| |
| |||||||
Log-Analyse und Auswertung: Mit Malwarebytes Backdoor/Agent ; Trojaner/Agent gefunden. Was Tun?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
24.02.2013, 23:55
| #1 |
 |  Mit Malwarebytes Backdoor/Agent ; Trojaner/Agent gefunden. Was Tun? Hallo liebe Board Gemeinde, so wie das ausschaut habe ich mir einen Trojaner gefangen.... :-( Aufgefallen war mir - das die Starttaste nicht mehr anklickbar war (Nur noch durch die Win-Taste der Tastatur zu öffnen) - . Danach habe ich mir die Prozesse mal angeschaut wo mir die Datei ie_util.exe aufgefallen ist. Diese habe ich dann umbenannt und in der Registry nach einträgen geschaut (unter .../Run gefunden und den String erst einmal nach ....ie_util.exe-.... umbenannt. Dann habe ich die Datei auf meinem anderen Rechner (Auf dem befallenen Rechner ist Antivir Kaufversion installiert) mit Kaspersky (auch Kaufversion) geprüft - ohne Ergebnis. Nachdem ich Antivir ein zweites Mal habe prüfen lassen wurde meine umbenannte Datei erkannt und in Quarantäne verschoben. Ich habe dann sofort Malwarebyte laufen lassen der 4 x angeschlagen: Hier das Logfile: Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.24.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 ********** :: ********** [Administrator] 24.02.2013 18:23:10 MBAM-log-2013-02-24 (23-03-54).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 705397 Laufzeit: 4 Stunde(n), 11 Minute(n), 45 Sekunde(n) Infizierte Speicherprozesse: 1 C:\Users\**********\AppData\Roaming\Hayrqy\uwte.exe (Backdoor.Agent.RS) -> 4068 -> Keine Aktion durchgeführt. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Viqepaa (Backdoor.Agent.RS) -> Daten: "C:\Users\**********\AppData\Roaming\Hayrqy\uwte.exe" -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|IExplorer Util (Trojan.Agent.IET) -> Daten: C:\Users\**********\AppData\Roaming\ie_util.exe- -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\**********\AppData\Roaming\Hayrqy\uwte.exe (Backdoor.Agent.RS) -> Keine Aktion durchgeführt. (Ende) -------------- ....ich habe auch schon OTL laufen lassen, die beiden Dateien sind im Anhanng. Ich hoffe ich habe alles bisher richtig, entsprechend der Board Rules, gemacht. Was muss ich jetzt machen? Ich hoffe es geht ohne Neu aufsetzen zu müssen... Vielen Dank Shepard P.S. leider muss ich morgen Früh raus und komme erst wieder morgen Abend dazu nachzuschauen, Ich danke jetzt schon Mal für die Antwort(en) die ich dann vorfinde. Gute Nacht. Geändert von shepard2012 (24.02.2013 um 23:59 Uhr) Grund: evtl. verzögerte Antwort von mir |
|
25.02.2013, 13:40
| #2 |
| /// Helfer-Team  | Mit Malwarebytes Backdoor/Agent ; Trojaner/Agent gefunden. Was Tun? Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Ersetze die *** Sternchen wieder in den Benutzernamen zurück! Code:
ATTFilter :OTL
MOD - C:\Users\******\AppData\Roaming\Hayrqy\uwte.exe ()
O4 - HKU\S-1-5-21-1497567498-2469065647-1948998594-1000..\Run: [Viqepaa] C:\Users\******\AppData\Roaming\Hayrqy\uwte.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
:Files
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\******\*.tmp
C:\Users\******\AppData\*.dll
C:\Users\******\AppData\*.exe
C:\Users\******\AppData\Local\Temp\*.exe
C:\Users\******\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers danach: 3. Schritt Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ |
|
25.02.2013, 19:40
| #3 |
| | Mit Malwarebytes Backdoor/Agent ; Trojaner/Agent gefunden. Was Tun? Hallo t'john,
__________________lieben Dank für deine Hilfe. Ich habe alles nach deiner Anleitung erstellt. Im Anhang sind die Ergebnisse. LG shepard |
|
25.02.2013, 20:51
| #4 | |
| | Mit Malwarebytes Backdoor/Agent ; Trojaner/Agent gefunden. Was Tun?Zitat:
Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.24.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 ******** :: ******** [Administrator] 25.02.2013 20:46:06 MBAM-log-2013-02-25 (20-52-11).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 216881 Laufzeit: 2 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 1 C:\Users\********\AppData\Roaming\Uzof\rour.exe (IPH.Trojan.Zbot.Rke) -> 2484 -> Keine Aktion durchgeführt. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Yguclam (IPH.Trojan.Zbot.Rke) -> Daten: "C:\Users\********\AppData\Roaming\Uzof\rour.exe" -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\********\AppData\Roaming\Uzof\rour.exe (IPH.Trojan.Zbot.Rke) -> Keine Aktion durchgeführt. (Ende) Ich hoffe ich habe jetzt nichts falsch gemacht. Ich habe den Button zur Entfernung in Malwarebytes gedrückt und den anschliessend geforderten Neustart gemacht. Der anschliessende Quickscan brachte das folgende Ergebnis: Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.25.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 *** :: DELXPS8500 [Administrator] 25.02.2013 23:07:47 mbam-log-2013-02-25 (23-07-47).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 216665 Laufzeit: 4 Minute(n), 8 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Zurzeit lasse ich nochmal einen, diesmal Komplettscan, drüberlaufen... Ich hoffe ich mache jetzt nichts falsch... |
|
26.02.2013, 12:28
| #5 |
| /// Helfer-Team | Mit Malwarebytes Backdoor/Agent ; Trojaner/Agent gefunden. Was Tun? Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). dann: Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
|
|
26.02.2013, 22:38
| #6 |
| | Mit Malwarebytes Backdoor/Agent ; Trojaner/Agent gefunden. Was Tun? Vielen Dank für deine bisherige Mühe. Ich habe es genauso gemacht wie du es beschrieben hast und es in den Anleitungen steht. Im Anhang ist das aswMBR Log, das TDSKiller Log war zu gross für den upload, daher habe ich es hier hereinkopiert (sorry ich weiss leider nicht wie man es in eine Box bringt...): 20:58:00.0878 4348 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 20:58:00.0886 4348 ============================================================ 20:58:00.0886 4348 Current date / time: 2013/02/26 20:58:00.0886 20:58:00.0886 4348 SystemInfo: 20:58:00.0886 4348 20:58:00.0886 4348 OS Version: 6.1.7601 ServicePack: 1.0 20:58:00.0886 4348 Product type: Workstation 20:58:00.0886 4348 ComputerName: ******** 20:58:00.0886 4348 UserName: ******** 20:58:00.0886 4348 Windows directory: C:\Windows 20:58:00.0886 4348 System windows directory: C:\Windows 20:58:00.0886 4348 Running under WOW64 20:58:00.0886 4348 Processor architecture: Intel x64 20:58:00.0886 4348 Number of processors: 8 20:58:00.0886 4348 Page size: 0x1000 20:58:00.0886 4348 Boot type: Normal boot 20:58:00.0886 4348 ============================================================ 20:58:01.0148 4348 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 20:58:01.0151 4348 Drive \Device\Harddisk10\DR10 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 20:58:01.0152 4348 Drive \Device\Harddisk11\DR11 - Size: 0x1D1C0F00000 (1863.01 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 20:58:08.0317 4348 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 20:58:08.0318 4348 Drive \Device\Harddisk4\DR4 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 20:58:14.0170 4348 Drive \Device\Harddisk5\DR5 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 20:58:21.0016 4348 ============================================================ 20:58:21.0016 4348 \Device\Harddisk0\DR0: 20:58:21.0016 4348 MBR partitions: 20:58:21.0016 4348 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1880000 20:58:21.0016 4348 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1894000, BlocksNum 0x72E72000 20:58:21.0016 4348 \Device\Harddisk10\DR10: 20:58:21.0017 4348 MBR partitions: 20:58:21.0017 4348 \Device\Harddisk10\DR10\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02 20:58:21.0017 4348 \Device\Harddisk11\DR11: 20:58:21.0018 4348 MBR partitions: 20:58:21.0018 4348 \Device\Harddisk11\DR11\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07000 20:58:21.0018 4348 \Device\Harddisk1\DR1: 20:58:21.0018 4348 MBR partitions: 20:58:21.0018 4348 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x74705982 20:58:21.0018 4348 \Device\Harddisk4\DR4: 20:58:21.0019 4348 MBR partitions: 20:58:21.0019 4348 \Device\Harddisk4\DR4\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41 20:58:21.0019 4348 \Device\Harddisk5\DR5: 20:58:21.0019 4348 MBR partitions: 20:58:21.0019 4348 \Device\Harddisk5\DR5\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982 20:58:21.0019 4348 ============================================================ 20:58:21.0047 4348 C: <-> \Device\Harddisk0\DR0\Partition2 20:58:21.0077 4348 G: <-> \Device\Harddisk5\DR5\Partition1 20:58:21.0077 4348 J: <-> \Device\Harddisk1\DR1\Partition1 20:58:21.0517 4348 B: <-> \Device\Harddisk11\DR11\Partition1 20:58:21.0532 4348 A: <-> \Device\Harddisk4\DR4\Partition1 20:58:21.0554 4348 T: <-> \Device\Harddisk10\DR10\Partition1 20:58:21.0554 4348 ============================================================ 20:58:21.0554 4348 Initialize success 20:58:21.0554 4348 ============================================================ 20:58:47.0162 5304 ============================================================ 20:58:47.0162 5304 Scan started 20:58:47.0162 5304 Mode: Manual; SigCheck; TDLFS; 20:58:47.0162 5304 ============================================================ 20:58:48.0121 5304 ================ Scan system memory ======================== 20:58:48.0121 5304 System memory - ok 20:58:48.0121 5304 ================ Scan services ============================= 20:58:48.0210 5304 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 20:58:48.0258 5304 1394ohci - ok 20:58:48.0280 5304 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 20:58:48.0290 5304 ACPI - ok 20:58:48.0301 5304 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 20:58:48.0325 5304 AcpiPmi - ok 20:58:48.0449 5304 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 20:58:48.0459 5304 AdobeARMservice - ok 20:58:48.0571 5304 [ 563CDCFEEAEF97163E206AF71A61AA6E ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 20:58:48.0583 5304 AdobeFlashPlayerUpdateSvc - ok 20:58:48.0612 5304 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 20:58:48.0623 5304 adp94xx - ok 20:58:48.0631 5304 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 20:58:48.0640 5304 adpahci - ok 20:58:48.0654 5304 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 20:58:48.0662 5304 adpu320 - ok 20:58:48.0687 5304 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 20:58:48.0719 5304 AeLookupSvc - ok 20:58:48.0759 5304 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe 20:58:48.0766 5304 AERTFilters - ok 20:58:48.0800 5304 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 20:58:48.0827 5304 AFD - ok 20:58:48.0837 5304 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 20:58:48.0845 5304 agp440 - ok 20:58:48.0859 5304 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 20:58:48.0905 5304 ALG - ok 20:58:48.0917 5304 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 20:58:48.0924 5304 aliide - ok 20:58:48.0932 5304 [ 812349D328EB406815183A5D17B49E7C ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 20:58:48.0943 5304 AMD External Events Utility - ok 20:58:48.0952 5304 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 20:58:48.0959 5304 amdide - ok 20:58:48.0972 5304 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 20:58:48.0986 5304 AmdK8 - ok 20:58:49.0108 5304 [ 0415FFE1B6A6EA141FEAFCA57567F57F ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 20:58:49.0257 5304 amdkmdag - ok 20:58:49.0286 5304 [ DC24D6F38F17C0D643D9AA8A6852F8D0 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 20:58:49.0299 5304 amdkmdap - ok 20:58:49.0312 5304 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 20:58:49.0321 5304 AmdPPM - ok 20:58:49.0330 5304 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 20:58:49.0338 5304 amdsata - ok 20:58:49.0348 5304 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 20:58:49.0357 5304 amdsbs - ok 20:58:49.0366 5304 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 20:58:49.0372 5304 amdxata - ok 20:58:49.0438 5304 [ B5C0F65D6657C6ADD9ED75EC7583390B ] AnyDVD C:\Windows\system32\Drivers\AnyDVD.sys 20:58:49.0451 5304 AnyDVD - ok 20:58:49.0506 5304 [ 4FC6E2C2FC50445450651F42E90CC0BD ] Apowersoft_AudioDevice C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys 20:58:49.0516 5304 Apowersoft_AudioDevice - ok 20:58:49.0545 5304 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 20:58:49.0571 5304 AppID - ok 20:58:49.0592 5304 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 20:58:49.0638 5304 AppIDSvc - ok 20:58:49.0653 5304 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 20:58:49.0678 5304 Appinfo - ok 20:58:49.0772 5304 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 20:58:49.0781 5304 Apple Mobile Device - ok 20:58:49.0792 5304 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 20:58:49.0799 5304 arc - ok 20:58:49.0810 5304 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 20:58:49.0818 5304 arcsas - ok 20:58:49.0869 5304 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 20:58:49.0876 5304 aspnet_state - ok 20:58:49.0898 5304 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 20:58:49.0937 5304 AsyncMac - ok 20:58:49.0956 5304 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 20:58:49.0963 5304 atapi - ok 20:58:49.0995 5304 [ D0B119D6F52BDCA8D204F79D27690209 ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys 20:58:50.0001 5304 AthBTPort - ok 20:58:50.0063 5304 [ D24159FA178DCCE3B41226640D5E9C8D ] AtherosSvc C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe 20:58:50.0069 5304 AtherosSvc - ok 20:58:50.0120 5304 [ 3D68A1EEF77307142636AF5127990BCB ] athr C:\Windows\system32\DRIVERS\athrx.sys 20:58:50.0205 5304 athr - ok 20:58:50.0246 5304 [ 230CF51113CD4B830B3BFD09B0D4C066 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys 20:58:50.0255 5304 AtiHDAudioService - ok 20:58:50.0286 5304 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 20:58:50.0325 5304 AudioEndpointBuilder - ok 20:58:50.0331 5304 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 20:58:50.0353 5304 AudioSrv - ok 20:58:50.0409 5304 [ 95DC4B7362534D8C5C18D7B665B93FA9 ] AVerPola C:\Windows\system32\DRIVERS\AVerPola.sys 20:58:50.0434 5304 AVerPola - ok 20:58:50.0529 5304 [ B085322DC9984B31190BD80D2542329F ] AVerRemote C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe 20:58:50.0546 5304 AVerRemote ( UnsignedFile.Multi.Generic ) - warning 20:58:50.0546 5304 AVerRemote - detected UnsignedFile.Multi.Generic (1) 20:58:50.0603 5304 [ 3094F37D17C9F91632689FFE9381FC4B ] AVerScheduleService C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe 20:58:50.0631 5304 AVerScheduleService ( UnsignedFile.Multi.Generic ) - warning 20:58:50.0631 5304 AVerScheduleService - detected UnsignedFile.Multi.Generic (1) 20:58:50.0717 5304 [ AC116B5EBD1CD55EB4FA6399DC3ABC3D ] AVerUpdateServer C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe 20:58:50.0733 5304 AVerUpdateServer ( UnsignedFile.Multi.Generic ) - warning 20:58:50.0733 5304 AVerUpdateServer - detected UnsignedFile.Multi.Generic (1) 20:58:50.0775 5304 [ 75ECA8D0B6920E2A735890C4FFCA8989 ] AVPolCIR C:\Windows\system32\DRIVERS\AVPolCIR.sys 20:58:50.0804 5304 AVPolCIR - ok 20:58:50.0822 5304 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 20:58:50.0837 5304 AxInstSV - ok 20:58:50.0872 5304 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 20:58:50.0903 5304 b06bdrv - ok 20:58:50.0942 5304 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 20:58:50.0975 5304 b57nd60a - ok 20:58:51.0021 5304 [ 87F3BCF82A63E900AF896CD930BF7E05 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE 20:58:51.0030 5304 BBSvc - ok 20:58:51.0051 5304 [ 78779EE07231C658B483B1F38B5088DF ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE 20:58:51.0059 5304 BBUpdate - ok 20:58:51.0066 5304 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 20:58:51.0098 5304 BDESVC - ok 20:58:51.0109 5304 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 20:58:51.0128 5304 Beep - ok 20:58:51.0156 5304 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 20:58:51.0192 5304 BFE - ok 20:58:51.0228 5304 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 20:58:51.0271 5304 BITS - ok 20:58:51.0288 5304 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 20:58:51.0312 5304 blbdrive - ok 20:58:51.0363 5304 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 20:58:51.0374 5304 Bonjour Service - ok 20:58:51.0422 5304 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 20:58:51.0442 5304 bowser - ok 20:58:51.0450 5304 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 20:58:51.0460 5304 BrFiltLo - ok 20:58:51.0467 5304 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 20:58:51.0477 5304 BrFiltUp - ok 20:58:51.0522 5304 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 20:58:51.0537 5304 Browser - ok 20:58:51.0550 5304 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 20:58:51.0589 5304 Brserid - ok 20:58:51.0598 5304 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 20:58:51.0617 5304 BrSerWdm - ok 20:58:51.0624 5304 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 20:58:51.0634 5304 BrUsbMdm - ok 20:58:51.0641 5304 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 20:58:51.0655 5304 BrUsbSer - ok 20:58:51.0685 5304 [ 50D912C86B924C397DEAE7C813E25B78 ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys 20:58:51.0694 5304 BTATH_A2DP - ok 20:58:51.0704 5304 [ 486362291E8C2AABC3698FCB0052D042 ] btath_avdt C:\Windows\system32\drivers\btath_avdt.sys 20:58:51.0710 5304 btath_avdt - ok 20:58:51.0734 5304 [ E6B734A37ADE36FE1A77035F4E484C8C ] BTATH_BUS C:\Windows\system32\DRIVERS\btath_bus.sys 20:58:51.0739 5304 BTATH_BUS - ok 20:58:51.0745 5304 [ FB3833E63FF602B69C2FF085846DCF43 ] BTATH_HCRP C:\Windows\system32\DRIVERS\btath_hcrp.sys 20:58:51.0751 5304 BTATH_HCRP - ok 20:58:51.0773 5304 [ 371A11C1333BA526263A987A93ACDE3D ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys 20:58:51.0778 5304 BTATH_LWFLT - ok 20:58:51.0789 5304 [ ABCD3C16CA850A7594CEB9AD5D966810 ] BTATH_RCP C:\Windows\system32\DRIVERS\btath_rcp.sys 20:58:51.0796 5304 BTATH_RCP - ok 20:58:51.0839 5304 [ E2BC720E66DA3E51E41D47C12FE353F1 ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys 20:58:51.0849 5304 BtFilter - ok 20:58:51.0899 5304 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys 20:58:51.0923 5304 BthEnum - ok 20:58:51.0932 5304 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 20:58:51.0951 5304 BTHMODEM - ok 20:58:51.0974 5304 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 20:58:51.0999 5304 BthPan - ok 20:58:52.0052 5304 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys 20:58:52.0077 5304 BTHPORT - ok 20:58:52.0103 5304 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 20:58:52.0128 5304 bthserv - ok 20:58:52.0179 5304 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys 20:58:52.0201 5304 BTHUSB - ok 20:58:52.0214 5304 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 20:58:52.0247 5304 cdfs - ok 20:58:52.0299 5304 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 20:58:52.0319 5304 cdrom - ok 20:58:52.0342 5304 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 20:58:52.0377 5304 CertPropSvc - ok 20:58:52.0425 5304 [ A73276435F75025DA6E67B2470E1FE16 ] cfwids C:\Windows\system32\drivers\cfwids.sys 20:58:52.0436 5304 cfwids - ok 20:58:52.0449 5304 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 20:58:52.0466 5304 circlass - ok 20:58:52.0484 5304 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 20:58:52.0496 5304 CLFS - ok 20:58:52.0550 5304 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 20:58:52.0558 5304 clr_optimization_v2.0.50727_32 - ok 20:58:52.0593 5304 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 20:58:52.0601 5304 clr_optimization_v2.0.50727_64 - ok 20:58:52.0675 5304 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 20:58:52.0683 5304 clr_optimization_v4.0.30319_32 - ok 20:58:52.0689 5304 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 20:58:52.0697 5304 clr_optimization_v4.0.30319_64 - ok 20:58:52.0708 5304 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 20:58:52.0717 5304 CmBatt - ok 20:58:52.0719 5304 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 20:58:52.0725 5304 cmdide - ok 20:58:52.0782 5304 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys 20:58:52.0797 5304 CNG - ok 20:58:52.0808 5304 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 20:58:52.0814 5304 Compbatt - ok 20:58:52.0835 5304 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 20:58:52.0856 5304 CompositeBus - ok 20:58:52.0858 5304 COMSysApp - ok 20:58:52.0934 5304 [ 53A8F93D2A84149E8AF03720FC66DA20 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe 20:58:52.0946 5304 cphs - ok 20:58:52.0959 5304 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 20:58:52.0966 5304 crcdisk - ok 20:58:53.0015 5304 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 20:58:53.0045 5304 CryptSvc - ok 20:58:53.0069 5304 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 20:58:53.0097 5304 DcomLaunch - ok 20:58:53.0122 5304 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 20:58:53.0144 5304 defragsvc - ok 20:58:53.0181 5304 [ 3A42B00C88E3E68080DAB6B27BB35B6E ] DellDigitalDelivery C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe 20:58:53.0195 5304 DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - warning 20:58:53.0195 5304 DellDigitalDelivery - detected UnsignedFile.Multi.Generic (1) 20:58:53.0210 5304 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 20:58:53.0238 5304 DfsC - ok 20:58:53.0264 5304 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 20:58:53.0297 5304 Dhcp - ok 20:58:53.0308 5304 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 20:58:53.0342 5304 discache - ok 20:58:53.0355 5304 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 20:58:53.0363 5304 Disk - ok 20:58:53.0387 5304 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 20:58:53.0421 5304 Dnscache - ok 20:58:53.0432 5304 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 20:58:53.0453 5304 dot3svc - ok 20:58:53.0466 5304 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 20:58:53.0493 5304 DPS - ok 20:58:53.0518 5304 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 20:58:53.0540 5304 drmkaud - ok 20:58:53.0560 5304 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 20:58:53.0577 5304 DXGKrnl - ok 20:58:53.0591 5304 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 20:58:53.0622 5304 EapHost - ok 20:58:53.0672 5304 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 20:58:53.0740 5304 ebdrv - ok 20:58:53.0743 5304 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 20:58:53.0760 5304 EFS - ok 20:58:53.0798 5304 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 20:58:53.0836 5304 ehRecvr - ok 20:58:53.0846 5304 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 20:58:53.0864 5304 ehSched - ok 20:58:53.0916 5304 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys 20:58:53.0926 5304 ElbyCDIO - ok 20:58:53.0956 5304 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 20:58:53.0970 5304 elxstor - ok 20:58:53.0981 5304 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 20:58:53.0989 5304 ErrDev - ok 20:58:54.0017 5304 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 20:58:54.0051 5304 EventSystem - ok 20:58:54.0086 5304 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 20:58:54.0109 5304 exfat - ok 20:58:54.0178 5304 Fabs - ok 20:58:54.0189 5304 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 20:58:54.0227 5304 fastfat - ok 20:58:54.0247 5304 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 20:58:54.0287 5304 Fax - ok 20:58:54.0300 5304 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 20:58:54.0320 5304 fdc - ok 20:58:54.0339 5304 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 20:58:54.0360 5304 fdPHost - ok 20:58:54.0369 5304 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 20:58:54.0401 5304 FDResPub - ok 20:58:54.0414 5304 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 20:58:54.0421 5304 FileInfo - ok 20:58:54.0423 5304 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 20:58:54.0449 5304 Filetrace - ok 20:58:54.0518 5304 [ 5BD96D8C5411ACE71A7EAACAF0EF2903 ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe 20:58:54.0578 5304 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning 20:58:54.0578 5304 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1) 20:58:54.0594 5304 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 20:58:54.0603 5304 flpydisk - ok 20:58:54.0612 5304 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 20:58:54.0621 5304 FltMgr - ok 20:58:54.0646 5304 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 20:58:54.0679 5304 FontCache - ok 20:58:54.0711 5304 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 20:58:54.0717 5304 FontCache3.0.0.0 - ok 20:58:54.0724 5304 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 20:58:54.0731 5304 FsDepends - ok 20:58:54.0770 5304 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys 20:58:54.0778 5304 fssfltr - ok 20:58:54.0838 5304 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe 20:58:54.0875 5304 fsssvc - ok 20:58:54.0906 5304 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 20:58:54.0914 5304 Fs_Rec - ok 20:58:54.0957 5304 [ FA169871D8FADCC6539C4E8726610286 ] FTDIBUS C:\Windows\system32\drivers\ftdibus.sys 20:58:54.0965 5304 FTDIBUS - ok 20:58:55.0019 5304 [ 24237091348D1EFB5635A1CF9649E311 ] FTSER2K C:\Windows\system32\drivers\ftser2k.sys 20:58:55.0027 5304 FTSER2K - ok 20:58:55.0042 5304 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 20:58:55.0052 5304 fvevol - ok 20:58:55.0064 5304 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 20:58:55.0072 5304 gagp30kx - ok 20:58:55.0125 5304 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 20:58:55.0133 5304 GEARAspiWDM - ok 20:58:55.0160 5304 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 20:58:55.0186 5304 gpsvc - ok 20:58:55.0231 5304 GPU-Z - ok 20:58:55.0290 5304 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 20:58:55.0300 5304 gupdate - ok 20:58:55.0302 5304 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 20:58:55.0308 5304 gupdatem - ok 20:58:55.0323 5304 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 20:58:55.0360 5304 hcw85cir - ok 20:58:55.0392 5304 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 20:58:55.0412 5304 HDAudBus - ok 20:58:55.0413 5304 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 20:58:55.0424 5304 HidBatt - ok 20:58:55.0426 5304 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 20:58:55.0436 5304 HidBth - ok 20:58:55.0438 5304 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 20:58:55.0448 5304 HidIr - ok 20:58:55.0496 5304 [ 957BD482212B77624E63A54EDDB414F8 ] hidkmdf C:\Windows\system32\DRIVERS\hidkmdf.sys 20:58:55.0503 5304 hidkmdf - ok 20:58:55.0516 5304 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 20:58:55.0536 5304 hidserv - ok 20:58:55.0558 5304 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 20:58:55.0567 5304 HidUsb - ok 20:58:55.0613 5304 [ A894FB2CAE6A29F5D9C8EDA47B074623 ] HipShieldK C:\Windows\system32\drivers\HipShieldK.sys 20:58:55.0622 5304 HipShieldK - ok 20:58:55.0640 5304 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 20:58:55.0681 5304 hkmsvc - ok 20:58:55.0690 5304 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 20:58:55.0708 5304 HomeGroupListener - ok 20:58:55.0739 5304 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 20:58:55.0759 5304 HomeGroupProvider - ok 20:58:55.0778 5304 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 20:58:55.0786 5304 HpSAMD - ok 20:58:55.0807 5304 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 20:58:55.0838 5304 HTTP - ok 20:58:55.0853 5304 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 20:58:55.0859 5304 hwpolicy - ok 20:58:55.0870 5304 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 20:58:55.0880 5304 i8042prt - ok 20:58:55.0912 5304 [ D1753C06EE17E29352B065EACF3F10D0 ] iaStor C:\Windows\system32\drivers\iaStor.sys 20:58:55.0923 5304 iaStor - ok 20:58:55.0970 5304 [ 545462D0DBE24AF379BA869B7C185CCD ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 20:58:55.0977 5304 IAStorDataMgrSvc - ok 20:58:56.0005 5304 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 20:58:56.0015 5304 iaStorV - ok 20:58:56.0061 5304 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 20:58:56.0077 5304 idsvc - ok 20:58:56.0262 5304 [ 11BA677667432A99CA261A472A2C29B8 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 20:58:56.0519 5304 igfx - ok 20:58:56.0535 5304 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 20:58:56.0542 5304 iirsp - ok 20:58:56.0575 5304 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 20:58:56.0609 5304 IKEEXT - ok 20:58:56.0686 5304 [ 40FB2F6CEB3FC935EC18D656D2758CD4 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 20:58:56.0774 5304 IntcAzAudAddService - ok 20:58:56.0801 5304 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys 20:58:56.0821 5304 IntcDAud - ok 20:58:56.0875 5304 [ 7C76466F4E0F76CE259C6005D161E9E8 ] Intel(R) Capability Licensing Service Interface c:\Program Files\Intel\iCLS Client\HeciServer.exe 20:58:56.0886 5304 Intel(R) Capability Licensing Service Interface - ok 20:58:56.0902 5304 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 20:58:56.0909 5304 intelide - ok 20:58:56.0926 5304 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 20:58:56.0947 5304 intelppm - ok 20:58:56.0978 5304 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 20:58:56.0999 5304 IPBusEnum - ok 20:58:57.0028 5304 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 20:58:57.0050 5304 IpFilterDriver - ok 20:58:57.0125 5304 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 20:58:57.0149 5304 iphlpsvc - ok 20:58:57.0162 5304 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 20:58:57.0184 5304 IPMIDRV - ok 20:58:57.0198 5304 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 20:58:57.0231 5304 IPNAT - ok 20:58:57.0303 5304 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 20:58:57.0316 5304 iPod Service - ok 20:58:57.0326 5304 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 20:58:57.0349 5304 IRENUM - ok 20:58:57.0357 5304 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 20:58:57.0364 5304 isapnp - ok 20:58:57.0382 5304 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 20:58:57.0391 5304 iScsiPrt - ok 20:58:57.0419 5304 [ 6BCEF45131C8B8E1C558BE540B190B3C ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys 20:58:57.0426 5304 iusb3hcs - ok 20:58:57.0439 5304 [ F080EADA8715F811B58BD35BB774F2F9 ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys 20:58:57.0450 5304 iusb3hub - ok 20:58:57.0477 5304 [ 0F1756D9396740F053221FA6260FCE66 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys 20:58:57.0492 5304 iusb3xhc - ok 20:58:57.0507 5304 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 20:58:57.0514 5304 kbdclass - ok 20:58:57.0526 5304 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 20:58:57.0545 5304 kbdhid - ok 20:58:57.0553 5304 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 20:58:57.0561 5304 KeyIso - ok 20:58:57.0600 5304 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 20:58:57.0609 5304 KSecDD - ok 20:58:57.0675 5304 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 20:58:57.0685 5304 KSecPkg - ok 20:58:57.0696 5304 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 20:58:57.0730 5304 ksthunk - ok 20:58:57.0752 5304 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 20:58:57.0776 5304 KtmRm - ok 20:58:57.0798 5304 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 20:58:57.0820 5304 LanmanServer - ok 20:58:57.0826 5304 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 20:58:57.0855 5304 LanmanWorkstation - ok 20:58:57.0880 5304 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 20:58:57.0905 5304 lltdio - ok 20:58:57.0929 5304 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 20:58:57.0964 5304 lltdsvc - ok 20:58:57.0977 5304 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 20:58:58.0008 5304 lmhosts - ok 20:58:58.0038 5304 [ 5C08357C65F658E29B5DDC2EF18D575C ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 20:58:58.0048 5304 LMS - ok 20:58:58.0068 5304 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 20:58:58.0076 5304 LSI_FC - ok 20:58:58.0086 5304 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 20:58:58.0094 5304 LSI_SAS - ok 20:58:58.0106 5304 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 20:58:58.0113 5304 LSI_SAS2 - ok 20:58:58.0125 5304 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 20:58:58.0133 5304 LSI_SCSI - ok 20:58:58.0151 5304 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 20:58:58.0187 5304 luafv - ok 20:58:58.0264 5304 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 20:58:58.0274 5304 McAfee SiteAdvisor Service - ok 20:58:58.0321 5304 [ 9504F1DDA1B67FB8D526FD4F8CC882F3 ] McAWFwk c:\PROGRA~1\mcafee\msc\mcawfwk.exe 20:58:58.0332 5304 McAWFwk - ok 20:58:58.0343 5304 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 20:58:58.0351 5304 McMPFSvc - ok 20:58:58.0376 5304 [ F928E5E72BBA15DD0CE9A26E0413D236 ] mcmscsvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe 20:58:58.0384 5304 mcmscsvc - ok 20:58:58.0387 5304 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNaiAnn C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe 20:58:58.0395 5304 McNaiAnn - ok 20:58:58.0397 5304 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNASvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe 20:58:58.0405 5304 McNASvc - ok 20:58:58.0422 5304 [ 1814532DB0404C5FB65AA3EB051B2BE5 ] McODS C:\Program Files\mcafee\VirusScan\mcods.exe 20:58:58.0431 5304 McODS - ok 20:58:58.0434 5304 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McOobeSv C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe 20:58:58.0441 5304 McOobeSv - ok 20:58:58.0444 5304 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McProxy C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe 20:58:58.0451 5304 McProxy - ok 20:58:58.0476 5304 [ 23EA22ACADD66D7F1E18A4AA72BE6158 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe 20:58:58.0484 5304 McShield - ok 20:58:58.0527 5304 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 20:58:58.0546 5304 Mcx2Svc - ok 20:58:58.0556 5304 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 20:58:58.0564 5304 megasas - ok 20:58:58.0579 5304 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 20:58:58.0589 5304 MegaSR - ok 20:58:58.0636 5304 [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 20:58:58.0645 5304 MEIx64 - ok 20:58:58.0665 5304 [ 19323081FA4018C9C1AEBF08114BEA11 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys 20:58:58.0673 5304 mfeapfk - ok 20:58:58.0684 5304 [ EF1D39A70CAD1B7BEDC220480F26815C ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys 20:58:58.0694 5304 mfeavfk - ok 20:58:58.0726 5304 mfeavfk01 - ok 20:58:58.0773 5304 [ 3CBBB569730EFD069B4BD253DDD4AD58 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe 20:58:58.0783 5304 mfefire - ok 20:58:58.0803 5304 [ 67972BFC8F23054BD23E1DE1450E40BD ] mfefirek C:\Windows\system32\drivers\mfefirek.sys 20:58:58.0816 5304 mfefirek - ok 20:58:58.0831 5304 [ 5C0EE849C03C37071FABDAA6B58D3D94 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys 20:58:58.0845 5304 mfehidk - ok 20:58:58.0856 5304 [ 450B77CAC7384A9C1BAF476AC302CD4C ] mferkdet C:\Windows\system32\drivers\mferkdet.sys 20:58:58.0864 5304 mferkdet - ok 20:58:58.0910 5304 [ 74CE2EBE64AB78904E33DD4C5F21611F ] mfevtp C:\Windows\system32\mfevtps.exe 20:58:58.0920 5304 mfevtp - ok 20:58:58.0941 5304 [ F55F9742BFA88D02F96516B80AB400EC ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys 20:58:58.0951 5304 mfewfpk - ok 20:58:58.0968 5304 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 20:58:58.0998 5304 MMCSS - ok 20:58:59.0007 5304 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 20:58:59.0034 5304 Modem - ok 20:58:59.0054 5304 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 20:58:59.0072 5304 monitor - ok 20:58:59.0103 5304 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 20:58:59.0111 5304 mouclass - ok 20:58:59.0123 5304 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 20:58:59.0131 5304 mouhid - ok 20:58:59.0157 5304 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 20:58:59.0164 5304 mountmgr - ok 20:58:59.0201 5304 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 20:58:59.0209 5304 MozillaMaintenance - ok 20:58:59.0224 5304 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 20:58:59.0232 5304 mpio - ok 20:58:59.0245 5304 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 20:58:59.0265 5304 mpsdrv - ok 20:58:59.0288 5304 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 20:58:59.0311 5304 MpsSvc - ok 20:58:59.0335 5304 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 20:58:59.0363 5304 MRxDAV - ok 20:58:59.0387 5304 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 20:58:59.0395 5304 mrxsmb - ok 20:58:59.0409 5304 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 20:58:59.0428 5304 mrxsmb10 - ok 20:58:59.0444 5304 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 20:58:59.0452 5304 mrxsmb20 - ok 20:58:59.0479 5304 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 20:58:59.0487 5304 msahci - ok 20:58:59.0497 5304 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 20:58:59.0504 5304 msdsm - ok 20:58:59.0522 5304 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 20:58:59.0538 5304 MSDTC - ok 20:58:59.0541 5304 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 20:58:59.0568 5304 Msfs - ok 20:58:59.0586 5304 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 20:58:59.0612 5304 mshidkmdf - ok 20:58:59.0627 5304 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 20:58:59.0633 5304 msisadrv - ok 20:58:59.0650 5304 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 20:58:59.0672 5304 MSiSCSI - ok 20:58:59.0674 5304 msiserver - ok 20:58:59.0696 5304 [ F928E5E72BBA15DD0CE9A26E0413D236 ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 20:58:59.0704 5304 MSK80Service - ok 20:58:59.0715 5304 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 20:58:59.0735 5304 MSKSSRV - ok 20:58:59.0749 5304 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 20:58:59.0779 5304 MSPCLOCK - ok 20:58:59.0781 5304 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 20:58:59.0800 5304 MSPQM - ok 20:58:59.0822 5304 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 20:58:59.0833 5304 MsRPC - ok 20:58:59.0841 5304 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 20:58:59.0847 5304 mssmbios - ok 20:58:59.0855 5304 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 20:58:59.0875 5304 MSTEE - ok 20:58:59.0877 5304 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 20:58:59.0885 5304 MTConfig - ok 20:58:59.0895 5304 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 20:58:59.0901 5304 Mup - ok 20:58:59.0930 5304 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 20:58:59.0952 5304 napagent - ok 20:58:59.0976 5304 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 20:59:00.0002 5304 NativeWifiP - ok 20:59:00.0055 5304 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 20:59:00.0074 5304 NDIS - ok 20:59:00.0089 5304 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 20:59:00.0109 5304 NdisCap - ok 20:59:00.0129 5304 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 20:59:00.0149 5304 NdisTapi - ok 20:59:00.0160 5304 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 20:59:00.0181 5304 Ndisuio - ok 20:59:00.0192 5304 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 20:59:00.0223 5304 NdisWan - ok 20:59:00.0239 5304 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 20:59:00.0258 5304 NDProxy - ok 20:59:00.0268 5304 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 20:59:00.0297 5304 NetBIOS - ok 20:59:00.0311 5304 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 20:59:00.0332 5304 NetBT - ok 20:59:00.0342 5304 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 20:59:00.0350 5304 Netlogon - ok 20:59:00.0370 5304 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 20:59:00.0392 5304 Netman - ok 20:59:00.0462 5304 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 20:59:00.0471 5304 NetMsmqActivator - ok 20:59:00.0473 5304 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 20:59:00.0481 5304 NetPipeActivator - ok 20:59:00.0491 5304 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 20:59:00.0513 5304 netprofm - ok 20:59:00.0515 5304 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 20:59:00.0521 5304 NetTcpActivator - ok 20:59:00.0523 5304 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 20:59:00.0530 5304 NetTcpPortSharing - ok 20:59:00.0552 5304 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 20:59:00.0559 5304 nfrd960 - ok 20:59:00.0575 5304 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 20:59:00.0596 5304 NlaSvc - ok 20:59:00.0679 5304 [ B1EF4686961986DFFB7FE8F18E6FCB5B ] nlsX86cc C:\Windows\SysWOW64\nlssrv32.exe 20:59:00.0701 5304 nlsX86cc ( UnsignedFile.Multi.Generic ) - warning 20:59:00.0701 5304 nlsX86cc - detected UnsignedFile.Multi.Generic (1) 20:59:00.0778 5304 [ B9B72FAAAA41D59B73B88FE3DD737ED1 ] NOBU C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe 20:59:00.0806 5304 NOBU - ok 20:59:00.0820 5304 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 20:59:00.0839 5304 Npfs - ok 20:59:00.0848 5304 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 20:59:00.0877 5304 nsi - ok 20:59:00.0887 5304 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 20:59:00.0917 5304 nsiproxy - ok 20:59:00.0972 5304 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 20:59:01.0009 5304 Ntfs - ok 20:59:01.0019 5304 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 20:59:01.0046 5304 Null - ok 20:59:01.0075 5304 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 20:59:01.0084 5304 nvraid - ok 20:59:01.0108 5304 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 20:59:01.0116 5304 nvstor - ok 20:59:01.0128 5304 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 20:59:01.0136 5304 nv_agp - ok 20:59:01.0145 5304 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 20:59:01.0163 5304 ohci1394 - ok 20:59:01.0185 5304 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 20:59:01.0221 5304 p2pimsvc - ok 20:59:01.0240 5304 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 20:59:01.0252 5304 p2psvc - ok 20:59:01.0266 5304 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys 20:59:01.0286 5304 Parport - ok 20:59:01.0307 5304 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 20:59:01.0315 5304 partmgr - ok 20:59:01.0327 5304 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 20:59:01.0351 5304 PcaSvc - ok 20:59:01.0380 5304 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 20:59:01.0390 5304 pci - ok 20:59:01.0401 5304 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 20:59:01.0408 5304 pciide - ok 20:59:01.0418 5304 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 20:59:01.0427 5304 pcmcia - ok 20:59:01.0440 5304 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 20:59:01.0447 5304 pcw - ok 20:59:01.0460 5304 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 20:59:01.0484 5304 PEAUTH - ok 20:59:01.0505 5304 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 20:59:01.0528 5304 PerfHost - ok 20:59:01.0556 5304 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 20:59:01.0615 5304 pla - ok 20:59:01.0654 5304 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 20:59:01.0682 5304 PlugPlay - ok 20:59:01.0686 5304 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 20:59:01.0701 5304 PNRPAutoReg - ok 20:59:01.0725 5304 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 20:59:01.0734 5304 PNRPsvc - ok 20:59:01.0765 5304 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 20:59:01.0794 5304 PolicyAgent - ok 20:59:01.0816 5304 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\Windows\system32\umpo.dll 20:59:01.0840 5304 Power - ok 20:59:01.0858 5304 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 20:59:01.0887 5304 PptpMiniport - ok 20:59:01.0896 5304 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 20:59:01.0915 5304 Processor - ok 20:59:01.0961 5304 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 20:59:01.0991 5304 ProfSvc - ok 20:59:02.0000 5304 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 20:59:02.0007 5304 ProtectedStorage - ok 20:59:02.0015 5304 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 20:59:02.0044 5304 Psched - ok 20:59:02.0081 5304 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 20:59:02.0118 5304 ql2300 - ok 20:59:02.0131 5304 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 20:59:02.0138 5304 ql40xx - ok 20:59:02.0153 5304 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 20:59:02.0166 5304 QWAVE - ok 20:59:02.0177 5304 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 20:59:02.0188 5304 QWAVEdrv - ok 20:59:02.0197 5304 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 20:59:02.0217 5304 RasAcd - ok 20:59:02.0248 5304 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 20:59:02.0270 5304 RasAgileVpn - ok 20:59:02.0284 5304 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 20:59:02.0317 5304 RasAuto - ok 20:59:02.0337 5304 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 20:59:02.0372 5304 Rasl2tp - ok 20:59:02.0384 5304 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 20:59:02.0406 5304 RasMan - ok 20:59:02.0413 5304 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 20:59:02.0440 5304 RasPppoe - ok 20:59:02.0453 5304 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 20:59:02.0473 5304 RasSstp - ok 20:59:02.0488 5304 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 20:59:02.0509 5304 rdbss - ok 20:59:02.0516 5304 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys 20:59:02.0525 5304 rdpbus - ok 20:59:02.0545 5304 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 20:59:02.0564 5304 RDPCDD - ok 20:59:02.0574 5304 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 20:59:02.0599 5304 RDPENCDD - ok 20:59:02.0612 5304 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 20:59:02.0631 5304 RDPREFMP - ok 20:59:02.0689 5304 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 20:59:02.0709 5304 RdpVideoMiniport - ok 20:59:02.0754 5304 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 20:59:02.0779 5304 RDPWD - ok 20:59:02.0793 5304 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 20:59:02.0801 5304 rdyboost - ok 20:59:02.0810 5304 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 20:59:02.0831 5304 RemoteAccess - ok 20:59:02.0855 5304 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 20:59:02.0888 5304 RemoteRegistry - ok 20:59:02.0911 5304 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 20:59:02.0934 5304 RFCOMM - ok 20:59:02.0946 5304 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 20:59:02.0966 5304 RpcEptMapper - ok 20:59:02.0972 5304 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 20:59:02.0981 5304 RpcLocator - ok 20:59:02.0993 5304 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 20:59:03.0014 5304 RpcSs - ok 20:59:03.0023 5304 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 20:59:03.0042 5304 rspndr - ok 20:59:03.0069 5304 [ 6CF9DB101A75360E98659F823852E540 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 20:59:03.0083 5304 RTL8167 - ok 20:59:03.0090 5304 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 20:59:03.0097 5304 SamSs - ok 20:59:03.0110 5304 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 20:59:03.0117 5304 sbp2port - ok 20:59:03.0128 5304 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 20:59:03.0150 5304 SCardSvr - ok 20:59:03.0162 5304 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 20:59:03.0187 5304 scfilter - ok 20:59:03.0211 5304 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 20:59:03.0259 5304 Schedule - ok 20:59:03.0281 5304 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 20:59:03.0300 5304 SCPolicySvc - ok 20:59:03.0310 5304 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 20:59:03.0324 5304 SDRSVC - ok 20:59:03.0333 5304 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 20:59:03.0365 5304 secdrv - ok 20:59:03.0383 5304 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 20:59:03.0402 5304 seclogon - ok 20:59:03.0407 5304 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 20:59:03.0433 5304 SENS - ok 20:59:03.0448 5304 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 20:59:03.0456 5304 SensrSvc - ok 20:59:03.0475 5304 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 20:59:03.0488 5304 Serenum - ok 20:59:03.0504 5304 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys 20:59:03.0513 5304 Serial - ok 20:59:03.0543 5304 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 20:59:03.0557 5304 sermouse - ok 20:59:03.0570 5304 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 20:59:03.0601 5304 SessionEnv - ok 20:59:03.0609 5304 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 20:59:03.0618 5304 sffdisk - ok 20:59:03.0626 5304 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 20:59:03.0635 5304 sffp_mmc - ok 20:59:03.0637 5304 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 20:59:03.0651 5304 sffp_sd - ok 20:59:03.0662 5304 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 20:59:03.0670 5304 sfloppy - ok 20:59:03.0718 5304 [ 4215C271D6E6898C3F4DABAB4F387DC9 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE 20:59:03.0739 5304 SftService - ok 20:59:03.0760 5304 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 20:59:03.0791 5304 SharedAccess - ok 20:59:03.0805 5304 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 20:59:03.0827 5304 ShellHWDetection - ok 20:59:03.0841 5304 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 20:59:03.0848 5304 SiSRaid2 - ok 20:59:03.0862 5304 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 20:59:03.0869 5304 SiSRaid4 - ok 20:59:03.0922 5304 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 20:59:03.0930 5304 SkypeUpdate - ok 20:59:04.0001 5304 [ A42C09C8E60FCDCCE04B722FDD4E8694 ] SLEE_18_DRIVER C:\Windows\Sleen1864.sys 20:59:04.0011 5304 SLEE_18_DRIVER - ok 20:59:04.0034 5304 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 20:59:04.0054 5304 Smb - ok 20:59:04.0083 5304 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 20:59:04.0105 5304 SNMPTRAP - ok 20:59:04.0164 5304 [ 834200790F0C41FAFD0748A800BBD1F5 ] SnugTV Service C:\Program Files (x86)\SnugTV\SnugTV Station\AMAServer.exe 20:59:04.0179 5304 SnugTV Service ( UnsignedFile.Multi.Generic ) - warning 20:59:04.0179 5304 SnugTV Service - detected UnsignedFile.Multi.Generic (1) 20:59:04.0194 5304 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 20:59:04.0201 5304 spldr - ok 20:59:04.0245 5304 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 20:59:04.0263 5304 Spooler - ok 20:59:04.0315 5304 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 20:59:04.0368 5304 sppsvc - ok 20:59:04.0382 5304 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 20:59:04.0401 5304 sppuinotify - ok 20:59:04.0448 5304 [ 1D437579B9E02829011BE00E482C63A0 ] Spyder4 C:\Windows\system32\DRIVERS\dccmtr.sys 20:59:04.0477 5304 Spyder4 - ok 20:59:04.0502 5304 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 20:59:04.0524 5304 srv - ok 20:59:04.0538 5304 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 20:59:04.0556 5304 srv2 - ok 20:59:04.0570 5304 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 20:59:04.0579 5304 srvnet - ok 20:59:04.0599 5304 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 20:59:04.0620 5304 SSDPSRV - ok 20:59:04.0633 5304 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 20:59:04.0653 5304 SstpSvc - ok 20:59:04.0685 5304 [ EF806D212D34B0E173BAEB3564D53E37 ] ss_bbus C:\Windows\system32\DRIVERS\ss_bbus.sys 20:59:04.0694 5304 ss_bbus - ok 20:59:04.0735 5304 [ 08B1B34ABEBEB6AC2DEA06900C56411E ] ss_bmdfl C:\Windows\system32\DRIVERS\ss_bmdfl.sys 20:59:04.0742 5304 ss_bmdfl - ok 20:59:04.0761 5304 [ 71A9DA6BEAA4CB54DFB827FB78600A5D ] ss_bmdm C:\Windows\system32\DRIVERS\ss_bmdm.sys 20:59:04.0770 5304 ss_bmdm - ok 20:59:04.0827 5304 Steam Client Service - ok 20:59:04.0857 5304 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 20:59:04.0866 5304 stexstor - ok 20:59:04.0892 5304 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 20:59:04.0908 5304 stisvc - ok 20:59:04.0921 5304 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 20:59:04.0928 5304 swenum - ok 20:59:05.0009 5304 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 20:59:05.0030 5304 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning 20:59:05.0030 5304 SwitchBoard - detected UnsignedFile.Multi.Generic (1) 20:59:05.0047 5304 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 20:59:05.0072 5304 swprv - ok 20:59:05.0098 5304 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 20:59:05.0147 5304 SysMain - ok 20:59:05.0163 5304 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 20:59:05.0175 5304 TabletInputService - ok 20:59:05.0189 5304 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 20:59:05.0224 5304 TapiSrv - ok 20:59:05.0241 5304 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 20:59:05.0261 5304 TBS - ok 20:59:05.0323 5304 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 20:59:05.0362 5304 Tcpip - ok 20:59:05.0396 5304 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 20:59:05.0417 5304 TCPIP6 - ok 20:59:05.0460 5304 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 20:59:05.0469 5304 tcpipreg - ok 20:59:05.0503 5304 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 20:59:05.0540 5304 TDPIPE - ok 20:59:05.0560 5304 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 20:59:05.0574 5304 TDTCP - ok 20:59:05.0585 5304 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 20:59:05.0613 5304 tdx - ok 20:59:05.0698 5304 [ 2BBB318EA9F34FDC508CEA4AAB98D770 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe 20:59:05.0724 5304 TeamViewer7 - ok 20:59:05.0736 5304 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 20:59:05.0744 5304 TermDD - ok 20:59:05.0762 5304 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 20:59:05.0787 5304 TermService - ok 20:59:05.0847 5304 [ 48D9D00C2E0E72C3D4F52772C80355F6 ] TFsExDisk C:\Windows\System32\Drivers\TFsExDisk.sys 20:59:05.0856 5304 TFsExDisk - ok 20:59:05.0869 5304 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 20:59:05.0894 5304 Themes - ok 20:59:05.0912 5304 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 20:59:05.0931 5304 THREADORDER - ok 20:59:05.0943 5304 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 20:59:05.0975 5304 TrkWks - ok 20:59:06.0011 5304 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 20:59:06.0033 5304 TrustedInstaller - ok 20:59:06.0040 5304 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 20:59:06.0072 5304 tssecsrv - ok 20:59:06.0117 5304 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 20:59:06.0140 5304 TsUsbFlt - ok 20:59:06.0182 5304 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 20:59:06.0192 5304 TsUsbGD - ok 20:59:06.0214 5304 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 20:59:06.0242 5304 tunnel - ok 20:59:06.0254 5304 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 20:59:06.0261 5304 uagp35 - ok 20:59:06.0273 5304 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 20:59:06.0295 5304 udfs - ok 20:59:06.0304 5304 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 20:59:06.0326 5304 UI0Detect - ok 20:59:06.0346 5304 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 20:59:06.0353 5304 uliagpkx - ok 20:59:06.0377 5304 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 20:59:06.0393 5304 umbus - ok 20:59:06.0403 5304 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 20:59:06.0417 5304 UmPass - ok 20:59:06.0469 5304 [ 0DFC9713D117B349E41A2A477448107A ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 20:59:06.0480 5304 UNS - ok 20:59:06.0497 5304 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 20:59:06.0527 5304 upnphost - ok 20:59:06.0579 5304 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 20:59:06.0598 5304 USBAAPL64 - ok 20:59:06.0659 5304 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 20:59:06.0678 5304 usbaudio - ok 20:59:06.0691 5304 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 20:59:06.0706 5304 usbccgp - ok 20:59:06.0727 5304 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 20:59:06.0737 5304 usbcir - ok 20:59:06.0756 5304 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 20:59:06.0774 5304 usbehci - ok 20:59:06.0817 5304 [ 8B892002D7B79312821169A14317AB86 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 20:59:06.0836 5304 usbhub - ok 20:59:06.0859 5304 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 20:59:06.0878 5304 usbohci - ok 20:59:06.0888 5304 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys 20:59:06.0908 5304 usbprint - ok 20:59:06.0963 5304 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 20:59:06.0975 5304 usbscan - ok 20:59:07.0010 5304 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 20:59:07.0044 5304 USBSTOR - ok 20:59:07.0066 5304 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 20:59:07.0080 5304 usbuhci - ok 20:59:07.0096 5304 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 20:59:07.0117 5304 UxSms - ok 20:59:07.0136 5304 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 20:59:07.0144 5304 VaultSvc - ok 20:59:07.0151 5304 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 20:59:07.0158 5304 vdrvroot - ok 20:59:07.0176 5304 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 20:59:07.0207 5304 vds - ok 20:59:07.0221 5304 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 20:59:07.0230 5304 vga - ok 20:59:07.0244 5304 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 20:59:07.0263 5304 VgaSave - ok 20:59:07.0278 5304 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 20:59:07.0287 5304 vhdmp - ok 20:59:07.0303 5304 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 20:59:07.0311 5304 viaide - ok 20:59:07.0323 5304 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 20:59:07.0330 5304 volmgr - ok 20:59:07.0342 5304 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 20:59:07.0352 5304 volmgrx - ok 20:59:07.0364 5304 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 20:59:07.0374 5304 volsnap - ok 20:59:07.0378 5304 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 20:59:07.0386 5304 vsmraid - ok 20:59:07.0413 5304 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 20:59:07.0467 5304 VSS - ok 20:59:07.0476 5304 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 20:59:07.0496 5304 vwifibus - ok 20:59:07.0516 5304 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 20:59:07.0528 5304 vwififlt - ok 20:59:07.0552 5304 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 20:59:07.0569 5304 vwifimp - ok 20:59:07.0593 5304 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 20:59:07.0616 5304 W32Time - ok 20:59:07.0663 5304 [ 2F4B66BAB9F4C9D0FF4FCAA6D8888991 ] WacHidRouter C:\Windows\system32\DRIVERS\wachidrouter.sys 20:59:07.0671 5304 WacHidRouter - ok 20:59:07.0673 5304 wacommousefilter - ok 20:59:07.0676 5304 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 20:59:07.0697 5304 WacomPen - ok 20:59:07.0760 5304 [ 366669F53F8CAF96AF9264EF9BC95084 ] wacomrouterfilter C:\Windows\system32\DRIVERS\wacomrouterfilter.sys 20:59:07.0767 5304 wacomrouterfilter - ok 20:59:07.0778 5304 wacomvhid - ok 20:59:07.0793 5304 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 20:59:07.0819 5304 WANARP - ok 20:59:07.0821 5304 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 20:59:07.0839 5304 Wanarpv6 - ok 20:59:07.0871 5304 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 20:59:07.0913 5304 wbengine - ok 20:59:07.0923 5304 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 20:59:07.0934 5304 WbioSrvc - ok 20:59:07.0946 5304 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 20:59:07.0973 5304 wcncsvc - ok 20:59:07.0984 5304 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 20:59:08.0012 5304 WcsPlugInService - ok 20:59:08.0025 5304 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 20:59:08.0031 5304 Wd - ok 20:59:08.0084 5304 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 20:59:08.0102 5304 Wdf01000 - ok 20:59:08.0113 5304 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 20:59:08.0179 5304 WdiServiceHost - ok 20:59:08.0181 5304 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 20:59:08.0193 5304 WdiSystemHost - ok 20:59:08.0207 5304 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 20:59:08.0226 5304 WebClient - ok 20:59:08.0246 5304 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 20:59:08.0281 5304 Wecsvc - ok 20:59:08.0295 5304 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 20:59:08.0322 5304 wercplsupport - ok 20:59:08.0341 5304 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 20:59:08.0361 5304 WerSvc - ok 20:59:08.0383 5304 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 20:59:08.0402 5304 WfpLwf - ok 20:59:08.0438 5304 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys 20:59:08.0446 5304 WimFltr - ok 20:59:08.0459 5304 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 20:59:08.0466 5304 WIMMount - ok 20:59:08.0472 5304 WinDefend - ok 20:59:08.0475 5304 WinHttpAutoProxySvc - ok 20:59:08.0516 5304 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 20:59:08.0537 5304 Winmgmt - ok 20:59:08.0567 5304 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 20:59:08.0615 5304 WinRM - ok 20:59:08.0673 5304 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 20:59:08.0689 5304 WinUsb - ok 20:59:08.0709 5304 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 20:59:08.0736 5304 Wlansvc - ok 20:59:08.0775 5304 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 20:59:08.0783 5304 wlcrasvc - ok 20:59:08.0872 5304 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 20:59:08.0911 5304 wlidsvc - ok 20:59:08.0919 5304 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 20:59:08.0927 5304 WmiAcpi - ok 20:59:08.0938 5304 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 20:59:08.0959 5304 wmiApSrv - ok 20:59:08.0976 5304 WMPNetworkSvc - ok 20:59:08.0992 5304 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 20:59:09.0007 5304 WPCSvc - ok 20:59:09.0016 5304 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 20:59:09.0025 5304 WPDBusEnum - ok 20:59:09.0032 5304 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 20:59:09.0051 5304 ws2ifsl - ok 20:59:09.0060 5304 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 20:59:09.0079 5304 wscsvc - ok 20:59:09.0081 5304 WSearch - ok 20:59:09.0160 5304 [ 7048FE94457B524E000834B1120F77CE ] WTabletServiceCon C:\Program Files\Tablet\Pen\WTabletServiceCon.exe 20:59:09.0170 5304 WTabletServiceCon - ok 20:59:09.0219 5304 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 20:59:09.0268 5304 wuauserv - ok 20:59:09.0323 5304 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 20:59:09.0334 5304 WudfPf - ok 20:59:09.0386 5304 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 20:59:09.0406 5304 WUDFRd - ok 20:59:09.0454 5304 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 20:59:09.0473 5304 wudfsvc - ok 20:59:09.0486 5304 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 20:59:09.0499 5304 WwanSvc - ok 20:59:09.0555 5304 [ D83C2FF7EA53E66B8EA7901D710494EA ] ZAtheros Bt&Wlan Coex Agent C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe 20:59:09.0562 5304 ZAtheros Bt&Wlan Coex Agent - ok 20:59:09.0567 5304 [ A3E1CEB2AFA02268DDD6522BA24B8F0E ] ZAtheros Wlan Agent C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe 20:59:09.0572 5304 ZAtheros Wlan Agent - ok 20:59:09.0582 5304 ================ Scan global =============================== 20:59:09.0596 5304 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 20:59:09.0642 5304 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 20:59:09.0646 5304 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 20:59:09.0665 5304 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 20:59:09.0689 5304 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 20:59:09.0691 5304 [Global] - ok 20:59:09.0692 5304 ================ Scan MBR ================================== 20:59:09.0700 5304 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0 20:59:09.0917 5304 \Device\Harddisk0\DR0 - ok 20:59:09.0921 5304 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk10\DR10 20:59:10.0078 5304 \Device\Harddisk10\DR10 - ok 20:59:10.0080 5304 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk11\DR11 20:59:10.0597 5304 \Device\Harddisk11\DR11 - ok 20:59:10.0599 5304 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1 20:59:10.0668 5304 \Device\Harddisk1\DR1 - ok 20:59:10.0671 5304 [ 988D3C46CBD13EC7F482B833C55264C8 ] \Device\Harddisk4\DR4 20:59:10.0792 5304 \Device\Harddisk4\DR4 - ok 20:59:10.0794 5304 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk5\DR5 20:59:11.0158 5304 \Device\Harddisk5\DR5 - ok 20:59:11.0159 5304 ================ Scan VBR ================================== 20:59:11.0160 5304 [ 06D09F4E4E3213420F6E136B6514A640 ] \Device\Harddisk0\DR0\Partition1 20:59:11.0161 5304 \Device\Harddisk0\DR0\Partition1 - ok 20:59:11.0173 5304 [ A0CF1E6687A76D6DD328C2A07B6A1CC8 ] \Device\Harddisk0\DR0\Partition2 20:59:11.0174 5304 \Device\Harddisk0\DR0\Partition2 - ok 20:59:11.0176 5304 [ 3B99543A89AFF6BDEECBD9497E6B5CCF ] \Device\Harddisk10\DR10\Partition1 20:59:11.0178 5304 \Device\Harddisk10\DR10\Partition1 - ok 20:59:11.0179 5304 [ 12D7245478976F80AAA78556C0486990 ] \Device\Harddisk11\DR11\Partition1 20:59:11.0181 5304 \Device\Harddisk11\DR11\Partition1 - ok 20:59:11.0183 5304 [ 0C817C38286D8257D7A5F577C9D598AC ] \Device\Harddisk1\DR1\Partition1 20:59:11.0183 5304 \Device\Harddisk1\DR1\Partition1 - ok 20:59:11.0185 5304 [ 5F9081E66B8B6B3718AA5D3CD120935D ] \Device\Harddisk4\DR4\Partition1 20:59:11.0186 5304 \Device\Harddisk4\DR4\Partition1 - ok 20:59:11.0188 5304 [ FB545C1F7AC71EF4D2213E0B988F31BC ] \Device\Harddisk5\DR5\Partition1 20:59:11.0190 5304 \Device\Harddisk5\DR5\Partition1 - ok 20:59:11.0191 5304 ============================================================ 20:59:11.0191 5304 Scan finished 20:59:11.0191 5304 ============================================================ 20:59:11.0195 7848 Detected object count: 8 20:59:11.0195 7848 Actual detected object count: 8 20:59:56.0156 7848 AVerRemote ( UnsignedFile.Multi.Generic ) - skipped by user 20:59:56.0156 7848 AVerRemote ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:59:56.0156 7848 AVerScheduleService ( UnsignedFile.Multi.Generic ) - skipped by user 20:59:56.0156 7848 AVerScheduleService ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:59:56.0157 7848 AVerUpdateServer ( UnsignedFile.Multi.Generic ) - skipped by user 20:59:56.0157 7848 AVerUpdateServer ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:59:56.0158 7848 DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - skipped by user 20:59:56.0158 7848 DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:59:56.0159 7848 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user 20:59:56.0159 7848 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:59:56.0159 7848 nlsX86cc ( UnsignedFile.Multi.Generic ) - skipped by user 20:59:56.0159 7848 nlsX86cc ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:59:56.0160 7848 SnugTV Service ( UnsignedFile.Multi.Generic ) - skipped by user 20:59:56.0160 7848 SnugTV Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:59:56.0160 7848 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user 20:59:56.0160 7848 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip |
|
27.02.2013, 12:12
| #7 |
| /// Helfer-Team | Mit Malwarebytes Backdoor/Agent ; Trojaner/Agent gefunden. Was Tun? Gut ESET Online Scanner
danach: Downloade Dir bitte  SecurityCheck und:
|
|
28.02.2013, 17:37
| #8 |
| | Mit Malwarebytes Backdoor/Agent ; Trojaner/Agent gefunden. Was Tun? Anbei im Anhang die beiden Logs. Eset ist über Nacht gelaufen, daher erst jetzt meine Antwort. Leider habe ich Eset schon vor dem sichern des Logfiles deinstalliert, eine Rücksicherung (Recuva) nicht mehr möglich, da schon von Opera überschrieben :-( Allerdings habe ich vorher ein (das??) Log aus dem Programm heraus gesichert, ich hoffe das ist ein und das selbe...(s. Anhang) LG Shepard2012 Results of screen317's Security Check version 0.99.59 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` McAfee Anti-Virus und Anti-Spyware WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Spyder4Pro Malwarebytes Anti-Malware Version 1.70.0.1100 TuneUp 2.4.6.4 Java 7 Update 13 Java 3D 1.5.1 Adobe Flash Player 11.6.602.171 Adobe Reader 10.1.6 Adobe Reader out of Date! Mozilla Firefox 18.0.2 Firefox out of Date! Mozilla Thunderbird (17.0.3) ````````Process Check: objlist.exe by Laurent```````` mcafee VirusScan mcods.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
28.02.2013, 19:10
| #9 |
| /// Helfer-Team | Mit Malwarebytes Backdoor/Agent ; Trojaner/Agent gefunden. Was Tun? Combofix-Skript
|
|
01.03.2013, 19:54
| #10 |
| | Mit Malwarebytes Backdoor/Agent ; Trojaner/Agent gefunden. Was Tun? War etwas schwierig den Code und das File hier hochgeladen zu bekommen (Zeichen mehr als doppelt so viel als erlaubt und die Dateigrösse war fast 3x so gross (284kb) wie erlaubt) Ich hoffe das ist auch so OK...? Zu Suspect:: und Collect:: habe ich nichts gesehen.. Hier das Log Part 1 des Combofix Logfile:: Code:
ATTFilter ComboFix 13-02-26.01 - ********** 28.02.2013 23:13:57.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8155.5876 [GMT 1:00]
ausgeführt von:: c:\users\**********\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\**********\Desktop\CFScript.txt
AV: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
a:\delxps8500\Backup Set 2013-02-01 181746
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-01 181746\Backup files 1.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-01 181746\Backup files 10.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-01 181746\Backup files 100.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-01 181746\Backup files 101.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-01 181746\Backup files 102.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-01 181746\Backup files 103.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-01 181746\Backup files 104.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-01 181746\Backup files 105.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-01 181746\Backup files 106.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-01 181746\Backup files 107.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-01 181746\Backup files 108.zip
--------
Die Zeilen hier zwischen habe ich gelöscht - damit die Datei anzuhängen/der code einzutragen ist - Es handelt sich um gleiche Dateien/Verzeichnise mit anderen Endungsnummern
--------
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-01 181746\Backup files 92.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-01 181746\Backup files 93.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-01 181746\Backup files 94.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-01 181746\Backup files 95.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-01 181746\Backup files 96.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-01 181746\Backup files 97.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-01 181746\Backup files 98.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-01 181746\Backup files 99.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-01 181746\Catalogs\Backup files 1.wbcat
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-01 181746\Catalogs\Backup files 1.wbverify
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-01 181746\Catalogs\Backup files 10.wbcat
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-01 181746\Catalogs\Backup files 10.wbverify
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-01 181746\Catalogs\Backup files 100.wbcat
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-01 181746\Catalogs\Backup files 100.wbverify
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-01 181746\Catalogs\Backup files 101.wbcat
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-01 181746\Catalogs\Backup files 101.wbverify
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-01 181746\Catalogs\Backup files 102.wbcat
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-01 181746\Catalogs\Backup files 102.wbverify
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-01 181746\Catalogs\Backup files 103.wbcat
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-01 181746\Catalogs\Backup files 103.wbverify
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-01 181746\Catalogs\Backup files 104.wbcat
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-01 181746\Catalogs\Backup files 104.wbverify
--------
Die Zeilen hier zwischen habe ich gelöscht - damit die Datei anzuhängen/der code einzutragen ist - Es handelt sich um gleiche Dateien/Verzeichnise mit anderen Endungsnummern
--------
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-01 181746\Catalogs\Backup files 96.wbverify
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-01 181746\Catalogs\Backup files 97.wbcat
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-01 181746\Catalogs\Backup files 97.wbverify
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-01 181746\Catalogs\Backup files 98.wbcat
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-01 181746\Catalogs\Backup files 98.wbverify
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-01 181746\Catalogs\Backup files 99.wbcat
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-01 181746\Catalogs\Backup files 99.wbverify
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-03 190001\Backup files 1.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-03 190001\Backup files 10.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-03 190001\Backup files 11.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-03 190001\Backup files 12.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-03 190001\Backup files 13.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-03 190001\Backup files 14.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-03 190001\Backup files 15.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-03 190001\Backup files 16.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-03 190001\Backup files 17.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-03 190001\Backup files 18.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-03 190001\Backup files 19.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-03 190001\Backup files 2.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-03 190001\Backup files 20.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-03 190001\Backup files 21.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-03 190001\Backup files 22.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-03 190001\Backup files 23.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-03 190001\Backup files 24.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-03 190001\Backup files 25.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-03 190001\Backup files 26.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-03 190001\Backup files 27.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-03 190001\Backup files 28.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-03 190001\Backup files 29.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-03 190001\Backup files 3.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-03 190001\Backup files 30.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-03 190001\Backup files 31.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-03 190001\Backup files 32.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-03 190001\Backup files 33.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-03 190001\Backup files 34.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-03 190001\Backup files 35.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-03 190001\Backup files 36.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-03 190001\Backup files 37.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-03 190001\Backup files 38.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-03 190001\Backup files 39.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-03 190001\Backup files 4.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-03 190001\Backup files 40.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-03 190001\Backup files 41.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-03 190001\Backup files 42.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-03 190001\Backup files 43.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-03 190001\Backup files 44.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-03 190001\Backup files 45.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-03 190001\Backup files 46.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-03 190001\Backup files 47.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-03 190001\Backup files 5.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-03 190001\Backup files 6.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-03 190001\Backup files 7.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-03 190001\Backup files 8.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-03 190001\Backup files 9.zip
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-03 190001\Catalogs\Backup files 1.wbcat
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-03 190001\Catalogs\Backup files 1.wbverify
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-03 190001\Catalogs\Backup files 10.wbcat
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-03 190001\Catalogs\Backup files 10.wbverify
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-03 190001\Catalogs\Backup files 11.wbcat
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-03 190001\Catalogs\Backup files 11.wbverify
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-03 190001\Catalogs\Backup files 12.wbcat
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-03 190001\Catalogs\Backup files 12.wbverify
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-03 190001\Catalogs\Backup files 13.wbcat
--------
Die Zeilen hier zwischen habe ich gelöscht - damit die Datei anzuhängen/der code einzutragen ist - Es handelt sich um gleiche Dateien/Verzeichnise mit anderen Endungsnummern
--------
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-24 190016\Catalogs\Backup files 95.wbverify
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-24 190016\Catalogs\Backup files 96.wbcat
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-24 190016\Catalogs\Backup files 96.wbverify
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-24 190016\Catalogs\Backup files 97.wbcat
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-24 190016\Catalogs\Backup files 97.wbverify
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-24 190016\Catalogs\Backup files 98.wbcat
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-24 190016\Catalogs\Backup files 98.wbverify
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-24 190016\Catalogs\Backup files 99.wbcat
a:\delxps8500\Backup Set 2013-02-01 181746\Backup Files 2013-02-24 190016\Catalogs\Backup files 99.wbverify
a:\delxps8500\Backup Set 2013-02-01 181746\Catalogs\GlobalCatalog.wbcat
c:\2_systemprogramme\VLC.Player
c:\2_systemprogramme\VLC.Player\vlc-1.1.11-win32.exe
c:\2_systemprogramme\VLC.Player\vlc-2.0.2-win32.exe
c:\2_systemprogramme\VLC.Player\vlc-2.0.4-win32.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-01-28 bis 2013-02-28 ))))))))))))))))))))))))))))))
.
.
2013-02-28 22:22 . 2013-02-28 22:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-28 21:44 . 2013-02-28 21:45 -------- d-----w- c:\users\**********\AppData\Roaming\Rumav
2013-02-28 21:44 . 2013-02-28 21:44 -------- d-----w- c:\users\**********\AppData\Roaming\Inyge
2013-02-27 16:25 . 2013-02-28 21:45 -------- d-----w- c:\users\**********\AppData\Roaming\Awetis
2013-02-27 16:25 . 2013-02-27 16:25 -------- d-----w- c:\users\**********\AppData\Roaming\Uhmoet
2013-02-25 18:36 . 2013-02-25 22:02 -------- d-----w- c:\users\**********\AppData\Roaming\Uzof
2013-02-25 18:36 . 2013-02-25 19:02 -------- d-----w- c:\users\**********\AppData\Roaming\Dekyi
2013-02-25 18:36 . 2013-02-25 18:36 -------- d-----w- c:\users\**********\AppData\Roaming\Ruobu
2013-02-25 17:47 . 2013-02-26 20:06 -------- d-----w- C:\_OTL
2013-02-24 22:03 . 2013-02-24 22:03 -------- d-----w- c:\users\**********\AppData\Roaming\Process Hacker 2
2013-02-24 17:22 . 2013-02-24 17:22 -------- d-----w- c:\users\**********\AppData\Roaming\Malwarebytes
2013-02-24 17:21 . 2013-02-24 17:21 -------- d-----w- c:\programdata\Malwarebytes
2013-02-24 17:21 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-24 17:21 . 2013-02-24 17:21 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-24 14:15 . 2013-02-24 14:15 -------- d-----w- c:\program files\Process Hacker 2
2013-02-23 14:09 . 2013-02-25 17:47 -------- d-----w- c:\users\**********\AppData\Roaming\Hayrqy
2013-02-23 14:09 . 2013-02-23 14:35 -------- d-----w- c:\users\**********\AppData\Roaming\Awom
2013-02-23 14:09 . 2013-02-23 14:09 -------- d-----w- c:\users\**********\AppData\Roaming\Unot
2013-02-22 19:14 . 2013-02-22 19:41 -------- d-----w- c:\program files (x86)\Steganos Safe 14
2013-02-17 13:33 . 2013-02-22 17:54 -------- d-----w- c:\users\**********\AppData\Roaming\Ucruho
2013-02-17 13:33 . 2013-02-17 15:11 -------- d-----w- c:\users\**********\AppData\Roaming\Syecw
2013-02-17 13:33 . 2013-02-17 13:33 -------- d-----w- c:\users\**********\AppData\Roaming\Nyox
2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-02-13 22:53 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 22:53 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 18:16 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-13 18:16 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 18:16 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 18:14 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 18:13 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-13 18:13 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-13 18:13 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-13 18:13 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-13 18:13 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-13 18:13 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-13 18:13 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 18:13 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-08 21:27 . 2013-02-09 14:27 -------- d-----w- c:\users\**********\AppData\Roaming\CANON INC
2013-02-08 18:01 . 2013-02-08 18:01 -------- d-----w- c:\users\**********\AppData\Roaming\Canon_Inc_IC
2013-02-08 18:01 . 2013-02-09 15:24 -------- d-----w- c:\program files (x86)\Canon
2013-02-08 18:01 . 2013-02-08 18:01 -------- d-----w- c:\program files (x86)\Common Files\Canon_Inc_IC
2013-02-08 17:51 . 2013-02-08 21:27 -------- d-----w- c:\users\**********\AppData\Roaming\canon
2013-02-08 17:51 . 2013-02-08 17:51 -------- d-----w- c:\programdata\Canon_Inc_IC
2013-02-08 17:05 . 2013-02-08 17:05 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-05 19:15 . 2013-02-05 19:15 -------- d-----w- c:\users\**********\AppData\Local\DDMSettings
2013-02-05 19:11 . 2013-02-05 19:11 -------- d-----w- c:\program files\DivX
2013-02-05 19:11 . 2013-02-05 19:11 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
2013-02-05 19:11 . 2013-02-05 19:11 -------- d-----w- c:\program files (x86)\DivX
2013-02-05 18:59 . 2013-02-05 19:11 -------- d-----w- c:\programdata\DivX
2013-02-03 13:53 . 2012-02-29 19:39 257784 ----a-w- c:\windows\SysWow64\BytescoutScreenCapturingFilter.dll
2013-02-03 13:53 . 2012-02-29 19:39 175864 ----a-w- c:\windows\SysWow64\BytescoutVideoMixerFilter.dll
2013-02-03 13:53 . 2013-02-03 13:53 -------- d-----w- c:\users\**********\AppData\Roaming\Apowersoft
2013-02-03 13:53 . 2012-10-08 18:52 31968 ---ha-w- c:\windows\system32\drivers\Apowersoft_AudioDevice.sys
2013-02-03 13:53 . 2012-02-29 19:39 421624 ----a-w- c:\windows\SysWow64\BytescoutScreenCapturing.dll
2013-02-03 13:53 . 2012-02-29 19:39 362232 ---ha-w- c:\windows\system32\BytescoutScreenCapturingFilter.dll
2013-02-03 13:53 . 2012-02-29 19:39 231672 ---ha-w- c:\windows\system32\BytescoutVideoMixerFilter.dll
2013-02-03 13:53 . 2012-02-29 19:39 574200 ---ha-w- c:\windows\system32\BytescoutScreenCapturing.dll
2013-02-03 13:53 . 2008-09-23 18:23 65536 ---ha-w- c:\windows\SysWow64\WebCamLib.dll
2013-02-03 13:53 . 2013-02-03 13:53 -------- d-----w- c:\program files (x86)\Apowersoft
2013-02-02 17:34 . 2007-01-04 10:02 663552 ----a-w- c:\windows\SysWow64\mgxoschk.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-28 15:55 . 2012-08-13 22:15 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-28 15:55 . 2012-08-13 22:15 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-13 22:56 . 2012-08-05 11:18 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-02-08 17:05 . 2012-08-12 22:01 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-02-08 17:05 . 2012-08-12 22:01 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-01-04 04:43 . 2013-02-13 18:13 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-26 08:55 . 2011-03-13 10:20 69672 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-12-26 08:52 . 2011-03-13 10:20 339776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-12-26 08:52 . 2012-08-01 12:08 182312 ----a-w- c:\windows\system32\mfevtps.exe
2012-12-26 08:51 . 2012-08-01 12:08 10288 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-12-26 08:51 . 2011-03-13 10:20 106112 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-12-26 08:50 . 2011-03-13 10:20 771096 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-12-26 08:49 . 2011-03-13 10:20 515528 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-12-26 08:49 . 2011-03-13 10:20 309400 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-12-26 08:48 . 2011-03-13 10:20 178840 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-12-16 17:11 . 2012-12-22 01:43 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 01:43 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 01:43 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 01:43 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-07 13:20 . 2013-01-10 21:42 441856 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-10 21:42 2746368 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-10 21:42 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-10 21:42 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-10 21:42 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-10 21:42 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-10 21:42 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-10 21:42 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-10 21:42 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-10 21:42 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-10 21:42 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-10 21:42 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-10 21:42 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-10 21:42 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-10 21:42 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-10 21:42 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-10 21:42 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-10 21:42 51712 ----a-w- c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-10 21:42 43520 ----a-w- c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-10 21:42 30720 ----a-w- c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-10 21:42 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-10 21:42 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-10 21:42 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-10 21:42 23552 ----a-w- c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-10 21:42 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-10 21:42 46592 ----a-w- c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-10 21:42 20480 ----a-w- c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-10 21:42 21504 ----a-w- c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-10 21:42 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-10 21:42 15360 ----a-w- c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-10 21:42 55296 ----a-w- c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-10 21:42 51712 ----a-w- c:\windows\SysWow64\esrb.rs
2006-05-03 10:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2010-01-06 22:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
Code:
ATTFilter
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\**********\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\**********\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\**********\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeBridge"="c:\program files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe" [2011-03-02 12008296]
"AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2013-02-11 6869080]
"AshSnap"="c:\program files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe" [2012-08-03 3400600]
"SAFE14 Browser Monitor"="c:\program files (x86)\Steganos Safe 14\SteganosBrowserMonitor.exe" [2012-12-17 73216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-25 343168]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-17 291608]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-12-18 38112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-01-14 1534504]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2013-02-03 1937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"TrayServer"="c:\progra~2\MAGIX\VIDEO_~1\TrayServer_de.exe" [2008-08-07 90112]
"BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2013-01-12 646744]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"vspdfprsrv.exe"="c:\program files (x86)\Avanquest\PDF Experte 8 Ultimate\vspdfprsrv.exe" [2012-04-23 6082560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Steganos HotKeys"="c:\program files (x86)\Steganos Safe 14\SteganosHotKeyService.exe" [2012-12-17 103424]
"SAFE14 File Redirection Starter"="c:\program files (x86)\Steganos Safe 14\fredirstarter.exe" [2012-12-17 17408]
.
c:\users\**********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\**********\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
Registration Heroes of Might & Magic 5 - Hammers of Fate.LNK - c:\program files (x86)\Ubisoft\Heroes of Might and Magic V\registrationa1\RegistrationReminder.exe [2012-12-16 868352]
Registration Heroes of Might & Magic 5.LNK - c:\program files (x86)\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe [2012-12-16 868352]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AVer HID Receiver.lnk - c:\program files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2012-8-5 155648]
AVerQuick.lnk - c:\program files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2012-8-5 675840]
ImageBrowser EX Agent.lnk - c:\program files (x86)\Canon\ImageBrowser EX\MFManager.exe [2013-2-8 69120]
SnugTV Quick Start.lnk - c:\windows\Installer\{33CFCB69-2FA5-43E8-B8A8-FAA155F870B5}\NewShortcut1_46FEF19C05F1475DAA14D9007DC15270_2.exe [2012-8-5 57344]
SpyderUtility.lnk - c:\program files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe [2012-2-8 8241767]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AVerPola;AVerMedia USB Polaris Series Capture Service;c:\windows\system32\DRIVERS\AVerPola.sys [2010-10-07 532864]
R3 AVPolCIR;AVerMedia USB Polaris Series Custom IR Service;c:\windows\system32\DRIVERS\AVPolCIR.sys [2010-10-07 50688]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R3 GPU-Z;GPU-Z;c:\users\GEORGE~1\AppData\Local\Temp\GPU-Z.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-03-08 224704]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-12-26 106112]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Spyder4;Datacolor Spyder4;c:\windows\system32\DRIVERS\dccmtr.sys [2011-06-02 15360]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-04-27 127488]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-04-27 18944]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-04-27 161280]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-27 16152]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-12-26 339776]
S1 SLEE_18_DRIVER;Steganos Live Encryption Engine 18 [Driver];c:\windows\Sleen1864.sys [2012-07-24 09:39 108648]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-26 204288]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [2011-12-29 106144]
S2 AVerRemote;AVerRemote;c:\program files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [2010-04-28 348160]
S2 AVerScheduleService;AVerScheduleService;c:\program files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [2011-04-01 403456]
S2 AVerUpdateServer;AVerUpdateServer;c:\program files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe [2011-01-06 168448]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-12 249648]
S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-10-09 173568]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-02-01 13592]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-01-10 627936]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-12-26 218320]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-12-26 182312]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe [2011-02-15 66560]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2012-02-16 1695040]
S2 SnugTV Service;SnugTV Service;c:\program files (x86)\SnugTV\SnugTV Station\AMAServer.exe [2011-04-06 571904]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-01-21 363800]
S2 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe [2012-11-14 619904]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [2011-12-29 158880]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe [2011-12-26 76960]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2012-10-08 31968]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-12-29 36000]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-10-18 93712]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-12-29 338592]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-12-29 110752]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-12-29 30368]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-12-29 167584]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-12-29 68256]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-12-29 280992]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-12-29 548000]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-12-26 69672]
S3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys [2012-10-12 13728]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-27 356120]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-27 787736]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-12-26 515528]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-11-24 648808]
S3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys [2012-10-12 81312]
S3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys [2012-10-12 15776]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - mfeavfk01
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-13 15:55]
.
2013-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-11 17:50]
.
2013-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-11 17:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\**********\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\**********\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\**********\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\**********\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-12-23 6457960]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-16 1156712]
"AtherosBtStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2011-12-29 1014432]
"AthBtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [2011-12-29 800416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-27 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-27 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-27 440600]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1580368]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: Free YouTube Download - c:\users\**********\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\**********\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
Trusted Zone: copperface.de
TCP: DhcpNameServer = 217.0.43.49 217.0.43.33
TCP: Interfaces\{4D19B983-24B5-484F-8D48-92F3EFD56557}: DhcpNameServer = 217.0.43.49 217.0.43.33
FF - ProfilePath - c:\users\**********\AppData\Roaming\Mozilla\Firefox\Profiles\8in5mc66.default\
FF - prefs.js: browser.search.selectedEngine - Sichere Suche
FF - prefs.js: browser.startup.homepage - hxxp://www.copperface.de
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-02-05 20:11; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
AddRemove-Sounds für Video- und Foto Shows - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1497567498-2469065647-1948998594-1000\Software\SecuROM\License information*]
"datasecu"=hex:6e,54,30,24,4e,1e,bd,de,9b,df,c2,b1,81,7e,2e,9a,8b,bd,a1,d9,13,
11,80,40,74,f2,55,7b,a7,fa,21,cd,25,c5,16,a4,d4,56,f7,4c,09,83,08,d6,d9,b4,\
"rkeysecu"=hex:06,70,d2,7c,fe,25,1d,9b,de,0d,08,31,5b,1f,7f,06
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-01 00:31:21
ComboFix-quarantined-files.txt 2013-02-28 23:31
ComboFix2.txt 2013-02-28 22:08
.
Vor Suchlauf: 18 Verzeichnis(se), 554.031.779.840 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 425.939.554.304 Bytes frei
.
- - End Of File - - 47F15E0E452F9C05F44905E59B9DE2A0
|
|
02.03.2013, 10:39
| #11 |
| /// Helfer-Team | Mit Malwarebytes Backdoor/Agent ; Trojaner/Agent gefunden. Was Tun? Bitte das naechste Mal das Logfile einfach zippen! Combofix-Skript
danach: Downloade Dir bitte  Malwarebytes Anti-Malware
|
|
02.03.2013, 23:43
| #12 |
| | Mit Malwarebytes Backdoor/Agent ; Trojaner/Agent gefunden. Was Tun? Sorry, an ZIP hatte ich gar nicht gedacht :-( Combofix Logfile: Code:
ATTFilter ComboFix 13-03-01.01 - ********** 02.03.2013 14:34:13.3.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8155.6266 [GMT 1:00]
ausgeführt von:: c:\users\**********\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\**********\Desktop\CFScript.txt
AV: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\**********\AppData\Roaming\Awetis
c:\users\**********\AppData\Roaming\Awetis\unsiz.erg
c:\users\**********\AppData\Roaming\Awom
c:\users\**********\AppData\Roaming\Dekyi
c:\users\**********\AppData\Roaming\Hayrqy
c:\users\**********\AppData\Roaming\Inyge
c:\users\**********\AppData\Roaming\Inyge\piiwa.bep
c:\users\**********\AppData\Roaming\Irodm
c:\users\**********\AppData\Roaming\Irodm\ichiq.exe
c:\users\**********\AppData\Roaming\Nyox
c:\users\**********\AppData\Roaming\Nyox\huex.wai
c:\users\**********\AppData\Roaming\Rumav
c:\users\**********\AppData\Roaming\Rumav\myryz.ton
c:\users\**********\AppData\Roaming\Ruobu
c:\users\**********\AppData\Roaming\Ruobu\ylud.ust
c:\users\**********\AppData\Roaming\Syecw
c:\users\**********\AppData\Roaming\Ucruho
c:\users\**********\AppData\Roaming\Uhmoet
c:\users\**********\AppData\Roaming\Uhmoet\oteru.nov
c:\users\**********\AppData\Roaming\Unot
c:\users\**********\AppData\Roaming\Unot\asqei.aba
c:\users\**********\AppData\Roaming\Uzof
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-02 bis 2013-03-02 ))))))))))))))))))))))))))))))
.
.
2013-03-02 13:42 . 2013-03-02 13:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-01 17:42 . 2013-03-01 18:23 -------- d-----w- c:\users\**********\AppData\Roaming\Axatly
2013-03-01 17:42 . 2013-03-01 17:42 -------- d-----w- c:\users\**********\AppData\Roaming\Beumu
2013-02-25 17:47 . 2013-02-26 20:06 -------- d-----w- C:\_OTL
2013-02-24 22:03 . 2013-02-24 22:03 -------- d-----w- c:\users\**********\AppData\Roaming\Process Hacker 2
2013-02-24 17:22 . 2013-02-24 17:22 -------- d-----w- c:\users\**********\AppData\Roaming\Malwarebytes
2013-02-24 17:21 . 2013-02-24 17:21 -------- d-----w- c:\programdata\Malwarebytes
2013-02-24 17:21 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-24 17:21 . 2013-02-24 17:21 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-24 14:15 . 2013-02-24 14:15 -------- d-----w- c:\program files\Process Hacker 2
2013-02-22 19:14 . 2013-02-22 19:41 -------- d-----w- c:\program files (x86)\Steganos Safe 14
2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-02-13 22:53 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 22:53 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 18:16 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-13 18:16 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 18:16 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 18:14 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 18:13 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-13 18:13 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-13 18:13 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-13 18:13 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-13 18:13 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-13 18:13 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-13 18:13 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 18:13 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-08 21:27 . 2013-02-09 14:27 -------- d-----w- c:\users\**********\AppData\Roaming\CANON INC
2013-02-08 18:01 . 2013-02-08 18:01 -------- d-----w- c:\users\**********\AppData\Roaming\Canon_Inc_IC
2013-02-08 18:01 . 2013-02-09 15:24 -------- d-----w- c:\program files (x86)\Canon
2013-02-08 18:01 . 2013-02-08 18:01 -------- d-----w- c:\program files (x86)\Common Files\Canon_Inc_IC
2013-02-08 17:51 . 2013-02-08 21:27 -------- d-----w- c:\users\**********\AppData\Roaming\canon
2013-02-08 17:51 . 2013-02-08 17:51 -------- d-----w- c:\programdata\Canon_Inc_IC
2013-02-08 17:05 . 2013-02-08 17:05 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-05 19:15 . 2013-02-05 19:15 -------- d-----w- c:\users\**********\AppData\Local\DDMSettings
2013-02-05 19:11 . 2013-02-05 19:11 -------- d-----w- c:\program files\DivX
2013-02-05 19:11 . 2013-02-05 19:11 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
2013-02-05 19:11 . 2013-02-05 19:11 -------- d-----w- c:\program files (x86)\DivX
2013-02-05 18:59 . 2013-02-05 19:11 -------- d-----w- c:\programdata\DivX
2013-02-03 13:53 . 2012-02-29 19:39 257784 ----a-w- c:\windows\SysWow64\BytescoutScreenCapturingFilter.dll
2013-02-03 13:53 . 2012-02-29 19:39 175864 ----a-w- c:\windows\SysWow64\BytescoutVideoMixerFilter.dll
2013-02-03 13:53 . 2013-02-03 13:53 -------- d-----w- c:\users\**********\AppData\Roaming\Apowersoft
2013-02-03 13:53 . 2012-10-08 18:52 31968 ---ha-w- c:\windows\system32\drivers\Apowersoft_AudioDevice.sys
2013-02-03 13:53 . 2012-02-29 19:39 421624 ----a-w- c:\windows\SysWow64\BytescoutScreenCapturing.dll
2013-02-03 13:53 . 2012-02-29 19:39 362232 ---ha-w- c:\windows\system32\BytescoutScreenCapturingFilter.dll
2013-02-03 13:53 . 2012-02-29 19:39 231672 ---ha-w- c:\windows\system32\BytescoutVideoMixerFilter.dll
2013-02-03 13:53 . 2012-02-29 19:39 574200 ---ha-w- c:\windows\system32\BytescoutScreenCapturing.dll
2013-02-03 13:53 . 2008-09-23 18:23 65536 ---ha-w- c:\windows\SysWow64\WebCamLib.dll
2013-02-03 13:53 . 2013-02-03 13:53 -------- d-----w- c:\program files (x86)\Apowersoft
2013-02-02 17:34 . 2007-01-04 10:02 663552 ----a-w- c:\windows\SysWow64\mgxoschk.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-28 15:55 . 2012-08-13 22:15 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-28 15:55 . 2012-08-13 22:15 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-13 22:56 . 2012-08-05 11:18 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-02-08 17:05 . 2012-08-12 22:01 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-02-08 17:05 . 2012-08-12 22:01 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-01-04 04:43 . 2013-02-13 18:13 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-26 08:55 . 2011-03-13 10:20 69672 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-12-26 08:52 . 2011-03-13 10:20 339776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-12-26 08:52 . 2012-08-01 12:08 182312 ----a-w- c:\windows\system32\mfevtps.exe
2012-12-26 08:51 . 2012-08-01 12:08 10288 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-12-26 08:51 . 2011-03-13 10:20 106112 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-12-26 08:50 . 2011-03-13 10:20 771096 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-12-26 08:49 . 2011-03-13 10:20 515528 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-12-26 08:49 . 2011-03-13 10:20 309400 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-12-26 08:48 . 2011-03-13 10:20 178840 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-12-16 17:11 . 2012-12-22 01:43 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 01:43 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 01:43 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 01:43 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-07 13:20 . 2013-01-10 21:42 441856 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-10 21:42 2746368 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-10 21:42 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-10 21:42 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-10 21:42 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-10 21:42 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-10 21:42 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-10 21:42 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-10 21:42 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-10 21:42 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-10 21:42 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-10 21:42 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-10 21:42 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-10 21:42 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-10 21:42 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-10 21:42 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-10 21:42 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-10 21:42 51712 ----a-w- c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-10 21:42 43520 ----a-w- c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-10 21:42 30720 ----a-w- c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-10 21:42 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-10 21:42 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-10 21:42 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-10 21:42 23552 ----a-w- c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-10 21:42 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-10 21:42 46592 ----a-w- c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-10 21:42 20480 ----a-w- c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-10 21:42 21504 ----a-w- c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-10 21:42 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-10 21:42 15360 ----a-w- c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-10 21:42 55296 ----a-w- c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-10 21:42 51712 ----a-w- c:\windows\SysWow64\esrb.rs
2006-05-03 10:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2010-01-06 22:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\**********\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\**********\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\**********\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeBridge"="c:\program files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe" [2011-03-02 12008296]
"AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2013-02-11 6869080]
"AshSnap"="c:\program files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe" [2012-08-03 3400600]
"SAFE14 Browser Monitor"="c:\program files (x86)\Steganos Safe 14\SteganosBrowserMonitor.exe" [2012-12-17 73216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-25 343168]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-17 291608]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-12-18 38112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-01-14 1534504]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2013-02-03 1937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"TrayServer"="c:\progra~2\MAGIX\VIDEO_~1\TrayServer_de.exe" [2008-08-07 90112]
"BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2013-01-12 646744]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"vspdfprsrv.exe"="c:\program files (x86)\Avanquest\PDF Experte 8 Ultimate\vspdfprsrv.exe" [2012-04-23 6082560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Steganos HotKeys"="c:\program files (x86)\Steganos Safe 14\SteganosHotKeyService.exe" [2012-12-17 103424]
"SAFE14 File Redirection Starter"="c:\program files (x86)\Steganos Safe 14\fredirstarter.exe" [2012-12-17 17408]
.
c:\users\**********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\**********\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
Registration Heroes of Might & Magic 5 - Hammers of Fate.LNK - c:\program files (x86)\Ubisoft\Heroes of Might and Magic V\registrationa1\RegistrationReminder.exe [2012-12-16 868352]
Registration Heroes of Might & Magic 5.LNK - c:\program files (x86)\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe [2012-12-16 868352]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AVer HID Receiver.lnk - c:\program files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2012-8-5 155648]
AVerQuick.lnk - c:\program files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2012-8-5 675840]
ImageBrowser EX Agent.lnk - c:\program files (x86)\Canon\ImageBrowser EX\MFManager.exe [2013-2-8 69120]
SnugTV Quick Start.lnk - c:\windows\Installer\{33CFCB69-2FA5-43E8-B8A8-FAA155F870B5}\NewShortcut1_46FEF19C05F1475DAA14D9007DC15270_2.exe [2012-8-5 57344]
SpyderUtility.lnk - c:\program files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe [2012-2-8 8241767]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AVerPola;AVerMedia USB Polaris Series Capture Service;c:\windows\system32\DRIVERS\AVerPola.sys [2010-10-07 532864]
R3 AVPolCIR;AVerMedia USB Polaris Series Custom IR Service;c:\windows\system32\DRIVERS\AVPolCIR.sys [2010-10-07 50688]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R3 GPU-Z;GPU-Z;c:\users\G**************~1\AppData\Local\Temp\GPU-Z.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-03-08 224704]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-12-26 106112]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Spyder4;Datacolor Spyder4;c:\windows\system32\DRIVERS\dccmtr.sys [2011-06-02 15360]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-04-27 127488]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-04-27 18944]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-04-27 161280]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-27 16152]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-12-26 339776]
S1 SLEE_18_DRIVER;Steganos Live Encryption Engine 18 [Driver];c:\windows\Sleen1864.sys [2012-07-24 09:39 108648]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-26 204288]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [2011-12-29 106144]
S2 AVerRemote;AVerRemote;c:\program files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [2010-04-28 348160]
S2 AVerScheduleService;AVerScheduleService;c:\program files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [2011-04-01 403456]
S2 AVerUpdateServer;AVerUpdateServer;c:\program files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe [2011-01-06 168448]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-12 249648]
S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-10-09 173568]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-02-01 13592]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-01-10 627936]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-12-26 218320]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-12-26 182312]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe [2011-02-15 66560]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2012-02-16 1695040]
S2 SnugTV Service;SnugTV Service;c:\program files (x86)\SnugTV\SnugTV Station\AMAServer.exe [2011-04-06 571904]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-01-21 363800]
S2 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe [2012-11-14 619904]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [2011-12-29 158880]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe [2011-12-26 76960]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2012-10-08 31968]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-12-29 36000]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-10-18 93712]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-12-29 338592]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-12-29 110752]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-12-29 30368]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-12-29 167584]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-12-29 68256]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-12-29 280992]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-12-29 548000]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-12-26 69672]
S3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys [2012-10-12 13728]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-27 356120]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-27 787736]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-12-26 515528]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-11-24 648808]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
S3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys [2012-10-12 81312]
S3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys [2012-10-12 15776]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - mfeavfk01
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-13 15:55]
.
2013-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-11 17:50]
.
2013-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-11 17:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\**********\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\**********\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\**********\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\**********\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-12-23 6457960]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-16 1156712]
"AtherosBtStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2011-12-29 1014432]
"AthBtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [2011-12-29 800416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-27 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-27 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-27 440600]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1580368]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: Free YouTube Download - c:\users\**********\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\**********\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
Trusted Zone: copperface.de
TCP: DhcpNameServer = 217.0.43.49 217.0.43.33
TCP: Interfaces\{4D19B983-24B5-484F-8D48-92F3EFD56557}: DhcpNameServer = 217.0.43.49 217.0.43.33
FF - ProfilePath - c:\users\**********\AppData\Roaming\Mozilla\Firefox\Profiles\8in5mc66.default\
FF - prefs.js: browser.search.selectedEngine - Sichere Suche
FF - prefs.js: browser.startup.homepage - hxxp://***.****.**
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-02-05 20:11; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Oravwe - c:\users\**********\AppData\Roaming\Irodm\ichiq.exe
AddRemove-Sounds für Video- und Foto Shows - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1497567498-2469065647-1948998594-1000\Software\SecuROM\License information*]
"datasecu"=hex:c4,1f,2b,ed,0d,93,c2,8c,9f,c3,0a,62,ab,78,08,2f,82,fc,ed,07,0e,
3f,45,d3,2e,2a,86,19,56,3a,68,b9,8b,7e,d0,96,da,51,55,c9,f4,6b,f0,b3,55,65,\
"rkeysecu"=hex:7d,74,f9,1d,c8,f1,ab,d0,98,06,17,c2,57,49,10,d2
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-02 14:43:46
ComboFix-quarantined-files.txt 2013-03-02 13:43
ComboFix2.txt 2013-02-28 23:31
ComboFix3.txt 2013-02-28 22:08
.
Vor Suchlauf: 18 Verzeichnis(se), 425.363.734.528 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 425.276.944.384 Bytes frei
.
- - End Of File - - 85272A72B6DA2D256C7D61B89EDDCF4E
Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.02.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 ****************** :: -----D*E*X*S*5*0----- [Administrator] 02.03.2013 15:03:16 mbam-log-2013-03-02 (15-03-16).txt Art des Suchlaufs: Vollständiger Suchlauf (A:\|B:\|C:\|F:\|G:\|I:\|J:\|N:\|O:\|P:\|Q:\|T:\|W:\|X:\|Y:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 1517116 Laufzeit: 5 Stunde(n), 59 Minute(n), 13 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 19 C:\Qoobox\Quarantine\C\Users\******************\AppData\Roaming\Ezgysa\deiwx.exe.vir (Trojan.Inject) -> Erfolgreich gelöscht und in Quarantäne gestellt. I:\$RECYCLE.BIN\S-1-5-21-1497567498-2469065647-1948998594-1000\$RWU59GJ\13_Security\hackerbox\Hbox\pmoni.exe (Malware.Packer.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. I:\$RECYCLE.BIN\S-1-5-21-1497567498-2469065647-1948998594-1000\$RWU59GJ\13_Security\PWD-mit Sterne\pantsoff.exe (PUP.Pantsoff.PasswordFinder) -> Erfolgreich gelöscht und in Quarantäne gestellt. I:\$RECYCLE.BIN\S-1-5-21-1497567498-2469065647-1948998594-1000\$RWU59GJ\13_Security\spionage\pantsoff.exe (PUP.Pantsoff.PasswordFinder) -> Erfolgreich gelöscht und in Quarantäne gestellt. I:\$RECYCLE.BIN\S-1-5-21-1497567498-2469065647-1948998594-1000\$RWU59GJ\2_Musik\N23 Player-Mixer\No23Player.exe (Malware.Packer.as) -> Erfolgreich gelöscht und in Quarantäne gestellt. I:\$RECYCLE.BIN\S-1-5-21-1497567498-2469065647-1948998594-1000\$RWU59GJ\4_Internet\Webdesign\fp2006-final-3.00-setup\fp2006-final-3.00-setup.exe (BadJoke.KillFiles) -> Erfolgreich gelöscht und in Quarantäne gestellt. I:\$RECYCLE.BIN\S-1-5-21-1497567498-2469065647-1948998594-1000\$RWU59GJ\8_Games\Tomb Raider anniversery\tra2_trn\tra2_trn.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. I:\$RECYCLE.BIN\S-1-5-21-1497567498-2469065647-1948998594-1000\$RWU59GJ\PcWelt\PCWELT - Software\DVD 1-2007\pantsoff.exe (PUP.Pantsoff.PasswordFinder) -> Erfolgreich gelöscht und in Quarantäne gestellt. I:\$RECYCLE.BIN\S-1-5-21-1497567498-2469065647-1948998594-1000\$RWU59GJ\____Programme zum Ablegen\_Corsten_Apps\Nero 7.0.1.2\Keygen.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. W:\Nur Backup\ALTES\Programmbackup ALT\13_Security\hackerbox\Hbox\pmoni.exe (Malware.Packer.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. W:\Nur Backup\ALTES\Programmbackup ALT\13_Security\PWD-mit Sterne\pantsoff.exe (PUP.Pantsoff.PasswordFinder) -> Erfolgreich gelöscht und in Quarantäne gestellt. W:\Nur Backup\ALTES\Programmbackup ALT\13_Security\spionage\pantsoff.exe (PUP.Pantsoff.PasswordFinder) -> Erfolgreich gelöscht und in Quarantäne gestellt. W:\Nur Backup\ALTES\Programmbackup ALT\2_Musik\N23 Player-Mixer\No23Player.exe (Malware.Packer.as) -> Erfolgreich gelöscht und in Quarantäne gestellt. W:\Nur Backup\ALTES\Programmbackup ALT\4_Internet\Webdesign\fp2006-final-3.00-setup\fp2006-final-3.00-setup.exe (BadJoke.KillFiles) -> Erfolgreich gelöscht und in Quarantäne gestellt. W:\Nur Backup\ALTES\Programmbackup ALT\8_Games\Tomb Raider anniversery\tra2_trn\tra2_trn.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. W:\Nur Backup\ALTES\Programmbackup ALT\PcWelt\PCWELT - Software\DVD 1-2007\pantsoff.exe (PUP.Pantsoff.PasswordFinder) -> Erfolgreich gelöscht und in Quarantäne gestellt. W:\Nur Backup\ALTES\Programmbackup ALT\____Programme zum Ablegen\_Corsten_Apps\Nero 7.0.1.2\Keygen.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. W:\Nur Backup\ALTES\_Platte_XP-Rechner_MUSIK\videos\AmoK-shrink\AmoK DVD Shrinker\ShrinkTo5.dll (Packer.Suspicious) -> Erfolgreich gelöscht und in Quarantäne gestellt. W:\Nur Backup\Bootplatte C\1_Download\Safe\Steganos Safe Home\dllregister.exe (Adware.Agent.ZGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
03.03.2013, 11:21
| #13 |
| /// Helfer-Team | Mit Malwarebytes Backdoor/Agent ; Trojaner/Agent gefunden. Was Tun? Sehr gut!  Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). danach: Downloade Dir bitte SecurityCheck und:
|
|
03.03.2013, 15:29
| #14 |
| | Mit Malwarebytes Backdoor/Agent ; Trojaner/Agent gefunden. Was Tun? Hier ist das aswMBR Logfile: Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-03 13:57:27
-----------------------------
13:57:27.795 OS Version: Windows x64 6.1.7601 Service Pack 1
13:57:27.795 Number of processors: 8 586 0x3A09
13:57:27.795 ComputerName: D**X**S**5**0 UserName:
13:57:31.387 Initialize success
14:02:00.734 AVAST engine defs: 13030300
14:02:10.445 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:02:10.447 Disk 0 Vendor: ST310005 JC4A Size: 953869MB BusType: 3
14:02:10.456 Disk 0 MBR read successfully
14:02:10.458 Disk 0 MBR scan
14:02:10.460 Disk 0 Windows VISTA default MBR code
14:02:10.462 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
14:02:10.473 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 12544 MB offset 81920
14:02:10.488 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 941284 MB offset 25772032
14:02:10.510 Disk 0 scanning C:\Windows\system32\drivers
14:02:20.007 Service scanning
14:02:36.821 Modules scanning
14:02:36.830 Disk 0 trace - called modules:
14:02:36.856 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
14:02:36.859 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009ade060]
14:02:36.861 3 CLASSPNP.SYS[fffff88001c1743f] -> nt!IofCallDriver -> [0xfffffa8007186260]
14:02:36.863 5 ACPI.sys[fffff88000faf7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007347050]
14:02:40.026 AVAST engine scan C:\Windows
14:02:43.410 AVAST engine scan C:\Windows\system32
14:04:57.576 AVAST engine scan C:\Windows\system32\drivers
14:05:09.752 AVAST engine scan C:\Users\**********
14:38:15.323 AVAST engine scan C:\ProgramData
14:48:50.551 Scan finished successfully
14:58:02.895 Disk 0 MBR has been saved successfully to "C:\_OTL\MovedFiles\Sammeln\2013-03-03\MBR.dat"
14:58:02.898 The log file has been saved successfully to "C:\_OTL\MovedFiles\Sammeln\2013-03-03\aswMBR.txt"
und hier das SecurityCheck Logfile: Code:
ATTFilter Results of screen317's Security Check version 0.99.59 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` McAfee Anti-Virus und Anti-Spyware WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Spyder4Pro Malwarebytes Anti-Malware Version 1.70.0.1100 TuneUp 2.4.6.4 Java 7 Update 13 Java 3D 1.5.1 Adobe Flash Player 11.6.602.171 Adobe Reader 10.1.6 Adobe Reader out of Date! Mozilla Firefox 18.0.2 Firefox out of Date! Mozilla Thunderbird (17.0.3) ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Warum Adobe Reader und Firefox "out of Date" gemeldet werden, verstehe ich nicht, da ich eigentlich alles auf Autoupdate habe und Firefox meldet mir sogar das ich die neueste Version drauf hätte??  Ich mache aber noch keine Änderung so lange mir von dir nicht ein OK vorliegt... Danke auch nochmal für deine Geduld! |
|
04.03.2013, 13:54
| #15 |
| /// Helfer-Team | Mit Malwarebytes Backdoor/Agent ; Trojaner/Agent gefunden. Was Tun? Aktualisiere:
Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck Java deaktivieren Aufgrund derezeitigen Sicherheitsluecke: http://www.trojaner-board.de/122961-...ktivieren.html Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck |
|
| Themen zu Mit Malwarebytes Backdoor/Agent ; Trojaner/Agent gefunden. Was Tun? |
| administrator, adware.agent.zgen, anti-malware, appdata, aufsetzen, autostart, badjoke.killfiles, kaspersky, malware.packer.as, malware.packer.gen, malwarebytes, microsoft, neu, neu aufsetzen, packer.suspicious, prozesse, pup.pantsoff.passwordfinder, rechner, riskware.tool.ck, roaming, software, trojan.agent, trojan.agent.iet, trojan.inject, trojaner, uwte.exe |
WARNUNG für die MITLESER: 
Linear-Darstellung
