30.0943 4328  vga - ok
07:18:30.0953 4328  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\windows\System32\drivers\vga.sys
07:18:30.0953 4328  VgaSave - ok
07:18:30.0993 4328  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
07:18:30.0993 4328  vhdmp - ok
07:18:31.0013 4328  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\windows\system32\drivers\viaide.sys
07:18:31.0013 4328  viaide - ok
07:18:31.0033 4328  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\windows\system32\drivers\vmbus.sys
07:18:31.0033 4328  vmbus - ok
07:18:31.0063 4328  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\windows\system32\drivers\VMBusHID.sys
07:18:31.0063 4328  VMBusHID - ok
07:18:31.0073 4328  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\windows\system32\drivers\volmgr.sys
07:18:31.0073 4328  volmgr - ok
07:18:31.0113 4328  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
07:18:31.0123 4328  volmgrx - ok
07:18:31.0163 4328  [ DF8126BD41180351A093A3AD2FC8903B ] volsnap         C:\windows\system32\drivers\volsnap.sys
07:18:31.0163 4328  volsnap - ok
07:18:31.0193 4328  [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus          C:\windows\system32\DRIVERS\vpchbus.sys
07:18:31.0193 4328  vpcbus - ok
07:18:31.0243 4328  [ E675FB2B48C54F09895482E2253B289C ] vpcnfltr        C:\windows\system32\DRIVERS\vpcnfltr.sys
07:18:31.0243 4328  vpcnfltr - ok
07:18:31.0263 4328  [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb          C:\windows\system32\DRIVERS\vpcusb.sys
07:18:31.0263 4328  vpcusb - ok
07:18:31.0313 4328  [ 207B6539799CC1C112661A9B620DD233 ] vpcvmm          C:\windows\system32\drivers\vpcvmm.sys
07:18:31.0323 4328  vpcvmm - ok
07:18:31.0353 4328  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\windows\system32\DRIVERS\vsmraid.sys
07:18:31.0353 4328  vsmraid - ok
07:18:31.0413 4328  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\windows\system32\vssvc.exe
07:18:31.0443 4328  VSS - ok
07:18:31.0473 4328  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
07:18:31.0473 4328  vwifibus - ok
07:18:31.0503 4328  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
07:18:31.0503 4328  vwififlt - ok
07:18:31.0523 4328  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
07:18:31.0523 4328  vwifimp - ok
07:18:31.0543 4328  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\windows\system32\w32time.dll
07:18:31.0553 4328  W32Time - ok
07:18:31.0573 4328  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\windows\system32\DRIVERS\wacompen.sys
07:18:31.0573 4328  WacomPen - ok
07:18:31.0603 4328  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
07:18:31.0613 4328  WANARP - ok
07:18:31.0613 4328  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
07:18:31.0613 4328  Wanarpv6 - ok
07:18:31.0663 4328  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\windows\system32\wbengine.exe
07:18:31.0683 4328  wbengine - ok
07:18:31.0703 4328  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
07:18:31.0703 4328  WbioSrvc - ok
07:18:31.0733 4328  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\windows\System32\wcncsvc.dll
07:18:31.0743 4328  wcncsvc - ok
07:18:31.0753 4328  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
07:18:31.0753 4328  WcsPlugInService - ok
07:18:31.0783 4328  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\windows\system32\DRIVERS\wd.sys
07:18:31.0783 4328  Wd - ok
07:18:31.0823 4328  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
07:18:31.0833 4328  Wdf01000 - ok
07:18:31.0843 4328  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\windows\system32\wdi.dll
07:18:31.0853 4328  WdiServiceHost - ok
07:18:31.0853 4328  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\windows\system32\wdi.dll
07:18:31.0863 4328  WdiSystemHost - ok
07:18:31.0893 4328  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\windows\System32\webclnt.dll
07:18:31.0903 4328  WebClient - ok
07:18:31.0923 4328  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\windows\system32\wecsvc.dll
07:18:31.0933 4328  Wecsvc - ok
07:18:31.0943 4328  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\windows\System32\wercplsupport.dll
07:18:31.0953 4328  wercplsupport - ok
07:18:31.0973 4328  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\windows\System32\WerSvc.dll
07:18:31.0973 4328  WerSvc - ok
07:18:32.0013 4328  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
07:18:32.0013 4328  WfpLwf - ok
07:18:32.0033 4328  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\windows\system32\drivers\wimmount.sys
07:18:32.0033 4328  WIMMount - ok
07:18:32.0063 4328  WinDefend - ok
07:18:32.0063 4328  WinHttpAutoProxySvc - ok
07:18:32.0113 4328  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
07:18:32.0123 4328  Winmgmt - ok
07:18:32.0173 4328  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\windows\system32\WsmSvc.dll
07:18:32.0203 4328  WinRM - ok
07:18:32.0243 4328  [ FE88B288356E7B47B74B13372ADD906D ] WinUSB          C:\windows\system32\DRIVERS\WinUSB.sys
07:18:32.0243 4328  WinUSB - ok
07:18:32.0283 4328  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\windows\System32\wlansvc.dll
07:18:32.0303 4328  Wlansvc - ok
07:18:32.0403 4328  [ 98F138897EF4246381D197CB81846D62 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
07:18:32.0433 4328  wlidsvc - ok
07:18:32.0453 4328  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
07:18:32.0453 4328  WmiAcpi - ok
07:18:32.0493 4328  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
07:18:32.0503 4328  wmiApSrv - ok
07:18:32.0513 4328  WMPNetworkSvc - ok
07:18:32.0543 4328  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\windows\System32\wpcsvc.dll
07:18:32.0543 4328  WPCSvc - ok
07:18:32.0563 4328  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
07:18:32.0563 4328  WPDBusEnum - ok
07:18:32.0583 4328  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
07:18:32.0593 4328  ws2ifsl - ok
07:18:32.0603 4328  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\windows\system32\wscsvc.dll
07:18:32.0613 4328  wscsvc - ok
07:18:32.0613 4328  WSearch - ok
07:18:32.0683 4328  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\windows\system32\wuaueng.dll
07:18:32.0723 4328  wuauserv - ok
07:18:32.0743 4328  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
07:18:32.0753 4328  WudfPf - ok
07:18:32.0783 4328  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
07:18:32.0783 4328  WUDFRd - ok
07:18:32.0813 4328  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
07:18:32.0823 4328  wudfsvc - ok
07:18:32.0853 4328  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\windows\System32\wwansvc.dll
07:18:32.0853 4328  WwanSvc - ok
07:18:32.0883 4328  ================ Scan global ===============================
07:18:32.0903 4328  [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
07:18:32.0933 4328  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
07:18:32.0943 4328  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
07:18:32.0963 4328  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
07:18:32.0993 4328  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
07:18:33.0003 4328  [Global] - ok
07:18:33.0003 4328  ================ Scan MBR ==================================
07:18:33.0013 4328  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
07:18:33.0263 4328  \Device\Harddisk0\DR0 - ok
07:18:33.0263 4328  ================ Scan VBR ==================================
07:18:33.0263 4328  [ AFF3909263E923176CACAF5AACA3414E ] \Device\Harddisk0\DR0\Partition1
07:18:33.0263 4328  \Device\Harddisk0\DR0\Partition1 - ok
07:18:33.0283 4328  [ FD025B9932901AAFA6BA86E92A064F82 ] \Device\Harddisk0\DR0\Partition2
07:18:33.0283 4328  \Device\Harddisk0\DR0\Partition2 - ok
07:18:33.0313 4328  [ 7C1526F42E5B511DFEDF7030CE403473 ] \Device\Harddisk0\DR0\Partition3
07:18:33.0313 4328  \Device\Harddisk0\DR0\Partition3 - ok
07:18:33.0333 4328  [ BFDC04644B149FB90DD85E26D856091D ] \Device\Harddisk0\DR0\Partition4
07:18:33.0333 4328  \Device\Harddisk0\DR0\Partition4 - ok
07:18:33.0333 4328  ============================================================
07:18:33.0333 4328  Scan finished
07:18:33.0333 4328  ============================================================
07:18:33.0353 2020  Detected object count: 1
07:18:33.0353 2020  Actual detected object count: 1
07:18:50.0785 2020  SafeBoot ( LockedFile.Multi.Generic ) - skipped by user
07:18:50.0785 2020  SafeBoot ( LockedFile.Multi.Generic ) - User select action: Skip 
07:19:16.0128 3784  Deinitialize success
         

VG

... hatte die settings beim tdss nicht gesetzt, deshalb hier nocheinmal das aktualisierte log:

Code: Alles auswählenAufklappen

ATTFilter

07:58:49.0864 3324  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
07:58:50.0114 3324  ============================================================
07:58:50.0114 3324  Current date / time: 2013/08/07 07:58:50.0114
07:58:50.0114 3324  SystemInfo:
07:58:50.0114 3324  
07:58:50.0114 3324  OS Version: 6.1.7601 ServicePack: 1.0
07:58:50.0114 3324  Product type: Workstation
07:58:50.0114 3324  ComputerName: 6550B01
07:58:50.0114 3324  UserName: name
07:58:50.0114 3324  Windows directory: C:\windows
07:58:50.0114 3324  System windows directory: C:\windows
07:58:50.0114 3324  Running under WOW64
07:58:50.0114 3324  Processor architecture: Intel x64
07:58:50.0114 3324  Number of processors: 4
07:58:50.0114 3324  Page size: 0x1000
07:58:50.0114 3324  Boot type: Normal boot
07:58:50.0114 3324  ============================================================
07:58:50.0379 3324  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:58:50.0395 3324  ============================================================
07:58:50.0395 3324  \Device\Harddisk0\DR0:
07:58:50.0395 3324  MBR partitions:
07:58:50.0395 3324  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x96000
07:58:50.0395 3324  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x96800, BlocksNum 0x23197000
07:58:50.0395 3324  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2322D800, BlocksNum 0x1E00000
07:58:50.0395 3324  \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x2502D800, BlocksNum 0x3FD800
07:58:50.0395 3324  ============================================================
07:58:50.0426 3324  C: <-> \Device\Harddisk0\DR0\Partition2
07:58:50.0457 3324  F: <-> \Device\Harddisk0\DR0\Partition4
07:58:50.0457 3324  ============================================================
07:58:50.0457 3324  Initialize success
07:58:50.0457 3324  ============================================================
07:59:01.0751 5592  ============================================================
07:59:01.0751 5592  Scan started
07:59:01.0751 5592  Mode: Manual; SigCheck; TDLFS; 
07:59:01.0751 5592  ============================================================
07:59:02.0048 5592  ================ Scan system memory ========================
07:59:02.0048 5592  System memory - ok
07:59:02.0048 5592  ================ Scan services =============================
07:59:02.0235 5592  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
07:59:02.0344 5592  1394ohci - ok
07:59:02.0422 5592  [ 5E8EFEB338DEB1F485420B090FE6C85E ] ac.sharedstore  C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
07:59:02.0453 5592  ac.sharedstore - ok
07:59:02.0485 5592  [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer   C:\windows\system32\DRIVERS\Accelerometer.sys
07:59:02.0516 5592  Accelerometer - ok
07:59:02.0547 5592  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\windows\system32\drivers\ACPI.sys
07:59:02.0578 5592  ACPI - ok
07:59:02.0609 5592  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
07:59:02.0641 5592  AcpiPmi - ok
07:59:02.0719 5592  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
07:59:02.0750 5592  AdobeARMservice - ok
07:59:02.0859 5592  [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
07:59:02.0890 5592  AdobeFlashPlayerUpdateSvc - ok
07:59:02.0937 5592  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\windows\system32\DRIVERS\adp94xx.sys
07:59:02.0968 5592  adp94xx - ok
07:59:02.0999 5592  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\windows\system32\DRIVERS\adpahci.sys
07:59:03.0031 5592  adpahci - ok
07:59:03.0046 5592  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\windows\system32\DRIVERS\adpu320.sys
07:59:03.0062 5592  adpu320 - ok
07:59:03.0109 5592  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
07:59:03.0171 5592  AeLookupSvc - ok
07:59:03.0265 5592  [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters     C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe
07:59:03.0280 5592  AESTFilters - ok
07:59:03.0327 5592  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\windows\system32\drivers\afd.sys
07:59:03.0358 5592  AFD - ok
07:59:03.0421 5592  [ B65F8DBA54F251906BBE8611B5A0E7AB ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
07:59:03.0436 5592  AgereModemAudio - ok
07:59:03.0467 5592  [ A6AB6F0ACE87DA76B4C401813D18BE95 ] AgereSoftModem  C:\windows\system32\DRIVERS\agrsm64.sys
07:59:03.0499 5592  AgereSoftModem - ok
07:59:03.0530 5592  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\windows\system32\drivers\agp440.sys
07:59:03.0545 5592  agp440 - ok
07:59:03.0577 5592  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\windows\System32\alg.exe
07:59:03.0608 5592  ALG - ok
07:59:03.0639 5592  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\windows\system32\drivers\aliide.sys
07:59:03.0655 5592  aliide - ok
07:59:03.0670 5592  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\windows\system32\drivers\amdide.sys
07:59:03.0686 5592  amdide - ok
07:59:03.0717 5592  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\windows\system32\DRIVERS\amdk8.sys
07:59:03.0748 5592  AmdK8 - ok
07:59:03.0764 5592  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
07:59:03.0779 5592  AmdPPM - ok
07:59:03.0811 5592  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\windows\system32\drivers\amdsata.sys
07:59:03.0826 5592  amdsata - ok
07:59:03.0857 5592  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\windows\system32\DRIVERS\amdsbs.sys
07:59:03.0889 5592  amdsbs - ok
07:59:03.0904 5592  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\windows\system32\drivers\amdxata.sys
07:59:03.0935 5592  amdxata - ok
07:59:03.0998 5592  [ 25E9C505A8DB1B5EFE631E43718FDB22 ] Amsp            C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
07:59:04.0013 5592  Amsp - ok
07:59:04.0060 5592  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\windows\system32\drivers\appid.sys
07:59:04.0107 5592  AppID - ok
07:59:04.0138 5592  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\windows\System32\appidsvc.dll
07:59:04.0185 5592  AppIDSvc - ok
07:59:04.0216 5592  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\windows\System32\appinfo.dll
07:59:04.0232 5592  Appinfo - ok
07:59:04.0279 5592  [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
07:59:04.0294 5592  Apple Mobile Device - ok
07:59:04.0341 5592  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\windows\System32\appmgmts.dll
07:59:04.0373 5592  AppMgmt - ok
07:59:04.0404 5592  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\windows\system32\DRIVERS\arc.sys
07:59:04.0420 5592  arc - ok
07:59:04.0436 5592  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\windows\system32\DRIVERS\arcsas.sys
07:59:04.0467 5592  arcsas - ok
07:59:04.0498 5592  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
07:59:04.0560 5592  AsyncMac - ok
07:59:04.0576 5592  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\windows\system32\drivers\atapi.sys
07:59:04.0592 5592  atapi - ok
07:59:04.0638 5592  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
07:59:04.0701 5592  AudioEndpointBuilder - ok
07:59:04.0716 5592  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\windows\System32\Audiosrv.dll
07:59:04.0763 5592  AudioSrv - ok
07:59:04.0794 5592  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\windows\System32\AxInstSV.dll
07:59:04.0810 5592  AxInstSV - ok
07:59:04.0841 5592  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\windows\system32\DRIVERS\bxvbda.sys
07:59:04.0857 5592  b06bdrv - ok
07:59:04.0904 5592  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
07:59:04.0935 5592  b57nd60a - ok
07:59:05.0028 5592  [ 35756E37D5FDEE22FBF27090A14FE608 ] BCM43XX         C:\windows\system32\DRIVERS\bcmwl664.sys
07:59:05.0091 5592  BCM43XX - ok
07:59:05.0122 5592  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\windows\System32\bdesvc.dll
07:59:05.0138 5592  BDESVC - ok
07:59:05.0153 5592  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\windows\system32\drivers\Beep.sys
07:59:05.0216 5592  Beep - ok
07:59:05.0262 5592  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\windows\System32\bfe.dll
07:59:05.0325 5592  BFE - ok
07:59:05.0372 5592  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\windows\system32\qmgr.dll
07:59:05.0420 5592  BITS - ok
07:59:05.0436 5592  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
07:59:05.0452 5592  blbdrive - ok
07:59:05.0498 5592  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
07:59:05.0530 5592  Bonjour Service - ok
07:59:05.0561 5592  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
07:59:05.0576 5592  bowser - ok
07:59:05.0608 5592  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\windows\system32\DRIVERS\BrFiltLo.sys
07:59:05.0639 5592  BrFiltLo - ok
07:59:05.0639 5592  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\windows\system32\DRIVERS\BrFiltUp.sys
07:59:05.0670 5592  BrFiltUp - ok
07:59:05.0717 5592  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\windows\system32\DRIVERS\bridge.sys
07:59:05.0764 5592  BridgeMP - ok
07:59:05.0810 5592  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\windows\System32\browser.dll
07:59:05.0826 5592  Browser - ok
07:59:05.0842 5592  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\windows\System32\Drivers\Brserid.sys
07:59:05.0857 5592  Brserid - ok
07:59:05.0873 5592  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
07:59:05.0888 5592  BrSerWdm - ok
07:59:05.0904 5592  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
07:59:05.0920 5592  BrUsbMdm - ok
07:59:05.0935 5592  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
07:59:05.0951 5592  BrUsbSer - ok
07:59:05.0982 5592  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\windows\system32\drivers\BthEnum.sys
07:59:05.0998 5592  BthEnum - ok
07:59:06.0029 5592  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
07:59:06.0060 5592  BTHMODEM - ok
07:59:06.0076 5592  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
07:59:06.0091 5592  BthPan - ok
07:59:06.0138 5592  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys
07:59:06.0169 5592  BTHPORT - ok
07:59:06.0200 5592  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\windows\system32\bthserv.dll
07:59:06.0263 5592  bthserv - ok
07:59:06.0278 5592  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
07:59:06.0294 5592  BTHUSB - ok
07:59:06.0341 5592  [ AF838D8029AE7C27470862D63FA54D24 ] btwaudio        C:\windows\system32\drivers\btwaudio.sys
07:59:06.0356 5592  btwaudio - ok
07:59:06.0403 5592  [ 5C849BD7C78791C5CEE9F4651D7FE38D ] btwavdt         C:\windows\system32\DRIVERS\btwavdt.sys
07:59:06.0419 5592  btwavdt - ok
07:59:06.0481 5592  [ 10FFB5FA51D5713D872B41A59DFC2213 ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
07:59:06.0512 5592  btwdins - ok
07:59:06.0528 5592  [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap        C:\windows\system32\DRIVERS\btwl2cap.sys
07:59:06.0528 5592  btwl2cap - ok
07:59:06.0544 5592  [ 3E1991AFA851A36DC978B0A1B0535C8B ] btwrchid        C:\windows\system32\DRIVERS\btwrchid.sys
07:59:06.0559 5592  btwrchid - ok
07:59:06.0575 5592  catchme - ok
07:59:06.0637 5592  [ 5753532C476B83119D85AA43B1B10AB3 ] CCALib8         C:\Program Files (x86)\Canon\CAL\CALMAIN.exe
07:59:06.0653 5592  CCALib8 ( UnsignedFile.Multi.Generic ) - warning
07:59:06.0653 5592  CCALib8 - detected UnsignedFile.Multi.Generic (1)
07:59:06.0684 5592  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
07:59:06.0746 5592  cdfs - ok
07:59:06.0793 5592  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
07:59:06.0809 5592  cdrom - ok
07:59:06.0856 5592  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\windows\System32\certprop.dll
07:59:06.0918 5592  CertPropSvc - ok
07:59:06.0934 5592  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\windows\system32\DRIVERS\circlass.sys
07:59:06.0949 5592  circlass - ok
07:59:06.0980 5592  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\windows\system32\CLFS.sys
07:59:07.0012 5592  CLFS - ok
07:59:07.0074 5592  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:59:07.0090 5592  clr_optimization_v2.0.50727_32 - ok
07:59:07.0136 5592  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
07:59:07.0152 5592  clr_optimization_v2.0.50727_64 - ok
07:59:07.0183 5592  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
07:59:07.0199 5592  CmBatt - ok
07:59:07.0214 5592  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\windows\system32\drivers\cmdide.sys
07:59:07.0230 5592  cmdide - ok
07:59:07.0292 5592  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\windows\system32\Drivers\cng.sys
07:59:07.0324 5592  CNG - ok
07:59:07.0339 5592  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
07:59:07.0355 5592  Compbatt - ok
07:59:07.0386 5592  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
07:59:07.0402 5592  CompositeBus - ok
07:59:07.0417 5592  COMSysApp - ok
07:59:07.0448 5592  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\windows\system32\DRIVERS\crcdisk.sys
07:59:07.0464 5592  crcdisk - ok
07:59:07.0495 5592  [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc        C:\windows\system32\cryptsvc.dll
07:59:07.0511 5592  CryptSvc - ok
07:59:07.0558 5592  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\windows\system32\drivers\csc.sys
07:59:07.0573 5592  CSC - ok
07:59:07.0620 5592  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\windows\System32\cscsvc.dll
07:59:07.0651 5592  CscService - ok
07:59:07.0698 5592  [ A8BA4DA23AC20BDA23CA15234D42A3FA ] DAMDrv          C:\windows\system32\DRIVERS\DAMDrv64.sys
07:59:07.0714 5592  DAMDrv - ok
07:59:07.0760 5592  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\windows\system32\rpcss.dll
07:59:07.0838 5592  DcomLaunch - ok
07:59:07.0885 5592  [ E6E9610D76418357A7EC725989687CB4 ] DEBridge        c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
07:59:07.0901 5592  DEBridge ( UnsignedFile.Multi.Generic ) - warning
07:59:07.0901 5592  DEBridge - detected UnsignedFile.Multi.Generic (1)
07:59:07.0932 5592  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\windows\System32\defragsvc.dll
07:59:07.0994 5592  defragsvc - ok
07:59:08.0026 5592  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
07:59:08.0057 5592  DfsC - ok
07:59:08.0072 5592  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\windows\system32\dhcpcore.dll
07:59:08.0088 5592  Dhcp - ok
07:59:08.0119 5592  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\windows\system32\drivers\discache.sys
07:59:08.0150 5592  discache - ok
07:59:08.0182 5592  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\windows\system32\DRIVERS\disk.sys
07:59:08.0197 5592  Disk - ok
07:59:08.0228 5592  [ 599864BDC6D2D769E5FF53E960C6B3BD ] DNE             C:\windows\system32\DRIVERS\dnelwf64.sys
07:59:08.0244 5592  DNE - ok
07:59:08.0275 5592  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\windows\System32\dnsrslvr.dll
07:59:08.0306 5592  Dnscache - ok
07:59:08.0322 5592  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\windows\System32\dot3svc.dll
07:59:08.0400 5592  dot3svc - ok
07:59:08.0447 5592  [ 723E663FD14A7FBE4B1C8C8FDE1C406C ] DpHost          c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
07:59:08.0478 5592  DpHost - ok
07:59:08.0494 5592  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\windows\system32\dps.dll
07:59:08.0556 5592  DPS - ok
07:59:08.0603 5592  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
07:59:08.0618 5592  drmkaud - ok
07:59:08.0650 5592  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
07:59:08.0696 5592  DXGKrnl - ok
07:59:08.0743 5592  [ 14F16F95C1347BD50CA4FA4DFDA7E806 ] e1kexpress      C:\windows\system32\DRIVERS\e1k62x64.sys
07:59:08.0759 5592  e1kexpress - ok
07:59:08.0806 5592  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\windows\System32\eapsvc.dll
07:59:08.0852 5592  EapHost - ok
07:59:08.0946 5592  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\windows\system32\DRIVERS\evbda.sys
07:59:09.0024 5592  ebdrv - ok
07:59:09.0055 5592  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\windows\System32\lsass.exe
07:59:09.0086 5592  EFS - ok
07:59:09.0133 5592  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
07:59:09.0164 5592  ehRecvr - ok
07:59:09.0180 5592  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\windows\ehome\ehsched.exe
07:59:09.0211 5592  ehSched - ok
07:59:09.0243 5592  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\windows\system32\DRIVERS\elxstor.sys
07:59:09.0275 5592  elxstor - ok
07:59:09.0306 5592  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\windows\system32\drivers\errdev.sys
07:59:09.0321 5592  ErrDev - ok
07:59:09.0368 5592  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\windows\system32\es.dll
07:59:09.0431 5592  EventSystem - ok
07:59:09.0477 5592  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\windows\system32\drivers\exfat.sys
07:59:09.0524 5592  exfat - ok
07:59:09.0540 5592  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\windows\system32\drivers\fastfat.sys
07:59:09.0571 5592  fastfat - ok
07:59:09.0602 5592  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\windows\system32\fxssvc.exe
07:59:09.0618 5592  Fax - ok
07:59:09.0633 5592  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\windows\system32\DRIVERS\fdc.sys
07:59:09.0649 5592  fdc - ok
07:59:09.0649 5592  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\windows\system32\fdPHost.dll
07:59:09.0696 5592  fdPHost - ok
07:59:09.0696 5592  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\windows\system32\fdrespub.dll
07:59:09.0743 5592  FDResPub - ok
07:59:09.0743 5592  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
07:59:09.0758 5592  FileInfo - ok
07:59:09.0774 5592  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
07:59:09.0805 5592  Filetrace - ok
07:59:09.0883 5592  [ 614B050875190FFE7ABBAF0CBB4FBBBA ] FLCDLOCK        c:\Windows\SysWOW64\flcdlock.exe
07:59:09.0914 5592  FLCDLOCK - ok
07:59:09.0930 5592  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
07:59:09.0945 5592  flpydisk - ok
07:59:09.0977 5592  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
07:59:10.0008 5592  FltMgr - ok
07:59:10.0039 5592  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\windows\system32\FntCache.dll
07:59:10.0070 5592  FontCache - ok
07:59:10.0117 5592  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
07:59:10.0133 5592  FontCache3.0.0.0 - ok
07:59:10.0164 5592  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
07:59:10.0179 5592  FsDepends - ok
07:59:10.0211 5592  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
07:59:10.0226 5592  Fs_Rec - ok
07:59:10.0273 5592  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
07:59:10.0304 5592  fvevol - ok
07:59:10.0335 5592  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\windows\system32\DRIVERS\gagp30kx.sys
07:59:10.0351 5592  gagp30kx - ok
07:59:10.0398 5592  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM     C:\windows\system32\DRIVERS\GEARAspiWDM.sys
07:59:10.0413 5592  GEARAspiWDM - ok
07:59:10.0445 5592  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\windows\System32\gpsvc.dll
07:59:10.0523 5592  gpsvc - ok
07:59:10.0538 5592  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
07:59:10.0569 5592  hcw85cir - ok
07:59:10.0616 5592  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
07:59:10.0647 5592  HdAudAddService - ok
07:59:10.0679 5592  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
07:59:10.0710 5592  HDAudBus - ok
07:59:10.0725 5592  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\windows\system32\DRIVERS\HECIx64.sys
07:59:10.0741 5592  HECIx64 - ok
07:59:10.0772 5592  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\windows\system32\DRIVERS\HidBatt.sys
07:59:10.0788 5592  HidBatt - ok
07:59:10.0803 5592  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
07:59:10.0835 5592  HidBth - ok
07:59:10.0866 5592  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\windows\system32\DRIVERS\hidir.sys
07:59:10.0881 5592  HidIr - ok
07:59:10.0913 5592  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\windows\System32\hidserv.dll
07:59:10.0975 5592  hidserv - ok
07:59:11.0006 5592  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
07:59:11.0037 5592  HidUsb - ok
07:59:11.0053 5592  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\windows\system32\kmsvc.dll
07:59:11.0131 5592  hkmsvc - ok
07:59:11.0147 5592  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
07:59:11.0178 5592  HomeGroupListener - ok
07:59:11.0209 5592  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
07:59:11.0240 5592  HomeGroupProvider - ok
07:59:11.0303 5592  [ F2889318AB3CD87CCA17CB3769CDC1E4 ] HP Power Assistant Service C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
07:59:11.0318 5592  HP Power Assistant Service - ok
07:59:11.0365 5592  [ 3891D3993065D392E0DE541BEA0A9EA5 ] HP ProtectTools Service c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
07:59:11.0365 5592  HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - warning
07:59:11.0365 5592  HP ProtectTools Service - detected UnsignedFile.Multi.Generic (1)
07:59:11.0443 5592  [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
07:59:11.0443 5592  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - warning
07:59:11.0443 5592  HP Support Assistant Service - detected UnsignedFile.Multi.Generic (1)
07:59:11.0474 5592  [ 58CC11D14D88EF70EF7ABBC75B5EEBD8 ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
07:59:11.0490 5592  HP Wireless Assistant Service - ok
07:59:11.0552 5592  [ A4A0E006A1826EA2629E59DE2008BB9D ] HPDayStarterService c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
07:59:11.0568 5592  HPDayStarterService ( UnsignedFile.Multi.Generic ) - warning
07:59:11.0568 5592  HPDayStarterService - detected UnsignedFile.Multi.Generic (1)
07:59:11.0646 5592  [ B7382BEC806B7B00FC84B3E2061FF48E ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
07:59:11.0661 5592  HPDrvMntSvc.exe - ok
07:59:11.0693 5592  [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt        C:\windows\system32\DRIVERS\hpdskflt.sys
07:59:11.0708 5592  hpdskflt - ok
07:59:11.0724 5592  [ 5AFB3F9B74553BD933555E1C800D2CE1 ] HpFkCryptService c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
07:59:11.0755 5592  HpFkCryptService - ok
07:59:11.0786 5592  [ 8205DA7B4191ACD96F76B81E42945754 ] HPFSService     C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
07:59:11.0802 5592  HPFSService ( UnsignedFile.Multi.Generic ) - warning
07:59:11.0802 5592  HPFSService - detected UnsignedFile.Multi.Generic (1)
07:59:11.0864 5592  [ 4968C0728E257B3B6210244A9CDE2A08 ] hpHotkeyMonitor C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
07:59:11.0895 5592  hpHotkeyMonitor - ok
07:59:11.0911 5592  [ B98EE5D4535A685634B90F7E04DE0DF7 ] HpqKbFiltr      C:\windows\system32\DRIVERS\HpqKbFiltr.sys
07:59:11.0927 5592  HpqKbFiltr - ok
07:59:11.0989 5592  [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
07:59:12.0036 5592  hpqwmiex - ok
07:59:12.0067 5592  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
07:59:12.0083 5592  HpSAMD - ok
07:59:12.0129 5592  [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv           C:\windows\system32\Hpservice.exe
07:59:12.0145 5592  hpsrv - ok
07:59:12.0192 5592  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\windows\system32\drivers\HTTP.sys
07:59:12.0270 5592  HTTP - ok
07:59:12.0285 5592  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
07:59:12.0317 5592  hwpolicy - ok
07:59:12.0348 5592  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\windows\system32\drivers\i8042prt.sys
07:59:12.0379 5592  i8042prt - ok
07:59:12.0441 5592  [ D782F0C741EE2D50AC8D38774597FB2B ] IAANTMON        C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
07:59:12.0473 5592  IAANTMON - ok
07:59:12.0504 5592  [ DC0B4553D089E2BD07AEBD9EA30BEAFB ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
07:59:12.0519 5592  iaStor - ok
07:59:12.0566 5592  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
07:59:12.0582 5592  iaStorV - ok
07:59:12.0644 5592  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
07:59:12.0675 5592  idsvc - ok
07:59:12.0863 5592  [ 2A22AB054F4630D2EF4BAB2853F6D5F6 ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
07:59:12.0987 5592  igfx - ok
07:59:13.0003 5592  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\windows\system32\DRIVERS\iirsp.sys
07:59:13.0019 5592  iirsp - ok
07:59:13.0050 5592  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\windows\System32\ikeext.dll
07:59:13.0097 5592  IKEEXT - ok
07:59:13.0128 5592  [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd           C:\windows\system32\DRIVERS\Impcd.sys
07:59:13.0143 5592  Impcd - ok
07:59:13.0175 5592  [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud        C:\windows\system32\DRIVERS\IntcDAud.sys
07:59:13.0190 5592  IntcDAud - ok
07:59:13.0206 5592  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\windows\system32\drivers\intelide.sys
07:59:13.0221 5592  intelide - ok
07:59:13.0253 5592  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
07:59:13.0268 5592  intelppm - ok
07:59:13.0299 5592  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\windows\system32\ipbusenum.dll
07:59:13.0362 5592  IPBusEnum - ok
07:59:13.0393 5592  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
07:59:13.0440 5592  IpFilterDriver - ok
07:59:13.0487 5592  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
07:59:13.0518 5592  iphlpsvc - ok
07:59:13.0533 5592  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
07:59:13.0565 5592  IPMIDRV - ok
07:59:13.0580 5592  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\windows\system32\drivers\ipnat.sys
07:59:13.0627 5592  IPNAT - ok
07:59:13.0689 5592  [ 4472C8825B5E41D8697D5962F47AB1C9 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
07:59:13.0721 5592  iPod Service - ok
07:59:13.0752 5592  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\windows\system32\drivers\irenum.sys
07:59:13.0767 5592  IRENUM - ok
07:59:13.0783 5592  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\windows\system32\drivers\isapnp.sys
07:59:13.0799 5592  isapnp - ok
07:59:13.0814 5592  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
07:59:13.0830 5592  iScsiPrt - ok
07:59:13.0861 5592  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
07:59:13.0877 5592  kbdclass - ok
07:59:13.0908 5592  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\windows\system32\DRIVERS\kbdhid.sys
07:59:13.0923 5592  kbdhid - ok
07:59:13.0939 5592  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\windows\system32\lsass.exe
07:59:13.0955 5592  KeyIso - ok
07:59:13.0986 5592  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
07:59:14.0001 5592  KSecDD - ok
07:59:14.0033 5592  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
07:59:14.0064 5592  KSecPkg - ok
07:59:14.0079 5592  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
07:59:14.0142 5592  ksthunk - ok
07:59:14.0173 5592  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\windows\system32\msdtckrm.dll
07:59:14.0235 5592  KtmRm - ok
07:59:14.0267 5592  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\windows\System32\srvsvc.dll
07:59:14.0313 5592  LanmanServer - ok
07:59:14.0329 5592  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
07:59:14.0376 5592  LanmanWorkstation - ok
07:59:14.0438 5592  [ 7550D101BF49FDB1F92666A233EE36C4 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
07:59:14.0454 5592  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
07:59:14.0454 5592  LightScribeService - detected UnsignedFile.Multi.Generic (1)
07:59:14.0485 5592  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
07:59:14.0547 5592  lltdio - ok
07:59:14.0579 5592  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\windows\System32\lltdsvc.dll
07:59:14.0625 5592  lltdsvc - ok
07:59:14.0641 5592  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\windows\System32\lmhsvc.dll
07:59:14.0688 5592  lmhosts - ok
07:59:14.0735 5592  [ 271F79326CD571BD271D45C47148ED78 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
07:59:14.0750 5592  LMS - ok
07:59:14.0797 5592  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\windows\system32\DRIVERS\lsi_fc.sys
07:59:14.0813 5592  LSI_FC - ok
07:59:14.0828 5592  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\windows\system32\DRIVERS\lsi_sas.sys
07:59:14.0859 5592  LSI_SAS - ok
07:59:14.0875 5592  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\windows\system32\DRIVERS\lsi_sas2.sys
07:59:14.0891 5592  LSI_SAS2 - ok
07:59:14.0922 5592  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\windows\system32\DRIVERS\lsi_scsi.sys
07:59:14.0937 5592  LSI_SCSI - ok
07:59:14.0984 5592  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\windows\system32\drivers\luafv.sys
07:59:15.0047 5592  luafv - ok
07:59:15.0078 5592  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
07:59:15.0093 5592  Mcx2Svc - ok
07:59:15.0109 5592  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\windows\system32\DRIVERS\megasas.sys
07:59:15.0125 5592  megasas - ok
07:59:15.0140 5592  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\windows\system32\DRIVERS\MegaSR.sys
07:59:15.0156 5592  MegaSR - ok
07:59:15.0187 5592  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\windows\system32\mmcss.dll
07:59:15.0218 5592  MMCSS - ok
07:59:15.0234 5592  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\windows\system32\drivers\modem.sys
07:59:15.0265 5592  Modem - ok
07:59:15.0296 5592  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\windows\system32\DRIVERS\monitor.sys
07:59:15.0312 5592  monitor - ok
07:59:15.0343 5592  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
07:59:15.0343 5592  mouclass - ok
07:59:15.0374 5592  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
07:59:15.0374 5592  mouhid - ok
07:59:15.0421 5592  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
07:59:15.0421 5592  mountmgr - ok
07:59:15.0483 5592  [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
07:59:15.0499 5592  MozillaMaintenance - ok
07:59:15.0530 5592  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\windows\system32\drivers\mpio.sys
07:59:15.0561 5592  mpio - ok
07:59:15.0593 5592  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
07:59:15.0655 5592  mpsdrv - ok
07:59:15.0749 5592  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\windows\system32\mpssvc.dll
07:59:15.0811 5592  MpsSvc - ok
07:59:15.0842 5592  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
07:59:15.0858 5592  MRxDAV - ok
07:59:15.0889 5592  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
07:59:15.0905 5592  mrxsmb - ok
07:59:15.0920 5592  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
07:59:15.0951 5592  mrxsmb10 - ok
07:59:15.0983 5592  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
07:59:15.0998 5592  mrxsmb20 - ok
07:59:16.0029 5592  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\windows\system32\drivers\msahci.sys
07:59:16.0061 5592  msahci - ok
07:59:16.0076 5592  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\windows\system32\drivers\msdsm.sys
07:59:16.0092 5592  msdsm - ok
07:59:16.0123 5592  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\windows\System32\msdtc.exe
07:59:16.0139 5592  MSDTC - ok
07:59:16.0185 5592  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\windows\system32\drivers\Msfs.sys
07:59:16.0232 5592  Msfs - ok
07:59:16.0263 5592  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
07:59:16.0326 5592  mshidkmdf - ok
07:59:16.0341 5592  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
07:59:16.0357 5592  msisadrv - ok
07:59:16.0388 5592  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
07:59:16.0435 5592  MSiSCSI - ok
07:59:16.0435 5592  msiserver - ok
07:59:16.0466 5592  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
07:59:16.0529 5592  MSKSSRV - ok
07:59:16.0544 5592  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
07:59:16.0591 5592  MSPCLOCK - ok
07:59:16.0591 5592  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
07:59:16.0638 5592  MSPQM - ok
07:59:16.0669 5592  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
07:59:16.0685 5592  MsRPC - ok
07:59:16.0700 5592  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
07:59:16.0716 5592  mssmbios - ok
07:59:16.0747 5592  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
07:59:16.0778 5592  MSTEE - ok
07:59:16.0809 5592  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\windows\system32\DRIVERS\MTConfig.sys
07:59:16.0825 5592  MTConfig - ok
07:59:16.0825 5592  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\windows\system32\Drivers\mup.sys
07:59:16.0841 5592  Mup - ok
07:59:16.0872 5592  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\windows\system32\qagentRT.dll
07:59:16.0903 5592  napagent - ok
07:59:16.0934 5592  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
07:59:16.0950 5592  NativeWifiP - ok
07:59:16.0997 5592  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\windows\system32\drivers\ndis.sys
07:59:17.0028 5592  NDIS - ok
07:59:17.0059 5592  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
07:59:17.0090 5592  NdisCap - ok
07:59:17.0121 5592  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
07:59:17.0153 5592  NdisTapi - ok
07:59:17.0184 5592  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
07:59:17.0246 5592  Ndisuio - ok
07:59:17.0246 5592  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
07:59:17.0293 5592  NdisWan - ok
07:59:17.0324 5592  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
07:59:17.0371 5592  NDProxy - ok
07:59:17.0387 5592  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
07:59:17.0433 5592  NetBIOS - ok
07:59:17.0465 5592  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
07:59:17.0527 5592  NetBT - ok
07:59:17.0558 5592  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\windows\system32\lsass.exe
07:59:17.0558 5592  Netlogon - ok
07:59:17.0605 5592  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\windows\System32\netman.dll
07:59:17.0652 5592  Netman - ok
07:59:17.0652 5592  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\windows\System32\netprofm.dll
07:59:17.0699 5592  netprofm - ok
07:59:17.0730 5592  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:59:17.0745 5592  NetTcpPortSharing - ok
07:59:17.0933 5592  [ 39EDE676D17F37AF4573C2B33EC28ACA ] NETw5s64        C:\windows\system32\DRIVERS\NETw5s64.sys
07:59:18.0026 5592  NETw5s64 - ok
07:59:18.0057 5592  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\windows\system32\DRIVERS\nfrd960.sys
07:59:18.0073 5592  nfrd960 - ok
07:59:18.0120 5592  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\windows\System32\nlasvc.dll
07:59:18.0135 5592  NlaSvc - ok
07:59:18.0167 5592  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\windows\system32\drivers\Npfs.sys
07:59:18.0213 5592  Npfs - ok
07:59:18.0245 5592  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\windows\system32\nsisvc.dll
07:59:18.0291 5592  nsi - ok
07:59:18.0307 5592  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
07:59:18.0354 5592  nsiproxy - ok
07:59:18.0385 5592  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
07:59:18.0432 5592  Ntfs - ok
07:59:18.0447 5592  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\windows\system32\drivers\Null.sys
07:59:18.0479 5592  Null - ok
07:59:18.0510 5592  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\windows\system32\drivers\nvraid.sys
07:59:18.0541 5592  nvraid - ok
07:59:18.0557 5592  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\windows\system32\drivers\nvstor.sys
07:59:18.0588 5592  nvstor - ok
07:59:18.0619 5592  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
07:59:18.0635 5592  nv_agp - ok
07:59:18.0713 5592  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
07:59:18.0744 5592  odserv - ok
07:59:18.0775 5592  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
07:59:18.0791 5592  ohci1394 - ok
07:59:18.0806 5592  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:59:18.0822 5592  ose - ok
07:59:18.0853 5592  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
07:59:18.0884 5592  p2pimsvc - ok
07:59:18.0900 5592  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\windows\system32\p2psvc.dll
07:59:18.0931 5592  p2psvc - ok
07:59:18.0947 5592  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\windows\system32\DRIVERS\parport.sys
07:59:18.0962 5592  Parport - ok
07:59:18.0993 5592  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\windows\system32\drivers\partmgr.sys
07:59:19.0025 5592  partmgr - ok
07:59:19.0025 5592  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\windows\System32\pcasvc.dll
07:59:19.0056 5592  PcaSvc - ok
07:59:19.0071 5592  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\windows\system32\drivers\pci.sys
07:59:19.0103 5592  pci - ok
07:59:19.0134 5592  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\windows\system32\drivers\pciide.sys
07:59:19.0149 5592  pciide - ok
07:59:19.0181 5592  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
07:59:19.0196 5592  pcmcia - ok
07:59:19.0227 5592  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\windows\system32\drivers\pcw.sys
07:59:19.0243 5592  pcw - ok
07:59:19.0259 5592  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\windows\system32\drivers\peauth.sys
07:59:19.0321 5592  PEAUTH - ok
07:59:19.0368 5592  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\windows\system32\peerdistsvc.dll
07:59:19.0399 5592  PeerDistSvc - ok
07:59:19.0477 5592  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\windows\SysWow64\perfhost.exe
07:59:19.0493 5592  PerfHost - ok
07:59:19.0602 5592  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\windows\system32\pla.dll
07:59:19.0680 5592  pla - ok
07:59:19.0711 5592  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
07:59:19.0727 5592  PlugPlay - ok
07:59:19.0758 5592  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
07:59:19.0773 5592  PNRPAutoReg - ok
07:59:19.0789 5592  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
07:59:19.0805 5592  PNRPsvc - ok
07:59:19.0836 5592  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
07:59:19.0883 5592  PolicyAgent - ok
07:59:19.0898 5592  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\windows\system32\umpo.dll
07:59:19.0945 5592  Power - ok
07:59:19.0976 5592  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
07:59:20.0007 5592  PptpMiniport - ok
07:59:20.0023 5592  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\windows\system32\DRIVERS\processr.sys
07:59:20.0039 5592  Processor - ok
07:59:20.0070 5592  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\windows\system32\profsvc.dll
07:59:20.0101 5592  ProfSvc - ok
07:59:20.0117 5592  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
07:59:20.0132 5592  ProtectedStorage - ok
07:59:20.0179 5592  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\windows\system32\DRIVERS\pacer.sys
07:59:20.0241 5592  Psched - ok
07:59:20.0273 5592  [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64        C:\windows\system32\Drivers\PxHlpa64.sys
07:59:20.0288 5592  PxHlpa64 - ok
07:59:20.0335 5592  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\windows\system32\DRIVERS\ql2300.sys
07:59:20.0382 5592  ql2300 - ok
07:59:20.0397 5592  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\windows\system32\DRIVERS\ql40xx.sys
07:59:20.0413 5592  ql40xx - ok
07:59:20.0444 5592  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\windows\system32\qwave.dll
07:59:20.0460 5592  QWAVE - ok
07:59:20.0491 5592  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
07:59:20.0507 5592  QWAVEdrv - ok
07:59:20.0522 5592  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
07:59:20.0569 5592  RasAcd - ok
07:59:20.0600 5592  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
07:59:20.0663 5592  RasAgileVpn - ok
07:59:20.0678 5592  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\windows\System32\rasauto.dll
07:59:20.0725 5592  RasAuto - ok
07:59:20.0756 5592  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
07:59:20.0803 5592  Rasl2tp - ok
07:59:20.0850 5592  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\windows\System32\rasmans.dll
07:59:20.0897 5592  RasMan - ok
07:59:20.0897 5592  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
07:59:20.0943 5592  RasPppoe - ok
07:59:20.0959 5592  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
07:59:20.0990 5592  RasSstp - ok
07:59:21.0006 5592  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
07:59:21.0037 5592  rdbss - ok
07:59:21.0053 5592  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
07:59:21.0068 5592  rdpbus - ok
07:59:21.0099 5592  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
07:59:21.0131 5592  RDPCDD - ok
07:59:21.0162 5592  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\windows\system32\drivers\rdpdr.sys
07:59:21.0162 5592  RDPDR - ok
07:59:21.0177 5592  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
07:59:21.0224 5592  RDPENCDD - ok
07:59:21.0224 5592  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
07:59:21.0255 5592  RDPREFMP - ok
07:59:21.0302 5592  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
07:59:21.0318 5592  RdpVideoMiniport - ok
07:59:21.0349 5592  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
07:59:21.0365 5592  RDPWD - ok
07:59:21.0396 5592  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
07:59:21.0427 5592  rdyboost - ok
07:59:21.0458 5592  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\windows\System32\mprdim.dll
07:59:21.0505 5592  RemoteAccess - ok
07:59:21.0536 5592  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\windows\system32\regsvc.dll
07:59:21.0567 5592  RemoteRegistry - ok
07:59:21.0583 5592  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
07:59:21.0614 5592  RFCOMM - ok
07:59:21.0630 5592  [ 3DCA561AAF776AA2E356FB5B142AA5F8 ] rimspci         C:\windows\system32\DRIVERS\rimspe64.sys
07:59:21.0661 5592  rimspci - ok
07:59:21.0692 5592  [ 71B48DDAF5E9C2B40E64DE5C405F5AAC ] RimUsb          C:\windows\system32\Drivers\RimUsb_AMD64.sys
07:59:21.0723 5592  RimUsb - ok
07:59:21.0739 5592  [ C903D49655B4AAE46673F0AAA6BE0F58 ] RimVSerPort     C:\windows\system32\DRIVERS\RimSerial_AMD64.sys
07:59:21.0770 5592  RimVSerPort - ok
07:59:21.0770 5592  [ C4581F04AA130892555B821F1FBAA151 ] risdpcie        C:\windows\system32\DRIVERS\risdpe64.sys
07:59:21.0786 5592  risdpcie - ok
07:59:21.0801 5592  [ A4579105A3C5B6290701EAD0C153E07A ] rixdpcie        C:\windows\system32\DRIVERS\rixdpe64.sys
07:59:21.0817 5592  rixdpcie - ok
07:59:21.0848 5592  [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM       C:\windows\system32\Drivers\RootMdm.sys
07:59:21.0895 5592  ROOTMODEM - ok
07:59:21.0989 5592  [ C48AE8B3067261A48FCC31979A3A1EB9 ] RoxMediaDB10    c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
07:59:22.0035 5592  RoxMediaDB10 - ok
07:59:22.0067 5592  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
07:59:22.0129 5592  RpcEptMapper - ok
07:59:22.0145 5592  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\windows\system32\locator.exe
07:59:22.0160 5592  RpcLocator - ok
07:59:22.0191 5592  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\windows\system32\rpcss.dll
07:59:22.0254 5592  RpcSs - ok
07:59:22.0285 5592  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
07:59:22.0347 5592  rspndr - ok
07:59:22.0379 5592  [ 26E0D15FB1835F7ED638F157CCD2E04D ] RsvLock         C:\windows\system32\drivers\RsvLock.sys
07:59:22.0394 5592  RsvLock - ok
07:59:22.0425 5592  [ 39A1CF40AA29A16FE176B825195A3E0B ] rtsuvc          C:\windows\system32\DRIVERS\rtsuvc.sys
07:59:22.0441 5592  rtsuvc - ok
07:59:22.0472 5592  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\windows\system32\drivers\vms3cap.sys
07:59:22.0488 5592  s3cap - ok
07:59:22.0503 5592  [ 6EF8E5E3A079C97C70915CF740E89977 ] SafeBoot        C:\windows\system32\drivers\SafeBoot.sys
07:59:22.0503 5592  Suspicious file (NoAccess): C:\windows\system32\drivers\SafeBoot.sys. md5: 6EF8E5E3A079C97C70915CF740E89977
07:59:22.0503 5592  SafeBoot ( LockedFile.Multi.Generic ) - warning
07:59:22.0503 5592  SafeBoot - detected LockedFile.Multi.Generic (1)
07:59:22.0519 5592  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\windows\system32\lsass.exe
07:59:22.0535 5592  SamSs - ok
07:59:22.0550 5592  [ FD8714A36C4646DE22DDC7E36F6D09EF ] SbAlg           C:\windows\system32\drivers\SbAlg.sys
07:59:22.0566 5592  SbAlg - ok
07:59:22.0597 5592  [ 43027F1996F3AC6BD54B8A871996B7B3 ] SbFsLock        C:\windows\system32\drivers\SbFsLock.sys
07:59:22.0613 5592  SbFsLock - ok
07:59:22.0644 5592  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
07:59:22.0659 5592  sbp2port - ok
07:59:22.0691 5592  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\windows\System32\SCardSvr.dll
07:59:22.0753 5592  SCardSvr - ok
07:59:22.0769 5592  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
07:59:22.0815 5592  scfilter - ok
07:59:22.0847 5592  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\windows\system32\schedsvc.dll
07:59:22.0925 5592  Schedule - ok
07:59:22.0956 5592  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\windows\System32\certprop.dll
07:59:22.0987 5592  SCPolicySvc - ok
07:59:23.0018 5592  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\windows\system32\drivers\sdbus.sys
07:59:23.0049 5592  sdbus - ok
07:59:23.0081 5592  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\windows\System32\SDRSVC.dll
07:59:23.0096 5592  SDRSVC - ok
07:59:23.0127 5592  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\windows\system32\drivers\secdrv.sys
07:59:23.0190 5592  secdrv - ok
07:59:23.0205 5592  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\windows\system32\seclogon.dll
07:59:23.0252 5592  seclogon - ok
07:59:23.0283 5592  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\windows\system32\sens.dll
07:59:23.0330 5592  SENS - ok
07:59:23.0393 5592  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\windows\system32\sensrsvc.dll
07:59:23.0408 5592  SensrSvc - ok
07:59:23.0439 5592  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\windows\system32\DRIVERS\serenum.sys
07:59:23.0455 5592  Serenum - ok
07:59:23.0471 5592  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\windows\system32\DRIVERS\serial.sys
07:59:23.0486 5592  Serial - ok
07:59:23.0517 5592  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
07:59:23.0533 5592  sermouse - ok
07:59:23.0564 5592  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\windows\system32\sessenv.dll
07:59:23.0627 5592  SessionEnv - ok
07:59:23.0658 5592  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
07:59:23.0673 5592  sffdisk - ok
07:59:23.0689 5592  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
07:59:23.0705 5592  sffp_mmc - ok
07:59:23.0720 5592  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
07:59:23.0751 5592  sffp_sd - ok
07:59:23.0751 5592  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\windows\system32\DRIVERS\sfloppy.sys
07:59:23.0783 5592  sfloppy - ok
07:59:23.0814 5592  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\windows\System32\ipnathlp.dll
07:59:23.0876 5592  SharedAccess - ok
07:59:23.0907 5592  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
07:59:23.0970 5592  ShellHWDetection - ok
07:59:23.0985 5592  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\windows\system32\DRIVERS\SiSRaid2.sys
07:59:24.0001 5592  SiSRaid2 - ok
07:59:24.0017 5592  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\windows\system32\DRIVERS\sisraid4.sys
07:59:24.0017 5592  SiSRaid4 - ok
07:59:24.0063 5592  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\windows\system32\DRIVERS\smb.sys
07:59:24.0126 5592  Smb - ok
07:59:24.0157 5592  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\windows\System32\snmptrap.exe
07:59:24.0173 5592  SNMPTRAP - ok
07:59:24.0188 5592  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\windows\system32\drivers\spldr.sys
07:59:24.0204 5592  spldr - ok
07:59:24.0251 5592  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\windows\System32\spoolsv.exe
07:59:24.0282 5592  Spooler - ok
07:59:24.0360 5592  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\windows\system32\sppsvc.exe
07:59:24.0453 5592  sppsvc - ok
07:59:24.0485 5592  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\windows\system32\sppuinotify.dll
07:59:24.0516 5592  sppuinotify - ok
07:59:24.0547 5592  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\windows\system32\DRIVERS\srv.sys
07:59:24.0563 5592  srv - ok
07:59:24.0594 5592  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
07:59:24.0609 5592  srv2 - ok
07:59:24.0625 5592  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
07:59:24.0625 5592  srvnet - ok
07:59:24.0656 5592  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
07:59:24.0703 5592  SSDPSRV - ok
07:59:24.0703 5592  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\windows\system32\sstpsvc.dll
07:59:24.0750 5592  SstpSvc - ok
07:59:24.0843 5592  [ E455F5FE92EDC3CAD3F2963C5CCA47E6 ] STacSV          C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe
07:59:24.0859 5592  STacSV - ok
07:59:24.0890 5592  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\windows\system32\DRIVERS\stexstor.sys
07:59:24.0921 5592  stexstor - ok
07:59:24.0953 5592  [ 4A9D087C9A97071B9D06DB38567DA906 ] STHDA           C:\windows\system32\DRIVERS\stwrt64.sys
07:59:24.0984 5592  STHDA - ok
07:59:25.0031 5592  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\windows\System32\wiaservc.dll
07:59:25.0077 5592  stisvc - ok
07:59:25.0124 5592  [ AD989072596AB313D7FA13BCF69573F7 ] stllssvr        c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
07:59:25.0140 5592  stllssvr - ok
07:59:25.0155 5592  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\windows\system32\drivers\vmstorfl.sys
07:59:25.0187 5592  storflt - ok
07:59:25.0202 5592  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\windows\system32\storsvc.dll
07:59:25.0218 5592  StorSvc - ok
07:59:25.0249 5592  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\windows\system32\drivers\storvsc.sys
07:59:25.0280 5592  storvsc - ok
07:59:25.0296 5592  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\windows\system32\drivers\swenum.sys
07:59:25.0327 5592  swenum - ok
07:59:25.0467 5592  [ 62EAC9FB03C327654608070FA78BA84D ] SWIPsec         C:\windows\system32\Drivers\SWIPsec.sys
07:59:25.0483 5592  SWIPsec - ok
07:59:25.0514 5592  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\windows\System32\swprv.dll
07:59:25.0577 5592  swprv - ok
07:59:25.0623 5592  [ DCF11E08A8524B19EC47515C22BE492E ] SWVNIC          C:\windows\system32\DRIVERS\swvnic.sys
07:59:25.0639 5592  SWVNIC - ok
07:59:25.0701 5592  [ D268D2A0DB2A2BBE963E688D0B039267 ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
07:59:25.0748 5592  SynTP - ok
07:59:25.0795 5592  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\windows\system32\sysmain.dll
07:59:25.0842 5592  SysMain - ok
07:59:25.0873 5592  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
07:59:25.0889 5592  TabletInputService - ok
07:59:25.0920 5592  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\windows\System32\tapisrv.dll
07:59:25.0982 5592  TapiSrv - ok
07:59:26.0013 5592  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\windows\System32\tbssvc.dll
07:59:26.0091 5592  TBS - ok
07:59:26.0138 5592  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip           C:\windows\system32\drivers\tcpip.sys
07:59:26.0185 5592  Tcpip - ok
07:59:26.0216 5592  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
07:59:26.0263 5592  TCPIP6 - ok
07:59:26.0279 5592  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
07:59:26.0294 5592  tcpipreg - ok
07:59:26.0325 5592  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
07:59:26.0341 5592  TDPIPE - ok
07:59:26.0357 5592  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
07:59:26.0372 5592  TDTCP - ok
07:59:26.0403 5592  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
07:59:26.0466 5592  tdx - ok
07:59:26.0481 5592  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\windows\system32\drivers\termdd.sys
07:59:26.0497 5592  TermDD - ok
07:59:26.0528 5592  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\windows\System32\termsrv.dll
07:59:26.0591 5592  TermService - ok
07:59:26.0606 5592  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\windows\system32\themeservice.dll
07:59:26.0622 5592  Themes - ok
07:59:26.0653 5592  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\windows\system32\mmcss.dll
07:59:26.0684 5592  THREADORDER - ok
07:59:26.0715 5592  [ BA4030F56AACECD0E6D413565B4AED75 ] tmactmon        C:\windows\system32\DRIVERS\tmactmon.sys
07:59:26.0731 5592  tmactmon - ok
07:59:26.0762 5592  [ ED866799CA62626341632DA9EDECFD04 ] tmcomm          C:\windows\system32\DRIVERS\tmcomm.sys
07:59:26.0778 5592  tmcomm - ok
07:59:26.0778 5592  [ 84FB4B5C8DCD78163C440431FEF3E096 ] tmevtmgr        C:\windows\system32\DRIVERS\tmevtmgr.sys
07:59:26.0793 5592  tmevtmgr - ok
07:59:26.0856 5592  [ 14AAD1604C9386899485758C05A1757E ] TmListen        C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
07:59:26.0887 5592  TmListen - ok
07:59:26.0949 5592  [ 77B9BEBB0769F45EF770297196EF3506 ] tmtdi           C:\windows\system32\DRIVERS\tmtdi.sys
07:59:26.0965 5592  tmtdi - ok
07:59:26.0996 5592  [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM             C:\windows\system32\drivers\tpm.sys
07:59:27.0027 5592  TPM - ok
07:59:27.0059 5592  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\windows\System32\trkwks.dll
07:59:27.0105 5592  TrkWks - ok
07:59:27.0152 5592  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
07:59:27.0215 5592  TrustedInstaller - ok
07:59:27.0246 5592  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
07:59:27.0277 5592  tssecsrv - ok
07:59:27.0308 5592  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
07:59:27.0324 5592  TsUsbFlt - ok
07:59:27.0355 5592  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
07:59:27.0417 5592  tunnel - ok
07:59:27.0449 5592  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\windows\system32\DRIVERS\uagp35.sys
07:59:27.0464 5592  uagp35 - ok
07:59:27.0480 5592  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
07:59:27.0527 5592  udfs - ok
07:59:27.0558 5592  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\windows\system32\UI0Detect.exe
07:59:27.0558 5592  UI0Detect - ok
07:59:27.0589 5592  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
07:59:27.0605 5592  uliagpkx - ok
07:59:27.0636 5592  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\windows\system32\DRIVERS\umbus.sys
07:59:27.0667 5592  umbus - ok
07:59:27.0698 5592  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
07:59:27.0714 5592  UmPass - ok
07:59:27.0745 5592  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\windows\System32\umrdp.dll
07:59:27.0761 5592  UmRdpService - ok
07:59:27.0901 5592  [ 5713E039C0622F40347735CBA460B8FC ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
07:59:27.0948 5592  UNS - ok
07:59:27.0979 5592  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\windows\System32\upnphost.dll
07:59:28.0057 5592  upnphost - ok
07:59:28.0088 5592  [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64       C:\windows\system32\Drivers\usbaapl64.sys
07:59:28.0104 5592  USBAAPL64 - ok
07:59:28.0119 5592  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
07:59:28.0135 5592  usbccgp - ok
07:59:28.0166 5592  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\windows\system32\drivers\usbcir.sys
07:59:28.0182 5592  usbcir - ok
07:59:28.0197 5592  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\windows\system32\drivers\usbehci.sys
07:59:28.0213 5592  usbehci - ok
07:59:28.0229 5592  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
07:59:28.0244 5592  usbhub - ok
07:59:28.0260 5592  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\windows\system32\drivers\usbohci.sys
07:59:28.0275 5592  usbohci - ok
07:59:28.0307 5592  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
07:59:28.0322 5592  usbprint - ok
07:59:28.0338 5592  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
07:59:28.0369 5592  USBSTOR - ok
07:59:28.0400 5592  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
07:59:28.0416 5592  usbuhci - ok
07:59:28.0447 5592  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
07:59:28.0478 5592  usbvideo - ok
07:59:28.0509 5592  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\windows\System32\uxsms.dll
07:59:28.0572 5592  UxSms - ok
07:59:28.0587 5592  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\windows\system32\lsass.exe
07:59:28.0603 5592  VaultSvc - ok
07:59:28.0665 5592  [ BBE2B5036D2FF45458C747FB2513591D ] vcsFPService    C:\windows\system32\vcsFPService.exe
07:59:28.0743 5592  vcsFPService - ok
07:59:28.0759 5592  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
07:59:28.0775 5592  vdrvroot - ok
07:59:28.0790 5592  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\windows\System32\vds.exe
07:59:28.0837 5592  vds - ok
07:59:28.0868 5592  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
07:59:28.0884 5592  vga - ok
07:59:28.0915 5592  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\windows\System32\drivers\vga.sys
07:59:28.0946 5592  VgaSave - ok
07:59:28.0977 5592  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
07:59:28.0993 5592  vhdmp - ok
07:59:29.0024 5592  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\windows\system32\drivers\viaide.sys
07:59:29.0040 5592  viaide - ok
07:59:29.0055 5592  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\windows\system32\drivers\vmbus.sys
07:59:29.0071 5592  vmbus - ok
07:59:29.0071 5592  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\windows\system32\drivers\VMBusHID.sys
07:59:29.0087 5592  VMBusHID - ok
07:59:29.0118 5592  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\windows\system32\drivers\volmgr.sys
07:59:29.0118 5592  volmgr - ok
07:59:29.0149 5592  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
07:59:29.0165 5592  volmgrx - ok
07:59:29.0196 5592  [ DF8126BD41180351A093A3AD2FC8903B ] volsnap         C:\windows\system32\drivers\volsnap.sys
07:59:29.0211 5592  volsnap - ok
07:59:29.0243 5592  [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus          C:\windows\system32\DRIVERS\vpchbus.sys
07:59:29.0258 5592  vpcbus - ok
07:59:29.0274 5592  [ E675FB2B48C54F09895482E2253B289C ] vpcnfltr        C:\windows\system32\DRIVERS\vpcnfltr.sys
07:59:29.0289 5592  vpcnfltr - ok
07:59:29.0305 5592  [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb          C:\windows\system32\DRIVERS\vpcusb.sys
07:59:29.0321 5592  vpcusb - ok
07:59:29.0367 5592  [ 207B6539799CC1C112661A9B620DD233 ] vpcvmm          C:\windows\system32\drivers\vpcvmm.sys
07:59:29.0399 5592  vpcvmm - ok
07:59:29.0430 5592  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\windows\system32\DRIVERS\vsmraid.sys
07:59:29.0445 5592  vsmraid - ok
07:59:29.0492 5592  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\windows\system32\vssvc.exe
07:59:29.0555 5592  VSS - ok
07:59:29.0586 5592  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
07:59:29.0601 5592  vwifibus - ok
07:59:29.0633 5592  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
07:59:29.0648 5592  vwififlt - ok
07:59:29.0664 5592  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
07:59:29.0695 5592  vwifimp - ok
07:59:29.0726 5592  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\windows\system32\w32time.dll
07:59:29.0804 5592  W32Time - ok
07:59:29.0820 5592  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\windows\system32\DRIVERS\wacompen.sys
07:59:29.0835 5592  WacomPen - ok
07:59:29.0882 5592  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
07:59:29.0929 5592  WANARP - ok
07:59:29.0945 5592  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
07:59:29.0976 5592  Wanarpv6 - ok
07:59:30.0007 5592  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\windows\system32\wbengine.exe
07:59:30.0038 5592  wbengine - ok
07:59:30.0054 5592  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
07:59:30.0085 5592  WbioSrvc - ok
07:59:30.0116 5592  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\windows\System32\wcncsvc.dll
07:59:30.0132 5592  wcncsvc - ok
07:59:30.0147 5592  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
07:59:30.0163 5592  WcsPlugInService - ok
07:59:30.0194 5592  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\windows\system32\DRIVERS\wd.sys
07:59:30.0210 5592  Wd - ok
07:59:30.0241 5592  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
07:59:30.0257 5592  Wdf01000 - ok
07:59:30.0272 5592  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\windows\system32\wdi.dll
07:59:30.0288 5592  WdiServiceHost - ok
07:59:30.0303 5592  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\windows\system32\wdi.dll
07:59:30.0319 5592  WdiSystemHost - ok
07:59:30.0350 5592  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\windows\System32\webclnt.dll
07:59:30.0366 5592  WebClient - ok
07:59:30.0381 5592  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\windows\system32\wecsvc.dll
07:59:30.0413 5592  Wecsvc - ok
07:59:30.0428 5592  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\windows\System32\wercplsupport.dll
07:59:30.0475 5592  wercplsupport - ok
07:59:30.0506 5592  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\windows\System32\WerSvc.dll
07:59:30.0537 5592  WerSvc - ok
07:59:30.0569 5592  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
07:59:30.0631 5592  WfpLwf - ok
07:59:30.0647 5592  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\windows\system32\drivers\wimmount.sys
07:59:30.0662 5592  WIMMount - ok
07:59:30.0678 5592  WinDefend - ok
07:59:30.0678 5592  WinHttpAutoProxySvc - ok
07:59:30.0740 5592  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
07:59:30.0803 5592  Winmgmt - ok
07:59:30.0849 5592  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\windows\system32\WsmSvc.dll
07:59:30.0943 5592  WinRM - ok
07:59:30.0974 5592  [ FE88B288356E7B47B74B13372ADD906D ] WinUSB          C:\windows\system32\DRIVERS\WinUSB.sys
07:59:30.0990 5592  WinUSB - ok
07:59:31.0037 5592  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\windows\System32\wlansvc.dll
07:59:31.0083 5592  Wlansvc - ok
07:59:31.0177 5592  [ 98F138897EF4246381D197CB81846D62 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
07:59:31.0239 5592  wlidsvc - ok
07:59:31.0255 5592  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
07:59:31.0271 5592  WmiAcpi - ok
07:59:31.0302 5592  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
07:59:31.0317 5592  wmiApSrv - ok
07:59:31.0333 5592  WMPNetworkSvc - ok
07:59:31.0349 5592  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\windows\System32\wpcsvc.dll
07:59:31.0364 5592  WPCSvc - ok
07:59:31.0395 5592  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
07:59:31.0411 5592  WPDBusEnum - ok
07:59:31.0442 5592  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
07:59:31.0489 5592  ws2ifsl - ok
07:59:31.0505 5592  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\windows\system32\wscsvc.dll
07:59:31.0520 5592  wscsvc - ok
07:59:31.0520 5592  WSearch - ok
07:59:31.0583 5592  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\windows\system32\wuaueng.dll
07:59:31.0645 5592  wuauserv - ok
07:59:31.0661 5592  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
07:59:31.0676 5592  WudfPf - ok
07:59:31.0707 5592  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
07:59:31.0723 5592  WUDFRd - ok
07:59:31.0754 5592  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
07:59:31.0785 5592  wudfsvc - ok
07:59:31.0817 5592  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\windows\System32\wwansvc.dll
07:59:31.0832 5592  WwanSvc - ok
07:59:31.0863 5592  ================ Scan global ===============================
07:59:31.0895 5592  [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
07:59:31.0926 5592  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
07:59:31.0926 5592  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
07:59:31.0957 5592  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
07:59:31.0988 5592  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
07:59:31.0988 5592  [Global] - ok
07:59:31.0988 5592  ================ Scan MBR ==================================
07:59:32.0004 5592  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
07:59:32.0862 5592  \Device\Harddisk0\DR0 - ok
07:59:32.0862 5592  ================ Scan VBR ==================================
07:59:32.0862 5592  [ AFF3909263E923176CACAF5AACA3414E ] \Device\Harddisk0\DR0\Partition1
07:59:32.0877 5592  \Device\Harddisk0\DR0\Partition1 - ok
07:59:32.0877 5592  [ FD025B9932901AAFA6BA86E92A064F82 ] \Device\Harddisk0\DR0\Partition2
07:59:32.0893 5592  \Device\Harddisk0\DR0\Partition2 - ok
07:59:32.0909 5592  [ 7C1526F42E5B511DFEDF7030CE403473 ] \Device\Harddisk0\DR0\Partition3
07:59:32.0924 5592  \Device\Harddisk0\DR0\Partition3 - ok
07:59:32.0940 5592  [ BFDC04644B149FB90DD85E26D856091D ] \Device\Harddisk0\DR0\Partition4
07:59:32.0940 5592  \Device\Harddisk0\DR0\Partition4 - ok
07:59:32.0940 5592  ============================================================
07:59:32.0940 5592  Scan finished
07:59:32.0940 5592  ============================================================
07:59:32.0955 5240  Detected object count: 8
07:59:32.0955 5240  Actual detected object count: 8
07:59:37.0277 5240  CCALib8 ( UnsignedFile.Multi.Generic ) - skipped by user
07:59:37.0277 5240  CCALib8 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:59:37.0277 5240  DEBridge ( UnsignedFile.Multi.Generic ) - skipped by user
07:59:37.0277 5240  DEBridge ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:59:37.0277 5240  HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - skipped by user
07:59:37.0277 5240  HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:59:37.0277 5240  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user
07:59:37.0277 5240  HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:59:37.0277 5240  HPDayStarterService ( UnsignedFile.Multi.Generic ) - skipped by user
07:59:37.0277 5240  HPDayStarterService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:59:37.0277 5240  HPFSService ( UnsignedFile.Multi.Generic ) - skipped by user
07:59:37.0277 5240  HPFSService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:59:37.0277 5240  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
07:59:37.0277 5240  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:59:37.0277 5240  SafeBoot ( LockedFile.Multi.Generic ) - skipped by user
07:59:37.0277 5240  SafeBoot ( LockedFile.Multi.Generic ) - User select action: Skip 
07:59:42.0019 3248  Deinitialize success
         

Hi,
es sind 4 Logs zu erstellen, poste diese möglichst gleichzeitig.
1.
Downloade Dir bitte Malwarebytes Anti-Malware

• Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
• Starte Malwarebytes' Anti-Malware (MBAM).
• Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
• Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
• Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
• Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
• Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
• Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

neustart.
2.
Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
• Starte die AdwCleaner.exe mit einem Doppelklick.
• Stimme den Nutzungsbedingungen zu.
• Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
  • "Tracing" Schlüssel löschen
  • Winsock Einstellungen zurücksetzen
  • Proxy Einstellungen zurücksetzen
  • Internet Explorer Richtlinien zurücksetzen
  • Chrome Richtlinien zurücksetzen
  • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
• Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
• Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
• Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Neustart.
3.

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

• Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
• Drücke eine beliebige Taste, um das Tool zu starten.
• Je nach System kann der Scan eine Weile dauern.
• Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
• Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Neustart.
4.
Lade Hitmanpro:
HitmanPro - Download - Filepony
Doppelklicken, Scan klicken.
Log speichern und posten, bzw als XML exportieren, packen und anhängen, Hitmanpro schließen.

so

1. Malwarebytes:

Code: Alles auswählenAufklappen

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.07.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
name :: 6550B01 [Administrator]

Schutz: Aktiviert

07.08.2013 22:24:44
mbam-log-2013-08-07 (22-24-44).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 294423
Laufzeit: 4 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\name\Downloads\Gymnastik Zumba 2013 pdf.exe (PUP.Optional.Installex) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

2. AdwCleaner

AdwCleaner Logfile:

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v2.306 - Datei am 07/08/2013 um 22:34:23 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : name - 6550B01
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\name\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\name\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\prefs.js

Gelöscht : user_pref("extensions.51cc75326a19e.scode", "if(window.self.location.protocol.indexOf('hxxp')>-1 && [...]
Gelöscht : user_pref("extensions.51cc80ddecac7.scode", "(function(){try{if(window.opener&&window.self==window.t[...]

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\name\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [1117 octets] - [07/08/2013 22:34:23]

########## EOF - C:\AdwCleaner[S1].txt - [1177 octets] ##########
         

--- --- ---



3. JRT

JRT Logfile:

Code: Alles auswählenAufklappen

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.3.7 (08.07.2013:3)
OS: Windows 7 Professional x64
Ran by name on 07.08.2013 at 22:39:37,72
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\trolltech



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\name\AppData\Roaming\mozilla\firefox\profiles\pr2p6ukj.default\minidumps [2 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.08.2013 at 22:46:19,43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

--- --- ---


und 4. Hitman - ohne auflistung der cookies:

Code: Alles auswählenAufklappen

ATTFilter

HitmanPro 3.7.7.203
www.hitmanpro.com

   Computer name . . . . : 6550B01
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : CORP\reichert
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2013-08-07 22:51:05
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 3m 17s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 1095

   Objects scanned . . . : 1.872.455
   Files scanned . . . . : 24.159
   Remnants scanned  . . : 469.736 files / 1.378.560 keys
         

Hi, kann es sein, dass das Hitmanpro Log unvollständig ist?

Code: Alles auswählenAufklappen

ATTFilter

HitmanPro 3.7.7.203
www.hitmanpro.com

   Computer name . . . . : 6550B01
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : CORP\reichert
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2013-08-07 22:51:05
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 3m 17s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 732

   Objects scanned . . . : 1.872.455
   Files scanned . . . . : 24.159
   Remnants scanned  . . : 469.736 files / 1.378.560 keys

Cookies _____________________________________________________________________

   C:\Users\reichert\AppData\Roaming\Microsoft\Windows\Cookies\6EUU8H88.txt
   C:\Users\reichert\AppData\Roaming\Microsoft\Windows\Cookies\BM2UTN39.txt
   C:\Users\reichert\AppData\Roaming\Microsoft\Windows\Cookies\KQ93QBS2.txt
   C:\Users\reichert\AppData\Roaming\Microsoft\Windows\Cookies\reichert@ad.zanox[1].txt
   C:\Users\reichert\AppData\Roaming\Microsoft\Windows\Cookies\reichert@atdmt[1].txt
   C:\Users\reichert\AppData\Roaming\Microsoft\Windows\Cookies\reichert@invitemedia[1].txt
   C:\Users\reichert\AppData\Roaming\Microsoft\Windows\Cookies\reichert@tradedoubler[1].txt
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:2o7.net
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:ad.123-template.com
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:ad.12mnkys.com
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:ad.360yield.com
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:ad.ad-srv.net
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:ad.adc-serv.net
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:ad.adserver01.de
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:ad.dyntracker.com
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:ad.dyntracker.de
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:ad.mlnadvertising.com
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:ad.movad.net
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:ad.propellerads.com
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:ad.yieldmanager.com
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:ad.zanox.com
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:ads.adk2.com
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:ads.adtiger.de
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:ads.carocean.co.uk
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:ads.crakmedia.com
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:ads.creative-serving.com
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:ads.escinteractive.com
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:ads.immobilienscout24.de
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:ads.pubmatic.com
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:ads.vrm.de
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:adserv.quality-channel.de
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:adserver2.clipkit.de
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:adtech.de
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:adtechus.com
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:advertising.com
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:adviva.net
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:aimfar.solution.weborama.fr
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:aka-cdn-ns.adtech.de
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:apmebf.com
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:atdmt.com
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:autoscout24.112.2o7.net
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:binck.solution.weborama.fr
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:bmw2.solution.weborama.fr
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:bnpparibasnet.solution.weborama.fr
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:bs.serving-sys.com
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:burstnet.com
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:byou.solution.weborama.fr
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:c.atdmt.com
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:casalemedia.com
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:content-ssl.yieldmanager.com
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:content.yieldmanager.com
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:d2.zedo.com
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:de.sitestat.com
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:doubleclick.net
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:eas.apm.emediate.eu
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:eas4.emediate.eu
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:ero-advertising.com
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:ewscripps.112.2o7.net
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:exoclick.com
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:fastclick.net
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:fl01.ct2.comclick.com
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:guj.122.2o7.net
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:interclick.com
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:invitemedia.com
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:libri.112.2o7.net
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:livejasmin.com
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:loralparis2011.solution.weborama.fr
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:maturetubeporn.com
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:media6degrees.com
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:mediaplex.com
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:microsoftinternetexplorer.112.2o7.net
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:mm.chitika.net
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:oracle.112.2o7.net
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:pool-eu-ie.creative-serving.com
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:questionmarket.com
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:revsci.net
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:rts.phn.doublepimp.com
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:ru4.com
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:serving-sys.com
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:smartadserver.com
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:sncfautotrain.solution.weborama.fr
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:specificclick.net
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:statcounter.com
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:stats.finepix.de
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:statse.webtrendslive.com
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:testdata.coremetrics.com
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:track.adform.net
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:tradedoubler.com
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:weborama.fr
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:ww251.smartadserver.com
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:www.emjcd.com
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:www.etracker.de
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:www.googleadservices.com
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:www.youporn.com
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:xiti.com
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:youporn.com
   C:\Users\reichert\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\cookies.sqlite:zedo.com
         

Hi,
alle Browser schließen, Hitmanpro Funde löschen lassen.
Neustart, neues FRST Log.

Hier das neue Log:


FRST Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-08-2013
Ran by name (administrator) on 08-08-2013 15:37:24
Running from C:\Users\name\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(McAfee, Inc.) c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(IDT, Inc.) C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe
(Hewlett-Packard Company) C:\windows\system32\Hpservice.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(DigitalPersona, Inc.) c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
(Andrea Electronics Corporation) C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Development Company, L.P) c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
(Hewlett-Packard Company) c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Canon Inc.) C:\Program Files (x86)\Canon\CAL\CALMAIN.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(McAfee, Inc.) c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-01-08] (Intel Corporation)
HKLM\...\Run: [HPPowerAssistant] - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [1691192 2010-04-05] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-04-05] (Hewlett-Packard)
HKLM\...\Run: [acevents] - C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-04] (ActivIdentity)
HKLM\...\Run: [accrdsub] - C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [483880 2009-06-04] (ActivIdentity)
HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [204584 2011-03-26] (Trend Micro Inc.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-17] (IDT, Inc.)
HKLM-x32\...\Run: [File Sanitizer] - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11266048 2010-01-19] (Hewlett-Packard)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111640 2010-03-04] ()
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [79192 2011-02-18] (Research In Motion Limited)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2011-11-13] (Apple Inc.)
HKLM-x32\...\Run: [QLBController] - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [333728 2012-06-20] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-10] ()
HKU\Default User\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-10] ()
HKU\Mahler\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-10] ()
HKU\Mahler\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-05-19] (Hewlett-Packard Company)
HKU\User\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-05-19] (Hewlett-Packard Company)
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCOM/10
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCOM/10
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCOM/10
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1165\6.6.1081\TmIEPlg.dll (Trend Micro Inc.)
BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: EabookBiRoowsEu - {13AD5579-1C22-1DE7-0A2C-07D793B33C27} - C:\ProgramData\EabookBiRoowsEu\51cc80ddecbaf.dll No File
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1165\6.6.1081\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: safEE  save - {95A8BE25-6AC6-5B5F-5296-7C0F67939A04} - C:\ProgramData\safEE  save\51cc75326a286.dll No File
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {00134F72-5284-44F7-95A8-52A619F70751} https://dc1:4343/officescan/console/ClientInstall/WinNTChk.cab
DPF: HKLM-x32 {08D75BB0-D2B5-11D1-88FC-0080C859833B} https://dc1:4343/officescan/console/ClientInstall/setupini.cab
DPF: HKLM-x32 {08D75BC1-D2B5-11D1-88FC-0080C859833B} https://dc1:4343/officescan/console/ClientInstall/setup.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {5EFE8CB1-D095-11D1-88FC-0080C859833B} https://dc1:4343/officescan/console/ClientInstall/RemoveCtrl.cab
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1165\6.6.1081\TmIEPlg.dll (Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -  No File
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1165\6.6.1081\TmIEPlg32.dll (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Client Server Security Agent\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\name\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: safEE  save - C:\Users\name\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\Extensions\eauo0rclt@araisc.com
FF Extension: EabookBiRoowsEu - C:\Users\name\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\Extensions\txlxmkuioy@lauuy.org
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1165\6.6.1081\firefoxextension\
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20004\1.6.1165\6.6.1081\firefoxextension\

Chrome: 
=======
CHR Extension: (EabookBiRoowsEu) - C:\Users\name\AppData\Local\Google\Chrome\User Data\Default\Extensions\liljpidhppdkgliaemeklpldheaipbed\1
CHR Extension: (safEE  save) - C:\Users\name\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkdghpecpoghdgcnakclaikdceeofbd\1

==================== Services (Whitelisted) =================

R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-04] (ActivIdentity)
R2 AESTFilters; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
R2 CCALib8; C:\Program Files (x86)\Canon\CAL\CALMAIN.exe [96341 2005-09-30] (Canon Inc.)
R3 DEBridge; c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [704512 2010-02-02] (McAfee, Inc.)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [462088 2010-03-31] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [362040 2009-12-07] (Hewlett-Packard Ltd)
R2 HP ProtectTools Service; c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2010-03-17] (Hewlett-Packard Development Company, L.P)
R2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [281192 2010-02-02] (McAfee, Inc.)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [523680 2012-06-20] (Hewlett-Packard Company)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe [244736 2010-03-17] (IDT, Inc.)
S3 TmListen; C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe [1007120 2011-03-29] (Trend Micro Inc.)
S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=qb -dt=60000 [x]

==================== Drivers (Whitelisted) ====================

S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [40760 2009-10-21] (Hewlett-Packard Development Company L.P.)
R1 DNE; C:\Windows\System32\DRIVERS\dnelwf64.sys [131672 2010-12-06] (Deterministic Networks, Inc.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74240 2011-02-16] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [58184 2010-02-02] (McAfee, Inc.)
S3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [89344 2010-01-30] (Realtek Semiconductor Corp.)
R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [56648 2010-02-02] ()
R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [60160 2009-06-04] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15688 2010-02-02] (McAfee, Inc.)
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90896 2011-02-25] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [146192 2011-02-25] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [69904 2011-02-25] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2010-09-30] (Trend Micro Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
U3 tmpfw; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-08 15:36 - 2013-08-08 15:36 - 01790059 _____ (Farbar) C:\Users\name\Desktop\FRST64.exe
2013-08-07 22:57 - 2013-08-07 22:57 - 00028520 _____ C:\Users\name\Desktop\4     neu    HitmanPro_20130807_2257.log
2013-08-07 22:56 - 2013-08-07 22:56 - 00028518 _____ C:\Users\name\Desktop\4     HitmanPro_20130807_2256.log
2013-08-07 22:50 - 2013-08-07 22:57 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-07 22:47 - 2013-08-07 22:47 - 00000831 _____ C:\Users\name\Desktop\3    JRT.txt
2013-08-07 22:46 - 2013-08-07 22:46 - 00000839 _____ C:\Users\name\Desktop\JRT.txt
2013-08-07 22:38 - 2013-08-07 22:38 - 00001230 _____ C:\Users\name\Desktop\2     AdwCleaner[S1].txt
2013-08-07 22:34 - 2013-08-07 22:35 - 00001246 _____ C:\AdwCleaner[S1].txt
2013-08-07 22:22 - 2013-08-07 22:22 - 00001122 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-07 22:22 - 2013-08-07 22:22 - 00000000 ____D C:\Users\name\AppData\Roaming\Malwarebytes
2013-08-07 22:22 - 2013-08-07 22:22 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-07 22:22 - 2013-08-07 22:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-07 22:22 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-08-07 22:17 - 2013-08-07 22:17 - 09853928 _____ (SurfRight B.V.) C:\Users\name\Desktop\HitmanPro_x64.exe
2013-08-07 22:16 - 2013-08-07 22:16 - 00957082 _____ (Oleg N. Scherbakov) C:\Users\name\Desktop\JRT.exe
2013-08-07 22:16 - 2013-08-07 22:16 - 00666633 _____ C:\Users\name\Desktop\adwcleaner.exe
2013-08-07 22:13 - 2013-08-07 22:15 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\name\Desktop\mbam-setup-1.75.0.1300.exe
2013-08-07 10:49 - 2013-08-07 10:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-07 07:17 - 2013-08-07 07:17 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\name\Desktop\tdsskiller.exe
2013-08-06 23:41 - 2013-08-06 23:41 - 00028251 _____ C:\ComboFix.txt
2013-08-06 23:27 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe
2013-08-06 23:27 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe
2013-08-06 23:27 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-08-06 23:27 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-08-06 23:27 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-08-06 23:27 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe
2013-08-06 23:27 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe
2013-08-06 23:27 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe
2013-08-06 23:25 - 2013-08-06 23:26 - 05100695 ____R (Swearware) C:\Users\name\Desktop\ComboFix.exe
2013-08-06 23:19 - 2013-08-06 23:19 - 00000000 ____D C:\ProgramData\PDFC
2013-08-06 23:12 - 2013-08-08 14:42 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-08-06 23:12 - 2013-08-06 23:12 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-08-06 23:11 - 2013-08-06 23:11 - 00692104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-08-06 23:11 - 2013-08-06 23:11 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-06 23:10 - 2013-08-06 23:10 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-08-06 22:19 - 2013-08-06 22:20 - 00023727 _____ C:\Users\name\Desktop\Addition.txt
2013-08-06 22:19 - 2013-08-06 22:19 - 00000000 ____D C:\FRST
2013-08-06 22:14 - 2013-08-06 22:15 - 00002413 _____ C:\DelFix.txt
2013-08-06 22:10 - 2013-08-06 22:10 - 00000249 _____ C:\Users\name\Desktop\Safe Saver und eBook Browse - Trojaner-Board.URL
2013-08-06 07:43 - 2013-08-06 22:14 - 00000000 ____D C:\windows\ERUNT
2013-07-26 22:55 - 2013-08-06 07:33 - 00000282 _____ C:\Users\name\Desktop\spontaner Tab Sponsorship mit URL httptv.channel157news.com - Trojaner-Board.URL
2013-07-26 22:39 - 2013-08-06 23:41 - 00000000 ____D C:\Qoobox
2013-07-26 22:39 - 2013-07-26 22:52 - 00000000 ____D C:\windows\erdnt
2013-07-19 06:47 - 2013-05-27 07:54 - 01188864 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-07-19 06:47 - 2013-05-27 07:53 - 01492992 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-07-19 06:47 - 2013-05-27 07:53 - 00134144 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2013-07-19 06:47 - 2013-05-27 07:50 - 12295680 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-07-19 06:47 - 2013-05-27 07:50 - 02458112 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-07-19 06:47 - 2013-05-27 07:50 - 00735232 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-07-19 06:47 - 2013-05-27 07:50 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-07-19 06:47 - 2013-05-27 07:50 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2013-07-19 06:47 - 2013-05-27 07:50 - 00064512 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-07-19 06:47 - 2013-05-27 07:02 - 00981504 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-07-19 06:47 - 2013-05-27 07:01 - 01231872 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-07-19 06:47 - 2013-05-27 07:01 - 00132096 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2013-07-19 06:47 - 2013-05-27 06:57 - 00627712 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-07-19 06:47 - 2013-05-27 06:57 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2013-07-19 06:47 - 2013-05-27 06:56 - 11020800 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-07-19 06:47 - 2013-05-27 06:56 - 02078208 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-07-19 06:47 - 2013-05-27 06:56 - 00176640 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-07-19 06:47 - 2013-05-27 06:56 - 00048128 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-07-19 06:47 - 2013-05-27 05:58 - 01638912 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-07-19 06:47 - 2013-05-27 05:20 - 01638912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-07-19 06:46 - 2013-05-27 07:50 - 09070080 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-07-19 06:46 - 2013-05-27 06:57 - 06035456 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-07-19 06:43 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2013-07-19 06:43 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2013-07-19 06:42 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-07-19 06:42 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2013-07-19 06:41 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-07-19 06:41 - 2013-04-10 07:45 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2013-07-19 06:41 - 2013-04-10 07:02 - 01077760 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll

==================== One Month Modified Files and Folders =======

2013-08-08 15:36 - 2013-08-08 15:36 - 01790059 _____ (Farbar) C:\Users\name\Desktop\FRST64.exe
2013-08-08 15:35 - 2009-07-14 06:45 - 00020720 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-08 15:35 - 2009-07-14 06:45 - 00020720 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-08 15:32 - 2010-09-12 22:06 - 00656734 _____ C:\windows\system32\perfh007.dat
2013-08-08 15:32 - 2010-09-12 22:06 - 00130510 _____ C:\windows\system32\perfc007.dat
2013-08-08 15:32 - 2009-07-14 07:13 - 01501362 _____ C:\windows\system32\PerfStringBackup.INI
2013-08-08 15:28 - 2010-09-12 22:05 - 00000000 ____D C:\ProgramData\HPQLOG
2013-08-08 15:28 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-08-08 15:28 - 2009-07-14 06:51 - 00081622 _____ C:\windows\setupact.log
2013-08-08 15:27 - 2011-03-07 23:09 - 01430726 _____ C:\windows\WindowsUpdate.log
2013-08-08 14:42 - 2013-08-06 23:12 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-08-08 13:42 - 2011-04-17 18:21 - 00001982 _____ C:\Users\name\Desktop\Datenbank IC - Verknüpfung.lnk
2013-08-08 10:31 - 2011-04-13 18:27 - 00000052 _____ C:\windows\SysWOW64\DOErrors.log
2013-08-08 10:25 - 2012-09-19 22:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-07 22:57 - 2013-08-07 22:57 - 00028520 _____ C:\Users\name\Desktop\4     neu    HitmanPro_20130807_2257.log
2013-08-07 22:57 - 2013-08-07 22:50 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-07 22:56 - 2013-08-07 22:56 - 00028518 _____ C:\Users\name\Desktop\4     HitmanPro_20130807_2256.log
2013-08-07 22:48 - 2009-07-14 07:08 - 00032640 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-08-07 22:47 - 2013-08-07 22:47 - 00000831 _____ C:\Users\name\Desktop\3    JRT.txt
2013-08-07 22:46 - 2013-08-07 22:46 - 00000839 _____ C:\Users\name\Desktop\JRT.txt
2013-08-07 22:38 - 2013-08-07 22:38 - 00001230 _____ C:\Users\name\Desktop\2     AdwCleaner[S1].txt
2013-08-07 22:35 - 2013-08-07 22:34 - 00001246 _____ C:\AdwCleaner[S1].txt
2013-08-07 22:31 - 2010-09-12 22:43 - 00915852 _____ C:\windows\PFRO.log
2013-08-07 22:22 - 2013-08-07 22:22 - 00001122 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-07 22:22 - 2013-08-07 22:22 - 00000000 ____D C:\Users\name\AppData\Roaming\Malwarebytes
2013-08-07 22:22 - 2013-08-07 22:22 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-07 22:22 - 2013-08-07 22:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-07 22:17 - 2013-08-07 22:17 - 09853928 _____ (SurfRight B.V.) C:\Users\name\Desktop\HitmanPro_x64.exe
2013-08-07 22:16 - 2013-08-07 22:16 - 00957082 _____ (Oleg N. Scherbakov) C:\Users\name\Desktop\JRT.exe
2013-08-07 22:16 - 2013-08-07 22:16 - 00666633 _____ C:\Users\name\Desktop\adwcleaner.exe
2013-08-07 22:15 - 2013-08-07 22:13 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\name\Desktop\mbam-setup-1.75.0.1300.exe
2013-08-07 22:11 - 2011-04-24 10:45 - 00003926 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{DCD7CC38-A14C-4F68-9043-5B448CE8B444}
2013-08-07 21:54 - 2012-11-16 08:34 - 00003204 _____ C:\windows\System32\Tasks\HPCeeScheduleForname
2013-08-07 21:54 - 2012-11-16 08:34 - 00000344 _____ C:\windows\Tasks\HPCeeScheduleForname.job
2013-08-07 20:49 - 2011-04-14 08:53 - 00000136 _____ C:\windows\system32\config\netlogon.ftl
2013-08-07 10:49 - 2013-08-07 10:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-07 07:17 - 2013-08-07 07:17 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\name\Desktop\tdsskiller.exe
2013-08-06 23:41 - 2013-08-06 23:41 - 00028251 _____ C:\ComboFix.txt
2013-08-06 23:41 - 2013-07-26 22:39 - 00000000 ____D C:\Qoobox
2013-08-06 23:38 - 2009-07-14 04:34 - 00000215 _____ C:\windows\system.ini
2013-08-06 23:26 - 2013-08-06 23:25 - 05100695 ____R (Swearware) C:\Users\name\Desktop\ComboFix.exe
2013-08-06 23:21 - 2011-11-03 22:34 - 00000000 ____D C:\Program Files\Google
2013-08-06 23:21 - 2011-11-03 22:34 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-06 23:19 - 2013-08-06 23:19 - 00000000 ____D C:\ProgramData\PDFC
2013-08-06 23:12 - 2013-08-06 23:12 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-08-06 23:12 - 2012-07-03 15:32 - 00000000 ____D C:\Users\name\AppData\Local\Adobe
2013-08-06 23:11 - 2013-08-06 23:11 - 00692104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-08-06 23:11 - 2013-08-06 23:11 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-06 23:10 - 2013-08-06 23:10 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-08-06 23:10 - 2012-07-03 15:15 - 00000000 ____D C:\ProgramData\Adobe
2013-08-06 22:58 - 2011-11-03 22:34 - 00000000 ____D C:\Users\name\AppData\Local\Google
2013-08-06 22:58 - 2011-11-03 22:34 - 00000000 ____D C:\ProgramData\Google
2013-08-06 22:20 - 2013-08-06 22:19 - 00023727 _____ C:\Users\name\Desktop\Addition.txt
2013-08-06 22:19 - 2013-08-06 22:19 - 00000000 ____D C:\FRST
2013-08-06 22:15 - 2013-08-06 22:14 - 00002413 _____ C:\DelFix.txt
2013-08-06 22:14 - 2013-08-06 07:43 - 00000000 ____D C:\windows\ERUNT
2013-08-06 22:10 - 2013-08-06 22:10 - 00000249 _____ C:\Users\name\Desktop\Safe Saver und eBook Browse - Trojaner-Board.URL
2013-08-06 07:33 - 2013-07-26 22:55 - 00000282 _____ C:\Users\name\Desktop\spontaner Tab Sponsorship mit URL httptv.channel157news.com - Trojaner-Board.URL
2013-07-26 22:52 - 2013-07-26 22:39 - 00000000 ____D C:\windows\erdnt
2013-07-22 19:48 - 2009-07-14 06:45 - 00458448 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-22 19:47 - 2009-07-27 16:36 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-22 19:47 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-22 19:47 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-19 06:44 - 2011-04-13 20:55 - 78185248 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-07-19 06:43 - 2011-04-14 10:21 - 00000000 ____D C:\ProgramData\Microsoft Help

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-04 16:04

==================== End Of Log ============================
         

--- --- ---

Hi,
1.
Internet explorer 10 instalieren, auch wenn du einen anderen nutzt, muss er aktuell sein.
Internet Explorer*10 herunterladen - Internet Explorer*10 herunterladen
2.
2.
Fix mit FRST
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code: Alles auswählenAufklappen

ATTFilter

BHO-x32: EabookBiRoowsEu - {13AD5579-1C22-1DE7-0A2C-07D793B33C27} - C:\ProgramData\EabookBiRoowsEu\51cc80ddecbaf.dll No File 
 BHO-x32: safEE  save - {95A8BE25-6AC6-5B5F-5296-7C0F67939A04} - C:\ProgramData\safEE  save\51cc75326a286.dll No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
CHR Extension: (EabookBiRoowsEu) - C:\Users\name\AppData\Local\Google\Chrome\User Data\Default\Extensions\liljpidhppdkgliaemeklpldheaipbed\1
FF Extension: safEE  save - C:\Users\name\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\Extensions\eauo0rclt@araisc.com
FF Extension: EabookBiRoowsEu - C:\Users\name\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\Extensions\txlxmkuioy@lauuy.org
CHR Extension: (safEE  save) - C:\Users\name\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkdghpecpoghdgcnakclaikdceeofbd\1
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

• Starte nun FRST erneut
  und klicke den Fix Button.
• Das Tool erstellt eine Fixlog.txt.
• Poste mir deren Inhalt.

3.
bitte teste, ob es im Firefox, internet explorer, und sonstigen
evtl. instalierte Browser, irgendwelche ungewollten toolbars, umleitungen oder sonstigen Probleme gibt.
Teste wie pc und programme allgemein laufen.
Falls das alles ok ist:
4.
Die Reihenfolge ist hier entscheidend.

1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
   • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
   • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
   • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
3. Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
   • Schließe alle offenen Programme.
   • Starte die delfix.exe mit einem Doppelklick.
   • Setze vor jede Funktion ein Häkchen.
   • Klicke auf Start.
   • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
   • Starte deinen Rechner abschließend neu.
4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

5. PC absichern:
als antimalware programm würde ich emsisoft empfehlen.
diese haben für mich den besten schutz kostet aber etwas.
Computeractive Software Store - Emsisoft Anti-Malware 8 [1-PC] - 63% off RRP
testversion:
Meine Antivirus-Empfehlung: Emsisoft Anti-Malware
insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren.
vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen.

kostenlos, aber eben nicht ganz so gut währe avast zu empfehlen.
http://www.trojaner-board.de/110895-...antivirus.html

sag mir welches du nutzt, dann gebe ich konfigurationshinweise.
bitte dein bisheriges av deinstalieren
die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch!

http://www.trojaner-board.de/96344-a...-rechners.html
Starte bitte mit der Passage, Windows Vista und Windows 7
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist.
aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen.
als browser rate ich dir zu chrome:
http://support.google.com/chrome/bin...&answer=118663
anleitung lesen bitte
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung anpassen.


Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
Sandboxie - Download - Filepony

anleitung:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
anmerkung zu file hippo.
in den settings zusätzlich auswählen:
hide beta updates.
Run updateChecker when Windows starts

Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
http://www.trojaner-board.de/82962-w...en-backup.html
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird Sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser

passwort sicherheit:
jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort
bei der passwort verwaltung und erstellung hilft roboform
Password Manager, Form Filler, Password Management | RoboForm Password Manager
anleitung:
RoboForm Manual

Hi markus,

habe gefixed - weiter unten das Log.

Das besagte Ad wird immer noch auf meiner google Start Seite angezeigt. Das war diese safesaver Geschichte. Während die aufgebaut wird, wird auch unten links nach und nach angezeigt, woher Inhalte geladen werden.

Der eBook browse Buttin wird noch in der Leiste meines Firefox angezeigt, scheint aber von Malwarebytes unterbunden zu werden. Zumindest hat er gemeckert und der Inhalt wird bei Aktivierung nicht mehr richtig angezeigt, da gesperrt.

Di pop ups kommen ebenfalls weiterhin. :-(

Code: Alles auswählenAufklappen

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-08-2013
Ran by name at 2013-08-08 16:47:08 Run:1
Running from C:\Users\name\Desktop
Boot Mode: Normal
==============================================

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13AD5579-1C22-1DE7-0A2C-07D793B33C27} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{13AD5579-1C22-1DE7-0A2C-07D793B33C27} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95A8BE25-6AC6-5B5F-5296-7C0F67939A04} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{95A8BE25-6AC6-5B5F-5296-7C0F67939A04} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
C:\Users\name\AppData\Local\Google\Chrome\User Data\Default\Extensions\liljpidhppdkgliaemeklpldheaipbed directory not found.
C:\Users\name\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\Extensions\eauo0rclt@araisc.com not found.
C:\Users\name\AppData\Roaming\Mozilla\Firefox\Profiles\pr2p6ukj.default\Extensions\txlxmkuioy@lauuy.org not found.
C:\Users\name\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkdghpecpoghdgcnakclaikdceeofbd directory not found.

==== End of Fixlog ====
         

OK,
Exportiere mal deine Chrome lesezeichen:
https://support.google.com/chrome/answer/96816?hl=de
Lade dir nen neuen Chrome installer.
deinstaliere chrome, lasse die surfspuren mit löschen, starte neu, reinstaliere Chrome und teste jetzt noch mal alle instalierten Browser aauf probleme.