| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Langanhaltendes Fiepen und Probleme bei der Deinstallation von SpyhunterWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
02.05.2013, 20:30
| #1 |
 |  Langanhaltendes Fiepen und Probleme bei der Deinstallation von Spyhunter Guten Abend Zusammen, ich habe mich wohl ein wenig zu übermütig im Internet herumgetrieben, denn gestern hatte ich plötzlich Probleme mit meinem Zugriff aufs Internet. Durch Zauberhand hatten sich die Proxy Einstellungen verändert. Mit Hilfe meines iPods und des Trojaner Boards hatte ich das aber schnell wieder hingebastelt. Dann begann der Laptop zu fiepen, es erinnerte mich ein wenig an das Geräusch eines Modems beim Einwählen. Dieses Geräusch kehrte auch mehrfach wieder und zwischen dem Ton gab es so etwas wie Echo oder Hall, ich weiß nicht genau wie ich es erklären soll. Da ist mir dann ein bißchen heiß geworden und ich habe nach Möglichkeiten gesucht das Problem zu lösen. Dabei bin ich dann auf SpyHunter gestoßen. Nachdem mehrere Probleme identifiziert wurden, wurde ich zur Kasse gebeten und ich habe das Programm wieder deinstalliert. Außderdem habe ich Avira und Norton scannen lassen, allerdings haben beide außer ein paar Cookies nichts Auffälliges angezeigt. Nach einem Neustart höre ich keine Geräusche mehr, allerdings kann ich Spy Hunter nicht vollständig deinstallieren und die Verbindung zum Internet wird des öfteren abgebrochen. Natürlich finde ich die Sache mit dem Fiepen nach wie vor beunruhigend und wüsste gern ob es ernsthaft Grund zur Sorge gibt. Außerdem haben sich ja die Proxy Einstellungen auch nicht von selbst verändert... Da ich mich eine Weile auf dem Trojander Board herumgetrieben habe weiß ich dass Ihr in der Regel folgende Infos benötigt: Code:
ATTFilter OTL Extras logfile created on: 02.05.2013 20:14:55 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Yogette\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,90 Gb Total Physical Memory | 4,20 Gb Available Physical Memory | 53,13% Memory free
9,09 Gb Paging File | 5,17 Gb Available in Paging File | 56,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448,53 Gb Total Space | 366,24 Gb Free Space | 81,65% Space Free | Partition Type: NTFS
Drive D: | 16,46 Gb Total Space | 2,11 Gb Free Space | 12,82% Space Free | Partition Type: NTFS
Drive E: | 465,65 Gb Total Space | 1,27 Gb Free Space | 0,27% Space Free | Partition Type: FAT32
Unable to calculate disk information.
Computer Name: BRUNO | User Name: Yogette | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3766985610-2849600927-783385817-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B946176-73B1-4B9B-9B00-613C5C009610}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{34501439-B0B0-4BC8-A0E1-0EC1E2D628A4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3813E741-8C16-4238-A008-2E0B22539CA9}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{48DA744E-8B4A-44B2-A81A-844C8FE36956}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{49A78C90-B19F-49B3-B809-B27882600788}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{626A5BB2-29E2-4881-BDE6-34F482F272C3}" = lport=137 | protocol=17 | dir=in | app=system |
"{66911DD8-BDBD-4B9A-A5E8-B85EC729C84C}" = lport=445 | protocol=6 | dir=in | app=system |
"{6BF38056-E2E2-47B2-BB21-0F3F82C0014F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{6D1A9D80-6B0B-4F5E-8C07-BAA111825D40}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6EF4B54F-26A8-483F-BCAD-959AA5AD7117}" = rport=445 | protocol=6 | dir=out | app=system |
"{7F3CE505-62DE-476B-9A43-34A0A3744A13}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{85C870C3-B487-4C6F-A083-56E62E24064E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |
"{9C2D85FD-4923-4B43-AA75-3C864AD348D9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9DD9D5DB-D4A7-4099-91F9-4346E57685A4}" = rport=139 | protocol=6 | dir=out | app=system |
"{A064BB27-14AC-4D46-A410-053EAB03D62D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B4119E71-2D95-41D3-90C9-A98C10EB44CF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B4EAE771-A276-46E0-8D68-51D060018478}" = lport=139 | protocol=6 | dir=in | app=system |
"{B7E98106-A9AD-47FD-BBAF-A5293D2AA2BE}" = rport=137 | protocol=17 | dir=out | app=system |
"{BBEAAB0E-16C9-4272-9F84-5F58FD5EFBE5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CDA3CEF0-14DE-4C3C-9C1C-C4D705484A3E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DC4DDB0F-A4FB-4FC3-8E71-1A4A8CA32568}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E1CE83B5-9E82-48C1-9DD4-F87E2A5D5672}" = rport=138 | protocol=17 | dir=out | app=system |
"{E8281A7C-867F-44D2-9A57-4A05FB13C0DD}" = lport=138 | protocol=17 | dir=in | app=system |
"{E85D51B2-9734-4402-9A1D-BDD0687EA7D4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{005F744E-5F74-45EE-A412-F71BBD416BDC}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{0D8DC9D5-A100-4FB1-8C30-6342785C6832}" = dir=out | name=kindle |
"{11B16E4F-519F-4CE5-BDFE-DAC84C0EEE7E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{12625806-84ED-4178-A8C2-7151DF545BE4}" = dir=out | name=skype |
"{179FC2BF-E6FA-4ACA-BF13-342AA4BF396F}" = dir=out | name=@{microsoft.bingnews_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{191487FE-D290-4C6D-BE29-896BB8402A76}" = dir=out | name=windows_ie_ac_001 |
"{1D6FD8B9-8D00-4F12-8A5F-A72B1EF54493}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{243ADF4D-2BEF-495C-8ADE-1FF2E1D1B290}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector10\pdr10.exe |
"{2650ABDB-1305-4514-A6A3-784C3084A290}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{28E6D8BB-B0B4-4FBA-91D5-9732D831C2B1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2CF39DB3-3648-46D3-AA69-5FFC0FD132BD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2EB085A8-D710-4AB9-9C56-0F25E7C136D8}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{41879AE6-B0D5-42B4-AAAB-764DA95C8923}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |
"{433DAA7C-79D5-40E6-AA75-EC84A0723AD3}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{45EB9496-9C27-4CB5-8530-0A7645AB5ACC}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{484E0276-99D3-440A-B5BF-9799F069E25B}" = dir=out | name=getting started with windows 8 |
"{488ACB16-B1F4-48C7-AF3C-008CC775CC74}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{49DEFF1E-52EF-40FB-90DE-74DB5EE5C23B}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |
"{4BA44EC4-4FC9-4B8C-AFFE-BE49AC370A55}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{4F2EFA98-2DAC-42D5-9E1D-4DCDF9C23686}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{586A23B0-A108-4EF2-8526-4702E7207084}" = dir=in | app=c:\program files\apowersoft\streaming video recorder\streaming video recorder.exe |
"{586E9FD1-763F-47C8-AD6F-DBBFC9510CE0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{59C1BE4D-E7AC-48D6-99B5-8D83DE4D7AA8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{61B6A3FE-A201-4058-8EA8-110A870070C0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{626E1384-E113-496B-95C3-4B8823207D82}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{62B49F06-E501-4A6B-AD40-13C1AA420E24}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{651707C8-6648-4DC8-AE7D-48B45DEA51CD}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{6C6A7F2A-431E-49F4-8916-B94841EF760C}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{6E2384B3-6616-444C-B787-4672F97E657C}" = dir=in | app=c:\program files\apowersoft\streaming video recorder\apowersoftac.dll |
"{7A801DF5-3204-4178-BBDB-0B97E8A76B16}" = dir=out | name=@{microsoft.zunemusic_1.2.150.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{7BA49F4A-659C-4A56-9D6C-36589750728E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7BF66284-B539-474B-BFE7-D41AD38E90B4}" = dir=out | name=hp registration |
"{8044C24E-DA78-4DBC-BF0F-C2F2883E3819}" = dir=in | app=c:\program files\apowersoft\streaming video recorder\apowersoftplayer.dll |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{8108AA1A-DF34-431D-80D0-47612B85377E}" = protocol=6 | dir=out | app=system |
"{82AE75D2-BFE0-4AC4-A1B8-EDC69F2AEC4D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{88DF63D3-7A2C-49BE-A251-4CB4A7302A40}" = dir=out | name=norton studio |
"{88FBFE54-35C3-45E7-B1D7-F4E5A585394D}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
"{897DC6CE-1088-44C2-9F5F-D942E8795CB6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8C22566D-EFFE-4ADA-B27E-A29E1E38832D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{908CCAEC-8D2C-410E-8419-3CEC0028DA61}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{930B3992-6D0C-49C1-AE0B-1EF62D29BDE4}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
"{946D3E90-4469-4885-9AE3-0F239940C623}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{99888C75-A3B5-4EA7-BA4C-536439BE6C42}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9CD7E79C-9B61-4F85-8323-A248828C527C}" = dir=in | name=skype |
"{A098A6F6-2BDB-4FDD-A7AC-5C783DFD6685}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A2653AA8-7996-4383-BCAD-FA386780F026}" = dir=out | name=@{microsoft.zunevideo_1.2.150.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{A618661C-078C-46B1-BBF7-6FA1B6C8AF07}" = dir=out | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{AB4C886F-C4EC-498C-98D3-6B354521B349}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{B7245D2E-F107-4D6A-983E-29A6937C007F}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{C3817085-1D21-41FA-8A21-6F8C074438E4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C4F90918-0CD7-4D03-8719-838478CDDEA9}" = dir=in | app=c:\program files\intel corporation\intel widi\widiapp.exe |
"{C5F4BFDF-5C79-451D-82E9-97AF0EFC423A}" = dir=in | app=c:\program files\apowersoft\streaming video recorder\apowersoftdump.dll |
"{C69B044D-4120-4B55-B440-0C2C16804B3F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{C770EF3B-D11C-4DEB-9AE5-378205BE7B7A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C90C592B-2616-402D-86D6-E1219AC63192}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C9907DFA-5AE2-4E10-AB43-81475A594A16}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{CAA646A0-3A78-4EED-9BE3-F66844E5162F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CC65D411-4CD2-4A8B-900F-3ABC8637544F}" = dir=in | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{CDC7C334-A928-4B0A-B5BD-858C66DACB81}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{CE3DD132-7412-46D7-AA68-9D045C8529CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D0F01145-352A-427D-93CB-58DE528DB25E}" = dir=in | name=ebay |
"{D4D01DBA-7239-4A59-B7CF-8F08497744CC}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{D704915E-45BF-4257-9128-0A3DC6849105}" = dir=out | name=hp connected photo powered by snapfish |
"{DE8EFE35-CBE8-4125-A527-420DB1EB05BB}" = dir=in | name=kindle |
"{E49B47EE-F3FB-48AC-A74C-7F3714B13AB6}" = dir=in | app=c:\program files\apowersoft\streaming video recorder\apowersoftsrv.dll |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E7D368E3-0C58-4923-AA88-52BFAE18BA9C}" = dir=out | name=@{microsoft.bingtravel_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{F0E5A74A-BE58-47CB-8F37-D51D371CEA42}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FACF90D2-EA44-4814-879A-9BEDF8AA18D1}" = dir=out | name=ebay |
"{FB54A8C7-2D89-45B9-86EA-25577352BFA4}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{FE2CECBD-20FD-4573-A63C-99F4C98CDF7A}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0FA995CC-C849-4755-B14B-5404CC75DC24}" = Energy Star
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2DEDBE5B-D538-43F3-83A7-B037D6B51A89}" = HP 3D DriveGuard
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{62E7C369-64FF-452C-8F46-6BE9B77FF097}" = Intel(R) WiDi
"{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7854AA22-A2F0-4F29-A2E9-D0C5A2B685E7}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{89478C31-5CE8-461A-9084-9A0AF059F84F}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99FDAE3B-6905-45A6-8F73-595363AAD3D1}" = Intel® PROSet/Wireless WiFi-Software
"{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}" = HP Registration Service
"{EE21578E-DE14-46D5-83D7-EA4D347B2F9A}" = Intel(R) Smart Connect Technology 3.0 x64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"ProInst" = Intel PROSet Wireless
"ProPlusRetail - de-de" = Microsoft Office Professional Plus 2013 - de-de
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C57987A-A03A-4B95-A309-D23F78F406CA}" = HP Utility Center
"{16B7BDA1-B967-4D2D-8B27-E12727C28350}" = HP CoolSense
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{40F4FF7A-B214-4453-B973-080B09CED019}" = Absolute Reminder
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1" = Connected Music powered by Universal Music Group version 1.0
"{4862344A-A39C-4897-ACD4-A1BED5163C5A}" = CyberLink PhotoDirector
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4ED7050C-9332-4FB2-AB07-E94F25A53D39}" = HP Quick Launch
"{528AB81B-D65A-4AB0-A2B6-82B51A087D01}" = HP Recovery Manager
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A33079-D1A0-4469-8903-C4A48B4975E2}" = HP Documentation
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89704656-98FA-4EB0-9CC9-9C9839255FA0}" = Intel(R) Update Manager
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0407-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{941DE69D-6CEE-4171-8F1F-3D7E352AA498}" = HP Wireless Button Driver
"{94BB4B4F-BD6D-4166-A580-F868C8384CA6}" = HP Software Framework
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B8019B54-F9BE-490A-9619-6D06F18F129F}" = HP Support Assistant
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"3D073343-CEEB-4ce7-85AC-A69A7631B5D6" = Intel(R) Rapid Start Technology
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}" = CyberLink PhotoDirector
"InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"StartHPConnectedMusic" = HP Connected Music (Meridian - installer)
"VLC media player" = VLC media player 2.0.6
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3766985610-2849600927-783385817-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"31dfee6c296bca85" = VpnOneClick
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 17.04.2013 12:32:01 | Computer Name = Bruno | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler:
Type-ID=254, Autor-ID=311, Lieferant-ID=14122, Lieferant-Typ=1
Error - 17.04.2013 12:32:01 | Computer Name = Bruno | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler:
Type-ID=17, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error - 17.04.2013 12:32:01 | Computer Name = Bruno | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler:
Type-ID=25, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error - 17.04.2013 12:32:01 | Computer Name = Bruno | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler:
Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error - 17.04.2013 12:32:01 | Computer Name = Bruno | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler:
Type-ID=254, Autor-ID=311, Lieferant-ID=14122, Lieferant-Typ=1
Error - 17.04.2013 12:32:01 | Computer Name = Bruno | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler:
Type-ID=17, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error - 17.04.2013 12:32:01 | Computer Name = Bruno | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler:
Type-ID=25, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error - 17.04.2013 12:32:01 | Computer Name = Bruno | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler:
Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error - 17.04.2013 12:33:55 | Computer Name = Bruno | Source = RasClient | ID = 20227
Description =
Error - 17.04.2013 12:33:55 | Computer Name = Bruno | Source = RasClient | ID = 20227
Description =
[ System Events ]
Error - 09.04.2013 13:32:35 | Computer Name = Bruno | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus
lautet: 10.
Error - 09.04.2013 13:32:35 | Computer Name = Bruno | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus
lautet: 10.
Error - 09.04.2013 13:34:48 | Computer Name = Bruno | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus
lautet: 10.
Error - 09.04.2013 13:34:49 | Computer Name = Bruno | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus
lautet: 10.
Error - 09.04.2013 13:34:49 | Computer Name = Bruno | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus
lautet: 10.
Error - 10.04.2013 13:55:04 | Computer Name = Bruno | Source = RasSstp | ID = 1
Description =
Error - 11.04.2013 13:52:18 | Computer Name = Bruno | Source = RasSstp | ID = 1
Description =
Error - 12.04.2013 10:44:27 | Computer Name = Bruno | Source = Service Control Manager | ID = 7034
Description = Dienst "Bluetooth Device Monitor" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 17.04.2013 11:43:07 | Computer Name = Bruno | Source = RasSstp | ID = 1
Description =
Error - 17.04.2013 12:32:49 | Computer Name = Bruno | Source = RasSstp | ID = 1
Description =
< End of report >
Code:
ATTFilter OTL logfile created on: 02.05.2013 20:14:55 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Yogette\Downloads 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,90 Gb Total Physical Memory | 4,20 Gb Available Physical Memory | 53,13% Memory free 9,09 Gb Paging File | 5,17 Gb Available in Paging File | 56,91% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 448,53 Gb Total Space | 366,24 Gb Free Space | 81,65% Space Free | Partition Type: NTFS Drive D: | 16,46 Gb Total Space | 2,11 Gb Free Space | 12,82% Space Free | Partition Type: NTFS Drive E: | 465,65 Gb Total Space | 1,27 Gb Free Space | 0,27% Space Free | Partition Type: FAT32 Unable to calculate disk information. Computer Name: BRUNO | User Name: Yogette | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.02 20:08:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Yogette\Downloads\OTL.exe PRC - [2013.05.01 14:17:12 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe PRC - [2013.04.12 17:25:08 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013.02.05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe PRC - [2012.12.24 05:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe PRC - [2012.09.20 07:55:29 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe PRC - [2012.08.08 11:23:28 | 001,112,000 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2012.08.08 11:23:08 | 001,091,520 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2012.07.27 18:21:26 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe PRC - [2012.07.24 10:42:34 | 000,316,416 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe PRC - [2012.07.19 21:09:42 | 000,193,576 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\irstrtsv.exe PRC - [2012.07.17 12:10:32 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.07.17 12:10:30 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.07.17 12:10:16 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.07.09 13:40:02 | 000,580,512 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe PRC - [2012.07.09 13:40:02 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe PRC - [2012.03.28 18:34:30 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe PRC - [2011.08.26 14:37:18 | 001,342,008 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe ========== Modules (No Company Name) ========== MOD - [2013.05.01 14:17:12 | 016,032,648 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll MOD - [2013.04.12 17:25:08 | 003,133,336 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013.04.02 18:34:21 | 001,879,552 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\0e60c36da126d0a80be942e0f75c2960\System.Xaml.ni.dll MOD - [2013.04.02 18:34:17 | 012,696,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\dc5236773dd65fcf42a1ca8e527c6f0e\System.Windows.Forms.ni.dll MOD - [2013.04.02 17:26:23 | 001,630,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\efb8a12d6436b16812746ff9d7fc98b8\System.Drawing.ni.dll MOD - [2013.04.02 17:26:01 | 000,467,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\8af0ee136f0c82da9394928b3bd7227d\PresentationFramework.Aero2.ni.dll MOD - [2013.04.02 17:25:57 | 018,524,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\74d8cc6fd65acbaebd677e133a305c26\PresentationFramework.ni.dll MOD - [2013.04.02 17:25:25 | 010,914,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\0e5da70eddcf3788a74dc8fbebeb6269\PresentationCore.ni.dll MOD - [2013.04.02 17:25:04 | 003,905,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\20a433a504e31bac22a69db8713b835f\WindowsBase.ni.dll MOD - [2013.04.02 17:24:52 | 006,995,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dd8711e10e39622d23a8d5e5da65973e\System.Core.ni.dll MOD - [2013.04.02 17:24:38 | 009,927,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4b4df94b5fc59b48c84c89791c483437\System.ni.dll MOD - [2013.04.02 17:24:20 | 016,501,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\81bce73cc3eef6d5a6774a5177323bf8\mscorlib.ni.dll MOD - [2013.01.28 13:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2013.01.28 13:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012.05.30 08:51:08 | 000,699,280 | R--- | M] () -- C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.3.1.22\wincfi39.dll ========== Services (SafeList) ========== SRV:64bit: - [2013.03.02 04:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:64bit: - [2013.03.02 04:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:64bit: - [2013.02.02 10:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:64bit: - [2013.01.10 01:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:64bit: - [2013.01.10 01:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:64bit: - [2012.11.06 06:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:64bit: - [2012.09.20 11:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:64bit: - [2012.09.20 08:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:64bit: - [2012.09.20 08:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:64bit: - [2012.08.23 09:45:42 | 000,029,600 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:64bit: - [2012.07.26 05:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:64bit: - [2012.07.26 05:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:64bit: - [2012.07.26 05:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:64bit: - [2012.07.26 05:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:64bit: - [2012.07.26 05:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:64bit: - [2012.07.26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:64bit: - [2012.07.26 05:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:64bit: - [2012.07.26 05:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:64bit: - [2012.07.26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:64bit: - [2012.07.26 05:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:64bit: - [2012.07.26 05:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:64bit: - [2012.07.26 05:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:64bit: - [2012.07.26 05:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV - [2013.04.12 17:25:08 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.03.15 00:08:30 | 001,871,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc) SRV - [2013.02.28 19:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService) SRV - [2012.12.24 05:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe -- (NIS) SRV - [2012.08.10 17:53:44 | 000,085,504 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service) SRV - [2012.08.08 11:23:28 | 001,112,000 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2012.08.08 11:23:08 | 001,091,520 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2012.07.28 06:10:48 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.07.26 05:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2012.07.26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) SRV - [2012.07.26 05:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2012.07.26 05:17:52 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2012.07.24 10:43:00 | 000,146,984 | ---- | M] () [Auto | Running] -- C:\Programme\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent) SRV - [2012.07.21 03:30:36 | 000,321,536 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV) SRV - [2012.07.19 21:09:42 | 000,193,576 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysWOW64\irstrtsv.exe -- (irstrtsv) SRV - [2012.07.18 12:14:38 | 002,699,568 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService) SRV - [2012.07.18 12:14:16 | 000,272,176 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV - [2012.07.18 12:14:04 | 000,627,504 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2012.07.18 12:13:40 | 000,149,296 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2012.07.17 12:10:32 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.07.17 12:10:30 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.07.17 12:10:16 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.07.17 00:38:26 | 000,731,688 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV - [2012.07.09 13:40:02 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC) SRV - [2012.05.02 13:49:44 | 000,135,952 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) SRV - [2012.04.20 14:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | On_Demand | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) DRV:64bit: - [2013.05.01 16:09:41 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\gfibto.sys -- (gfibto) DRV:64bit: - [2013.05.01 15:58:16 | 000,034,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WPRO_41_2001.sys -- (WPRO_41_2001) DRV:64bit: - [2013.03.02 12:57:48 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI) DRV:64bit: - [2013.03.02 12:57:46 | 000,283,880 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport) DRV:64bit: - [2013.03.02 12:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci) DRV:64bit: - [2013.03.02 12:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM) DRV:64bit: - [2013.03.02 12:45:19 | 000,194,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2013.03.02 12:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc) DRV:64bit: - [2013.02.02 13:19:44 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3) DRV:64bit: - [2013.02.02 09:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:64bit: - [2013.01.31 05:18:18 | 000,432,800 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1403010.016\symnets.sys -- (SymNetS) DRV:64bit: - [2013.01.31 05:18:06 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1403010.016\symefa64.sys -- (SymEFA) DRV:64bit: - [2013.01.29 03:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot) DRV:64bit: - [2013.01.29 03:45:19 | 000,796,248 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1403010.016\srtsp64.sys -- (SRTSP) DRV:64bit: - [2013.01.29 03:45:19 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1403010.016\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2013.01.29 01:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter) DRV:64bit: - [2013.01.28 17:48:14 | 000,194,456 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\xHCIPort.sys -- (XHCIPort) DRV:64bit: - [2013.01.28 17:48:14 | 000,048,024 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usb3Hub.sys -- (usb3Hub) DRV:64bit: - [2013.01.28 17:48:14 | 000,035,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\intelaud.sys -- (intaud_WaveExtensible) DRV:64bit: - [2013.01.28 17:48:14 | 000,025,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\iwdbus.sys -- (iwdbus) DRV:64bit: - [2013.01.22 04:15:33 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1403010.016\symds64.sys -- (SymDS) DRV:64bit: - [2013.01.10 03:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32) DRV:64bit: - [2012.12.13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.11.27 05:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid) DRV:64bit: - [2012.11.20 06:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c) DRV:64bit: - [2012.11.16 04:22:01 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1403010.016\ironx64.sys -- (SymIRON) DRV:64bit: - [2012.11.16 04:18:04 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1403010.016\ccsetx64.sys -- (ccSet_NIS) DRV:64bit: - [2012.11.06 05:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM) DRV:64bit: - [2012.10.12 10:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.10.11 09:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor) DRV:64bit: - [2012.10.11 09:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam) DRV:64bit: - [2012.10.04 17:03:04 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2012.09.20 09:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000) DRV:64bit: - [2012.09.20 09:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101) DRV:64bit: - [2012.09.20 09:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2012.09.20 09:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2012.08.25 03:38:28 | 000,448,312 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2012.08.25 03:38:28 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI) DRV:64bit: - [2012.08.25 03:38:26 | 000,041,272 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Smb_driver_AMDASF.sys -- (SmbDrv) DRV:64bit: - [2012.08.23 09:45:42 | 000,042,400 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2012.08.23 09:45:42 | 000,029,600 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.08.07 15:51:58 | 004,273,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NETwew00.sys -- (NETwNe64) DRV:64bit: - [2012.08.03 14:07:30 | 000,020,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver) DRV:64bit: - [2012.07.31 06:22:00 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA) DRV:64bit: - [2012.07.30 19:04:12 | 000,690,832 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168) DRV:64bit: - [2012.07.30 12:31:30 | 000,294,544 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsBaStor.sys -- (RSBASTOR) DRV:64bit: - [2012.07.28 02:31:54 | 008,982,208 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.07.26 07:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.07.26 07:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv) DRV:64bit: - [2012.07.26 07:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:64bit: - [2012.07.26 07:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt) DRV:64bit: - [2012.07.26 07:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor) DRV:64bit: - [2012.07.26 07:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex) DRV:64bit: - [2012.07.26 07:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis) DRV:64bit: - [2012.07.26 07:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2012.07.26 07:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2012.07.26 07:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS) DRV:64bit: - [2012.07.26 07:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2012.07.26 07:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:64bit: - [2012.07.26 07:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass) DRV:64bit: - [2012.07.26 07:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2012.07.26 07:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware) DRV:64bit: - [2012.07.26 07:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012.07.26 07:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2012.07.26 06:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS) DRV:64bit: - [2012.07.26 06:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS) DRV:64bit: - [2012.07.26 06:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci) DRV:64bit: - [2012.07.26 05:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2012.07.26 04:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf) DRV:64bit: - [2012.07.26 04:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay) DRV:64bit: - [2012.07.26 04:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo) DRV:64bit: - [2012.07.26 04:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender) DRV:64bit: - [2012.07.26 04:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter) DRV:64bit: - [2012.07.26 04:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic) DRV:64bit: - [2012.07.26 04:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime) DRV:64bit: - [2012.07.26 04:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig) DRV:64bit: - [2012.07.26 04:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:64bit: - [2012.07.26 04:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr) DRV:64bit: - [2012.07.26 04:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd) DRV:64bit: - [2012.07.26 04:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx) DRV:64bit: - [2012.07.26 04:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx) DRV:64bit: - [2012.07.26 04:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.07.26 04:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum) DRV:64bit: - [2012.07.26 04:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2012.07.26 04:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.26 04:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr) DRV:64bit: - [2012.07.26 04:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum) DRV:64bit: - [2012.07.26 04:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:64bit: - [2012.07.26 04:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp) DRV:64bit: - [2012.07.26 04:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu) DRV:64bit: - [2012.07.24 10:37:56 | 000,046,016 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ISCTD64.sys -- (ISCT) DRV:64bit: - [2012.07.24 10:37:56 | 000,019,944 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\imsevent.sys -- (imsevent) DRV:64bit: - [2012.07.24 10:37:54 | 000,020,968 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ikbevent.sys -- (ikbevent) DRV:64bit: - [2012.07.21 03:30:36 | 000,540,160 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2012.07.20 12:09:40 | 000,043,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\irstrtdv.sys -- (irstrtdv) DRV:64bit: - [2012.07.17 00:39:22 | 000,162,344 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\AmpPal.sys -- (AMPPALP) DRV:64bit: - [2012.07.17 00:39:22 | 000,162,344 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AmpPal.sys -- (AMPPAL) DRV:64bit: - [2012.07.14 17:36:30 | 000,825,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btmhsf.sys -- (btmhsf) DRV:64bit: - [2012.07.04 12:31:40 | 000,055,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\iBtFltCoex.sys -- (iBtFltCoex) DRV:64bit: - [2012.07.02 10:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012.06.20 23:27:30 | 000,023,448 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\NISx64\1403010.016\symelam.sys -- (SymELAM) DRV:64bit: - [2012.06.19 17:40:52 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2012.06.02 16:31:32 | 002,935,808 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\athrx.sys -- (athr) DRV:64bit: - [2012.04.24 11:01:12 | 000,110,592 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btmaux.sys -- (btmaux) DRV - [2013.04.13 01:53:05 | 001,390,680 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130412.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2013.03.28 22:53:38 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130502.003\ex64.sys -- (NAVEX15) DRV - [2013.03.28 22:53:38 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130502.003\eng64.sys -- (NAVENG) DRV - [2013.03.22 19:03:55 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2013.03.22 19:03:55 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2013.03.22 16:39:26 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130501.001\IDSviA64.sys -- (IDSVia64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT13/4 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{A9AB96DD-FD11-49A0-BB68-928698BF7EE8}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT13/4 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKLM\..\SearchScopes\{A9AB96DD-FD11-49A0-BB68-928698BF7EE8}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3766985610-2849600927-783385817-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4 IE - HKU\S-1-5-21-3766985610-2849600927-783385817-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-3766985610-2849600927-783385817-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3766985610-2849600927-783385817-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS IE - HKU\S-1-5-21-3766985610-2849600927-783385817-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKU\S-1-5-21-3766985610-2849600927-783385817-1001\..\SearchScopes\{A9AB96DD-FD11-49A0-BB68-928698BF7EE8}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKU\S-1-5-21-3766985610-2849600927-783385817-1001\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKU\S-1-5-21-3766985610-2849600927-783385817-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} IE - HKU\S-1-5-21-3766985610-2849600927-783385817-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3766985610-2849600927-783385817-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback> IE - HKU\S-1-5-21-3766985610-2849600927-783385817-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8888;https=127.0.0.1:8888 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: "false" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\ [2013.05.01 15:59:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn\ [2013.03.22 18:42:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.01 15:22:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 17:25:05 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.01 15:22:59 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 17:25:05 | 000,000,000 | ---D | M] [2013.03.25 18:45:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yogette\AppData\Roaming\mozilla\Extensions [2013.05.01 16:07:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yogette\AppData\Roaming\mozilla\Firefox\Profiles\uba4frdz.default\extensions [2013.05.01 15:00:04 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Yogette\AppData\Roaming\mozilla\Firefox\Profiles\uba4frdz.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2013.04.12 17:25:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.12 17:25:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions [2013.04.12 17:25:04 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013.04.12 17:25:08 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.03.29 18:15:48 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.03.29 18:15:48 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.03.29 18:15:48 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.03.29 18:15:48 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.29 18:15:48 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.03.29 18:15:48 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Motorola Solutions, Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe File not found O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKU\S-1-5-21-3766985610-2849600927-783385817-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - HKU\S-1-5-21-3766985610-2849600927-783385817-1001..\RunOnce: [adawarebp] reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f File not found O4 - HKU\S-1-5-21-3766985610-2849600927-783385817-1001..\RunOnce: [adawarebp_DATA_FOLDER] cmd.exe /c rmdir "C:\ProgramData\Ad-Aware Browsing Protection" /s /q File not found O4 - HKU\S-1-5-21-3766985610-2849600927-783385817-1001..\RunOnce: [adawarebp_INSTALL_FOLDER] cmd.exe /c rmdir "C:\Users\Yogette\AppData\Local\adawarebp" /s /q File not found O4 - HKU\S-1-5-21-3766985610-2849600927-783385817-1001..\RunOnce: [adawarebp_XP] reg.exe delete "HKCU\Software\adawarebp" /f File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An Bluetooth senden - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm () O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: An Bluetooth senden - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm () O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F70545BE-C2F6-480E-82FC-54EF6FEEDB61}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\osf - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013.05.01 16:18:00 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.01 17:16:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.05.01 17:13:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.05.01 16:16:30 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013.05.01 16:16:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2013.05.01 16:09:41 | 000,047,496 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe [2013.05.01 15:25:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus [2013.05.01 15:24:57 | 000,000,000 | ---D | C] -- C:\Users\Yogette\AppData\Local\adawarebp [2013.05.01 15:23:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2013.05.01 15:23:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus [2013.05.01 15:20:39 | 000,000,000 | ---D | C] -- C:\Users\Yogette\AppData\Roaming\Ad-Aware Antivirus [2013.05.01 15:08:47 | 000,000,000 | ---D | C] -- C:\Users\Yogette\AppData\Roaming\Malwarebytes [2013.05.01 15:08:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.05.01 15:01:15 | 000,000,000 | ---D | C] -- C:\Users\Yogette\AppData\Roaming\LavasoftStatistics [2013.05.01 15:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations [2013.05.01 15:00:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection [2013.05.01 14:59:03 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys [2013.05.01 14:37:32 | 000,000,000 | ---D | C] -- C:\Users\Yogette\Documents\Streaming Video Recorder [2013.05.01 14:35:54 | 000,000,000 | ---D | C] -- C:\Users\Yogette\AppData\Roaming\Apowersoft [2013.05.01 14:35:54 | 000,000,000 | ---D | C] -- C:\Program Files\Apowersoft [2013.05.01 14:35:44 | 000,000,000 | ---D | C] -- C:\Users\Yogette\AppData\Local\Programs [2013.05.01 13:50:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DsNET Corp [2013.05.01 13:12:13 | 000,000,000 | ---D | C] -- C:\Users\Yogette\Documents\StreamTransport [2013.05.01 13:03:41 | 000,000,000 | ---D | C] -- C:\Users\Yogette\AppData\Local\CrashDumps [2013.04.17 20:33:03 | 000,000,000 | ---D | C] -- C:\Users\Yogette\AppData\Roaming\dvdcss [2013.04.17 20:32:30 | 000,000,000 | ---D | C] -- C:\Users\Yogette\AppData\Roaming\vlc [2013.04.17 20:32:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.04.17 20:31:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2013.04.17 20:13:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel(R) Update Manager [2013.04.17 20:12:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Corporation [2013.04.17 20:12:39 | 000,000,000 | ---D | C] -- C:\Program Files\Intel Corporation [2013.04.17 19:57:49 | 000,000,000 | ---D | C] -- C:\Users\Yogette\AppData\Local\ElevatedDiagnostics [2013.04.12 17:25:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.04.12 16:40:05 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppobjs.dll [2013.04.12 16:40:03 | 001,627,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.04.12 16:40:01 | 010,116,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll [2013.04.12 16:40:00 | 008,857,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll [2013.04.12 16:39:58 | 001,048,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfasfsrcsnk.dll [2013.04.12 16:39:57 | 005,978,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013.04.12 16:39:57 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ubpm.dll [2013.04.12 16:39:56 | 001,101,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll [2013.04.12 16:39:56 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfasfsrcsnk.dll [2013.04.12 16:39:56 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BCP47Langs.dll [2013.04.12 16:39:56 | 000,327,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Classpnp.sys [2013.04.12 16:39:55 | 005,091,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013.04.12 16:39:55 | 001,149,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmde.dll [2013.04.12 16:39:55 | 000,951,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Globalization.dll [2013.04.12 16:39:55 | 000,760,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2013.04.12 16:39:55 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Security.Authentication.OnlineId.dll [2013.04.12 16:39:55 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcfgx.dll [2013.04.12 16:39:55 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\BCP47Langs.dll [2013.04.12 16:39:55 | 000,246,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ubpm.dll [2013.04.12 16:39:53 | 002,302,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013.04.12 16:39:53 | 000,411,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013.04.12 16:39:53 | 000,332,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys [2013.04.12 16:39:53 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll [2013.04.12 16:39:53 | 000,171,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TimeBrokerServer.dll [2013.04.12 16:39:51 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll [2013.04.12 16:39:51 | 002,033,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2013.04.12 16:39:51 | 000,893,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winmde.dll [2013.04.12 16:39:51 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drvstore.dll [2013.04.12 16:39:51 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll [2013.04.12 16:39:51 | 000,601,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Globalization.dll [2013.04.12 16:39:51 | 000,550,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvstore.dll [2013.04.12 16:39:51 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Security.Authentication.OnlineId.dll [2013.04.12 16:39:51 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcfgx.dll [2013.04.12 16:39:51 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSync.dll [2013.04.12 16:39:51 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSync.dll [2013.04.12 16:39:51 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usbmon.dll [2013.04.12 16:39:51 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2013.04.12 16:39:50 | 001,619,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2013.04.12 16:39:50 | 000,337,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBXHCI.SYS [2013.04.12 16:39:50 | 000,283,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\spaceport.sys [2013.04.12 16:39:50 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUSettingsProvider.dll [2013.04.12 16:39:50 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsquirt.exe [2013.04.12 16:39:50 | 000,194,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys [2013.04.12 16:39:50 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\powercfg.cpl [2013.04.12 16:39:50 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\discan.dll [2013.04.12 16:39:50 | 000,148,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tpm.sys [2013.04.12 16:39:50 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\powercfg.cpl [2013.04.12 16:39:50 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll [2013.04.12 16:39:50 | 000,125,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpsd.sys [2013.04.12 16:39:50 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NdisImPlatform.dll [2013.04.12 16:39:50 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSyncInfo.dll [2013.04.12 16:39:50 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2013.04.12 16:39:50 | 000,077,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storahci.sys [2013.04.12 16:39:50 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhostex.exe [2013.04.12 16:39:50 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDPrintProxy.DLL [2013.04.12 16:39:50 | 000,069,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pdc.sys [2013.04.12 16:39:50 | 000,058,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2013.04.12 16:39:50 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevDispItemProvider.dll [2013.04.12 16:39:49 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\storewuauth.dll [2013.04.12 16:39:49 | 000,141,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2013.04.12 16:39:49 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSyncInfo.dll [2013.04.12 16:39:49 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2013.04.12 16:39:49 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll [2013.04.12 16:39:49 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2013.04.12 16:39:49 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevDispItemProvider.dll [2013.04.12 16:39:49 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe [2013.04.11 20:35:59 | 000,000,000 | ---D | C] -- C:\Users\Yogette\AppData\Roaming\IDT [2013.04.11 18:09:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2013.04.11 17:58:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 [2013.04.11 17:56:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15 [2013.04.11 17:07:39 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.04.11 17:07:25 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll [2013.04.11 17:07:24 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.04.11 17:07:24 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.04.11 17:07:23 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.04.11 17:07:21 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.04.11 17:07:21 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.04.11 17:07:21 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.04.11 17:07:20 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.04.11 17:07:20 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.04.11 17:07:00 | 006,991,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.04.09 19:37:31 | 000,000,000 | ---D | C] -- C:\Users\Yogette\Documents\Outlook-Dateien [2013.04.09 19:30:41 | 000,000,000 | ---D | C] -- C:\Users\Yogette\Documents\OneNote-Notizbücher [2013.04.07 18:22:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Office2010 [2013.04.07 17:44:49 | 000,000,000 | ---D | C] -- C:\Users\Yogette\AppData\Local\Microsoft Help [2013.04.07 17:44:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2013.04.02 16:54:12 | 090,130,256 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes64Setup.exe [2013.03.25 18:42:27 | 020,379,232 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 18.0.1_de.exe [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.02 20:01:28 | 001,949,368 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.02 20:01:28 | 000,830,120 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.02 20:01:28 | 000,774,720 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.02 20:01:28 | 000,188,224 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.02 20:01:28 | 000,158,234 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.02 18:30:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.01 17:16:20 | 002,213,922 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1403010.016\Cat.DB [2013.05.01 16:18:00 | 000,000,000 | ---- | M] () -- C:\autoexec.bat [2013.05.01 16:09:41 | 000,047,496 | ---- | M] (GFI Software) -- C:\Windows\SysNative\sbbd.exe [2013.05.01 16:09:41 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys [2013.05.01 15:58:16 | 000,034,752 | ---- | M] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys [2013.05.01 15:58:14 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013.05.01 15:58:12 | 2489,962,495 | -HS- | M] () -- C:\hiberfil.sys [2013.04.17 20:13:42 | 000,034,229 | ---- | M] () -- C:\Users\Yogette\AppData\Local\WiDiSetupLog.20130417.201128.wdl [2013.04.17 16:42:05 | 000,436,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.17 16:41:53 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1403010.016\VT20130115.021 [2013.04.03 17:13:37 | 000,001,493 | ---- | M] () -- C:\Users\Yogette\AppData\Roaming\AbsoluteReminder.xml [2013.04.03 10:19:55 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1403010.016\isolate.ini [2013.04.03 00:08:01 | 000,692,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.04.03 00:08:01 | 000,078,176 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.01 16:18:00 | 000,000,000 | ---- | C] () -- C:\autoexec.bat [2013.04.17 20:12:43 | 000,002,024 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) WiDi.lnk [2013.04.17 20:11:28 | 000,034,229 | ---- | C] () -- C:\Users\Yogette\AppData\Local\WiDiSetupLog.20130417.201128.wdl [2013.04.17 16:42:03 | 000,436,816 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.14 19:48:07 | 000,000,458 | ---- | C] () -- C:\Users\Yogette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVD-RW-Laufwerk (E) INTO_THE_WILD_KS.lnk [2013.04.12 16:39:49 | 000,387,867 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml [2013.03.27 20:36:26 | 000,003,584 | ---- | C] () -- C:\Users\Yogette\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.03.27 16:34:36 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll [2013.03.22 18:42:54 | 000,001,493 | ---- | C] () -- C:\Users\Yogette\AppData\Roaming\AbsoluteReminder.xml [2012.08.04 00:40:09 | 000,916,510 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.07.28 02:32:08 | 000,597,244 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin [2012.07.28 02:31:48 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.07.28 02:31:46 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin [2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012.07.25 22:22:54 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2012.07.25 22:22:54 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2012.07.25 22:22:54 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin [2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2012.04.20 13:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2012.09.12 19:15:35 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.03.02 04:45:01 | 019,748,864 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.03.02 10:23:07 | 017,560,576 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Schon einmal vielen Dank und viele Grüße |
|
03.05.2013, 23:41
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Langanhaltendes Fiepen und Probleme bei der Deinstallation von Spyhunter Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
04.05.2013, 16:03
| #3 |
| | Langanhaltendes Fiepen und Probleme bei der Deinstallation von Spyhunter Hallo cosinus,
__________________vielen Dank für Deine Antwort! Ich hatte es noch mit Adaware versucht, allerdings schien sich das nicht mit anderen Programmen zu vertragen, der Scan ließ sich nicht starten. Ich hätte McAfee und Norton zu bieten. Bei McAfee habe ich folgende log files gefunden, schau mal ob was für Dich dabei ist. Kannst Du mir sagen wo Norton die log files speichert, was ich bisher gefunden habe sah nicht so aus als würde es helfen. Lieben Dank und ein schönes Wochenende Code:
ATTFilter 03/25/2013 06:39:16 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponentHostObject::GetObject - entered, clsid: {7E80D70A-FA51-4790-A1C7-767C6EA14B89}
03/25/2013 06:39:16 PM$ -- (Error)$ [ McCHSvc.exe]$ CMcComponent::loadModule - failed to load the module, Error=126
03/25/2013 06:39:16 PM$ -- (Error)$ [ McCHSvc.exe]$ CMcComponent::init - failed to load the module .
03/25/2013 06:39:16 PM$ -- (Error)$ [ McCHSvc.exe]$ CMcComponentHost::createObject - failed to create new component.
03/25/2013 06:39:16 PM$ -- (Error)$ [ McCHSvc.exe]$ CMcComponentHostObject::GetObject - Failed to get component with clsid {7E80D70A-FA51-4790-A1C7-767C6EA14B89}
03/25/2013 06:39:16 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponentHostObject::GetObject - leaving.
03/25/2013 07:06:15 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponentHostObject::GetObject - entered, clsid: {C4B9CF70-99E3-42A3-ACED-4AE75B2A0EA5}
03/25/2013 07:06:15 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponent::loadModule - Loaded module path : McUpdater.dll , handle :0x75080000
03/25/2013 07:06:15 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComObjectCreator::McGetMcClassFactory - succeeded.
03/25/2013 07:06:15 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponentHostObject::GetObject - leaving.
03/25/2013 07:06:33 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponent::freeModule - success. Handle:0x75080000
03/25/2013 07:06:59 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponentHostObject::GetObject - entered, clsid: {7E80D70A-FA51-4790-A1C7-767C6EA14B89}
03/25/2013 07:06:59 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponent::loadModule - Loaded module path : AVScanComponent.dll , handle :0x70610000
03/25/2013 07:06:59 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComObjectCreator::McGetMcClassFactory - succeeded.
03/25/2013 07:06:59 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponentHostObject::GetObject - leaving.
03/25/2013 07:07:00 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponentHostObject::GetObject - entered, clsid: {EB769D4A-6F70-47E1-90C9-C25BB88098FF}
03/25/2013 07:07:00 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponent::loadModule - Loaded module path : WMIScanner.dll , handle :0x70580000
03/25/2013 07:07:00 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComObjectCreator::McGetMcClassFactory - succeeded.
03/25/2013 07:07:00 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponentHostObject::GetObject - leaving.
03/25/2013 07:07:00 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcIniReader::Load Unable to open INI file 'C:\Program Files (x86)\McAfee Security Scan\3.0.318\wmiscanner.ini' (err=0x00E6EB3C)
03/25/2013 07:07:00 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcEnterpriseProductInfo::checkAvInstalled()- Failed to load configuration file
03/25/2013 07:07:00 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcSecurityProductStatus::consolidateResults, Enterprise product not found.. not updating any data
03/25/2013 07:07:00 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcIniReader::Load Unable to open INI file 'C:\Program Files (x86)\McAfee Security Scan\3.0.318\wmiscanner.ini' (err=0x00E6EB3C)
03/25/2013 07:07:00 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcEnterpriseProductInfo::checkFwInstalled()- Failed to load configuration file
03/25/2013 07:07:00 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcSecurityProductStatus::consolidateResults, Enterprise product not found.. not updating any data
03/25/2013 07:07:00 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcSecurityProductStatus::consolidateResults, Enterprise product not found.. not updating any data
03/25/2013 07:07:06 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcIniReader::Load Unable to open INI file 'C:\Program Files (x86)\McAfee Security Scan\3.0.318\wmiscanner.ini' (err=0x00E6EB3C)
03/25/2013 07:07:06 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcEnterpriseProductInfo::checkAvInstalled()- Failed to load configuration file
03/25/2013 07:07:06 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcSecurityProductStatus::consolidateResults, Enterprise product not found.. not updating any data
03/25/2013 07:07:06 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcIniReader::Load Unable to open INI file 'C:\Program Files (x86)\McAfee Security Scan\3.0.318\wmiscanner.ini' (err=0x00E6EB3C)
03/25/2013 07:07:06 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcEnterpriseProductInfo::checkFwInstalled()- Failed to load configuration file
03/25/2013 07:07:06 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcSecurityProductStatus::consolidateResults, Enterprise product not found.. not updating any data
03/25/2013 07:07:06 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcSecurityProductStatus::consolidateResults, Enterprise product not found.. not updating any data
03/25/2013 07:07:13 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponentHostObject::GetObject - entered, clsid: {D19646F7-2B61-4D0F-9D06-050CBB716385}
03/25/2013 07:07:13 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponent::loadModule - Loaded module path : WebInfoScanner.dll , handle :0x68B30000
03/25/2013 07:07:13 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComObjectCreator::McGetMcClassFactory - succeeded.
03/25/2013 07:07:13 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponentHostObject::GetObject - leaving.
03/25/2013 07:07:13 PM$ -- (Error)$ [WebInfoScanner.]$ Invalid Handle for user C:\Users\Yogette\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat. Error: 2
03/25/2013 07:07:13 PM$ -- (Error)$ [WebInfoScanner.]$ CMcBrowserInfoCommon::getHistoryData getHistoryForUser failed Error:1107634966
03/25/2013 07:07:13 PM$ -- (Error)$ [WebInfoScanner.]$ Cookie File Format is wrong. It is not a txt file
03/25/2013 07:07:13 PM$ -- (Error)$ [WebInfoScanner.]$ Cookie File Format is wrong. It is not a txt file
03/25/2013 07:07:13 PM$ -- (Error)$ [WebInfoScanner.]$ CMcBrowserInfoCommon::getCookieData getCookiesForUser failed with error0
03/25/2013 07:07:13 PM$ -- (Information)$ [WebInfoScanner.]$ History DB path to be opened: C:\Users\Yogette\AppData\Roaming\Mozilla\Firefox\Profiles\uba4frdz.default\tempHistorydb.sqlite
03/25/2013 07:07:13 PM$ -- (Information)$ [WebInfoScanner.]$ About to fetch information from DB.
03/25/2013 07:07:13 PM$ -- (Information)$ [WebInfoScanner.]$ CMcSAGetBrowserInfoTask::start: GetBrowserInfo Return Value: 0
03/25/2013 07:07:51 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponent::freeModule - success. Handle:0x70610000
03/25/2013 07:07:51 PM$ -- (Error)$ [WebInfoScanner.]$ CMcWebInfoCallbackDisp::OnError - Dispatch OBJ not found
03/25/2013 07:07:51 PM$ -- (Information)$ [WebInfoScanner.]$ CMcSATaskThread::ThreadProc - Exit Event set
03/25/2013 07:07:51 PM$ -- (Information)$ [WebInfoScanner.]$ CMcSATaskThread::ThreadProc - Exit Event set
03/25/2013 07:07:51 PM$ -- (Information)$ [WebInfoScanner.]$ CMcSATaskThread::ThreadProc - Exit Event set
03/25/2013 07:07:51 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponent::freeModule - success. Handle:0x68B30000
03/25/2013 07:07:51 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponent::freeModule - success. Handle:0x70580000
03/28/2013 06:15:19 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponentHostObject::GetObject - entered, clsid: {7E80D70A-FA51-4790-A1C7-767C6EA14B89}
03/28/2013 06:15:20 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponent::loadModule - Loaded module path : AVScanComponent.dll , handle :0x63690000
03/28/2013 06:15:20 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComObjectCreator::McGetMcClassFactory - succeeded.
03/28/2013 06:15:20 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponentHostObject::GetObject - leaving.
03/28/2013 06:15:20 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponentHostObject::GetObject - entered, clsid: {EB769D4A-6F70-47E1-90C9-C25BB88098FF}
03/28/2013 06:15:20 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponent::loadModule - Loaded module path : WMIScanner.dll , handle :0x632E0000
03/28/2013 06:15:20 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComObjectCreator::McGetMcClassFactory - succeeded.
03/28/2013 06:15:20 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponentHostObject::GetObject - leaving.
03/28/2013 06:15:20 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcIniReader::Load Unable to open INI file 'C:\Program Files (x86)\McAfee Security Scan\3.0.318\wmiscanner.ini' (err=0x0085EABC)
03/28/2013 06:15:20 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcEnterpriseProductInfo::checkAvInstalled()- Failed to load configuration file
03/28/2013 06:15:20 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcSecurityProductStatus::consolidateResults, Enterprise product not found.. not updating any data
03/28/2013 06:15:20 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcIniReader::Load Unable to open INI file 'C:\Program Files (x86)\McAfee Security Scan\3.0.318\wmiscanner.ini' (err=0x0085EABC)
03/28/2013 06:15:20 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcEnterpriseProductInfo::checkFwInstalled()- Failed to load configuration file
03/28/2013 06:15:20 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcSecurityProductStatus::consolidateResults, Enterprise product not found.. not updating any data
03/28/2013 06:15:21 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcSecurityProductStatus::consolidateResults, Enterprise product not found.. not updating any data
03/28/2013 06:15:21 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponentHostObject::GetObject - entered, clsid: {D19646F7-2B61-4D0F-9D06-050CBB716385}
03/28/2013 06:15:21 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponent::loadModule - Loaded module path : WebInfoScanner.dll , handle :0x63260000
03/28/2013 06:15:21 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComObjectCreator::McGetMcClassFactory - succeeded.
03/28/2013 06:15:21 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponentHostObject::GetObject - leaving.
03/28/2013 06:15:27 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcIniReader::Load Unable to open INI file 'C:\Program Files (x86)\McAfee Security Scan\3.0.318\wmiscanner.ini' (err=0x0085EABC)
03/28/2013 06:15:27 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcEnterpriseProductInfo::checkAvInstalled()- Failed to load configuration file
03/28/2013 06:15:27 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcSecurityProductStatus::consolidateResults, Enterprise product not found.. not updating any data
03/28/2013 06:15:27 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcIniReader::Load Unable to open INI file 'C:\Program Files (x86)\McAfee Security Scan\3.0.318\wmiscanner.ini' (err=0x0085EABC)
03/28/2013 06:15:27 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcEnterpriseProductInfo::checkFwInstalled()- Failed to load configuration file
03/28/2013 06:15:27 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcSecurityProductStatus::consolidateResults, Enterprise product not found.. not updating any data
03/28/2013 06:15:27 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcSecurityProductStatus::consolidateResults, Enterprise product not found.. not updating any data
03/28/2013 06:15:28 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcIniReader::Load Unable to open INI file 'C:\Program Files (x86)\McAfee Security Scan\3.0.318\wmiscanner.ini' (err=0x0085EABC)
03/28/2013 06:15:28 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcEnterpriseProductInfo::checkAvInstalled()- Failed to load configuration file
03/28/2013 06:15:28 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcSecurityProductStatus::consolidateResults, Enterprise product not found.. not updating any data
03/28/2013 06:15:28 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcIniReader::Load Unable to open INI file 'C:\Program Files (x86)\McAfee Security Scan\3.0.318\wmiscanner.ini' (err=0x0085EABC)
03/28/2013 06:15:28 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcEnterpriseProductInfo::checkFwInstalled()- Failed to load configuration file
03/28/2013 06:15:28 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcSecurityProductStatus::consolidateResults, Enterprise product not found.. not updating any data
03/28/2013 06:15:28 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcSecurityProductStatus::consolidateResults, Enterprise product not found.. not updating any data
03/28/2013 06:15:28 PM$ -- (Error)$ [WebInfoScanner.]$ CMcSACoreDssWrapper::RequestCallback - Error extracting domain information from sa_map
03/28/2013 06:15:28 PM$ -- (Error)$ [WebInfoScanner.]$ CMcSAMaintenanceTask::SARequestCallback - Type conversion error
03/28/2013 06:15:37 PM$ -- (Error)$ [WebInfoScanner.]$ Invalid Handle for user C:\Users\Yogette\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat. Error: 2
03/28/2013 06:15:37 PM$ -- (Error)$ [WebInfoScanner.]$ CMcBrowserInfoCommon::getHistoryData getHistoryForUser failed Error:1107634966
03/28/2013 06:15:37 PM$ -- (Error)$ [WebInfoScanner.]$ Cookie File Format is wrong. It is not a txt file
03/28/2013 06:15:37 PM$ -- (Error)$ [WebInfoScanner.]$ Cookie File Format is wrong. It is not a txt file
03/28/2013 06:15:37 PM$ -- (Error)$ [WebInfoScanner.]$ Cookie File Format is wrong. It is not a txt file
03/28/2013 06:15:37 PM$ -- (Error)$ [WebInfoScanner.]$ CMcBrowserInfoCommon::getCookieData getCookiesForUser failed with error0
03/28/2013 06:15:37 PM$ -- (Information)$ [WebInfoScanner.]$ History DB path to be opened: C:\Users\Yogette\AppData\Roaming\Mozilla\Firefox\Profiles\uba4frdz.default\tempHistorydb.sqlite
03/28/2013 06:15:37 PM$ -- (Information)$ [WebInfoScanner.]$ About to fetch information from DB.
03/28/2013 06:15:37 PM$ -- (Information)$ [WebInfoScanner.]$ CMcSAGetBrowserInfoTask::start: GetBrowserInfo Return Value: 0
03/28/2013 06:15:38 PM$ -- (Error)$ [WebInfoScanner.]$ SACoreError: File: .\sa_dss.c Message: Unable to resolve domain for ~~local~~/C:/ProgramData/Skype/Apps/login
03/28/2013 06:15:39 PM$ -- (Error)$ [WebInfoScanner.]$ CMcSACoreDssWrapper::RequestCallback - Error extracting domain information from sa_map
03/28/2013 07:17:50 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponent::freeModule - success. Handle:0x63690000
03/28/2013 07:17:50 PM$ -- (Error)$ [WebInfoScanner.]$ CMcWebInfoCallbackDisp::OnError - Dispatch OBJ not found
03/28/2013 07:17:50 PM$ -- (Information)$ [WebInfoScanner.]$ CMcSATaskThread::ThreadProc - Exit Event set
03/28/2013 07:17:50 PM$ -- (Information)$ [WebInfoScanner.]$ CMcSATaskThread::ThreadProc - Exit Event set
03/28/2013 07:17:50 PM$ -- (Information)$ [WebInfoScanner.]$ CMcSATaskThread::ThreadProc - Exit Event set
03/28/2013 07:17:50 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponent::freeModule - success. Handle:0x63260000
03/28/2013 07:17:50 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponent::freeModule - success. Handle:0x632E0000
04/02/2013 09:59:36 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponentHostObject::GetObject - entered, clsid: {7E80D70A-FA51-4790-A1C7-767C6EA14B89}
04/02/2013 09:59:36 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponent::loadModule - Loaded module path : AVScanComponent.dll , handle :0x6C530000
04/02/2013 09:59:36 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComObjectCreator::McGetMcClassFactory - succeeded.
04/02/2013 09:59:36 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponentHostObject::GetObject - leaving.
04/02/2013 09:59:36 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponentHostObject::GetObject - entered, clsid: {EB769D4A-6F70-47E1-90C9-C25BB88098FF}
04/02/2013 09:59:36 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponent::loadModule - Loaded module path : WMIScanner.dll , handle :0x6C4B0000
04/02/2013 09:59:36 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComObjectCreator::McGetMcClassFactory - succeeded.
04/02/2013 09:59:36 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponentHostObject::GetObject - leaving.
04/02/2013 09:59:36 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcIniReader::Load Unable to open INI file 'C:\Program Files (x86)\McAfee Security Scan\3.0.318\wmiscanner.ini' (err=0x01BFEBFC)
04/02/2013 09:59:36 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcEnterpriseProductInfo::checkAvInstalled()- Failed to load configuration file
04/02/2013 09:59:36 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcSecurityProductStatus::consolidateResults, Enterprise product not found.. not updating any data
04/02/2013 09:59:36 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcIniReader::Load Unable to open INI file 'C:\Program Files (x86)\McAfee Security Scan\3.0.318\wmiscanner.ini' (err=0x01BFEBFC)
04/02/2013 09:59:36 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcEnterpriseProductInfo::checkFwInstalled()- Failed to load configuration file
04/02/2013 09:59:36 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcSecurityProductStatus::consolidateResults, Enterprise product not found.. not updating any data
04/02/2013 09:59:36 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcSecurityProductStatus::consolidateResults, Enterprise product not found.. not updating any data
04/02/2013 10:00:30 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponent::freeModule - success. Handle:0x6C530000
04/02/2013 10:00:30 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponent::freeModule - success. Handle:0x6C4B0000
04/02/2013 10:02:10 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponentHostObject::GetObject - entered, clsid: {7E80D70A-FA51-4790-A1C7-767C6EA14B89}
04/02/2013 10:02:10 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponent::loadModule - Loaded module path : AVScanComponent.dll , handle :0x6C530000
04/02/2013 10:02:10 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComObjectCreator::McGetMcClassFactory - succeeded.
04/02/2013 10:02:10 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponentHostObject::GetObject - leaving.
04/02/2013 10:02:11 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponentHostObject::GetObject - entered, clsid: {EB769D4A-6F70-47E1-90C9-C25BB88098FF}
04/02/2013 10:02:11 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponent::loadModule - Loaded module path : WMIScanner.dll , handle :0x6C4B0000
04/02/2013 10:02:11 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComObjectCreator::McGetMcClassFactory - succeeded.
04/02/2013 10:02:11 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponentHostObject::GetObject - leaving.
04/02/2013 10:02:11 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcIniReader::Load Unable to open INI file 'C:\Program Files (x86)\McAfee Security Scan\3.0.318\wmiscanner.ini' (err=0x00F1E49C)
04/02/2013 10:02:11 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcEnterpriseProductInfo::checkAvInstalled()- Failed to load configuration file
04/02/2013 10:02:11 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcSecurityProductStatus::consolidateResults, Enterprise product not found.. not updating any data
04/02/2013 10:02:11 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcIniReader::Load Unable to open INI file 'C:\Program Files (x86)\McAfee Security Scan\3.0.318\wmiscanner.ini' (err=0x00F1E49C)
04/02/2013 10:02:11 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcEnterpriseProductInfo::checkFwInstalled()- Failed to load configuration file
04/02/2013 10:02:11 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcSecurityProductStatus::consolidateResults, Enterprise product not found.. not updating any data
04/02/2013 10:02:11 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcSecurityProductStatus::consolidateResults, Enterprise product not found.. not updating any data
04/02/2013 10:02:40 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponent::freeModule - success. Handle:0x6C530000
04/02/2013 10:02:40 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponent::freeModule - success. Handle:0x6C4B0000
04/18/2013 10:07:21 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponentHostObject::GetObject - entered, clsid: {7E80D70A-FA51-4790-A1C7-767C6EA14B89}
04/18/2013 10:07:21 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponent::loadModule - Loaded module path : AVScanComponent.dll , handle :0x63500000
04/18/2013 10:07:21 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComObjectCreator::McGetMcClassFactory - succeeded.
04/18/2013 10:07:21 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponentHostObject::GetObject - leaving.
04/18/2013 10:07:21 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponentHostObject::GetObject - entered, clsid: {EB769D4A-6F70-47E1-90C9-C25BB88098FF}
04/18/2013 10:07:21 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponent::loadModule - Loaded module path : WMIScanner.dll , handle :0x63320000
04/18/2013 10:07:21 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComObjectCreator::McGetMcClassFactory - succeeded.
04/18/2013 10:07:21 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponentHostObject::GetObject - leaving.
04/18/2013 10:07:21 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcIniReader::Load Unable to open INI file 'C:\Program Files (x86)\McAfee Security Scan\3.0.318\wmiscanner.ini' (err=0x0115E62C)
04/18/2013 10:07:21 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcEnterpriseProductInfo::checkAvInstalled()- Failed to load configuration file
04/18/2013 10:07:21 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcSecurityProductStatus::consolidateResults, Enterprise product not found.. not updating any data
04/18/2013 10:07:21 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcIniReader::Load Unable to open INI file 'C:\Program Files (x86)\McAfee Security Scan\3.0.318\wmiscanner.ini' (err=0x0115E62C)
04/18/2013 10:07:21 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcEnterpriseProductInfo::checkFwInstalled()- Failed to load configuration file
04/18/2013 10:07:21 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcSecurityProductStatus::consolidateResults, Enterprise product not found.. not updating any data
04/18/2013 10:07:21 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcSecurityProductStatus::consolidateResults, Enterprise product not found.. not updating any data
04/18/2013 10:07:25 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponentHostObject::GetObject - entered, clsid: {D19646F7-2B61-4D0F-9D06-050CBB716385}
04/18/2013 10:07:25 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponent::loadModule - Loaded module path : WebInfoScanner.dll , handle :0x5F630000
04/18/2013 10:07:25 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComObjectCreator::McGetMcClassFactory - succeeded.
04/18/2013 10:07:25 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponentHostObject::GetObject - leaving.
04/18/2013 10:07:25 PM$ -- (Error)$ [WebInfoScanner.]$ Invalid Handle for user C:\Users\Yogette\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat. Error: 2
04/18/2013 10:07:25 PM$ -- (Error)$ [WebInfoScanner.]$ CMcBrowserInfoCommon::getHistoryData getHistoryForUser failed Error:1107634966
04/18/2013 10:07:25 PM$ -- (Error)$ [WebInfoScanner.]$ Cookie File Format is wrong. It is not a txt file
04/18/2013 10:07:25 PM$ -- (Error)$ [WebInfoScanner.]$ Cookie File Format is wrong. It is not a txt file
04/18/2013 10:07:25 PM$ -- (Error)$ [WebInfoScanner.]$ Cookie File Format is wrong. It is not a txt file
04/18/2013 10:07:25 PM$ -- (Error)$ [WebInfoScanner.]$ CMcBrowserInfoCommon::getCookieData getCookiesForUser failed with error0
04/18/2013 10:07:25 PM$ -- (Information)$ [WebInfoScanner.]$ History DB path to be opened: C:\Users\Yogette\AppData\Roaming\Mozilla\Firefox\Profiles\uba4frdz.default\tempHistorydb.sqlite
04/18/2013 10:07:25 PM$ -- (Information)$ [WebInfoScanner.]$ About to fetch information from DB.
04/18/2013 10:07:26 PM$ -- (Information)$ [WebInfoScanner.]$ CMcSAGetBrowserInfoTask::start: GetBrowserInfo Return Value: 0
04/18/2013 10:07:30 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponent::freeModule - success. Handle:0x63500000
04/18/2013 10:07:30 PM$ -- (Error)$ [WebInfoScanner.]$ CMcWebInfoCallbackDisp::OnError - Dispatch OBJ not found
04/18/2013 10:07:30 PM$ -- (Information)$ [WebInfoScanner.]$ CMcSATaskThread::ThreadProc - Exit Event set
04/18/2013 10:07:30 PM$ -- (Information)$ [WebInfoScanner.]$ CMcSATaskThread::ThreadProc - Exit Event set
04/18/2013 10:07:30 PM$ -- (Information)$ [WebInfoScanner.]$ CMcSATaskThread::ThreadProc - Exit Event set
04/18/2013 10:07:30 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponent::freeModule - success. Handle:0x5F630000
04/18/2013 10:07:30 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponent::freeModule - success. Handle:0x63320000
04/28/2013 11:08:46 AM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponentHostObject::GetObject - entered, clsid: {7E80D70A-FA51-4790-A1C7-767C6EA14B89}
04/28/2013 11:08:46 AM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponent::loadModule - Loaded module path : AVScanComponent.dll , handle :0x69980000
04/28/2013 11:08:46 AM$ -- (Information)$ [ McCHSvc.exe]$ CMcComObjectCreator::McGetMcClassFactory - succeeded.
04/28/2013 11:08:46 AM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponentHostObject::GetObject - leaving.
04/28/2013 11:08:46 AM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponentHostObject::GetObject - entered, clsid: {EB769D4A-6F70-47E1-90C9-C25BB88098FF}
04/28/2013 11:08:46 AM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponent::loadModule - Loaded module path : WMIScanner.dll , handle :0x67050000
04/28/2013 11:08:46 AM$ -- (Information)$ [ McCHSvc.exe]$ CMcComObjectCreator::McGetMcClassFactory - succeeded.
04/28/2013 11:08:47 AM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponentHostObject::GetObject - leaving.
04/28/2013 11:08:47 AM$ -- (Error)$ [ WMIScanner.dll]$ CMcIniReader::Load Unable to open INI file 'C:\Program Files (x86)\McAfee Security Scan\3.0.318\wmiscanner.ini' (err=0x00FAE4BC)
04/28/2013 11:08:47 AM$ -- (Error)$ [ WMIScanner.dll]$ CMcEnterpriseProductInfo::checkAvInstalled()- Failed to load configuration file
04/28/2013 11:08:47 AM$ -- (Error)$ [ WMIScanner.dll]$ CMcSecurityProductStatus::consolidateResults, Enterprise product not found.. not updating any data
04/28/2013 11:08:47 AM$ -- (Error)$ [ WMIScanner.dll]$ CMcIniReader::Load Unable to open INI file 'C:\Program Files (x86)\McAfee Security Scan\3.0.318\wmiscanner.ini' (err=0x00FAE4BC)
04/28/2013 11:08:47 AM$ -- (Error)$ [ WMIScanner.dll]$ CMcEnterpriseProductInfo::checkFwInstalled()- Failed to load configuration file
04/28/2013 11:08:47 AM$ -- (Error)$ [ WMIScanner.dll]$ CMcSecurityProductStatus::consolidateResults, Enterprise product not found.. not updating any data
04/28/2013 11:08:47 AM$ -- (Error)$ [ WMIScanner.dll]$ CMcSecurityProductStatus::consolidateResults, Enterprise product not found.. not updating any data
04/28/2013 11:08:47 AM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponentHostObject::GetObject - entered, clsid: {D19646F7-2B61-4D0F-9D06-050CBB716385}
04/28/2013 11:08:47 AM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponent::loadModule - Loaded module path : WebInfoScanner.dll , handle :0x64590000
04/28/2013 11:08:47 AM$ -- (Information)$ [ McCHSvc.exe]$ CMcComObjectCreator::McGetMcClassFactory - succeeded.
04/28/2013 11:08:47 AM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponentHostObject::GetObject - leaving.
04/28/2013 11:08:49 AM$ -- (Error)$ [WebInfoScanner.]$ CMcSACoreDssWrapper::RequestCallback - Error extracting domain information from sa_map
04/28/2013 11:08:49 AM$ -- (Error)$ [WebInfoScanner.]$ CMcSAMaintenanceTask::SARequestCallback - Type conversion error
04/28/2013 11:08:53 AM$ -- (Error)$ [ WMIScanner.dll]$ CMcIniReader::Load Unable to open INI file 'C:\Program Files (x86)\McAfee Security Scan\3.0.318\wmiscanner.ini' (err=0x00FAE4BC)
04/28/2013 11:08:53 AM$ -- (Error)$ [ WMIScanner.dll]$ CMcEnterpriseProductInfo::checkAvInstalled()- Failed to load configuration file
04/28/2013 11:08:53 AM$ -- (Error)$ [ WMIScanner.dll]$ CMcSecurityProductStatus::consolidateResults, Enterprise product not found.. not updating any data
04/28/2013 11:08:53 AM$ -- (Error)$ [ WMIScanner.dll]$ CMcIniReader::Load Unable to open INI file 'C:\Program Files (x86)\McAfee Security Scan\3.0.318\wmiscanner.ini' (err=0x00FAE4BC)
04/28/2013 11:08:53 AM$ -- (Error)$ [ WMIScanner.dll]$ CMcEnterpriseProductInfo::checkFwInstalled()- Failed to load configuration file
04/28/2013 11:08:53 AM$ -- (Error)$ [ WMIScanner.dll]$ CMcSecurityProductStatus::consolidateResults, Enterprise product not found.. not updating any data
04/28/2013 11:08:53 AM$ -- (Error)$ [ WMIScanner.dll]$ CMcSecurityProductStatus::consolidateResults, Enterprise product not found.. not updating any data
04/28/2013 11:08:53 AM$ -- (Error)$ [ WMIScanner.dll]$ CMcIniReader::Load Unable to open INI file 'C:\Program Files (x86)\McAfee Security Scan\3.0.318\wmiscanner.ini' (err=0x00FAE4BC)
04/28/2013 11:08:53 AM$ -- (Error)$ [ WMIScanner.dll]$ CMcEnterpriseProductInfo::checkAvInstalled()- Failed to load configuration file
04/28/2013 11:08:53 AM$ -- (Error)$ [ WMIScanner.dll]$ CMcSecurityProductStatus::consolidateResults, Enterprise product not found.. not updating any data
04/28/2013 11:08:53 AM$ -- (Error)$ [ WMIScanner.dll]$ CMcIniReader::Load Unable to open INI file 'C:\Program Files (x86)\McAfee Security Scan\3.0.318\wmiscanner.ini' (err=0x00FAE4BC)
04/28/2013 11:08:53 AM$ -- (Error)$ [ WMIScanner.dll]$ CMcEnterpriseProductInfo::checkFwInstalled()- Failed to load configuration file
04/28/2013 11:08:53 AM$ -- (Error)$ [ WMIScanner.dll]$ CMcSecurityProductStatus::consolidateResults, Enterprise product not found.. not updating any data
04/28/2013 11:08:53 AM$ -- (Error)$ [ WMIScanner.dll]$ CMcSecurityProductStatus::consolidateResults, Enterprise product not found.. not updating any data
04/28/2013 11:08:57 AM$ -- (Error)$ [WebInfoScanner.]$ Invalid Handle for user C:\Users\Yogette\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat. Error: 2
04/28/2013 11:08:57 AM$ -- (Error)$ [WebInfoScanner.]$ CMcBrowserInfoCommon::getHistoryData getHistoryForUser failed Error:1107634966
04/28/2013 11:08:57 AM$ -- (Error)$ [WebInfoScanner.]$ Cookie File Format is wrong. It is not a txt file
04/28/2013 11:08:57 AM$ -- (Error)$ [WebInfoScanner.]$ Cookie File Format is wrong. It is not a txt file
04/28/2013 11:08:57 AM$ -- (Error)$ [WebInfoScanner.]$ Cookie File Format is wrong. It is not a txt file
04/28/2013 11:08:57 AM$ -- (Error)$ [WebInfoScanner.]$ CMcBrowserInfoCommon::getCookieData getCookiesForUser failed with error0
04/28/2013 11:08:57 AM$ -- (Information)$ [WebInfoScanner.]$ History DB path to be opened: C:\Users\Yogette\AppData\Roaming\Mozilla\Firefox\Profiles\uba4frdz.default\tempHistorydb.sqlite
04/28/2013 11:08:57 AM$ -- (Information)$ [WebInfoScanner.]$ About to fetch information from DB.
04/28/2013 11:08:57 AM$ -- (Information)$ [WebInfoScanner.]$ CMcSAGetBrowserInfoTask::start: GetBrowserInfo Return Value: 0
04/28/2013 11:08:58 AM$ -- (Error)$ [WebInfoScanner.]$ SACoreError: File: .\sa_dss.c Message: Unable to resolve domain for ~~local~~/C:/ProgramData/Skype/Apps/login
04/28/2013 11:08:59 AM$ -- (Error)$ [WebInfoScanner.]$ CMcSACoreDssWrapper::RequestCallback - Error extracting domain information from sa_map
04/28/2013 06:28:00 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponent::freeModule - success. Handle:0x69980000
04/28/2013 06:28:00 PM$ -- (Error)$ [WebInfoScanner.]$ CMcWebInfoCallbackDisp::OnError - Dispatch OBJ not found
04/28/2013 06:28:00 PM$ -- (Information)$ [WebInfoScanner.]$ CMcSATaskThread::ThreadProc - Exit Event set
04/28/2013 06:28:00 PM$ -- (Information)$ [WebInfoScanner.]$ CMcSATaskThread::ThreadProc - Exit Event set
04/28/2013 06:28:00 PM$ -- (Information)$ [WebInfoScanner.]$ CMcSATaskThread::ThreadProc - Exit Event set
04/28/2013 06:28:00 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponent::freeModule - success. Handle:0x64590000
04/28/2013 06:28:00 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponent::freeModule - success. Handle:0x67050000
05/01/2013 04:03:44 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponentHostObject::GetObject - entered, clsid: {7E80D70A-FA51-4790-A1C7-767C6EA14B89}
05/01/2013 04:03:44 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponent::loadModule - Loaded module path : AVScanComponent.dll , handle :0x63920000
05/01/2013 04:03:44 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComObjectCreator::McGetMcClassFactory - succeeded.
05/01/2013 04:03:44 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponentHostObject::GetObject - leaving.
05/01/2013 04:03:45 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponentHostObject::GetObject - entered, clsid: {EB769D4A-6F70-47E1-90C9-C25BB88098FF}
05/01/2013 04:03:45 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponent::loadModule - Loaded module path : WMIScanner.dll , handle :0x63570000
05/01/2013 04:03:45 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComObjectCreator::McGetMcClassFactory - succeeded.
05/01/2013 04:03:45 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponentHostObject::GetObject - leaving.
05/01/2013 04:03:45 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcIniReader::Load Unable to open INI file 'C:\Program Files (x86)\McAfee Security Scan\3.0.318\wmiscanner.ini' (err=0x0169E58C)
05/01/2013 04:03:45 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcEnterpriseProductInfo::checkAvInstalled()- Failed to load configuration file
05/01/2013 04:03:45 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcSecurityProductStatus::consolidateResults, Enterprise product not found.. not updating any data
05/01/2013 04:03:45 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcIniReader::Load Unable to open INI file 'C:\Program Files (x86)\McAfee Security Scan\3.0.318\wmiscanner.ini' (err=0x0169E58C)
05/01/2013 04:03:45 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcEnterpriseProductInfo::checkFwInstalled()- Failed to load configuration file
05/01/2013 04:03:45 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcSecurityProductStatus::consolidateResults, Enterprise product not found.. not updating any data
05/01/2013 04:03:45 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcSecurityProductStatus::consolidateResults, Enterprise product not found.. not updating any data
05/01/2013 04:03:54 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcIniReader::Load Unable to open INI file 'C:\Program Files (x86)\McAfee Security Scan\3.0.318\wmiscanner.ini' (err=0x0169E58C)
05/01/2013 04:03:54 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcEnterpriseProductInfo::checkAvInstalled()- Failed to load configuration file
05/01/2013 04:03:54 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcSecurityProductStatus::consolidateResults, Enterprise product not found.. not updating any data
05/01/2013 04:03:54 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcIniReader::Load Unable to open INI file 'C:\Program Files (x86)\McAfee Security Scan\3.0.318\wmiscanner.ini' (err=0x0169E58C)
05/01/2013 04:03:54 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcEnterpriseProductInfo::checkFwInstalled()- Failed to load configuration file
05/01/2013 04:03:54 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcSecurityProductStatus::consolidateResults, Enterprise product not found.. not updating any data
05/01/2013 04:03:54 PM$ -- (Error)$ [ WMIScanner.dll]$ CMcSecurityProductStatus::consolidateResults, Enterprise product not found.. not updating any data
05/01/2013 04:03:59 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponentHostObject::GetObject - entered, clsid: {D19646F7-2B61-4D0F-9D06-050CBB716385}
05/01/2013 04:03:59 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponent::loadModule - Loaded module path : WebInfoScanner.dll , handle :0x693D0000
05/01/2013 04:03:59 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComObjectCreator::McGetMcClassFactory - succeeded.
05/01/2013 04:03:59 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponentHostObject::GetObject - leaving.
05/01/2013 04:03:59 PM$ -- (Error)$ [WebInfoScanner.]$ Invalid Handle for user C:\Users\Yogette\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat. Error: 2
05/01/2013 04:03:59 PM$ -- (Error)$ [WebInfoScanner.]$ CMcBrowserInfoCommon::getHistoryData getHistoryForUser failed Error:1107634966
05/01/2013 04:03:59 PM$ -- (Error)$ [WebInfoScanner.]$ Cookie File Format is wrong. It is not a txt file
05/01/2013 04:03:59 PM$ -- (Error)$ [WebInfoScanner.]$ Cookie File Format is wrong. It is not a txt file
05/01/2013 04:03:59 PM$ -- (Error)$ [WebInfoScanner.]$ Cookie File Format is wrong. It is not a txt file
05/01/2013 04:03:59 PM$ -- (Error)$ [WebInfoScanner.]$ CMcBrowserInfoCommon::getCookieData getCookiesForUser failed with error0
05/01/2013 04:03:59 PM$ -- (Information)$ [WebInfoScanner.]$ History DB path to be opened: C:\Users\Yogette\AppData\Roaming\Mozilla\Firefox\Profiles\uba4frdz.default\tempHistorydb.sqlite
05/01/2013 04:03:59 PM$ -- (Information)$ [WebInfoScanner.]$ About to fetch information from DB.
05/01/2013 04:03:59 PM$ -- (Information)$ [WebInfoScanner.]$ CMcSAGetBrowserInfoTask::start: GetBrowserInfo Return Value: 0
05/01/2013 04:04:01 PM$ -- (Error)$ [WebInfoScanner.]$ SACoreError: File: .\sa_dss.c Message: Unable to resolve domain for ~~local~~/C:/ProgramData/Skype/Apps/login
05/01/2013 04:04:02 PM$ -- (Error)$ [WebInfoScanner.]$ CMcSACoreDssWrapper::RequestCallback - Error extracting domain information from sa_map
05/01/2013 04:04:42 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponent::freeModule - success. Handle:0x63920000
05/01/2013 04:04:42 PM$ -- (Error)$ [WebInfoScanner.]$ CMcWebInfoCallbackDisp::OnError - Dispatch OBJ not found
05/01/2013 04:04:42 PM$ -- (Information)$ [WebInfoScanner.]$ CMcSATaskThread::ThreadProc - Exit Event set
05/01/2013 04:04:42 PM$ -- (Information)$ [WebInfoScanner.]$ CMcSATaskThread::ThreadProc - Exit Event set
05/01/2013 04:04:42 PM$ -- (Information)$ [WebInfoScanner.]$ CMcSATaskThread::ThreadProc - Exit Event set
05/01/2013 04:04:42 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponent::freeModule - success. Handle:0x693D0000
05/01/2013 04:04:42 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponent::freeModule - success. Handle:0x63570000
05/04/2013 08:28:29 AM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponentHostObject::GetObject - entered, clsid: {7E80D70A-FA51-4790-A1C7-767C6EA14B89}
05/04/2013 08:28:29 AM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponent::loadModule - Loaded module path : AVScanComponent.dll , handle :0x66980000
05/04/2013 08:28:29 AM$ -- (Information)$ [ McCHSvc.exe]$ CMcComObjectCreator::McGetMcClassFactory - succeeded.
05/04/2013 08:28:29 AM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponentHostObject::GetObject - leaving.
05/04/2013 08:28:30 AM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponentHostObject::GetObject - entered, clsid: {EB769D4A-6F70-47E1-90C9-C25BB88098FF}
05/04/2013 08:28:30 AM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponent::loadModule - Loaded module path : WMIScanner.dll , handle :0x665B0000
05/04/2013 08:28:30 AM$ -- (Information)$ [ McCHSvc.exe]$ CMcComObjectCreator::McGetMcClassFactory - succeeded.
05/04/2013 08:28:30 AM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponentHostObject::GetObject - leaving.
05/04/2013 08:28:30 AM$ -- (Error)$ [ WMIScanner.dll]$ CMcIniReader::Load Unable to open INI file 'C:\Program Files (x86)\McAfee Security Scan\3.0.318\wmiscanner.ini' (err=0x011BE6BC)
05/04/2013 08:28:30 AM$ -- (Error)$ [ WMIScanner.dll]$ CMcEnterpriseProductInfo::checkAvInstalled()- Failed to load configuration file
05/04/2013 08:28:30 AM$ -- (Error)$ [ WMIScanner.dll]$ CMcSecurityProductStatus::consolidateResults, Enterprise product not found.. not updating any data
05/04/2013 08:28:30 AM$ -- (Error)$ [ WMIScanner.dll]$ CMcIniReader::Load Unable to open INI file 'C:\Program Files (x86)\McAfee Security Scan\3.0.318\wmiscanner.ini' (err=0x011BE6BC)
05/04/2013 08:28:30 AM$ -- (Error)$ [ WMIScanner.dll]$ CMcEnterpriseProductInfo::checkFwInstalled()- Failed to load configuration file
05/04/2013 08:28:30 AM$ -- (Error)$ [ WMIScanner.dll]$ CMcSecurityProductStatus::consolidateResults, Enterprise product not found.. not updating any data
05/04/2013 08:28:30 AM$ -- (Error)$ [ WMIScanner.dll]$ CMcSecurityProductStatus::consolidateResults, Enterprise product not found.. not updating any data
05/04/2013 08:28:35 AM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponentHostObject::GetObject - entered, clsid: {D19646F7-2B61-4D0F-9D06-050CBB716385}
05/04/2013 08:28:35 AM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponent::loadModule - Loaded module path : WebInfoScanner.dll , handle :0x66530000
05/04/2013 08:28:35 AM$ -- (Information)$ [ McCHSvc.exe]$ CMcComObjectCreator::McGetMcClassFactory - succeeded.
05/04/2013 08:28:35 AM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponentHostObject::GetObject - leaving.
05/04/2013 08:28:35 AM$ -- (Error)$ [WebInfoScanner.]$ Invalid Handle for user C:\Users\Yogette\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat. Error: 2
05/04/2013 08:28:35 AM$ -- (Error)$ [WebInfoScanner.]$ CMcBrowserInfoCommon::getHistoryData getHistoryForUser failed Error:1107634966
05/04/2013 08:28:35 AM$ -- (Error)$ [WebInfoScanner.]$ Cookie File Format is wrong. It is not a txt file
05/04/2013 08:28:35 AM$ -- (Error)$ [WebInfoScanner.]$ Cookie File Format is wrong. It is not a txt file
05/04/2013 08:28:35 AM$ -- (Error)$ [WebInfoScanner.]$ Cookie File Format is wrong. It is not a txt file
05/04/2013 08:28:35 AM$ -- (Error)$ [WebInfoScanner.]$ CMcBrowserInfoCommon::getCookieData getCookiesForUser failed with error0
05/04/2013 08:28:35 AM$ -- (Information)$ [WebInfoScanner.]$ History DB path to be opened: C:\Users\Yogette\AppData\Roaming\Mozilla\Firefox\Profiles\uba4frdz.default\tempHistorydb.sqlite
05/04/2013 08:28:35 AM$ -- (Information)$ [WebInfoScanner.]$ About to fetch information from DB.
05/04/2013 08:28:35 AM$ -- (Information)$ [WebInfoScanner.]$ CMcSAGetBrowserInfoTask::start: GetBrowserInfo Return Value: 0
05/04/2013 08:28:38 AM$ -- (Error)$ [WebInfoScanner.]$ SACoreError: File: .\sa_dss.c Message: Unable to resolve domain for ~~local~~/C:/ProgramData/Skype/Apps/login
05/04/2013 08:28:38 AM$ -- (Error)$ [WebInfoScanner.]$ CMcSACoreDssWrapper::SADssLookupURLs - Error in lookupurls - 9
05/04/2013 08:28:38 AM$ -- (Error)$ [WebInfoScanner.]$ CMcSAWebInfoScan::OnSALookupTaskComplete Error in SA Lookup - TaskID:11 Error:9
05/04/2013 08:28:38 AM$ -- (Error)$ [WebInfoScanner.]$ CMcSAWebInfoScan::NotifyOnError - Received error code:9
05/04/2013 08:28:38 AM$ -- (Error)$ [WebInfoScanner.]$ CMcSALookupTask::start - Error in lookup. Error: 1107634967
05/04/2013 08:28:40 AM$ -- (Error)$ [WebInfoScanner.]$ CMcSACoreDssWrapper::RequestCallback - Error extracting domain information from sa_map
05/04/2013 08:28:40 AM$ -- (Error)$ [WebInfoScanner.]$ CMcSAMaintenanceTask::SARequestCallback - Type conversion error
05/04/2013 08:28:45 AM$ -- (Error)$ [ WMIScanner.dll]$ CMcIniReader::Load Unable to open INI file 'C:\Program Files (x86)\McAfee Security Scan\3.0.318\wmiscanner.ini' (err=0x011BE6BC)
05/04/2013 08:28:45 AM$ -- (Error)$ [ WMIScanner.dll]$ CMcEnterpriseProductInfo::checkAvInstalled()- Failed to load configuration file
05/04/2013 08:28:45 AM$ -- (Error)$ [ WMIScanner.dll]$ CMcSecurityProductStatus::consolidateResults, Enterprise product not found.. not updating any data
05/04/2013 08:28:45 AM$ -- (Error)$ [ WMIScanner.dll]$ CMcIniReader::Load Unable to open INI file 'C:\Program Files (x86)\McAfee Security Scan\3.0.318\wmiscanner.ini' (err=0x011BE6BC)
05/04/2013 08:28:45 AM$ -- (Error)$ [ WMIScanner.dll]$ CMcEnterpriseProductInfo::checkFwInstalled()- Failed to load configuration file
05/04/2013 08:28:45 AM$ -- (Error)$ [ WMIScanner.dll]$ CMcSecurityProductStatus::consolidateResults, Enterprise product not found.. not updating any data
05/04/2013 08:28:45 AM$ -- (Error)$ [ WMIScanner.dll]$ CMcSecurityProductStatus::consolidateResults, Enterprise product not found.. not updating any data
05/04/2013 04:37:27 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponent::freeModule - success. Handle:0x66980000
05/04/2013 04:37:27 PM$ -- (Error)$ [WebInfoScanner.]$ CMcWebInfoCallbackDisp::OnError - Dispatch OBJ not found
05/04/2013 04:37:27 PM$ -- (Information)$ [WebInfoScanner.]$ CMcSATaskThread::ThreadProc - Exit Event set
05/04/2013 04:37:27 PM$ -- (Information)$ [WebInfoScanner.]$ CMcSATaskThread::ThreadProc - Exit Event set
05/04/2013 04:37:27 PM$ -- (Information)$ [WebInfoScanner.]$ CMcSATaskThread::ThreadProc - Exit Event set
05/04/2013 04:37:27 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponent::freeModule - success. Handle:0x66530000
05/04/2013 04:37:27 PM$ -- (Information)$ [ McCHSvc.exe]$ CMcComponent::freeModule - success. Handle:0x665B0000
Code:
ATTFilter 03/25/2013 06:38:57 PM$ -- (Error)$ [SecurityScanner]$ OnAppInit: Initialize Splash Window succeeded
03/25/2013 06:38:57 PM$ -- (Error)$ [SecurityScanner]$ Couldn't load dialog control fonts (resource ID = 141)
03/25/2013 06:38:57 PM$ -- (Error)$ [SecurityScanner]$ Can't get dialog item w. ID: 1002 GetLastError(): 1421
03/25/2013 06:38:57 PM$ -- (Error)$ [SecurityScanner]$ OnAppInit: return SUCCESS
03/25/2013 07:06:53 PM$ -- (Error)$ [SecurityScanner]$ OnAppInit: Initialize Splash Window succeeded
03/25/2013 07:06:53 PM$ -- (Error)$ [SecurityScanner]$ Failed to load the custom dll "SSCustom_LD.dll" last error:2}
03/25/2013 07:06:53 PM$ -- (Error)$ [SecurityScanner]$ Couldn't load dialog control fonts (resource ID = 141)
03/25/2013 07:06:53 PM$ -- (Error)$ [SecurityScanner]$ Can't get dialog item w. ID: 1002 GetLastError(): 1421
03/25/2013 07:06:53 PM$ -- (Error)$ [SecurityScanner]$ OnAppInit: return SUCCESS
03/28/2013 06:15:08 PM$ -- (Error)$ [SecurityScanner]$ OnAppInit: Initialize Splash Window succeeded
03/28/2013 06:15:08 PM$ -- (Error)$ [SecurityScanner]$ Failed to load the custom dll "SSCustom_LD.dll" last error:2}
03/28/2013 06:15:08 PM$ -- (Error)$ [SecurityScanner]$ Couldn't load dialog control fonts (resource ID = 141)
03/28/2013 06:15:08 PM$ -- (Error)$ [SecurityScanner]$ Can't get dialog item w. ID: 1002 GetLastError(): 1421
03/28/2013 06:15:08 PM$ -- (Error)$ [SecurityScanner]$ OnAppInit: return SUCCESS
04/02/2013 09:59:29 PM$ -- (Error)$ [SecurityScanner]$ OnAppInit: Initialize Splash Window succeeded
04/02/2013 09:59:29 PM$ -- (Error)$ [SecurityScanner]$ Failed to load the custom dll "SSCustom_LD.dll" last error:2}
04/02/2013 09:59:29 PM$ -- (Error)$ [SecurityScanner]$ Couldn't load dialog control fonts (resource ID = 141)
04/02/2013 09:59:29 PM$ -- (Error)$ [SecurityScanner]$ Can't get dialog item w. ID: 1002 GetLastError(): 1421
04/02/2013 09:59:30 PM$ -- (Error)$ [SecurityScanner]$ OnAppInit: return SUCCESS
04/02/2013 10:02:05 PM$ -- (Error)$ [SecurityScanner]$ OnAppInit: Initialize Splash Window succeeded
04/02/2013 10:02:05 PM$ -- (Error)$ [SecurityScanner]$ Failed to load the custom dll "SSCustom_LD.dll" last error:2}
04/02/2013 10:02:05 PM$ -- (Error)$ [SecurityScanner]$ Couldn't load dialog control fonts (resource ID = 141)
04/02/2013 10:02:05 PM$ -- (Error)$ [SecurityScanner]$ Can't get dialog item w. ID: 1002 GetLastError(): 1421
04/02/2013 10:02:05 PM$ -- (Error)$ [SecurityScanner]$ OnAppInit: return SUCCESS
04/04/2013 07:13:01 PM$ -- (Error)$ [SecurityScanner]$ OnAppInit: Initialize Splash Window succeeded
04/04/2013 07:13:01 PM$ -- (Error)$ [SecurityScanner]$ Failed to load the custom dll "SSCustom_LD.dll" last error:2}
04/04/2013 07:13:01 PM$ -- (Error)$ [SecurityScanner]$ Couldn't load dialog control fonts (resource ID = 141)
04/04/2013 07:13:01 PM$ -- (Error)$ [SecurityScanner]$ Can't get dialog item w. ID: 1002 GetLastError(): 1421
04/04/2013 07:13:01 PM$ -- (Error)$ [SecurityScanner]$ OnAppInit: return SUCCESS
04/11/2013 06:13:01 PM$ -- (Error)$ [SecurityScanner]$ OnAppInit: Initialize Splash Window succeeded
04/11/2013 06:13:01 PM$ -- (Error)$ [SecurityScanner]$ Failed to load the custom dll "SSCustom_LD.dll" last error:2}
04/11/2013 06:13:01 PM$ -- (Error)$ [SecurityScanner]$ Couldn't load dialog control fonts (resource ID = 141)
04/11/2013 06:13:01 PM$ -- (Error)$ [SecurityScanner]$ Can't get dialog item w. ID: 1002 GetLastError(): 1421
04/11/2013 06:13:01 PM$ -- (Error)$ [SecurityScanner]$ OnAppInit: return SUCCESS
04/18/2013 10:04:15 PM$ -- (Error)$ [SecurityScanner]$ OnAppInit: Initialize Splash Window succeeded
04/18/2013 10:04:15 PM$ -- (Error)$ [SecurityScanner]$ Failed to load the custom dll "SSCustom_LD.dll" last error:2}
04/18/2013 10:04:15 PM$ -- (Error)$ [SecurityScanner]$ Couldn't load dialog control fonts (resource ID = 141)
04/18/2013 10:04:15 PM$ -- (Error)$ [SecurityScanner]$ Can't get dialog item w. ID: 1002 GetLastError(): 1421
04/18/2013 10:04:15 PM$ -- (Error)$ [SecurityScanner]$ OnAppInit: return SUCCESS
04/28/2013 11:08:39 AM$ -- (Error)$ [SecurityScanner]$ OnAppInit: Initialize Splash Window succeeded
04/28/2013 11:08:39 AM$ -- (Error)$ [SecurityScanner]$ Failed to load the custom dll "SSCustom_LD.dll" last error:2}
04/28/2013 11:08:39 AM$ -- (Error)$ [SecurityScanner]$ Couldn't load dialog control fonts (resource ID = 141)
04/28/2013 11:08:39 AM$ -- (Error)$ [SecurityScanner]$ Can't get dialog item w. ID: 1002 GetLastError(): 1421
04/28/2013 11:08:39 AM$ -- (Error)$ [SecurityScanner]$ OnAppInit: return SUCCESS
05/01/2013 02:45:36 PM$ -- (Error)$ [SecurityScanner]$ OnAppInit: Initialize Splash Window succeeded
05/01/2013 02:45:36 PM$ -- (Error)$ [SecurityScanner]$ Failed to load the custom dll "SSCustom_LD.dll" last error:2}
05/01/2013 02:45:36 PM$ -- (Error)$ [SecurityScanner]$ Couldn't load dialog control fonts (resource ID = 141)
05/01/2013 02:45:36 PM$ -- (Error)$ [SecurityScanner]$ Can't get dialog item w. ID: 1002 GetLastError(): 1421
05/01/2013 02:45:37 PM$ -- (Error)$ [SecurityScanner]$ OnAppInit: return SUCCESS
05/01/2013 04:03:39 PM$ -- (Error)$ [SecurityScanner]$ OnAppInit: Initialize Splash Window succeeded
05/01/2013 04:03:39 PM$ -- (Error)$ [SecurityScanner]$ Failed to load the custom dll "SSCustom_LD.dll" last error:2}
05/01/2013 04:03:39 PM$ -- (Error)$ [SecurityScanner]$ Couldn't load dialog control fonts (resource ID = 141)
05/01/2013 04:03:39 PM$ -- (Error)$ [SecurityScanner]$ Can't get dialog item w. ID: 1002 GetLastError(): 1421
05/01/2013 04:03:39 PM$ -- (Error)$ [SecurityScanner]$ OnAppInit: return SUCCESS
05/04/2013 08:27:22 AM$ -- (Error)$ [SecurityScanner]$ OnAppInit: Initialize Splash Window succeeded
05/04/2013 08:27:22 AM$ -- (Error)$ [SecurityScanner]$ Failed to load the custom dll "SSCustom_LD.dll" last error:2}
05/04/2013 08:27:22 AM$ -- (Error)$ [SecurityScanner]$ Couldn't load dialog control fonts (resource ID = 141)
05/04/2013 08:27:22 AM$ -- (Error)$ [SecurityScanner]$ Can't get dialog item w. ID: 1002 GetLastError(): 1421
05/04/2013 08:27:22 AM$ -- (Error)$ [SecurityScanner]$ OnAppInit: return SUCCESS
05/04/2013 04:37:24 PM$ -- (Error)$ [SecurityScanner]$ OnAppInit: Initialize Splash Window succeeded
05/04/2013 04:37:24 PM$ -- (Error)$ [SecurityScanner]$ Can't show splash screen - dialog handle is NULL.
05/04/2013 04:37:24 PM$ -- (Error)$ [SecurityScanner]$ OnAppInit: return SUCCESS
05/04/2013 04:37:24 PM$ -- (Error)$ [SecurityScanner]$ Failed to load the custom dll "SSCustom_LD.dll" last error:2}
05/04/2013 04:37:24 PM$ -- (Error)$ [SecurityScanner]$ Couldn't load dialog control fonts (resource ID = 141)
05/04/2013 04:37:24 PM$ -- (Error)$ [SecurityScanner]$ Can't get dialog item w. ID: 1002 GetLastError(): 1421
Code:
ATTFilter 03/25/2013 06:13:24 PM$ -- (Information)$ [SecurityScanner]$ LaunchMcAfeeExe: Called from NSIS to launch C:\Users\Yogette\AppData\Local\Temp\ContentDATs.exe
03/25/2013 06:13:24 PM$ -- (Error)$ [SecurityScanner]$ McValidateMssModule: C:\Users\Yogette\AppData\Local\Temp\ContentDATs.exe isn't a McAfee signed exe
03/25/2013 06:13:26 PM$ -- (Error)$ [SecurityScanner]$ CCPHelper::_GetSessionToken: WTSQueryUserToken failed with error: 1314
03/25/2013 06:13:26 PM$ -- (Error)$ [SecurityScanner]$ WTSQueryUserToken failed. Session ID = 1, GetLastError = 1314
03/25/2013 06:13:26 PM$ -- (Error)$ [SecurityScanner]$ Openprocess for PID: 0 failed with error: 87
03/25/2013 06:13:26 PM$ -- (Error)$ [SecurityScanner]$ Openprocess for PID: 4 failed with error: 5
03/25/2013 06:13:26 PM$ -- (Error)$ [SecurityScanner]$ Openprocess for PID: 260 failed with error: 5
03/25/2013 06:13:26 PM$ -- (Error)$ [SecurityScanner]$ Openprocess for PID: 416 failed with error: 5
03/25/2013 06:13:26 PM$ -- (Error)$ [SecurityScanner]$ Openprocess for PID: 472 failed with error: 5
03/25/2013 06:13:26 PM$ -- (Error)$ [SecurityScanner]$ Openprocess for PID: 480 failed with error: 5
03/25/2013 06:13:26 PM$ -- (Error)$ [SecurityScanner]$ Openprocess for PID: 508 failed with error: 5
03/25/2013 06:13:26 PM$ -- (Error)$ [SecurityScanner]$ Openprocess for PID: 612 failed with error: 5
03/25/2013 06:13:26 PM$ -- (Error)$ [SecurityScanner]$ Openprocess for PID: 620 failed with error: 5
03/25/2013 06:13:26 PM$ -- (Error)$ [SecurityScanner]$ Openprocess for PID: 720 failed with error: 5
03/25/2013 06:13:26 PM$ -- (Error)$ [SecurityScanner]$ Openprocess for PID: 752 failed with error: 5
03/25/2013 06:13:26 PM$ -- (Error)$ [SecurityScanner]$ Openprocess for PID: 828 failed with error: 5
03/25/2013 06:13:26 PM$ -- (Error)$ [SecurityScanner]$ Openprocess for PID: 972 failed with error: 5
03/25/2013 06:13:26 PM$ -- (Error)$ [SecurityScanner]$ Openprocess for PID: 992 failed with error: 5
03/25/2013 06:13:26 PM$ -- (Error)$ [SecurityScanner]$ Openprocess for PID: 308 failed with error: 5
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ Openprocess for PID: 1108 failed with error: 5
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ Openprocess for PID: 1148 failed with error: 5
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ Openprocess for PID: 1432 failed with error: 5
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ Openprocess for PID: 1736 failed with error: 5
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ Openprocess for PID: 2020 failed with error: 5
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ Openprocess for PID: 1364 failed with error: 5
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ Openprocess for PID: 1536 failed with error: 5
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ Openprocess for PID: 312 failed with error: 5
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ Openprocess for PID: 1560 failed with error: 5
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ Openprocess for PID: 732 failed with error: 5
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ Openprocess for PID: 672 failed with error: 5
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ Openprocess for PID: 1520 failed with error: 5
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ Openprocess for PID: 2088 failed with error: 5
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ Openprocess for PID: 2116 failed with error: 5
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ Openprocess for PID: 2140 failed with error: 5
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ Openprocess for PID: 2164 failed with error: 5
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ Openprocess for PID: 2272 failed with error: 5
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ Openprocess for PID: 2340 failed with error: 5
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ Openprocess for PID: 2428 failed with error: 5
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ Openprocess for PID: 2928 failed with error: 5
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ Openprocess for PID: 2968 failed with error: 5
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ Openprocess for PID: 3428 failed with error: 5
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ Openprocess for PID: 3516 failed with error: 5
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ Openprocess for PID: 3572 failed with error: 5
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ Openprocess for PID: 3604 failed with error: 5
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ Openprocess for PID: 3636 failed with error: 5
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ Openprocess for PID: 3748 failed with error: 5
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ Openprocess for PID: 3768 failed with error: 5
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ Openprocess for PID: 3900 failed with error: 5
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ EnumProcessModules for PID: 1876 failed with error: 299
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ EnumProcessModules for PID: 5080 failed with error: 299
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ Openprocess for PID: 3864 failed with error: 5
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ EnumProcessModules for PID: 1332 failed with error: 299
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ EnumProcessModules for PID: 5456 failed with error: 299
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ EnumProcessModules for PID: 5512 failed with error: 299
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ EnumProcessModules for PID: 5548 failed with error: 299
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ EnumProcessModules for PID: 5564 failed with error: 299
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ EnumProcessModules for PID: 5588 failed with error: 299
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ EnumProcessModules for PID: 5752 failed with error: 299
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ Openprocess for PID: 6104 failed with error: 5
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ EnumProcessModules for PID: 2612 failed with error: 299
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ EnumProcessModules for PID: 5816 failed with error: 299
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ Openprocess for PID: 5508 failed with error: 5
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ Openprocess for PID: 5732 failed with error: 5
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ Openprocess for PID: 3080 failed with error: 5
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ EnumProcessModules for PID: 5904 failed with error: 299
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ Openprocess for PID: 4476 failed with error: 5
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ Openprocess for PID: 7704 failed with error: 5
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ Openprocess for PID: 2000 failed with error: 5
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ Openprocess for PID: 3228 failed with error: 5
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ EnumProcessModules for PID: 2460 failed with error: 299
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ EnumProcessModules for PID: 4924 failed with error: 299
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ EnumProcessModules for PID: 2548 failed with error: 299
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ EnumProcessModules for PID: 4292 failed with error: 299
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ EnumProcessModules for PID: 5428 failed with error: 299
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ EnumProcessModules for PID: 15256 failed with error: 299
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ EnumProcessModules for PID: 16324 failed with error: 299
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ EnumProcessModules for PID: 14680 failed with error: 299
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ EnumProcessModules for PID: 20268 failed with error: 299
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ Openprocess for PID: 16568 failed with error: 5
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ Openprocess for PID: 12804 failed with error: 5
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ EnumProcessModules for PID: 14752 failed with error: 299
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ EnumProcessModules for PID: 21240 failed with error: 299
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ Could not find the Shell PID
03/25/2013 06:13:27 PM$ -- (Error)$ [SecurityScanner]$ CCPHelper::_RunProcessAsUserNT: _GetShellPid returned 2
03/25/2013 06:13:27 PM$ -- (Information)$ [SecurityScanner]$ LaunchAppAsUser: C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe Launch failed. Return Val: 2. We will now try to launch in current user context.
03/25/2013 06:13:27 PM$ -- (Information)$ [SecurityScanner]$ LaunchAppAsUser: C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe Launched Successfully
03/25/2013 07:06:52 PM$ -- (Error)$ [SecurityScanner]$ CCPHelper::_GetSessionToken: WTSQueryUserToken failed with error: 1008
03/25/2013 07:06:52 PM$ -- (Error)$ [SecurityScanner]$ CCPHelper::_GetSessionToken: WTSQueryUserToken failed with error: 1008
Ich habe eben noch die log files vom SpyHunter gefunden, ich häng sie einfach mal mit dran. Geändert von Yogette (04.05.2013 um 16:23 Uhr) |
|
04.05.2013, 16:07
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Langanhaltendes Fiepen und Probleme bei der Deinstallation von Spyhunter Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Rootkitscan mit GMER Bitte lade dir  GMER herunter: (Dateiname zufällig)
Tauchen Probleme auf?
Anschließend bitte MBAR ausführen: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
04.05.2013, 16:43
| #5 |
| | Langanhaltendes Fiepen und Probleme bei der Deinstallation von Spyhunter Da bin ich auch schon wieder. Beim Öffnen von GMER bekomme ich folgende Fehlermeldung c:\Windows\system32\config\system: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. Wenn ich hier auf ok klicke, geht das Fenster auf. Soll ich trotzdem veruschen zu scannen oder in den abgesicherten Modus wechseln? Viele Grüße |
|
04.05.2013, 22:02
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Langanhaltendes Fiepen und Probleme bei der Deinstallation von Spyhunter Abgesicherten Modus probieren, wenn GMER nicht will, machst du einfach mit MBAR weiter
__________________ --> Langanhaltendes Fiepen und Probleme bei der Deinstallation von Spyhunter |
|
05.05.2013, 17:49
| #7 |
| | Langanhaltendes Fiepen und Probleme bei der Deinstallation von Spyhunter N`Abend, sodele, hier die Ergebnisse. Bei Malware konnte ich leider nicht auf CleanUp klicken, da nix gefunden wurde... Liebe Grüße und einen schönen Restsonntag Gmer Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-05 18:21:53
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000044 Intel___ rev.1.0. 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Yogette\AppData\Local\Temp\uxloqpog.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1892] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f9d3e51532 4 bytes [E5, D3, F9, 07]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1892] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f9d3e5153a 4 bytes [E5, D3, F9, 07]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1892] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f9d3e5165a 4 bytes [E5, D3, F9, 07]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1892] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f9da5e177a 4 bytes [5E, DA, F9, 07]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1892] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f9da5e1782 4 bytes [5E, DA, F9, 07]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1892] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007f9d2a11b32 4 bytes [A1, D2, F9, 07]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1892] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007f9d2a11b3a 4 bytes [A1, D2, F9, 07]
.text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1180] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f9da5e177a 4 bytes [5E, DA, F9, 07]
.text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1180] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f9da5e1782 4 bytes [5E, DA, F9, 07]
.text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1180] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f9d3e51532 4 bytes [E5, D3, F9, 07]
.text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1180] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f9d3e5153a 4 bytes [E5, D3, F9, 07]
.text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[1180] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f9d3e5165a 4 bytes [E5, D3, F9, 07]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[1620] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f9da5e177a 4 bytes [5E, DA, F9, 07]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[1620] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f9da5e1782 4 bytes [5E, DA, F9, 07]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1524] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f9da5e177a 4 bytes [5E, DA, F9, 07]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1524] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f9da5e1782 4 bytes [5E, DA, F9, 07]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1524] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f9d3e51532 4 bytes [E5, D3, F9, 07]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1524] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f9d3e5153a 4 bytes [E5, D3, F9, 07]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[1524] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f9d3e5165a 4 bytes [E5, D3, F9, 07]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2232] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f9d3e51532 4 bytes [E5, D3, F9, 07]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2232] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f9d3e5153a 4 bytes [E5, D3, F9, 07]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2232] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f9d3e5165a 4 bytes [E5, D3, F9, 07]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2232] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f9da5e177a 4 bytes [5E, DA, F9, 07]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[2232] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f9da5e1782 4 bytes [5E, DA, F9, 07]
.text C:\Windows\system32\wbem\wmiprvse.exe[2668] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f9da5e177a 4 bytes [5E, DA, F9, 07]
.text C:\Windows\system32\wbem\wmiprvse.exe[2668] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f9da5e1782 4 bytes [5E, DA, F9, 07]
.text C:\Windows\system32\wbem\wmiprvse.exe[2668] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f9d3e51532 4 bytes [E5, D3, F9, 07]
.text C:\Windows\system32\wbem\wmiprvse.exe[2668] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f9d3e5153a 4 bytes [E5, D3, F9, 07]
.text C:\Windows\system32\wbem\wmiprvse.exe[2668] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f9d3e5165a 4 bytes [E5, D3, F9, 07]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6072] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 306 000007f9da5e177a 4 bytes [5E, DA, F9, 07]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6072] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 314 000007f9da5e1782 4 bytes [5E, DA, F9, 07]
.text C:\Windows\system32\WLANExt.exe[14700] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f9da5e177a 4 bytes [5E, DA, F9, 07]
.text C:\Windows\system32\WLANExt.exe[14700] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f9da5e1782 4 bytes [5E, DA, F9, 07]
.text C:\Windows\system32\WLANExt.exe[14700] C:\Windows\system32\MSIMG32.dll!GradientFill + 690 000007f9d3e51532 4 bytes [E5, D3, F9, 07]
.text C:\Windows\system32\WLANExt.exe[14700] C:\Windows\system32\MSIMG32.dll!GradientFill + 698 000007f9d3e5153a 4 bytes [E5, D3, F9, 07]
.text C:\Windows\system32\WLANExt.exe[14700] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246 000007f9d3e5165a 4 bytes [E5, D3, F9, 07]
.text C:\Windows\Explorer.EXE[14924] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f9da5e177a 4 bytes [5E, DA, F9, 07]
.text C:\Windows\Explorer.EXE[14924] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f9da5e1782 4 bytes [5E, DA, F9, 07]
.text C:\Windows\System32\igfxpers.exe[12992] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f9da5e177a 4 bytes [5E, DA, F9, 07]
.text C:\Windows\System32\igfxpers.exe[12992] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f9da5e1782 4 bytes [5E, DA, F9, 07]
.text C:\Windows\System32\rundll32.exe[14560] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f9d3e51532 4 bytes [E5, D3, F9, 07]
.text C:\Windows\System32\rundll32.exe[14560] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f9d3e5153a 4 bytes [E5, D3, F9, 07]
.text C:\Windows\System32\rundll32.exe[14560] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f9d3e5165a 4 bytes [E5, D3, F9, 07]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[15872] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f9da5e177a 4 bytes [5E, DA, F9, 07]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[15872] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f9da5e1782 4 bytes [5E, DA, F9, 07]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[1604] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f9da5e177a 4 bytes [5E, DA, F9, 07]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[1604] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f9da5e1782 4 bytes [5E, DA, F9, 07]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [5892:19348] fffff960009745e8
Thread C:\Windows\SYSTEM32\ntdll.dll [14976:5864] 00000000004020b7
Thread C:\Windows\SYSTEM32\ntdll.dll [14976:3128] 0000000000250060
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.05.05.05
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16540
Yogette :: BRUNO [administrator]
05.05.2013 18:34:20
mbar-log-2013-05-05 (18-34-20).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 7957
Time elapsed: 7 minute(s), 6 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
06.05.2013, 10:42
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Langanhaltendes Fiepen und Probleme bei der Deinstallation von Spyhunter aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.05.2013, 19:34
| #9 |
| | Langanhaltendes Fiepen und Probleme bei der Deinstallation von Spyhunter Hallo cosinus, hier kommen die Ergebnisse. Hast Du eigentlich schon irgendeine Idee? Viele Grüße Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-06 20:22:30
-----------------------------
20:22:30.281 OS Version: Windows x64 6.2.9200
20:22:30.281 Number of processors: 4 586 0x3A09
20:22:30.281 ComputerName: BRUNO UserName:
20:22:30.594 Initialze error 1
20:22:55.897 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000044
20:22:55.897 Disk 0 Vendor: Intel___ 1.0. Size: 476937MB BusType: 8
20:22:55.897 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000045
20:22:55.897 Disk 1 Vendor: Intel___ 1.0. Size: 8192MB BusType: 8
20:22:55.928 Disk 0 MBR read successfully
20:22:55.928 Disk 0 MBR scan
20:22:55.944 Disk 0 unknown MBR code
20:22:55.944 Disk 0 Partition 1 00 EE GPT 476936 MB offset 1
20:22:55.944 Disk 0 scanning C:\Windows\system32\drivers
20:22:55.960 Service scanning
20:22:56.743 Modules scanning
20:22:56.743 Disk 0 trace - called modules:
20:22:56.790 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys storport.sys hal.dll iaStorA.sys
20:22:56.790 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800969a060]
20:22:56.806 3 CLASSPNP.SYS[fffff88000da7fea] -> nt!IofCallDriver -> [0xfffffa800871f980]
20:22:56.821 5 hpdskflt.sys[fffff88001f7f379] -> nt!IofCallDriver -> \Device\00000044[0xfffffa8007e9d7f0]
20:22:56.821 Scan finished successfully
20:23:18.035 Disk 0 MBR has been saved successfully to "C:\Users\Yogette\Desktop\MBR.dat"
20:23:18.035 The log file has been saved successfully to "C:\Users\Yogette\Desktop\aswMBR.txt"
Code:
ATTFilter 20:27:15.0505 9224 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:27:15.0505 9224 UEFI system
20:27:15.0770 9224 ============================================================
20:27:15.0770 9224 Current date / time: 2013/05/06 20:27:15.0770
20:27:15.0770 9224 SystemInfo:
20:27:15.0770 9224
20:27:15.0770 9224 OS Version: 6.2.9200 ServicePack: 0.0
20:27:15.0770 9224 Product type: Workstation
20:27:15.0770 9224 ComputerName: BRUNO
20:27:15.0770 9224 UserName: Yogette
20:27:15.0770 9224 Windows directory: C:\Windows
20:27:15.0770 9224 System windows directory: C:\Windows
20:27:15.0770 9224 Running under WOW64
20:27:15.0770 9224 Processor architecture: Intel x64
20:27:15.0770 9224 Number of processors: 4
20:27:15.0770 9224 Page size: 0x1000
20:27:15.0770 9224 Boot type: Normal boot
20:27:15.0770 9224 ============================================================
20:27:16.0883 9224 Drive \Device\Harddisk0\DR0 - Size: 0x7470900000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:27:16.0883 9224 Drive \Device\Harddisk1\DR1 - Size: 0x200000000 (8.00 Gb), SectorSize: 0x200, Cylinders: 0x414, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:27:16.0914 9224 ============================================================
20:27:16.0914 9224 \Device\Harddisk0\DR0:
20:27:16.0914 9224 GPT partitions:
20:27:16.0914 9224 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {4E102305-ADC4-40D3-8766-5C95C3B56454}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xC8000
20:27:16.0914 9224 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {B14A45A8-1CDC-41B0-A9A2-764FA61DC9EC}, Name: EFI system partition, StartLBA 0xC8800, BlocksNum 0x82000
20:27:16.0914 9224 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {6915F8AE-B903-4FE4-97E6-03086E7CBB05}, Name: Microsoft reserved partition, StartLBA 0x14A800, BlocksNum 0x40000
20:27:16.0914 9224 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {6B57B704-2C46-4789-8FEF-2DA331C06AD4}, Name: Basic data partition, StartLBA 0x18A800, BlocksNum 0x3810D800
20:27:16.0914 9224 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {806419C1-1229-4B61-B0CE-4DB401CE5243}, Name: Basic data partition, StartLBA 0x38298000, BlocksNum 0x20EC000
20:27:16.0914 9224 MBR partitions:
20:27:16.0914 9224 \Device\Harddisk1\DR1:
20:27:16.0914 9224 GPT partitions:
20:27:16.0914 9224 \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {D3BFE2DE-3DAF-11DF-BA40-E3A556D89593}, UniqueGUID: {D46AC6FA-5B96-4153-8C7A-FA3CF2D21409}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xFFF000
20:27:16.0914 9224 MBR partitions:
20:27:16.0914 9224 ============================================================
20:27:16.0914 9224 C: <-> \Device\Harddisk0\DR0\Partition4
20:27:16.0914 9224 D: <-> \Device\Harddisk0\DR0\Partition5
20:27:16.0914 9224 ============================================================
20:27:16.0914 9224 Initialize success
20:27:16.0914 9224 ============================================================
20:27:55.0376 9208 ============================================================
20:27:55.0376 9208 Scan started
20:27:55.0376 9208 Mode: Manual; SigCheck; TDLFS;
20:27:55.0376 9208 ============================================================
20:27:56.0098 9208 ================ Scan system memory ========================
20:27:56.0098 9208 System memory - ok
20:27:56.0113 9208 ================ Scan services =============================
20:27:56.0270 9208 [ E890C46E4754F0DF51BAFCC8D2E07498 ] 1394ohci C:\Windows\System32\drivers\1394ohci.sys
20:27:56.0348 9208 1394ohci - ok
20:27:56.0364 9208 [ 4F18D4C7EA14F11A7211F60D553C03DB ] 3ware C:\Windows\system32\drivers\3ware.sys
20:27:56.0379 9208 3ware - ok
20:27:56.0395 9208 [ BE14A19386CC6711D2225D2B242AAC53 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
20:27:56.0411 9208 Accelerometer - ok
20:27:56.0411 9208 [ 975AABEB243B800C23626D6B652C5A9C ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:27:56.0442 9208 ACPI - ok
20:27:56.0457 9208 [ DC968C37822117E576B933F34A2D130C ] acpiex C:\Windows\system32\Drivers\acpiex.sys
20:27:56.0457 9208 acpiex - ok
20:27:56.0473 9208 [ 0CA9F7C3A78227C21A0A7854E245CFB2 ] acpipagr C:\Windows\System32\drivers\acpipagr.sys
20:27:56.0489 9208 acpipagr - ok
20:27:56.0489 9208 [ 8EB8DA03B142D3DD1EB9ED8107A76C43 ] AcpiPmi C:\Windows\System32\drivers\acpipmi.sys
20:27:56.0521 9208 AcpiPmi - ok
20:27:56.0521 9208 [ CBCE725C5D86ABA7D2604E22951AA9B8 ] acpitime C:\Windows\System32\drivers\acpitime.sys
20:27:56.0552 9208 acpitime - ok
20:27:56.0583 9208 [ 93C6388592B99925C1D1576E465BC80F ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
20:27:56.0614 9208 adp94xx - ok
20:27:56.0630 9208 [ D27763E0247292654E7F7D16444C7C72 ] adpahci C:\Windows\system32\drivers\adpahci.sys
20:27:56.0646 9208 adpahci - ok
20:27:56.0646 9208 [ 67B90070FF48F794AF19F9FCF0080D75 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
20:27:56.0661 9208 adpu320 - ok
20:27:56.0677 9208 [ 974AE60BF5B90E31412D93596C968E5B ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:27:56.0709 9208 AeLookupSvc - ok
20:27:56.0709 9208 [ 36D6A3201721558A8AFBCC09C2DA4C2C ] AFD C:\Windows\system32\drivers\afd.sys
20:27:56.0740 9208 AFD - ok
20:27:56.0740 9208 [ 01590377A5AB19E792528C628A2A68F9 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:27:56.0756 9208 agp440 - ok
20:27:56.0756 9208 [ D1BE8E6E5B3AF23A4393AF1BF867977A ] ALG C:\Windows\System32\alg.exe
20:27:56.0787 9208 ALG - ok
20:27:56.0787 9208 [ 025E8C755BE293E50854D26D1BBE5133 ] AllUserInstallAgent C:\Windows\system32\AUInstallAgent.dll
20:27:56.0819 9208 AllUserInstallAgent - ok
20:27:56.0819 9208 [ 5A81054B824004B1ECC04F0034A1CDF9 ] AmdK8 C:\Windows\System32\drivers\amdk8.sys
20:27:56.0834 9208 AmdK8 - ok
20:27:56.0834 9208 [ B849D453E644FAB9BC8EF6DC8CA9C4C6 ] AmdPPM C:\Windows\System32\drivers\amdppm.sys
20:27:56.0865 9208 AmdPPM - ok
20:27:56.0881 9208 [ 35A0EB5AECB0FA3C41A2FB514A562304 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:27:56.0912 9208 amdsata - ok
20:27:56.0912 9208 [ 00452671904F5EE94B50BF0219C97164 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
20:27:56.0959 9208 amdsbs - ok
20:27:56.0959 9208 [ EA3FFE53E92E59C87E3ECA9BEB20D9B7 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:27:56.0959 9208 amdxata - ok
20:27:56.0975 9208 [ FB88245C1815EB1588DBC364A8D24522 ] AMPPAL C:\Windows\System32\drivers\AMPPAL.sys
20:27:56.0990 9208 AMPPAL - ok
20:27:56.0990 9208 [ FB88245C1815EB1588DBC364A8D24522 ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys
20:27:57.0006 9208 AMPPALP - ok
20:27:57.0022 9208 [ A73CEA1B1B0A4F6D10BFD3B9AD9DC5F9 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
20:27:57.0053 9208 AMPPALR3 - ok
20:27:57.0053 9208 [ 823F34D1DEF120A657BB7529ABF4461F ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll
20:27:57.0084 9208 AppHostSvc - ok
20:27:57.0100 9208 [ 83B3682CE922FB0F415734B26D9D6233 ] AppID C:\Windows\system32\drivers\appid.sys
20:27:57.0131 9208 AppID - ok
20:27:57.0131 9208 [ CE2BEAD7F31816FF0AC490D048C969F9 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:27:57.0147 9208 AppIDSvc - ok
20:27:57.0147 9208 [ D64C4AFEE8277F35EF729A2B924666B0 ] Appinfo C:\Windows\System32\appinfo.dll
20:27:57.0178 9208 Appinfo - ok
20:27:57.0178 9208 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:27:57.0194 9208 Apple Mobile Device - ok
20:27:57.0203 9208 [ E933401B392387F4BE34DE8BAF1722A7 ] arc C:\Windows\system32\drivers\arc.sys
20:27:57.0204 9208 arc - ok
20:27:57.0204 9208 [ 07CA323EF2E8247A568AB0F3662AD644 ] arcsas C:\Windows\system32\drivers\arcsas.sys
20:27:57.0220 9208 arcsas - ok
20:27:57.0235 9208 [ 108FB6DDB69E537A2EA53F425363FAE5 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:27:57.0251 9208 aspnet_state - ok
20:27:57.0251 9208 [ 74DBAEC35366C4EE7670428808715A6A ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:27:57.0282 9208 AsyncMac - ok
20:27:57.0282 9208 [ A721FF570C2387E383BDDEA9632863C9 ] atapi C:\Windows\system32\drivers\atapi.sys
20:27:57.0298 9208 atapi - ok
20:27:57.0345 9208 [ DECE3E2832F125A41A02FB59F4C54EEA ] athr C:\Windows\system32\DRIVERS\athrx.sys
20:27:57.0502 9208 athr - ok
20:27:57.0518 9208 [ 810ED88782952228AF9C0985FB7D259E ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
20:27:57.0565 9208 AudioEndpointBuilder - ok
20:27:57.0580 9208 [ 25CA8B87479A374919563B3EE7136F32 ] Audiosrv C:\Windows\System32\Audiosrv.dll
20:27:57.0643 9208 Audiosrv - ok
20:27:57.0658 9208 [ 89491EF71D5EA011127832C588002853 ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:27:57.0705 9208 AxInstSV - ok
20:27:57.0721 9208 [ 87AB5BB072A3F128541D5B815F82FFDD ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
20:27:57.0752 9208 b06bdrv - ok
20:27:57.0752 9208 [ 81703BC5D68DEDBB086C2368FBE7B334 ] BasicDisplay C:\Windows\System32\drivers\BasicDisplay.sys
20:27:57.0783 9208 BasicDisplay - ok
20:27:57.0799 9208 [ 5EC68164E14D25675C98BBB5F09E8606 ] BasicRender C:\Windows\System32\drivers\BasicRender.sys
20:27:57.0815 9208 BasicRender - ok
20:27:57.0830 9208 [ 89143A7BA7850F5C7E61B43BB44B6418 ] BDESVC C:\Windows\System32\bdesvc.dll
20:27:57.0861 9208 BDESVC - ok
20:27:57.0861 9208 [ 9E7AEA59776D904607985AFFE7E5E183 ] Beep C:\Windows\system32\drivers\Beep.sys
20:27:57.0893 9208 Beep - ok
20:27:57.0908 9208 [ 9E6A544F465C582AB42444A217CF04DC ] BFE C:\Windows\System32\bfe.dll
20:27:57.0940 9208 BFE - ok
20:27:57.0986 9208 [ 7B56A40EAAACF1867FF178501D3EA185 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130412.001\BHDrvx64.sys
20:27:58.0018 9208 BHDrvx64 - ok
20:27:58.0033 9208 [ D598C44A7072D3108D8D8102EC5E07F7 ] BITS C:\Windows\System32\qmgr.dll
20:27:58.0096 9208 BITS - ok
20:27:58.0127 9208 [ 4AF14827F1584D084BC136A51FAA8397 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
20:27:58.0174 9208 Bluetooth Device Monitor - ok
20:27:58.0190 9208 [ BC89A4C6A2A9C65E8E88AD0B3BF180FD ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
20:27:58.0221 9208 Bluetooth OBEX Service - ok
20:27:58.0236 9208 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:27:58.0252 9208 Bonjour Service - ok
20:27:58.0268 9208 [ B17AC10B47C7FCB44D22A1F06415840E ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:27:58.0299 9208 bowser - ok
20:27:58.0299 9208 [ 975398A3D2C1FEA73FC93931978DF354 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
20:27:58.0330 9208 BrokerInfrastructure - ok
20:27:58.0330 9208 [ 310068BDA80B1D55C36580FD8A873FAF ] Browser C:\Windows\System32\browser.dll
20:27:58.0361 9208 Browser - ok
20:27:58.0377 9208 [ F17DEEAC7D51D44CF1BFF8DD4F0A2B6D ] BthAvrcpTg C:\Windows\System32\drivers\BthAvrcpTg.sys
20:27:58.0393 9208 BthAvrcpTg - ok
20:27:58.0393 9208 [ A8B20D852B07AE19A13B5D47EC4E4C3B ] BthEnum C:\Windows\System32\drivers\BthEnum.sys
20:27:58.0408 9208 BthEnum - ok
20:27:58.0424 9208 [ 616EB8748C988AEE98D93DA141C3D3B4 ] BthHFEnum C:\Windows\System32\drivers\bthhfenum.sys
20:27:58.0456 9208 BthHFEnum - ok
20:27:58.0456 9208 [ DCB4EBD928A6FB368BE6CAE522412DE1 ] bthhfhid C:\Windows\System32\drivers\BthHFHid.sys
20:27:58.0472 9208 bthhfhid - ok
20:27:58.0487 9208 [ 42201C346F0B8C458E1E9CDE04D68A2C ] BthLEEnum C:\Windows\system32\DRIVERS\BthLEEnum.sys
20:27:58.0520 9208 BthLEEnum - ok
20:27:58.0535 9208 [ 033916CE8784A848B9A3D686B7F66D97 ] BTHMODEM C:\Windows\System32\drivers\bthmodem.sys
20:27:58.0598 9208 BTHMODEM - ok
20:27:58.0613 9208 [ 091BB978E9504D0AD14586929431A957 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
20:27:58.0645 9208 BthPan - ok
20:27:58.0676 9208 [ 13795CAA34239D97A7211E7F9D96E012 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
20:27:58.0723 9208 BTHPORT - ok
20:27:58.0754 9208 [ A4387C3D271959313E2577DB7BE8BA7A ] bthserv C:\Windows\system32\bthserv.dll
20:27:58.0770 9208 bthserv - ok
20:27:58.0770 9208 [ 9310C81BE4D5EA33798A99355BB53E94 ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
20:27:58.0785 9208 BTHSSecurityMgr - ok
20:27:58.0785 9208 [ 1F715957F5236D30B6020A19A4271F6A ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
20:27:58.0832 9208 BTHUSB - ok
20:27:58.0832 9208 [ 0E39863E0568BAF18DA8A49F0C5D55EB ] btmaux C:\Windows\system32\DRIVERS\btmaux.sys
20:27:58.0888 9208 btmaux - ok
20:27:58.0904 9208 [ 1134650C2F97611ACCDB02BC904AD35D ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys
20:27:58.0967 9208 btmhsf - ok
20:27:58.0982 9208 [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1403010.016\ccSetx64.sys
20:27:58.0998 9208 ccSet_NIS - ok
20:27:58.0998 9208 [ 990B1BABE6E81FB18E65A87EBEFB1772 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:27:59.0029 9208 cdfs - ok
20:27:59.0029 9208 [ 339BFF85D788268752DA8C9644B188EE ] cdrom C:\Windows\System32\drivers\cdrom.sys
20:27:59.0060 9208 cdrom - ok
20:27:59.0076 9208 [ BAF8F0F55BC300E5F882E521F054E345 ] CertPropSvc C:\Windows\System32\certprop.dll
20:27:59.0107 9208 CertPropSvc - ok
20:27:59.0107 9208 [ F64B7D1A37CC1D5F421D5359EEC81E2E ] circlass C:\Windows\System32\drivers\circlass.sys
20:27:59.0201 9208 circlass - ok
20:27:59.0201 9208 [ 9905168708DB68849B879B5548F68AB3 ] CLFS C:\Windows\system32\drivers\CLFS.sys
20:27:59.0217 9208 CLFS - ok
20:27:59.0232 9208 [ 2DC8538A2260647484A6C921CA837313 ] CmBatt C:\Windows\System32\drivers\CmBatt.sys
20:27:59.0248 9208 CmBatt - ok
20:27:59.0248 9208 [ E708BFF0473EC6B271EA46B65B16CA56 ] CNG C:\Windows\system32\Drivers\cng.sys
20:27:59.0279 9208 CNG - ok
20:27:59.0279 9208 [ 0E5B1E9E7122EDAAF1F6CE047965CA92 ] CompositeBus C:\Windows\System32\drivers\CompositeBus.sys
20:27:59.0295 9208 CompositeBus - ok
20:27:59.0295 9208 COMSysApp - ok
20:27:59.0310 9208 [ D9CB0782AF819548072AA45B70F8B22D ] condrv C:\Windows\system32\drivers\condrv.sys
20:27:59.0342 9208 condrv - ok
20:27:59.0405 9208 [ 5C501AAB5DAB5FC5A88FC0CE3BD9E0B0 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
20:27:59.0420 9208 cphs - ok
20:27:59.0436 9208 [ F0E78B119D12BA81F163D48C0FF30B9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:27:59.0467 9208 CryptSvc - ok
20:27:59.0467 9208 [ C4D01BD86D6B207275FC143EEA951D75 ] dam C:\Windows\system32\drivers\dam.sys
20:27:59.0499 9208 dam - ok
20:27:59.0515 9208 [ 1EC6E533C954BDDF2A37E7851A7E58FD ] DcomLaunch C:\Windows\system32\rpcss.dll
20:27:59.0562 9208 DcomLaunch - ok
20:27:59.0578 9208 [ C8650D1F61149AA546BDBC99172EBBC1 ] defragsvc C:\Windows\System32\defragsvc.dll
20:27:59.0640 9208 defragsvc - ok
20:27:59.0640 9208 [ 5EAEF67AE2AF4D2DC664B649DB7B2E16 ] DeviceAssociationService C:\Windows\system32\das.dll
20:27:59.0671 9208 DeviceAssociationService - ok
20:27:59.0687 9208 [ 799BE46D45D486704CE0F37CA5385262 ] DeviceInstall C:\Windows\system32\umpnpmgr.dll
20:27:59.0703 9208 DeviceInstall - ok
20:27:59.0703 9208 [ 09D9EB9E7898F8E6561473A20CC808B9 ] Dfsc C:\Windows\system32\Drivers\dfsc.sys
20:27:59.0734 9208 Dfsc - ok
20:27:59.0734 9208 [ 9E0E72222264745ADEB0E5AC680B0ED6 ] Dhcp C:\Windows\system32\dhcpcore.dll
20:27:59.0796 9208 Dhcp - ok
20:27:59.0796 9208 [ 3C736FAE17BA6F91BA37594AAB139CD0 ] discache C:\Windows\system32\drivers\discache.sys
20:27:59.0843 9208 discache - ok
20:27:59.0843 9208 [ 560495FF4CA22E1D9B1972FA18F43B6F ] disk C:\Windows\system32\drivers\disk.sys
20:27:59.0859 9208 disk - ok
20:27:59.0859 9208 [ 82A7C72593793FE1EADA7A305BD1567A ] dmvsc C:\Windows\System32\drivers\dmvsc.sys
20:27:59.0875 9208 dmvsc - ok
20:27:59.0875 9208 [ 066B9710B36AB550E01EEFCA52155968 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:27:59.0906 9208 Dnscache - ok
20:27:59.0906 9208 [ 9949AD2ABA168A618D46C799D6CC898C ] dot3svc C:\Windows\System32\dot3svc.dll
20:27:59.0937 9208 dot3svc - ok
20:27:59.0953 9208 [ 109FC3F80BF4F4DC5A071058074F13C1 ] DPS C:\Windows\system32\dps.dll
20:27:59.0968 9208 DPS - ok
20:27:59.0968 9208 [ 9C7C183F937951AE17C5B8B3259CF3FF ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:27:59.0984 9208 drmkaud - ok
20:28:00.0000 9208 [ BF48F32EE248C3D371DA5DC93BBEADA7 ] DsmSvc C:\Windows\System32\DeviceSetupManager.dll
20:28:00.0032 9208 DsmSvc - ok
20:28:00.0079 9208 [ ED120AA770A78B5079F8C7BB5AF8A035 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:28:00.0157 9208 DXGKrnl - ok
20:28:00.0157 9208 [ 58BA473DD88F5FC1932282BA683AA03E ] Eaphost C:\Windows\System32\eapsvc.dll
20:28:00.0188 9208 Eaphost - ok
20:28:00.0282 9208 [ 5AB97B3282D7D6114949D1EB5C8598E4 ] ebdrv C:\Windows\system32\drivers\evbda.sys
20:28:00.0423 9208 ebdrv - ok
20:28:00.0438 9208 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
20:28:00.0454 9208 eeCtrl - ok
20:28:00.0454 9208 [ F702AB6181513303AB0FC8D59E52708B ] EFS C:\Windows\System32\lsass.exe
20:28:00.0469 9208 EFS - ok
20:28:00.0469 9208 [ 66D60BD9A4C05616ABECA2A901475098 ] EhStorClass C:\Windows\system32\drivers\EhStorClass.sys
20:28:00.0485 9208 EhStorClass - ok
20:28:00.0485 9208 [ A61D0F543024E458C0FE32352E1978E2 ] EhStorTcgDrv C:\Windows\system32\drivers\EhStorTcgDrv.sys
20:28:00.0501 9208 EhStorTcgDrv - ok
20:28:00.0501 9208 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:28:00.0516 9208 EraserUtilRebootDrv - ok
20:28:00.0516 9208 [ D790D058D67582DB9C84C2D33695FE6B ] ErrDev C:\Windows\System32\drivers\errdev.sys
20:28:00.0532 9208 ErrDev - ok
20:28:00.0563 9208 esgiguard - ok
20:28:00.0563 9208 [ F9E01C2D9F8BC049E04CF5DC24A5F638 ] EventSystem C:\Windows\system32\es.dll
20:28:00.0594 9208 EventSystem - ok
20:28:00.0610 9208 [ E67E289FA8AA393223AD7F9AFB738FD6 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
20:28:00.0626 9208 EvtEng - ok
20:28:00.0626 9208 [ 7A4D6FEB8C52B3FE855E4DCDF9107E03 ] exfat C:\Windows\system32\drivers\exfat.sys
20:28:00.0641 9208 exfat - ok
20:28:00.0657 9208 [ 60996602A7111FD2D086E803F33E4282 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:28:00.0673 9208 fastfat - ok
20:28:00.0673 9208 [ F0E7F8382ED5E138B0DFA4CB5058BCFE ] Fax C:\Windows\system32\fxssvc.exe
20:28:00.0704 9208 Fax - ok
20:28:00.0704 9208 [ 73B2D11DF0B6E03A0CB0323218ACB3E4 ] fdc C:\Windows\System32\drivers\fdc.sys
20:28:00.0719 9208 fdc - ok
20:28:00.0719 9208 [ 0828E3E7BD77C89149EAD3232BFD38DB ] fdPHost C:\Windows\system32\fdPHost.dll
20:28:00.0766 9208 fdPHost - ok
20:28:00.0766 9208 [ 872506AAB591E8908DF4461475AF92DF ] FDResPub C:\Windows\system32\fdrespub.dll
20:28:00.0782 9208 FDResPub - ok
20:28:00.0798 9208 [ 0588950D93A426F97C7AAADB1A9B0458 ] fhsvc C:\Windows\system32\fhsvc.dll
20:28:00.0813 9208 fhsvc - ok
20:28:00.0829 9208 [ 88A9EBACD1058ABB237A6B4E96E7F397 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:28:00.0829 9208 FileInfo - ok
20:28:00.0829 9208 [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:28:00.0876 9208 Filetrace - ok
20:28:00.0891 9208 [ B1D4C168FF7B8579E3745888658FFB1D ] flpydisk C:\Windows\System32\drivers\flpydisk.sys
20:28:00.0923 9208 flpydisk - ok
20:28:00.0938 9208 [ B33EC133AE4E6C1881D2302D93D2467D ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:28:00.0985 9208 FltMgr - ok
20:28:01.0001 9208 [ 0BCDC0FF11B984162B0CF0FF6E9E0146 ] FontCache C:\Windows\system32\FntCache.dll
20:28:01.0063 9208 FontCache - ok
20:28:01.0063 9208 [ 0B56259F5611787222A04A8F254E51D4 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:28:01.0095 9208 FontCache3.0.0.0 - ok
20:28:01.0095 9208 [ A5F7873A39E4E9FAAAE59B7E9E36B705 ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:28:01.0126 9208 FsDepends - ok
20:28:01.0126 9208 [ A6DD7D491F587F4BC13FB972977DC8E8 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:28:01.0141 9208 Fs_Rec - ok
20:28:01.0157 9208 [ FA228F4BB10DC7ED7E7D131C034E2331 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:28:01.0188 9208 fvevol - ok
20:28:01.0188 9208 [ A969D92973DFA895E7776B4BFE36DBB2 ] FxPPM C:\Windows\System32\drivers\fxppm.sys
20:28:01.0204 9208 FxPPM - ok
20:28:01.0220 9208 [ 52BC441E07A827EBAB70CDC7EAEDB28D ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
20:28:01.0235 9208 gagp30kx - ok
20:28:01.0235 9208 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:28:01.0251 9208 GEARAspiWDM - ok
20:28:01.0251 9208 [ 721F8EEF5E9747F32670DEFF7FB92541 ] gencounter C:\Windows\System32\drivers\vmgencounter.sys
20:28:01.0267 9208 gencounter - ok
20:28:01.0310 9208 [ 14908F4F9005C29DE8F5587E271390EE ] gfibto C:\Windows\system32\drivers\gfibto.sys
20:28:01.0320 9208 gfibto - ok
20:28:01.0335 9208 [ CA18ECFCFFDD638ECE80799A9056B238 ] GPIOClx0101 C:\Windows\system32\Drivers\msgpioclx.sys
20:28:01.0367 9208 GPIOClx0101 - ok
20:28:01.0413 9208 [ 5358678C6370F2ADC5291849F6503262 ] gpsvc C:\Windows\System32\gpsvc.dll
20:28:01.0492 9208 gpsvc - ok
20:28:01.0507 9208 [ C2504AA983B5D411F7D31402E8B57725 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:28:01.0538 9208 HdAudAddService - ok
20:28:01.0554 9208 [ 7D87B5B6C7188D553E11B59DC7F0B111 ] HDAudBus C:\Windows\System32\drivers\HDAudBus.sys
20:28:01.0601 9208 HDAudBus - ok
20:28:01.0617 9208 [ 3F76BBA53D65E85A7F53E7A71082082C ] HidBatt C:\Windows\System32\drivers\HidBatt.sys
20:28:01.0648 9208 HidBatt - ok
20:28:01.0663 9208 [ A25BAE8C1F2830C8E5625EC7E4E968BE ] HidBth C:\Windows\System32\drivers\hidbth.sys
20:28:01.0710 9208 HidBth - ok
20:28:01.0710 9208 [ CC4A07E51D89575CAB6F4EB590D87CD4 ] hidi2c C:\Windows\System32\drivers\hidi2c.sys
20:28:01.0742 9208 hidi2c - ok
20:28:01.0742 9208 [ DC96F7DACB777CDEAEF9958A50BFDA06 ] HidIr C:\Windows\System32\drivers\hidir.sys
20:28:01.0773 9208 HidIr - ok
20:28:01.0788 9208 [ FAC37D7B3D6354A5A5E19A45B50B4008 ] hidserv C:\Windows\system32\hidserv.dll
20:28:01.0804 9208 hidserv - ok
20:28:01.0804 9208 [ 590B6F71BCDA4368B4BF7D8DF22B60F7 ] HidUsb C:\Windows\System32\drivers\hidusb.sys
20:28:01.0820 9208 HidUsb - ok
20:28:01.0835 9208 [ 43F884B61A24377567CD0FEB35236334 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:28:01.0835 9208 hkmsvc - ok
20:28:01.0851 9208 [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:28:01.0867 9208 HomeGroupListener - ok
20:28:01.0867 9208 [ E0D9F6FE18FA7F53ADD29AF719CE2B7E ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:28:01.0898 9208 HomeGroupProvider - ok
20:28:01.0898 9208 [ 6515296E8F9D81BB6C4588C4878A9AC1 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
20:28:01.0914 9208 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - warning
20:28:01.0914 9208 HP Support Assistant Service - detected UnsignedFile.Multi.Generic (1)
20:28:01.0914 9208 [ 0C28C65207A2BD4C737A5BCDAB26A430 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
20:28:01.0929 9208 hpdskflt - ok
20:28:01.0945 9208 [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
20:28:01.0965 9208 hpqwmiex - ok
20:28:01.0965 9208 [ 64DB7A8D97CA53DCCF93D0A1E08342CF ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:28:01.0981 9208 HpSAMD - ok
20:28:01.0981 9208 [ 81E3EF01D1883394BDA9B8687B3BFE23 ] hpsrv C:\Windows\system32\Hpservice.exe
20:28:01.0981 9208 hpsrv - ok
20:28:01.0996 9208 [ F50912B0A861ED396F6062E79C37A4A7 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
20:28:01.0996 9208 HPWMISVC - ok
20:28:02.0012 9208 [ 29CB98187BB5711F7759540976D295FC ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:28:02.0043 9208 HTTP - ok
20:28:02.0043 9208 [ 2A98301068801700906C06649860FE94 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:28:02.0059 9208 hwpolicy - ok
20:28:02.0075 9208 [ DC76901D82097C9E297F20C287CB9A27 ] hyperkbd C:\Windows\System32\drivers\hyperkbd.sys
20:28:02.0106 9208 hyperkbd - ok
20:28:02.0121 9208 [ 716413AB3CA12DE0A7222D28C1C9352C ] HyperVideo C:\Windows\system32\DRIVERS\HyperVideo.sys
20:28:02.0137 9208 HyperVideo - ok
20:28:02.0153 9208 [ C9E9CBF73AFFBFE3E801EFB516787BA3 ] i8042prt C:\Windows\System32\drivers\i8042prt.sys
20:28:02.0184 9208 i8042prt - ok
20:28:02.0200 9208 [ 050F2539E14F9D5E90A4B61738EC29BD ] iaStorA C:\Windows\system32\drivers\iaStorA.sys
20:28:02.0231 9208 iaStorA - ok
20:28:02.0246 9208 [ 5E394EBD26FD68AA9300332C46BEDD62 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:28:02.0278 9208 iaStorV - ok
20:28:02.0278 9208 [ 43E864824FCEBEE7119E1572B2703EB9 ] iBtFltCoex C:\Windows\system32\DRIVERS\iBtFltCoex.sys
20:28:02.0278 9208 iBtFltCoex - ok
20:28:02.0293 9208 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130505.002\IDSvia64.sys
20:28:02.0309 9208 IDSVia64 - ok
20:28:02.0481 9208 [ 28388795BDF79464E8FDADB127671734 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
20:28:02.0669 9208 igfx - ok
20:28:02.0685 9208 [ 24847A06B84339FEEDE5CABF3D27D320 ] iirsp C:\Windows\system32\drivers\iirsp.sys
20:28:02.0716 9208 iirsp - ok
20:28:02.0716 9208 [ F2C300C2E56F016B485B88080CD7D2FE ] ikbevent C:\Windows\system32\DRIVERS\ikbevent.sys
20:28:02.0732 9208 ikbevent - ok
20:28:02.0747 9208 [ 531B5A98145DA689741A0AC18F14EA94 ] IKEEXT C:\Windows\System32\ikeext.dll
20:28:02.0810 9208 IKEEXT - ok
20:28:02.0810 9208 [ C1A5061D6E5C328AE030C34B8AAC5C5C ] imsevent C:\Windows\system32\DRIVERS\imsevent.sys
20:28:02.0841 9208 imsevent - ok
20:28:02.0857 9208 [ FD2032D2EAE8D7F3381EBA5FA3E7FEEA ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
20:28:02.0872 9208 intaud_WaveExtensible - ok
20:28:02.0888 9208 [ F5495B38BFB9149925F54F65AB40EFBF ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
20:28:02.0935 9208 IntcDAud - ok
20:28:02.0951 9208 [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
20:28:02.0982 9208 Intel(R) Capability Licensing Service Interface - ok
20:28:02.0982 9208 [ 4F37726CF764CA18A8A84F85EF3A7F24 ] intelide C:\Windows\system32\drivers\intelide.sys
20:28:02.0998 9208 intelide - ok
20:28:03.0013 9208 [ E15CDF68DD73423F15D4AC404793AF0D ] intelppm C:\Windows\System32\drivers\intelppm.sys
20:28:03.0029 9208 intelppm - ok
20:28:03.0044 9208 [ 8FCA66234A0933D796BB780B7953BAB9 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:28:03.0060 9208 IpFilterDriver - ok
20:28:03.0091 9208 [ C217B8D2E58C57A319B16125C3D4B69C ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:28:03.0123 9208 iphlpsvc - ok
20:28:03.0123 9208 [ 6E98A046A12AA113F8898AA5D612BD6E ] IPMIDRV C:\Windows\System32\drivers\IPMIDrv.sys
20:28:03.0154 9208 IPMIDRV - ok
20:28:03.0169 9208 [ 3969B9C218DD3FAA9F4ED2FFC3651C02 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:28:03.0201 9208 IPNAT - ok
20:28:03.0216 9208 [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:28:03.0248 9208 iPod Service - ok
20:28:03.0263 9208 [ 25CD7C4BB2863FFC2B0B311F0AEBF77C ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:28:03.0279 9208 IRENUM - ok
20:28:03.0279 9208 [ 4D9B9A794F22415B8C3E0CCFBE61BC7A ] irstrtdv C:\Windows\System32\drivers\irstrtdv.sys
20:28:03.0294 9208 irstrtdv - ok
20:28:03.0341 9208 [ E145E934392E7A49FDC6775AC3A347F8 ] irstrtsv C:\Windows\SysWOW64\irstrtsv.exe
20:28:03.0357 9208 irstrtsv - ok
20:28:03.0357 9208 [ D940C5BB9DC92E588533C19ABCC3D2C2 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:28:03.0373 9208 isapnp - ok
20:28:03.0388 9208 [ 69C8BF0BC2B0EA10F130F4D3104DC2EF ] iScsiPrt C:\Windows\System32\drivers\msiscsi.sys
20:28:03.0419 9208 iScsiPrt - ok
20:28:03.0419 9208 [ 5AB18D8055A4280C0F377A6262F3157E ] ISCT C:\Windows\System32\drivers\ISCTD64.sys
20:28:03.0435 9208 ISCT - ok
20:28:03.0435 9208 [ 4A5810FD46E6CB2C6E689BAB9AAB11D7 ] ISCTAgent C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
20:28:03.0451 9208 ISCTAgent - ok
20:28:03.0466 9208 [ C59B9CE2855E667809F9E63C20FC44A5 ] iwdbus C:\Windows\System32\drivers\iwdbus.sys
20:28:03.0466 9208 iwdbus - ok
20:28:03.0529 9208 [ 3C4002D339491AF73D663FFC7F6E5ECB ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
20:28:03.0544 9208 jhi_service - ok
20:28:03.0560 9208 [ 8FBD94B69D6423E20ABCD59D86368B21 ] kbdclass C:\Windows\System32\drivers\kbdclass.sys
20:28:03.0591 9208 kbdclass - ok
20:28:03.0591 9208 [ E88C932ABDF8185A62C8F2FC7B051FB6 ] kbdhid C:\Windows\System32\drivers\kbdhid.sys
20:28:03.0638 9208 kbdhid - ok
20:28:03.0654 9208 [ FB6C185092E18011EF49989425C2AA87 ] kdnic C:\Windows\system32\DRIVERS\kdnic.sys
20:28:03.0685 9208 kdnic - ok
20:28:03.0685 9208 [ F702AB6181513303AB0FC8D59E52708B ] KeyIso C:\Windows\system32\lsass.exe
20:28:03.0716 9208 KeyIso - ok
20:28:03.0732 9208 [ DFA480F6DED551464F3A5B959F437800 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:28:03.0763 9208 KSecDD - ok
20:28:03.0779 9208 [ 127FB0AAD232BAAD2C9BBACD374F4FC5 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:28:03.0810 9208 KSecPkg - ok
20:28:03.0810 9208 [ 81492FEEBF2F26455B00EE8DBAE8A1B0 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:28:03.0841 9208 ksthunk - ok
20:28:03.0857 9208 [ 5825DBACEDC3812B5CF8D40B997BF210 ] KtmRm C:\Windows\system32\msdtckrm.dll
20:28:03.0888 9208 KtmRm - ok
20:28:03.0888 9208 [ 256EE31588257E8A555DBFAA13F1908E ] LanmanServer C:\Windows\system32\srvsvc.dll
20:28:03.0935 9208 LanmanServer - ok
20:28:03.0935 9208 [ 16650912BE5A94B40E0B3B4C39652B56 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:28:03.0982 9208 LanmanWorkstation - ok
20:28:03.0982 9208 [ CEEFD29FC551F289810B0B9381B321DC ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:28:04.0013 9208 lltdio - ok
20:28:04.0029 9208 [ BCF53485E0A94722CDE3C4A93CD8EB8C ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:28:04.0044 9208 lltdsvc - ok
20:28:04.0060 9208 [ 5A2F7F1CBC2E631A497DAD16164E06D2 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:28:04.0076 9208 lmhosts - ok
20:28:04.0091 9208 [ 4269D44BB47A6DA5D80B11F4C8536458 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
20:28:04.0107 9208 LMS - ok
20:28:04.0123 9208 [ 022CDD12161B063D7852B1075BF3FFF2 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
20:28:04.0138 9208 LSI_SAS - ok
20:28:04.0138 9208 [ 07AD59D669B996F29F91817F0ECFA34F ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
20:28:04.0169 9208 LSI_SAS2 - ok
20:28:04.0169 9208 [ 216FB796AA4E252ACCE93B1BCB80B5EC ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
20:28:04.0185 9208 LSI_SCSI - ok
20:28:04.0201 9208 [ 5E80530AF37102488EE980B4A92AF99F ] LSI_SSS C:\Windows\system32\drivers\lsi_sss.sys
20:28:04.0216 9208 LSI_SSS - ok
20:28:04.0232 9208 [ A57BA284F5996FFD32DCDBC41A4657DB ] LSM C:\Windows\System32\lsm.dll
20:28:04.0341 9208 LSM - ok
20:28:04.0357 9208 [ 2BDC5D711FA61307CE6190D47C956368 ] luafv C:\Windows\system32\drivers\luafv.sys
20:28:04.0404 9208 luafv - ok
20:28:04.0404 9208 [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
20:28:04.0419 9208 McComponentHostService - ok
20:28:04.0435 9208 [ 9B0D829C3BE4E7472DB9DD2B79908E3C ] megasas C:\Windows\system32\drivers\megasas.sys
20:28:04.0451 9208 megasas - ok
20:28:04.0451 9208 [ ECC3F54C7AFC318271C4F0B4606D8DB0 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
20:28:04.0482 9208 MegaSR - ok
20:28:04.0498 9208 [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64 C:\Windows\System32\drivers\HECIx64.sys
20:28:04.0498 9208 MEIx64 - ok
20:28:04.0513 9208 [ EEE908BE7143FCA48CF0CB87214E2AB8 ] MMCSS C:\Windows\system32\mmcss.dll
20:28:04.0529 9208 MMCSS - ok
20:28:04.0529 9208 [ 780098AD5DA8A4822E2563984C85EF7B ] Modem C:\Windows\system32\drivers\modem.sys
20:28:04.0563 9208 Modem - ok
20:28:04.0563 9208 [ EA8EAD3F5B762F889CC7F3966625B48B ] monitor C:\Windows\System32\drivers\monitor.sys
20:28:04.0578 9208 monitor - ok
20:28:04.0594 9208 [ 618446B98C79776654340CE27C73485E ] mouclass C:\Windows\System32\drivers\mouclass.sys
20:28:04.0609 9208 mouclass - ok
20:28:04.0609 9208 [ C0ADEBED913295803B579ED288936CBB ] mouhid C:\Windows\System32\drivers\mouhid.sys
20:28:04.0625 9208 mouhid - ok
20:28:04.0641 9208 [ 89D263DBF08119CE16273991C120D6DD ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:28:04.0656 9208 mountmgr - ok
20:28:04.0656 9208 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:28:04.0672 9208 MozillaMaintenance - ok
20:28:04.0688 9208 [ 0D1609DD82C7440F5D5BF21A9D4D5C0C ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:28:04.0703 9208 mpsdrv - ok
20:28:04.0719 9208 [ 3031573A739DBEE8923851929D0AF423 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:28:04.0750 9208 MpsSvc - ok
20:28:04.0766 9208 [ 3D70147F55F1EC84EB9139ED7FFE48BC ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:28:04.0844 9208 MRxDAV - ok
20:28:04.0859 9208 [ 93179D48066918323628CB016D8C94DC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:28:04.0906 9208 mrxsmb - ok
20:28:04.0906 9208 [ 06D5F2FA3C61E8EA91648EA8E9F99FD3 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:28:04.0938 9208 mrxsmb10 - ok
20:28:04.0953 9208 [ 5C7DD2E5759FFCCD2C7341C1B90F2B26 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:28:04.0969 9208 mrxsmb20 - ok
20:28:04.0969 9208 [ 98487487D6B3797CA927E9D7B030AE13 ] MsBridge C:\Windows\system32\DRIVERS\bridge.sys
20:28:05.0000 9208 MsBridge - ok
20:28:05.0000 9208 [ 4A07458EB4F17573BD39F22029A991C1 ] MSDTC C:\Windows\System32\msdtc.exe
20:28:05.0031 9208 MSDTC - ok
20:28:05.0031 9208 [ 3886F1F2A4D2900ABAA7E4486BEEE6A2 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:28:05.0063 9208 Msfs - ok
20:28:05.0063 9208 [ C32A7A39B960A42BA9D4FBE47213CA03 ] msgpiowin32 C:\Windows\System32\drivers\msgpiowin32.sys
20:28:05.0078 9208 msgpiowin32 - ok
20:28:05.0094 9208 [ D3857A767B91A061B408CCAB02DA4F40 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:28:05.0109 9208 mshidkmdf - ok
20:28:05.0109 9208 [ 839B48910FB1E887635C48F3EC11A05E ] mshidumdf C:\Windows\System32\drivers\mshidumdf.sys
20:28:05.0125 9208 mshidumdf - ok
20:28:05.0125 9208 [ 55C0DB741E3AB7463242B185B1C2997C ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:28:05.0141 9208 msisadrv - ok
20:28:05.0156 9208 [ 216C6B035A4BA5560E1255BD8E5BB89F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:28:05.0188 9208 MSiSCSI - ok
20:28:05.0188 9208 msiserver - ok
20:28:05.0188 9208 [ 509809566E49F4411055864EA8D437CD ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:28:05.0219 9208 MSKSSRV - ok
20:28:05.0281 9208 [ 63145201D6458E4958E572E7D6FC2604 ] MsLldp C:\Windows\system32\DRIVERS\mslldp.sys
20:28:05.0328 9208 MsLldp - ok
20:28:05.0344 9208 [ 99D526E803DB6D7FF290FD98B6204641 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:28:05.0391 9208 MSPCLOCK - ok
20:28:05.0406 9208 [ 06FA77C3E2A491ADCD704C5E73006269 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:28:05.0438 9208 MSPQM - ok
20:28:05.0453 9208 [ E134EC4DE11CF78CB01432D180710D84 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:28:05.0500 9208 MsRPC - ok
20:28:05.0516 9208 [ B5AECF12F09DEE97C9FCAA5BA016CE1E ] mssmbios C:\Windows\System32\drivers\mssmbios.sys
20:28:05.0547 9208 mssmbios - ok
20:28:05.0547 9208 [ 72D66A05E0F99F2528F6C6204FD22AA1 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:28:05.0578 9208 MSTEE - ok
20:28:05.0594 9208 [ 8AAAE399FC255FA105D4158CBA289001 ] MTConfig C:\Windows\System32\drivers\MTConfig.sys
20:28:05.0625 9208 MTConfig - ok
20:28:05.0641 9208 [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A ] Mup C:\Windows\system32\Drivers\mup.sys
20:28:05.0672 9208 Mup - ok
20:28:05.0688 9208 [ 3A1E095277BBD406CEA8EA6B76950664 ] mvumis C:\Windows\system32\drivers\mvumis.sys
20:28:05.0719 9208 mvumis - ok
20:28:05.0735 9208 [ 431F065E2A99FC3C670BD20694117C8B ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
20:28:05.0766 9208 MyWiFiDHCPDNS - ok
20:28:05.0781 9208 [ 4B18840511D720BA118D3017E8165875 ] napagent C:\Windows\system32\qagentRT.dll
20:28:05.0828 9208 napagent - ok
20:28:05.0844 9208 [ 43D7388A90A4C6EA346A4D6FF0377479 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:28:05.0875 9208 NativeWifiP - ok
20:28:05.0875 9208 [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130506.006\ENG64.SYS
20:28:05.0891 9208 NAVENG - ok
20:28:05.0953 9208 [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130506.006\EX64.SYS
20:28:06.0031 9208 NAVEX15 - ok
20:28:06.0047 9208 [ 6A0C3996DA7DAE6D6939676D786EEEC4 ] NcaSvc C:\Windows\System32\ncasvc.dll
20:28:06.0094 9208 NcaSvc - ok
20:28:06.0110 9208 [ C982FE4CC91DECE2259F494FCEB4030F ] NcdAutoSetup C:\Windows\System32\NcdAutoSetup.dll
20:28:06.0141 9208 NcdAutoSetup - ok
20:28:06.0157 9208 [ 03CFE4108D1DE16D6C59455B5C73319C ] NDIS C:\Windows\system32\drivers\ndis.sys
20:28:06.0203 9208 NDIS - ok
20:28:06.0203 9208 [ 39C8A1D9D46F5E83A016BCAB72455284 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:28:06.0219 9208 NdisCap - ok
20:28:06.0235 9208 [ 762941932B7E4C588E48A577BA9D6440 ] NdisImPlatform C:\Windows\system32\DRIVERS\NdisImPlatform.sys
20:28:06.0250 9208 NdisImPlatform - ok
20:28:06.0266 9208 [ 7A6F8A6D0E01432EBA294EF29CDD0FA7 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:28:06.0282 9208 NdisTapi - ok
20:28:06.0282 9208 [ 79AB68BB3FFF974AD4F41FA559F4EC67 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:28:06.0313 9208 Ndisuio - ok
20:28:06.0313 9208 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:28:06.0328 9208 NdisWan - ok
20:28:06.0344 9208 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NDISWANLEGACY C:\Windows\system32\DRIVERS\ndiswan.sys
20:28:06.0344 9208 NDISWANLEGACY - ok
20:28:06.0360 9208 [ CE6EBC0AD38CC6482D8FBB744FF15CE2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:28:06.0360 9208 NDProxy - ok
20:28:06.0375 9208 [ D3F60A4345FCA9C1BE68AD7D0D6DE770 ] Ndu C:\Windows\system32\drivers\Ndu.sys
20:28:06.0391 9208 Ndu - ok
20:28:06.0391 9208 [ 7C203A76394F9AE68F69EEE5F9612C4A ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:28:06.0407 9208 NetBIOS - ok
20:28:06.0422 9208 [ 7CEC25C682D319D484630B3952C31A11 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:28:06.0438 9208 NetBT - ok
20:28:06.0453 9208 [ F702AB6181513303AB0FC8D59E52708B ] Netlogon C:\Windows\system32\lsass.exe
20:28:06.0453 9208 Netlogon - ok
20:28:06.0469 9208 [ 89519D29CBEC2121CA65CC29C4D345E0 ] Netman C:\Windows\System32\netman.dll
20:28:06.0485 9208 Netman - ok
20:28:06.0500 9208 [ 5FF52E13C72838D87DAF228EC9E92C89 ] netprofm C:\Windows\System32\netprofmsvc.dll
20:28:06.0516 9208 netprofm - ok
20:28:06.0547 9208 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:28:06.0578 9208 NetTcpPortSharing - ok
20:28:06.0657 9208 [ A92DECBD3D9624F298A49A2B25EDE3B0 ] NETwNe64 C:\Windows\system32\DRIVERS\NETwew00.sys
20:28:06.0782 9208 NETwNe64 - ok
20:28:06.0782 9208 [ 12DD2800E4EEA37DC9AE256AD62423B4 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
20:28:06.0797 9208 nfrd960 - ok
20:28:06.0797 9208 [ 241BD3019FB31E812A51B31B06906335 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe
20:28:06.0813 9208 NIS - ok
20:28:06.0828 9208 [ 80ABCD4C2DE9FD832477303AE0CA3BE5 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:28:06.0891 9208 NlaSvc - ok
20:28:06.0891 9208 [ 17E19A742FB30C002F8B43575451DBE1 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:28:06.0917 9208 Npfs - ok
20:28:06.0932 9208 [ 8ED299C30792544264E558BEA79F0947 ] npsvctrig C:\Windows\System32\drivers\npsvctrig.sys
20:28:06.0963 9208 npsvctrig - ok
20:28:06.0995 9208 [ 832B5FDF0B5577713FD7F2465FCD0ACE ] nsi C:\Windows\system32\nsisvc.dll
20:28:07.0026 9208 nsi - ok
20:28:07.0026 9208 [ 689B3B1E95C70ABF7AFF29F9406EF1E0 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:28:07.0057 9208 nsiproxy - ok
20:28:07.0120 9208 [ 76929F4A69E425911A63B407E26C2589 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:28:07.0198 9208 Ntfs - ok
20:28:07.0198 9208 [ 4163ADE07DB51843AE31F65B94F5398D ] Null C:\Windows\system32\drivers\Null.sys
20:28:07.0213 9208 Null - ok
20:28:07.0213 9208 [ D6D34118263412D3AAA8348A9572B7F2 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:28:07.0229 9208 nvraid - ok
20:28:07.0229 9208 [ 27AFC428D1D32ABD04A86763A4EDDEA9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:28:07.0245 9208 nvstor - ok
20:28:07.0245 9208 [ 051CFB5107BAAE510419BDC41F8C4036 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:28:07.0260 9208 nv_agp - ok
20:28:07.0338 9208 [ E0506331F0454C347B28B2AE4BD14636 ] OfficeSvc C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
20:28:07.0401 9208 OfficeSvc - ok
20:28:07.0401 9208 [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:28:07.0417 9208 ose - ok
20:28:07.0417 9208 [ AB76700D764A342D7475FB8F47CAB18C ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:28:07.0432 9208 p2pimsvc - ok
20:28:07.0448 9208 [ 4319FD931DCD796435ECB5DB4A04FBA5 ] p2psvc C:\Windows\system32\p2psvc.dll
20:28:07.0463 9208 p2psvc - ok
20:28:07.0479 9208 [ 4563DAF8C6A740AD7F501E219BD10766 ] Parport C:\Windows\System32\drivers\parport.sys
20:28:07.0510 9208 Parport - ok
20:28:07.0526 9208 [ D6ACCF9F2EEEEA711C14EFD976E573F3 ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:28:07.0542 9208 partmgr - ok
20:28:07.0557 9208 [ 19E41F140A6ADBD38943710DA7FF0E38 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:28:07.0620 9208 PcaSvc - ok
20:28:07.0620 9208 [ 4A003E8F718C1E6A2050CA98CD53E3E2 ] pci C:\Windows\system32\drivers\pci.sys
20:28:07.0651 9208 pci - ok
20:28:07.0667 9208 [ F9908D274D458220F91E89B54D78D837 ] pciide C:\Windows\system32\drivers\pciide.sys
20:28:07.0682 9208 pciide - ok
20:28:07.0698 9208 [ 84D19CB6102627932DCB5DFDF89FE269 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
20:28:07.0729 9208 pcmcia - ok
20:28:07.0745 9208 [ CEBBAD5391C2644560C55628A40BFD27 ] pcw C:\Windows\system32\drivers\pcw.sys
20:28:07.0760 9208 pcw - ok
20:28:07.0776 9208 [ 0698DEDEAD6A00AD0D468C687D830FBF ] pdc C:\Windows\system32\drivers\pdc.sys
20:28:07.0792 9208 pdc - ok
20:28:07.0823 9208 [ 70DBB6A8B52B3830922F1C5789E1BEEB ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:28:07.0854 9208 PEAUTH - ok
20:28:07.0901 9208 [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:28:07.0964 9208 PerfHost - ok
20:28:08.0010 9208 [ 6E84BFF58F7643499277F29DFA2F8C8D ] pla C:\Windows\system32\pla.dll
20:28:08.0057 9208 pla - ok
20:28:08.0057 9208 [ 799BE46D45D486704CE0F37CA5385262 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:28:08.0073 9208 PlugPlay - ok
20:28:08.0073 9208 [ 8E2414E818C26C4A9C70CB2B8567F04F ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:28:08.0089 9208 PNRPAutoReg - ok
20:28:08.0104 9208 [ AB76700D764A342D7475FB8F47CAB18C ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:28:08.0120 9208 PNRPsvc - ok
20:28:08.0120 9208 [ 0108C8E5176D590F242701EF5A62CC26 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:28:08.0135 9208 PolicyAgent - ok
20:28:08.0151 9208 [ F1E067F56373F11EA4B785CAE823740A ] Power C:\Windows\system32\umpo.dll
20:28:08.0167 9208 Power - ok
20:28:08.0167 9208 [ 362D47E5B4D67270DE4B8606036F4ADD ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:28:08.0198 9208 PptpMiniport - ok
20:28:08.0292 9208 [ 9D59831262CAD44E709D695FC9D5E7AB ] PrintNotify C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
20:28:08.0417 9208 PrintNotify - ok
20:28:08.0432 9208 [ DD979EB6A7212F60E4AFBE96EDC7AE6D ] Processor C:\Windows\System32\drivers\processr.sys
20:28:08.0448 9208 Processor - ok
20:28:08.0464 9208 [ 429E8502AD2227CF88F8840FC5BD590D ] ProfSvc C:\Windows\system32\profsvc.dll
20:28:08.0479 9208 ProfSvc - ok
20:28:08.0495 9208 [ EB8034147D4820CD31BFCB11A2A652DF ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:28:08.0510 9208 Psched - ok
20:28:08.0526 9208 [ 0AFBF333B6F87A2F598EAB379AF100B8 ] QWAVE C:\Windows\system32\qwave.dll
20:28:08.0557 9208 QWAVE - ok
20:28:08.0557 9208 [ 13D47BB0CCA2FC51BD15F8E85C6A078E ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:28:08.0573 9208 QWAVEdrv - ok
20:28:08.0573 9208 [ 873C60F8178100557740A832FCE10B5F ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:28:08.0604 9208 RasAcd - ok
20:28:08.0604 9208 [ 69B93F623B130976243ECA3D84CC99CA ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:28:08.0635 9208 RasAgileVpn - ok
20:28:08.0635 9208 [ 005F6E54C4A2DA4EBF68FB0392CE8BB0 ] RasAuto C:\Windows\System32\rasauto.dll
20:28:08.0667 9208 RasAuto - ok
20:28:08.0667 9208 [ A14D625C5AEE5FFE0F47D1A1D419FAAE ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:28:08.0698 9208 Rasl2tp - ok
20:28:08.0714 9208 [ C923C785A2DE0B396AD6D13ACAFF2DE9 ] RasMan C:\Windows\System32\rasmans.dll
20:28:08.0745 9208 RasMan - ok
20:28:08.0760 9208 [ 00695B9C2DB6111064499C529E90C042 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:28:08.0776 9208 RasPppoe - ok
20:28:08.0776 9208 [ A7F24D8CD1956B0A1FDCB86CC5114DE4 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:28:08.0807 9208 RasSstp - ok
20:28:08.0839 9208 [ B72C33DBD5326B3864CF2091AF8B906B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:28:08.0885 9208 rdbss - ok
20:28:08.0885 9208 [ CA7DF5EC95D8DE0DD24BE7FF97369F68 ] rdpbus C:\Windows\System32\drivers\rdpbus.sys
20:28:08.0932 9208 rdpbus - ok
20:28:08.0948 9208 [ B2A3AD74FF2E2FFA73AF2567108231B3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
20:28:08.0995 9208 RDPDR - ok
20:28:09.0010 9208 [ 57F4787E4602A3FCA719C0A33137C6DA ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:28:09.0042 9208 RdpVideoMiniport - ok
20:28:09.0057 9208 [ B3CB0721E81E30419CE7D837EF4EA151 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:28:09.0104 9208 RDPWD - ok
20:28:09.0104 9208 [ 62C1F8A0685FE07E998AA296C4F697C4 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:28:09.0135 9208 rdyboost - ok
20:28:09.0151 9208 [ D4F8266D63800FF9ACFAC838005A974C ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
20:28:09.0167 9208 RegSrvc - ok
20:28:09.0167 9208 [ 3663CCF243EE0C04E9F6F91ED1737273 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:28:09.0198 9208 RemoteAccess - ok
20:28:09.0214 9208 [ E80DD61E52EDFFF9DA1ED7260A68855B ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:28:09.0245 9208 RemoteRegistry - ok
20:28:09.0260 9208 [ CCBFCABDFE2BC22F0645CEAADDB36004 ] RFCOMM C:\Windows\System32\drivers\rfcomm.sys
20:28:09.0276 9208 RFCOMM - ok
20:28:09.0276 9208 [ 73F2E030B5C24E4E41401B5F0D59E6FD ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:28:09.0323 9208 RpcEptMapper - ok
20:28:09.0323 9208 [ 10B21284B3D964AB3DC45490E57D422E ] RpcLocator C:\Windows\system32\locator.exe
20:28:09.0323 9208 RpcLocator - ok
20:28:09.0339 9208 [ 1EC6E533C954BDDF2A37E7851A7E58FD ] RpcSs C:\Windows\system32\rpcss.dll
20:28:09.0370 9208 RpcSs - ok
20:28:09.0370 9208 [ DCEBA2327CE4F5B735B80BEC9E9CEE72 ] RSBASTOR C:\Windows\system32\DRIVERS\RtsBaStor.sys
20:28:09.0385 9208 RSBASTOR - ok
20:28:09.0385 9208 [ E04E770DD198B9399640717145E79EBF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:28:09.0401 9208 rspndr - ok
20:28:09.0417 9208 [ 34DA0D14F5C3F1883A331AFB975AB434 ] RTL8168 C:\Windows\system32\DRIVERS\Rt630x64.sys
20:28:09.0432 9208 RTL8168 - ok
20:28:09.0432 9208 [ 752EC7DCD2F96871A3857EEE6AFE965A ] s3cap C:\Windows\System32\drivers\vms3cap.sys
20:28:09.0464 9208 s3cap - ok
20:28:09.0464 9208 [ F702AB6181513303AB0FC8D59E52708B ] SamSs C:\Windows\system32\lsass.exe
20:28:09.0479 9208 SamSs - ok
20:28:09.0495 9208 [ 9C7B28CE0D136DB226E24DB3BC817F92 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:28:09.0510 9208 sbp2port - ok
20:28:09.0526 9208 [ 14316954FCE79C9DE5A0AFF9D42C83AA ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:28:09.0557 9208 SCardSvr - ok
20:28:09.0573 9208 [ 5D7733A12756B267FCA021672B26BC9E ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:28:09.0589 9208 scfilter - ok
20:28:09.0620 9208 [ EDCDF4DB82EF825B94B190D544C8C58B ] Schedule C:\Windows\system32\schedsvc.dll
20:28:09.0714 9208 Schedule - ok
20:28:09.0729 9208 [ BAF8F0F55BC300E5F882E521F054E345 ] SCPolicySvc C:\Windows\System32\certprop.dll
20:28:09.0760 9208 SCPolicySvc - ok
20:28:09.0776 9208 [ 047315E75392CEA447ACC86257824C16 ] sdbus C:\Windows\System32\drivers\sdbus.sys
20:28:09.0807 9208 sdbus - ok
20:28:09.0823 9208 [ 92968277ED491E4B3DDA361E3952361E ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:28:09.0870 9208 SDRSVC - ok
20:28:09.0870 9208 [ BB107AA9980B0DA4E19A3A90C3BD4460 ] sdstor C:\Windows\System32\drivers\sdstor.sys
20:28:09.0901 9208 sdstor - ok
20:28:09.0917 9208 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:28:09.0932 9208 secdrv - ok
20:28:09.0932 9208 [ CD282626738B6BC92B6E7CD0AAE95B63 ] seclogon C:\Windows\system32\seclogon.dll
20:28:09.0964 9208 seclogon - ok
20:28:09.0979 9208 [ 9C51620998F0763039DFA6BF68E475ED ] SENS C:\Windows\System32\sens.dll
20:28:10.0010 9208 SENS - ok
20:28:10.0010 9208 [ 0D50B4B860DAB65241628D04CD33ACAE ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:28:10.0026 9208 SensrSvc - ok
20:28:10.0026 9208 [ 87C46B239A7EEF30FDFDD5E9BD46130C ] SerCx C:\Windows\system32\drivers\SerCx.sys
20:28:10.0042 9208 SerCx - ok
20:28:10.0042 9208 [ 7A1F9347C85FD55E39B8A76B3A25C5AD ] Serenum C:\Windows\System32\drivers\serenum.sys
20:28:10.0057 9208 Serenum - ok
20:28:10.0057 9208 [ F640A0A218BBF857F1D04A15D7D939F6 ] Serial C:\Windows\System32\drivers\serial.sys
20:28:10.0073 9208 Serial - ok
20:28:10.0073 9208 [ F1A5F56B2620B862CC28FF96A0A6DAAB ] sermouse C:\Windows\System32\drivers\sermouse.sys
20:28:10.0089 9208 sermouse - ok
20:28:10.0089 9208 [ CB60A60340788C8D6DE2A269D28086AB ] SessionEnv C:\Windows\system32\sessenv.dll
20:28:10.0104 9208 SessionEnv - ok
20:28:10.0120 9208 [ 7EE65419B29302C795714FF8073969A1 ] sfloppy C:\Windows\System32\drivers\sfloppy.sys
20:28:10.0135 9208 sfloppy - ok
20:28:10.0151 9208 [ 090AE16F79C8EAD04E6031F863DA85F3 ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:28:10.0167 9208 SharedAccess - ok
20:28:10.0198 9208 [ A77F3ABE13FCC698511E5DEC7ACEBD5F ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:28:10.0229 9208 ShellHWDetection - ok
20:28:10.0245 9208 [ 2560721D6F16D5B611C36A3A9D28C1B2 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
20:28:10.0245 9208 SiSRaid2 - ok
20:28:10.0245 9208 [ 3AA8FDE1DBF65BB8B88B053529554A0D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
20:28:10.0260 9208 SiSRaid4 - ok
20:28:10.0276 9208 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
20:28:10.0276 9208 SkypeUpdate - ok
20:28:10.0276 9208 [ AF5CC3F9B88F140D78FC967ABF0F4EC7 ] SmbDrv C:\Windows\System32\drivers\Smb_driver_AMDASF.sys
20:28:10.0292 9208 SmbDrv - ok
20:28:10.0292 9208 [ 19555D03CB179BED8B8AAA239A36BDA4 ] SmbDrvI C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys
20:28:10.0307 9208 SmbDrvI - ok
20:28:10.0307 9208 [ E660156A4588A84305CB772FD2C0DB21 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:28:10.0323 9208 SNMPTRAP - ok
20:28:10.0339 9208 [ 739A739DCC5D02FE30EDEADEBD7B9898 ] spaceport C:\Windows\system32\drivers\spaceport.sys
20:28:10.0339 9208 spaceport - ok
20:28:10.0354 9208 [ 3D8679C8DF52EB26EB7583A4E0A29202 ] SpbCx C:\Windows\system32\drivers\SpbCx.sys
20:28:10.0379 9208 SpbCx - ok
20:28:10.0388 9208 [ 3F215BF2D4D8D6756298B25B579772C2 ] Spooler C:\Windows\System32\spoolsv.exe
20:28:10.0420 9208 Spooler - ok
20:28:10.0513 9208 [ EC84D961501054F87A6878EC5D53388F ] sppsvc C:\Windows\system32\sppsvc.exe
20:28:10.0576 9208 sppsvc - ok
20:28:10.0592 9208 [ 378A0748DE5ADF90BF9DB897DA8564E6 ] SRTSP C:\Windows\System32\Drivers\NISx64\1403010.016\SRTSP64.SYS
20:28:10.0607 9208 SRTSP - ok
20:28:10.0607 9208 [ 0E76CEF892C45734F7AED09FDDF35D4D ] SRTSPX C:\Windows\system32\drivers\NISx64\1403010.016\SRTSPX64.SYS
20:28:10.0623 9208 SRTSPX - ok
20:28:10.0638 9208 [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:28:10.0662 9208 srv - ok
20:28:10.0685 9208 [ 9912FDF63EC78E1977083E20DEAE4889 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:28:10.0732 9208 srv2 - ok
20:28:10.0732 9208 [ FD8B4F201B681C555A4AF41922C52557 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:28:10.0748 9208 srvnet - ok
20:28:10.0763 9208 [ 7A20882D76D4A78240A5AC9F2C2EBA21 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:28:10.0779 9208 SSDPSRV - ok
20:28:10.0779 9208 [ D233B16999A8E626F6004BD7814C57EC ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:28:10.0795 9208 SstpSvc - ok
20:28:10.0810 9208 [ F452B51D895D894BF5487057E11D44CF ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
20:28:10.0826 9208 STacSV ( UnsignedFile.Multi.Generic ) - warning
20:28:10.0826 9208 STacSV - detected UnsignedFile.Multi.Generic (1)
20:28:10.0841 9208 [ 4E85355B94CFCB67C135F6521A4895A7 ] stexstor C:\Windows\system32\drivers\stexstor.sys
20:28:10.0841 9208 stexstor - ok
20:28:10.0857 9208 [ B05AEC4014FFDC1793B5CCB6D9BD28D1 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
20:28:10.0873 9208 STHDA - ok
20:28:10.0904 9208 [ BAC8A721736AECC55A4F71523AEAB65F ] stisvc C:\Windows\System32\wiaservc.dll
20:28:10.0954 9208 stisvc - ok
20:28:10.0954 9208 [ B240874B2CA0CD02E8CD11E140B14C57 ] storahci C:\Windows\system32\drivers\storahci.sys
20:28:10.0985 9208 storahci - ok
20:28:11.0001 9208 [ F74DBC95A57B1EE866D3732EB5F79BE2 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
20:28:11.0032 9208 storflt - ok
20:28:11.0032 9208 [ 5337E138B49ED1F44CCBA4073BC35C20 ] StorSvc C:\Windows\system32\storsvc.dll
20:28:11.0063 9208 StorSvc - ok
20:28:11.0063 9208 [ 543CD3CC0E05B8D8815E0D4F040B6F59 ] storvsc C:\Windows\system32\drivers\storvsc.sys
20:28:11.0079 9208 storvsc - ok
20:28:11.0095 9208 [ 8BC1C1ED6EF9C985A3FAA6A72F41679A ] svsvc C:\Windows\system32\svsvc.dll
20:28:11.0126 9208 svsvc - ok
20:28:11.0126 9208 [ 4AFD66AAE74FFB5986BC240744DC5FC9 ] swenum C:\Windows\System32\drivers\swenum.sys
20:28:11.0157 9208 swenum - ok
20:28:11.0173 9208 [ 502F9488540051F3E6C39889ECFA76BB ] swprv C:\Windows\System32\swprv.dll
20:28:11.0235 9208 swprv - ok
20:28:11.0235 9208 [ E174C8BC572E93AEEE1036DEDAC5F225 ] SymDS C:\Windows\system32\drivers\NISx64\1403010.016\SYMDS64.SYS
20:28:11.0267 9208 SymDS - ok
20:28:11.0282 9208 [ 599872BAD7CFB45C7CE47CDED4B726D8 ] SymEFA C:\Windows\system32\drivers\NISx64\1403010.016\SYMEFA64.SYS
20:28:11.0298 9208 SymEFA - ok
20:28:11.0298 9208 [ 42947647F71E9EF2167B42B372F1DDB7 ] SymELAM C:\Windows\system32\drivers\NISx64\1403010.016\SymELAM.sys
20:28:11.0313 9208 SymELAM - ok
20:28:11.0313 9208 [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
20:28:11.0329 9208 SymEvent - ok
20:28:11.0329 9208 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\Windows\system32\drivers\NISx64\1403010.016\Ironx64.SYS
20:28:11.0345 9208 SymIRON - ok
20:28:11.0345 9208 [ 1605EBD8CB86AFC4430116065995279A ] SymNetS C:\Windows\System32\Drivers\NISx64\1403010.016\SYMNETS.SYS
20:28:11.0360 9208 SymNetS - ok
20:28:11.0376 9208 [ 3F45C3FE208CA5E68832B65C597A35A6 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
20:28:11.0392 9208 SynTP - ok
20:28:11.0407 9208 [ DC21E1F06343773D7E24362DCEF7944B ] SysMain C:\Windows\system32\sysmain.dll
20:28:11.0438 9208 SysMain - ok
20:28:11.0438 9208 [ 6FB88606C4A71E1BFAF97D63A676C673 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
20:28:11.0454 9208 SystemEventsBroker - ok
20:28:11.0470 9208 [ A6C06C45C44AD06C70AF8899AEC15BDC ] TabletInputService C:\Windows\System32\TabSvc.dll
20:28:11.0485 9208 TabletInputService - ok
20:28:11.0485 9208 [ 88B7721AB551C4325036B25A34A2BF7B ] TapiSrv C:\Windows\System32\tapisrv.dll
20:28:11.0501 9208 TapiSrv - ok
20:28:11.0521 9208 [ B6D52E2C38B49A156E58FF5B9C6CA8BE ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:28:11.0584 9208 Tcpip - ok
20:28:11.0615 9208 [ B6D52E2C38B49A156E58FF5B9C6CA8BE ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:28:11.0662 9208 TCPIP6 - ok
20:28:11.0662 9208 [ 8F2A13A5DF99D72FDDE87F502A66F989 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:28:11.0740 9208 tcpipreg - ok
20:28:11.0771 9208 [ 73DC722CE5DF26D7638CE2446F2655C7 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:28:11.0803 9208 tdx - ok
20:28:11.0803 9208 [ F7C8AB5D8AFFAA318D6A21093D139BF4 ] terminpt C:\Windows\System32\drivers\terminpt.sys
20:28:11.0834 9208 terminpt - ok
20:28:11.0850 9208 [ 541EE228D0DEF392F7B2DFD885DD021B ] TermService C:\Windows\System32\termsrv.dll
20:28:11.0912 9208 TermService - ok
20:28:11.0928 9208 [ 519A6F672FFF56B7D8EE8C730CEC8ECD ] Themes C:\Windows\system32\themeservice.dll
20:28:11.0987 9208 Themes - ok
20:28:11.0987 9208 [ EEE908BE7143FCA48CF0CB87214E2AB8 ] THREADORDER C:\Windows\system32\mmcss.dll
20:28:12.0018 9208 THREADORDER - ok
20:28:12.0033 9208 [ 4515B9E4140F04FB3907692DF89FCA87 ] TimeBroker C:\Windows\System32\TimeBrokerServer.dll
20:28:12.0096 9208 TimeBroker - ok
20:28:12.0096 9208 [ 6F0BFF80EE2A5BC841286A51F893CBAD ] TPM C:\Windows\system32\drivers\tpm.sys
20:28:12.0127 9208 TPM - ok
20:28:12.0143 9208 [ 8C8CF3041B27E7657ADD0EE17F6DBFCA ] TrkWks C:\Windows\System32\trkwks.dll
20:28:12.0174 9208 TrkWks - ok
20:28:12.0174 9208 [ 8D516AEF3C1DF980664CF17BB1FF6093 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:28:12.0205 9208 TrustedInstaller - ok
20:28:12.0205 9208 [ 4E7C5FB10A50435523DE0CAA37DE2BD3 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:28:12.0221 9208 TsUsbFlt - ok
20:28:12.0237 9208 [ 16D684A820872EE54F6370703AC0B513 ] TsUsbGD C:\Windows\System32\drivers\TsUsbGD.sys
20:28:12.0252 9208 TsUsbGD - ok
20:28:12.0268 9208 [ 78C9EE193AC2B4CBDBC48B620314D740 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:28:12.0299 9208 tunnel - ok
20:28:12.0315 9208 [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A ] uagp35 C:\Windows\system32\drivers\uagp35.sys
20:28:12.0330 9208 uagp35 - ok
20:28:12.0330 9208 [ 6FD6D03B7752C78712E5CFF29A305026 ] UASPStor C:\Windows\System32\drivers\uaspstor.sys
20:28:12.0346 9208 UASPStor - ok
20:28:12.0362 9208 [ 1ED222DFE6C13DA50FE081ABF90CAFE1 ] UCX01000 C:\Windows\System32\drivers\ucx01000.sys
20:28:12.0377 9208 UCX01000 - ok
20:28:12.0393 9208 [ DC5A461591C71AF7F19DC048A81E3F88 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:28:12.0424 9208 udfs - ok
20:28:12.0440 9208 [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:28:12.0455 9208 UI0Detect - ok
20:28:12.0471 9208 [ 07FEBCDF24FABA0D47B635D85A0FFB7A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:28:12.0487 9208 uliagpkx - ok
20:28:12.0487 9208 [ 02CEB3FE6152668A7BA420B93B664860 ] umbus C:\Windows\System32\drivers\umbus.sys
20:28:12.0502 9208 umbus - ok
20:28:12.0518 9208 [ 991EE6B5FC41EAEF99C8AF5B92F2CA09 ] UmPass C:\Windows\System32\drivers\umpass.sys
20:28:12.0533 9208 UmPass - ok
20:28:12.0549 9208 [ 43FEFB040A0CC30F795FBF544169594D ] UmRdpService C:\Windows\System32\umrdp.dll
20:28:12.0587 9208 UmRdpService - ok
20:28:12.0602 9208 [ DBE2E6388379D5CC78099650541E9566 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
20:28:12.0634 9208 UNS - ok
20:28:12.0649 9208 [ 14D22C411854AA2560AFC94CD2D5E61F ] upnphost C:\Windows\System32\upnphost.dll
20:28:12.0712 9208 upnphost - ok
20:28:12.0727 9208 [ C5C45CE1C5B3CC9D5A9826F76709D7A4 ] usb3Hub C:\Windows\System32\drivers\usb3Hub.sys
20:28:12.0743 9208 usb3Hub - ok
20:28:12.0759 9208 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\System32\Drivers\usbaapl64.sys
20:28:12.0790 9208 USBAAPL64 - ok
20:28:12.0790 9208 [ 2AF9F0E16D75B8F783A1ACE74EF51C9B ] usbccgp C:\Windows\System32\drivers\usbccgp.sys
20:28:12.0837 9208 usbccgp - ok
20:28:12.0837 9208 [ B395B62B62F28106218FA6FB17F4C797 ] usbcir C:\Windows\System32\drivers\usbcir.sys
20:28:12.0946 9208 usbcir - ok
20:28:12.0962 9208 [ 52F267AEE8CA5AA5CEB88C6A71EE1E86 ] usbehci C:\Windows\System32\drivers\usbehci.sys
20:28:12.0977 9208 usbehci - ok
20:28:12.0993 9208 [ ADBF89B8E0BB372FEFE2E4B84E1E20AE ] usbhub C:\Windows\System32\drivers\usbhub.sys
20:28:13.0024 9208 usbhub - ok
20:28:13.0040 9208 [ C5986337DE3BF63ABD9ED4D834D34B89 ] USBHUB3 C:\Windows\System32\drivers\UsbHub3.sys
20:28:13.0055 9208 USBHUB3 - ok
20:28:13.0071 9208 [ 325F6179009B5A7F6118951A5BA422AB ] usbohci C:\Windows\System32\drivers\usbohci.sys
20:28:13.0071 9208 usbohci - ok
20:28:13.0087 9208 [ BA3ABE0CD1C14B3295BAD0F076B84CAC ] usbprint C:\Windows\System32\drivers\usbprint.sys
20:28:13.0087 9208 usbprint - ok
20:28:13.0102 9208 [ F77177F6C95B2116EE7AD23B5EF57007 ] USBSTOR C:\Windows\System32\drivers\USBSTOR.SYS
20:28:13.0102 9208 USBSTOR - ok
20:28:13.0118 9208 [ D25EF4A6EC244C5DE85D88A05B7C149D ] usbuhci C:\Windows\System32\drivers\usbuhci.sys
20:28:13.0118 9208 usbuhci - ok
20:28:13.0134 9208 [ 09799E701B4327097E9F63D3FE221083 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
20:28:13.0149 9208 usbvideo - ok
20:28:13.0165 9208 [ 11C0CF143D246E2F0E9BDBF17A0CC70B ] USBXHCI C:\Windows\System32\drivers\USBXHCI.SYS
20:28:13.0180 9208 USBXHCI - ok
20:28:13.0180 9208 [ F702AB6181513303AB0FC8D59E52708B ] VaultSvc C:\Windows\system32\lsass.exe
20:28:13.0196 9208 VaultSvc - ok
20:28:13.0196 9208 [ BACECBFF9C97F7627A60B0E0F1FE7EE8 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:28:13.0212 9208 vdrvroot - ok
20:28:13.0212 9208 [ 8A8CDA9E3CF2E0B4C6CC19FBC6FB9A71 ] vds C:\Windows\System32\vds.exe
20:28:13.0243 9208 vds - ok
20:28:13.0243 9208 [ 74FA2D4368DE6F6CE14393EDF1F342BE ] VerifierExt C:\Windows\system32\drivers\VerifierExt.sys
20:28:13.0259 9208 VerifierExt - ok
20:28:13.0259 9208 [ 500BE6B2E49883720D0AE8BB859ED7A3 ] vhdmp C:\Windows\System32\drivers\vhdmp.sys
20:28:13.0274 9208 vhdmp - ok
20:28:13.0290 9208 [ F5B4A14B00E89250C50982AC762DDD1D ] viaide C:\Windows\system32\drivers\viaide.sys
20:28:13.0290 9208 viaide - ok
20:28:13.0305 9208 [ 78DB50F7329F6D1311658DABFFFC8BE0 ] vmbus C:\Windows\system32\drivers\vmbus.sys
20:28:13.0305 9208 vmbus - ok
20:28:13.0321 9208 [ ECFEE2F2BA3932C7880D1A8F67D68F91 ] VMBusHID C:\Windows\System32\drivers\VMBusHID.sys
20:28:13.0321 9208 VMBusHID - ok
20:28:13.0337 9208 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicheartbeat C:\Windows\System32\ICSvc.dll
20:28:13.0352 9208 vmicheartbeat - ok
20:28:13.0352 9208 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
20:28:13.0368 9208 vmickvpexchange - ok
20:28:13.0368 9208 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicrdv C:\Windows\System32\ICSvc.dll
20:28:13.0384 9208 vmicrdv - ok
20:28:13.0430 9208 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicshutdown C:\Windows\System32\ICSvc.dll
20:28:13.0462 9208 vmicshutdown - ok
20:28:13.0462 9208 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmictimesync C:\Windows\System32\ICSvc.dll
20:28:13.0493 9208 vmictimesync - ok
20:28:13.0493 9208 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicvss C:\Windows\System32\ICSvc.dll
20:28:13.0524 9208 vmicvss - ok
20:28:13.0524 9208 [ CB60FAAED8B49B812EBBF77EB87D9B18 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:28:13.0555 9208 volmgr - ok
20:28:13.0555 9208 [ A74101DA9809251BCD0E5A26BAE0F824 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:28:13.0587 9208 volmgrx - ok
20:28:13.0602 9208 [ 2FB3CDFD5EAF4CD9D4AFAF96877D13AE ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:28:13.0634 9208 volsnap - ok
20:28:13.0634 9208 [ A8DA1C1B52ECEA3726DEBED4FF1B700D ] vpci C:\Windows\System32\drivers\vpci.sys
20:28:13.0649 9208 vpci - ok
20:28:13.0665 9208 [ 38A60CD9C009C55C6D3B5586F8E6A353 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
20:28:13.0680 9208 vsmraid - ok
20:28:13.0712 9208 [ EA658570314042C914964FC72AB50E6B ] VSS C:\Windows\system32\vssvc.exe
20:28:13.0759 9208 VSS - ok
20:28:13.0774 9208 [ A0F6FE0FC2F647C22BBFD6BD4249DBCC ] VSTXRAID C:\Windows\system32\drivers\vstxraid.sys
20:28:13.0790 9208 VSTXRAID - ok
20:28:13.0790 9208 [ 62460A45435A26A334907E3F2EA45611 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
20:28:13.0805 9208 vwifibus - ok
20:28:13.0805 9208 [ 095E943D27025E4D588AF0A72CC2318F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:28:13.0821 9208 vwififlt - ok
20:28:13.0837 9208 [ 73FA1A41A97A5C34ADC03B3577FF1A86 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
20:28:13.0837 9208 vwifimp - ok
20:28:13.0852 9208 [ F690B6EEAA94576727B24376D7ED3601 ] W32Time C:\Windows\system32\w32time.dll
20:28:13.0868 9208 W32Time - ok
20:28:13.0868 9208 [ 6B806E893714019969E2B50D7EF6A4D9 ] WacomPen C:\Windows\System32\drivers\wacompen.sys
20:28:13.0884 9208 WacomPen - ok
20:28:13.0884 9208 [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
20:28:13.0899 9208 Wanarp - ok
20:28:13.0899 9208 [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:28:13.0915 9208 Wanarpv6 - ok
20:28:13.0915 9208 [ 901CC968412F8155B08D7ABE0171166A ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll
20:28:13.0930 9208 WAS - ok
20:28:13.0962 9208 [ 42DF22F8C448E7CD219F6D63743505E2 ] wbengine C:\Windows\system32\wbengine.exe
20:28:13.0993 9208 wbengine - ok
20:28:14.0009 9208 [ 31D37B2F6069C631EF0557D322924812 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:28:14.0040 9208 WbioSrvc - ok
20:28:14.0040 9208 [ D9C1E82651BF19C6FF69CEC6FD400124 ] Wcmsvc C:\Windows\System32\wcmsvc.dll
20:28:14.0060 9208 Wcmsvc - ok
20:28:14.0076 9208 [ 5B5FEAB51172F5513C2CF7B39CFA6A01 ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:28:14.0092 9208 wcncsvc - ok
20:28:14.0092 9208 [ E19556D414332E2BEBA1F368229006B4 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:28:14.0123 9208 WcsPlugInService - ok
20:28:14.0123 9208 [ B3A4D918DAB90505B6BC7B70632913CB ] Wd C:\Windows\system32\drivers\wd.sys
20:28:14.0138 9208 Wd - ok
20:28:14.0138 9208 [ 6F4B5DDDC3B86091E94BC47347A78AF7 ] WdBoot C:\Windows\system32\drivers\WdBoot.sys
20:28:14.0154 9208 WdBoot - ok
20:28:14.0154 9208 [ 2ADC985B85A71BD7D99712EC0C24358B ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:28:14.0185 9208 Wdf01000 - ok
20:28:14.0185 9208 [ 99D404A9A0AFC4734E014EBEBAC13F8F ] WdFilter C:\Windows\system32\drivers\WdFilter.sys
20:28:14.0201 9208 WdFilter - ok
20:28:14.0201 9208 [ 240FC332484572227CD1DF82407F33E5 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:28:14.0217 9208 WdiServiceHost - ok
20:28:14.0232 9208 [ 240FC332484572227CD1DF82407F33E5 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:28:14.0248 9208 WdiSystemHost - ok
20:28:14.0248 9208 [ F2002DA5E6B78C15B2CD48CFF8F0FBB6 ] WebClient C:\Windows\System32\webclnt.dll
20:28:14.0279 9208 WebClient - ok
20:28:14.0279 9208 [ 35FD720943D4FCD75C3275BF062FF140 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:28:14.0296 9208 Wecsvc - ok
20:28:14.0296 9208 [ 4D2612E3C462B68F499D840B1133263E ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:28:14.0342 9208 wercplsupport - ok
20:28:14.0342 9208 [ 5F70EBFC1F75B487DE79501E3CCBDB54 ] WerSvc C:\Windows\System32\WerSvc.dll
20:28:14.0374 9208 WerSvc - ok
20:28:14.0374 9208 [ FE762D3498719C3A23471BBA62F747B4 ] WFPLWFS C:\Windows\system32\DRIVERS\wfplwfs.sys
20:28:14.0389 9208 WFPLWFS - ok
20:28:14.0389 9208 [ 60E0C220593DA4F7C289CB909D2DBAE0 ] WiaRpc C:\Windows\System32\wiarpc.dll
20:28:14.0421 9208 WiaRpc - ok
20:28:14.0421 9208 [ A3C7624A42A3447EF5EDD1ED37FE4E60 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:28:14.0436 9208 WIMMount - ok
20:28:14.0436 9208 WinDefend - ok
20:28:14.0452 9208 [ 7911470B6018059A880469A63B65700A ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
20:28:14.0467 9208 WinHttpAutoProxySvc - ok
20:28:14.0483 9208 [ 3D6B518B71C75C8FA4115A33615C107A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:28:14.0499 9208 Winmgmt - ok
20:28:14.0561 9208 [ 8E212A627F33F6FC3B5F3BB47212F66E ] WinRM C:\Windows\system32\WsmSvc.dll
20:28:14.0624 9208 WinRM - ok
20:28:14.0639 9208 [ BB20956C424531003F7FA6CD36F11D5D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
20:28:14.0655 9208 WinUsb - ok
20:28:14.0671 9208 [ DAF801153E8F33E13AB278332250D78A ] WirelessButtonDriver C:\Windows\System32\drivers\WirelessButtonDriver64.sys
20:28:14.0671 9208 WirelessButtonDriver - ok
20:28:14.0686 9208 [ 6351724B8FA0255C2DBD970297F00B93 ] WlanSvc C:\Windows\System32\wlansvc.dll
20:28:14.0734 9208 WlanSvc - ok
20:28:14.0765 9208 [ B330CE47FB74A6BE9A3FFFF4B3F64D9B ] wlidsvc C:\Windows\system32\wlidsvc.dll
20:28:14.0796 9208 wlidsvc - ok
20:28:14.0796 9208 [ E2A596CACFC6504306CDB7B593B90084 ] WmiAcpi C:\Windows\System32\drivers\wmiacpi.sys
20:28:14.0813 9208 WmiAcpi - ok
20:28:14.0813 9208 [ D113499052C5E541906B727779F0F959 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:28:14.0828 9208 wmiApSrv - ok
20:28:14.0828 9208 WMPNetworkSvc - ok
20:28:14.0844 9208 [ C6FF953D5D6F2EAE3B8883474D5076B3 ] wpcfltr C:\Windows\system32\DRIVERS\wpcfltr.sys
20:28:14.0875 9208 wpcfltr - ok
20:28:14.0875 9208 [ A6ED163169876BFD2437E872FE2F1509 ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:28:14.0891 9208 WPCSvc - ok
20:28:14.0891 9208 [ 3013658A4D327854BEEC4A08D9655194 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:28:14.0906 9208 WPDBusEnum - ok
20:28:14.0906 9208 [ 0346CAFC181C91C6E2330332EB332ED6 ] WpdUpFltr C:\Windows\system32\drivers\WpdUpFltr.sys
20:28:14.0922 9208 WpdUpFltr - ok
20:28:14.0922 9208 [ 7CA09731EB7FC99B910C7F239E57720F ] WPRO_41_2001 C:\Windows\system32\drivers\WPRO_41_2001.sys
20:28:14.0938 9208 WPRO_41_2001 - ok
20:28:14.0938 9208 [ BC8B5CB336E63BB25EAD1CE8EDD34B81 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:28:14.0938 9208 ws2ifsl - ok
20:28:14.0953 9208 [ FB0C1B7F94FA08E72F19F6F2CE7210E1 ] wscsvc C:\Windows\System32\wscsvc.dll
20:28:14.0969 9208 wscsvc - ok
20:28:14.0969 9208 WSearch - ok
20:28:15.0000 9208 [ C10BFFEE7E0D7A1366E84F251796C51D ] WSService C:\Windows\System32\WSService.dll
20:28:15.0063 9208 WSService - ok
20:28:15.0094 9208 [ 79F95469604B77296346DE7DB463EA2A ] wuauserv C:\Windows\system32\wuaueng.dll
20:28:15.0141 9208 wuauserv - ok
20:28:15.0156 9208 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:28:15.0156 9208 WudfPf - ok
20:28:15.0172 9208 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\System32\drivers\WUDFRd.sys
20:28:15.0188 9208 WUDFRd - ok
20:28:15.0188 9208 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:28:15.0203 9208 wudfsvc - ok
20:28:15.0219 9208 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdFs C:\Windows\system32\DRIVERS\WUDFRd.sys
20:28:15.0219 9208 WUDFWpdFs - ok
20:28:15.0235 9208 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdMtp C:\Windows\system32\DRIVERS\WUDFRd.sys
20:28:15.0235 9208 WUDFWpdMtp - ok
20:28:15.0250 9208 [ F9D8D2E6ECE08B278621D5BF3A7240A6 ] WwanSvc C:\Windows\System32\wwansvc.dll
20:28:15.0282 9208 WwanSvc - ok
20:28:15.0297 9208 [ 93BFBB02C88EF306C8FB82213E07B845 ] XHCIPort C:\Windows\System32\drivers\XHCIPort.sys
20:28:15.0313 9208 XHCIPort - ok
20:28:15.0407 9208 [ 97D3DCBBF3915782644DB56F5C191B9F ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
20:28:15.0485 9208 ZeroConfigService - ok
20:28:15.0485 9208 ================ Scan global ===============================
20:28:15.0500 9208 [ DDC1AFBF9DDF880CE9BD3896114D8DED ] C:\Windows\system32\basesrv.dll
20:28:15.0500 9208 [ E9343076AE704D20BB0D01F3AF3EFFEF ] C:\Windows\system32\winsrv.dll
20:28:15.0500 9208 [ BD7C6949984D19AAA609896B675E7357 ] C:\Windows\system32\sxssrv.dll
20:28:15.0516 9208 [ 8F226143046435C75C033B0C52E90FFE ] C:\Windows\system32\services.exe
20:28:15.0516 9208 [Global] - ok
20:28:15.0516 9208 ================ Scan MBR ==================================
20:28:15.0532 9208 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
20:28:15.0611 9208 \Device\Harddisk0\DR0 - ok
20:28:15.0611 9208 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
20:28:15.0642 9208 \Device\Harddisk1\DR1 - ok
20:28:15.0642 9208 ================ Scan VBR ==================================
20:28:15.0657 9208 [ 9132FF44BAA6BA5CBE181EC6BCE3A6B3 ] \Device\Harddisk0\DR0\Partition1
20:28:15.0657 9208 \Device\Harddisk0\DR0\Partition1 - ok
20:28:15.0657 9208 [ 620AA1127E094334380DB8AB42F04277 ] \Device\Harddisk0\DR0\Partition2
20:28:15.0657 9208 \Device\Harddisk0\DR0\Partition2 - ok
20:28:15.0657 9208 [ 289DC37BA3715FE59B65E5A1F7186550 ] \Device\Harddisk0\DR0\Partition3
20:28:15.0657 9208 \Device\Harddisk0\DR0\Partition3 - ok
20:28:15.0657 9208 [ 5A5E32DCBCB7D500F43AD235E6620ADF ] \Device\Harddisk0\DR0\Partition4
20:28:15.0673 9208 \Device\Harddisk0\DR0\Partition4 - ok
20:28:15.0673 9208 [ 20C88869C65CC0720B2589715F2C1FA4 ] \Device\Harddisk0\DR0\Partition5
20:28:15.0673 9208 \Device\Harddisk0\DR0\Partition5 - ok
20:28:15.0673 9208 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk1\DR1\Partition1
20:28:15.0673 9208 \Device\Harddisk1\DR1\Partition1 - ok
20:28:15.0673 9208 ============================================================
20:28:15.0673 9208 Scan finished
20:28:15.0673 9208 ============================================================
20:28:15.0689 9744 Detected object count: 2
20:28:15.0689 9744 Actual detected object count: 2
20:28:35.0028 9744 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:28:35.0043 9744 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:28:35.0043 9744 STacSV ( UnsignedFile.Multi.Generic ) - skipped by user
20:28:35.0043 9744 STacSV ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:29:31.0808 4952 Deinitialize success
|
|
06.05.2013, 21:10
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Langanhaltendes Fiepen und Probleme bei der Deinstallation von Spyhunter JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.05.2013, 19:49
| #11 |
| | Langanhaltendes Fiepen und Probleme bei der Deinstallation von Spyhunter Tach auch, hier die Daten. Viele Grüße Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 8 x64
Ran by Yogette on 07.05.2013 at 20:20:21,07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A9AB96DD-FD11-49A0-BB68-928698BF7EE8}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{A9AB96DD-FD11-49A0-BB68-928698BF7EE8}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\microsoft\Internet Explorer\SearchScopes\{A9AB96DD-FD11-49A0-BB68-928698BF7EE8}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
Failed to delete: [Registry Key] "hkey_local_machine\software\pip"
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted: [Folder] C:\Users\Yogette\AppData\Roaming\mozilla\firefox\profiles\uba4frdz.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.05.2013 at 20:24:01,68
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.300 - Datei am 07/05/2013 um 20:28:58 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 8 (64 bits)
# Benutzer : Yogette - BRUNO
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Yogette\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16537
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v20.0.1 (de)
Datei : C:\Users\Yogette\AppData\Roaming\Mozilla\Firefox\Profiles\uba4frdz.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [1036 octets] - [07/05/2013 20:28:58]
########## EOF - C:\AdwCleaner[S1].txt - [1096 octets] ##########
Code:
ATTFilter OTL logfile created on: 07.05.2013 20:36:42 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Yogette\Downloads 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,90 Gb Total Physical Memory | 6,12 Gb Available Physical Memory | 77,47% Memory free 9,09 Gb Paging File | 7,25 Gb Available in Paging File | 79,80% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 448,53 Gb Total Space | 366,67 Gb Free Space | 81,75% Space Free | Partition Type: NTFS Drive D: | 16,46 Gb Total Space | 2,11 Gb Free Space | 12,82% Space Free | Partition Type: NTFS Computer Name: BRUNO | User Name: Yogette | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Yogette\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Motorola Solutions, Inc.) PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink) PRC - C:\Programme\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe (Intel Corporation) PRC - C:\Windows\SysWOW64\irstrtsv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\0e60c36da126d0a80be942e0f75c2960\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\dc5236773dd65fcf42a1ca8e527c6f0e\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\efb8a12d6436b16812746ff9d7fc98b8\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\8af0ee136f0c82da9394928b3bd7227d\PresentationFramework.Aero2.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\74d8cc6fd65acbaebd677e133a305c26\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\0e5da70eddcf3788a74dc8fbebeb6269\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\20a433a504e31bac22a69db8713b835f\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dd8711e10e39622d23a8d5e5da65973e\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4b4df94b5fc59b48c84c89791c483437\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\81bce73cc3eef6d5a6774a5177323bf8\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.3.1.22\wincfi39.dll () ========== Services (SafeList) ========== SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation) SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation) SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation) SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation) SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation) SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation) SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation) SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company) SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation) SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation) SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation) SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation) SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation) SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation) SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation) SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation) SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation) SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation) SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation) SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation) SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation) SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (OfficeSvc) -- C:\Programme\Microsoft Office 15\ClientX64\integratedoffice.exe (Microsoft Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.) SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe (Symantec Corporation) SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company) SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Motorola Solutions, Inc.) SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation) SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation) SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation) SRV - (ISCTAgent) -- C:\Programme\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe () SRV - (STacSV) -- C:\Programme\IDT\WDM\stacsv64.exe (IDT, Inc.) SRV - (irstrtsv) -- C:\Windows\SysWOW64\irstrtsv.exe (Intel Corporation) SRV - (ZeroConfigService) -- C:\Programme\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation) SRV - (MyWiFiDHCPDNS) -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe () SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) SRV - (AMPPALR3) -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation) SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.) SRV - (BTHSSecurityMgr) -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation) SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found DRV:64bit: - (WPRO_41_2001) -- C:\Windows\SysNative\Drivers\WPRO_41_2001.sys () DRV:64bit: - (gfibto) -- C:\Windows\SysNative\Drivers\gfibto.sys (GFI Software) DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation) DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation) DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation) DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation) DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation) DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\Drivers\NISx64\1403010.016\symnets.sys (Symantec Corporation) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\Drivers\NISx64\1403010.016\symefa64.sys (Symantec Corporation) DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\NISx64\1403010.016\srtsp64.sys (Symantec Corporation) DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\Drivers\NISx64\1403010.016\srtspx64.sys (Symantec Corporation) DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation) DRV:64bit: - (XHCIPort) -- C:\Windows\SysNative\Drivers\xHCIPort.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (usb3Hub) -- C:\Windows\SysNative\Drivers\usb3Hub.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\Drivers\intelaud.sys (Intel Corporation) DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\Drivers\iwdbus.sys (Intel Corporation) DRV:64bit: - (SymDS) -- C:\Windows\SysNative\Drivers\NISx64\1403010.016\symds64.sys (Symantec Corporation) DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation) DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation) DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\Drivers\NISx64\1403010.016\ironx64.sys (Symantec Corporation) DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\Drivers\NISx64\1403010.016\ccsetx64.sys (Symantec Corporation) DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation) DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation) DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation) DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\Drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (SmbDrvI) -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys (Synaptics Incorporated) DRV:64bit: - (SmbDrv) -- C:\Windows\SysNative\Drivers\Smb_driver_AMDASF.sys (Synaptics Incorporated) DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\Drivers\Accelerometer.sys (Hewlett-Packard Company) DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\Drivers\hpdskflt.sys (Hewlett-Packard Company) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (NETwNe64) -- C:\Windows\SysNative\Drivers\NETwew00.sys (Intel Corporation) DRV:64bit: - (WirelessButtonDriver) -- C:\Windows\SysNative\Drivers\WirelessButtonDriver64.sys (Hewlett-Packard Development Company, L.P.) DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\Drivers\iaStorA.sys (Intel Corporation) DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\Drivers\Rt630x64.sys (Realtek ) DRV:64bit: - (RSBASTOR) -- C:\Windows\SysNative\Drivers\RtsBaStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\Drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation) DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation) DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation) DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation) DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation) DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation) DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation) DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation) DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation) DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation) DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation) DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation) DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation) DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation) DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation) DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation) DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation) DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation) DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation) DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation) DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation) DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation) DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation) DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\Drivers\BthLEEnum.sys (Microsoft Corporation) DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation) DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation) DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation) DRV:64bit: - (ISCT) -- C:\Windows\SysNative\Drivers\ISCTD64.sys () DRV:64bit: - (imsevent) -- C:\Windows\SysNative\Drivers\imsevent.sys () DRV:64bit: - (ikbevent) -- C:\Windows\SysNative\Drivers\ikbevent.sys () DRV:64bit: - (STHDA) -- C:\Windows\SysNative\Drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (irstrtdv) -- C:\Windows\SysNative\Drivers\irstrtdv.sys (Intel Corporation) DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\Drivers\AmpPal.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\Drivers\AmpPal.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\Drivers\btmhsf.sys (Intel Corporation) DRV:64bit: - (iBtFltCoex) -- C:\Windows\SysNative\Drivers\iBtFltCoex.sys (Intel Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\Drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (SymELAM) -- C:\Windows\SysNative\Drivers\NISx64\1403010.016\symelam.sys (Symantec Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\Drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\Drivers\athrx.sys (Qualcomm Atheros Communications, Inc.) DRV:64bit: - (btmaux) -- C:\Windows\SysNative\Drivers\btmaux.sys (Intel Corporation) DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130412.001\BHDrvx64.sys (Symantec Corporation) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130507.005\ex64.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130507.005\eng64.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130505.002\IDSviA64.sys (Symantec Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT13/4 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS IE:64bit: - HKLM\..\SearchScopes\{A9AB96DD-FD11-49A0-BB68-928698BF7EE8}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT13/4 IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS IE - HKLM\..\SearchScopes\{A9AB96DD-FD11-49A0-BB68-928698BF7EE8}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3766985610-2849600927-783385817-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4 IE - HKU\S-1-5-21-3766985610-2849600927-783385817-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-3766985610-2849600927-783385817-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3766985610-2849600927-783385817-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS IE - HKU\S-1-5-21-3766985610-2849600927-783385817-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} IE - HKU\S-1-5-21-3766985610-2849600927-783385817-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3766985610-2849600927-783385817-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback> IE - HKU\S-1-5-21-3766985610-2849600927-783385817-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8888;https=127.0.0.1:8888 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: "false" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\ [2013.05.01 15:59:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn\ [2013.03.22 18:42:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.01 15:22:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 17:25:05 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.01 15:22:59 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 17:25:05 | 000,000,000 | ---D | M] [2013.03.25 18:45:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yogette\AppData\Roaming\mozilla\Extensions [2013.05.07 20:23:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yogette\AppData\Roaming\mozilla\Firefox\Profiles\uba4frdz.default\extensions [2013.04.12 17:25:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.12 17:25:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions [2013.04.12 17:25:04 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013.04.12 17:25:08 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.03.29 18:15:48 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.03.29 18:15:48 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.03.29 18:15:48 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.03.29 18:15:48 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.29 18:15:48 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.03.29 18:15:48 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Motorola Solutions, Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe File not found O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKU\S-1-5-21-3766985610-2849600927-783385817-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An Bluetooth senden - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm () O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: An Bluetooth senden - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm () O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F70545BE-C2F6-480E-82FC-54EF6FEEDB61}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\osf - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013.05.01 16:18:00 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.07 20:20:17 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.05.07 20:20:09 | 000,000,000 | ---D | C] -- C:\JRT [2013.05.07 20:16:38 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Yogette\Desktop\JRT.exe [2013.05.06 20:26:14 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Yogette\Desktop\tdsskiller.exe [2013.05.06 20:18:57 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Yogette\Desktop\aswMBR.exe [2013.05.02 21:45:57 | 000,000,000 | ---D | C] -- C:\Users\Yogette\Documents\Benutzerdefinierte Office-Vorlagen [2013.05.01 17:13:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.05.01 16:16:30 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013.05.01 16:16:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2013.05.01 16:09:41 | 000,047,496 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe [2013.05.01 15:25:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus [2013.05.01 15:23:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2013.05.01 15:23:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus [2013.05.01 15:20:39 | 000,000,000 | ---D | C] -- C:\Users\Yogette\AppData\Roaming\Ad-Aware Antivirus [2013.05.01 15:08:47 | 000,000,000 | ---D | C] -- C:\Users\Yogette\AppData\Roaming\Malwarebytes [2013.05.01 15:08:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.05.01 15:01:15 | 000,000,000 | ---D | C] -- C:\Users\Yogette\AppData\Roaming\LavasoftStatistics [2013.05.01 15:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations [2013.05.01 14:59:03 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys [2013.05.01 14:37:32 | 000,000,000 | ---D | C] -- C:\Users\Yogette\Documents\Streaming Video Recorder [2013.05.01 14:35:54 | 000,000,000 | ---D | C] -- C:\Users\Yogette\AppData\Roaming\Apowersoft [2013.05.01 14:35:54 | 000,000,000 | ---D | C] -- C:\Program Files\Apowersoft [2013.05.01 14:35:44 | 000,000,000 | ---D | C] -- C:\Users\Yogette\AppData\Local\Programs [2013.05.01 13:50:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DsNET Corp [2013.05.01 13:12:13 | 000,000,000 | ---D | C] -- C:\Users\Yogette\Documents\StreamTransport [2013.05.01 13:03:41 | 000,000,000 | ---D | C] -- C:\Users\Yogette\AppData\Local\CrashDumps [2013.04.17 20:33:03 | 000,000,000 | ---D | C] -- C:\Users\Yogette\AppData\Roaming\dvdcss [2013.04.17 20:32:30 | 000,000,000 | ---D | C] -- C:\Users\Yogette\AppData\Roaming\vlc [2013.04.17 20:32:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.04.17 20:31:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2013.04.17 20:13:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel(R) Update Manager [2013.04.17 20:12:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Corporation [2013.04.17 20:12:39 | 000,000,000 | ---D | C] -- C:\Program Files\Intel Corporation [2013.04.17 19:57:49 | 000,000,000 | ---D | C] -- C:\Users\Yogette\AppData\Local\ElevatedDiagnostics [2013.04.12 17:25:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.04.12 16:40:05 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppobjs.dll [2013.04.12 16:40:03 | 001,627,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.04.12 16:40:01 | 010,116,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll [2013.04.12 16:40:00 | 008,857,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll [2013.04.12 16:39:58 | 001,048,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfasfsrcsnk.dll [2013.04.12 16:39:57 | 005,978,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013.04.12 16:39:57 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ubpm.dll [2013.04.12 16:39:56 | 001,101,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll [2013.04.12 16:39:56 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfasfsrcsnk.dll [2013.04.12 16:39:56 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BCP47Langs.dll [2013.04.12 16:39:56 | 000,327,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Classpnp.sys [2013.04.12 16:39:55 | 005,091,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013.04.12 16:39:55 | 001,149,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmde.dll [2013.04.12 16:39:55 | 000,951,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Globalization.dll [2013.04.12 16:39:55 | 000,760,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2013.04.12 16:39:55 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Security.Authentication.OnlineId.dll [2013.04.12 16:39:55 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcfgx.dll [2013.04.12 16:39:55 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\BCP47Langs.dll [2013.04.12 16:39:55 | 000,246,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ubpm.dll [2013.04.12 16:39:53 | 002,302,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013.04.12 16:39:53 | 000,411,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013.04.12 16:39:53 | 000,332,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys [2013.04.12 16:39:53 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll [2013.04.12 16:39:53 | 000,171,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TimeBrokerServer.dll [2013.04.12 16:39:51 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll [2013.04.12 16:39:51 | 002,033,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2013.04.12 16:39:51 | 000,893,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winmde.dll [2013.04.12 16:39:51 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drvstore.dll [2013.04.12 16:39:51 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll [2013.04.12 16:39:51 | 000,601,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Globalization.dll [2013.04.12 16:39:51 | 000,550,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvstore.dll [2013.04.12 16:39:51 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Security.Authentication.OnlineId.dll [2013.04.12 16:39:51 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcfgx.dll [2013.04.12 16:39:51 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSync.dll [2013.04.12 16:39:51 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSync.dll [2013.04.12 16:39:51 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usbmon.dll [2013.04.12 16:39:51 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2013.04.12 16:39:50 | 001,619,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2013.04.12 16:39:50 | 000,337,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBXHCI.SYS [2013.04.12 16:39:50 | 000,283,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\spaceport.sys [2013.04.12 16:39:50 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUSettingsProvider.dll [2013.04.12 16:39:50 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsquirt.exe [2013.04.12 16:39:50 | 000,194,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys [2013.04.12 16:39:50 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\powercfg.cpl [2013.04.12 16:39:50 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\discan.dll [2013.04.12 16:39:50 | 000,148,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tpm.sys [2013.04.12 16:39:50 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\powercfg.cpl [2013.04.12 16:39:50 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll [2013.04.12 16:39:50 | 000,125,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpsd.sys [2013.04.12 16:39:50 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NdisImPlatform.dll [2013.04.12 16:39:50 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSyncInfo.dll [2013.04.12 16:39:50 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2013.04.12 16:39:50 | 000,077,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storahci.sys [2013.04.12 16:39:50 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhostex.exe [2013.04.12 16:39:50 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDPrintProxy.DLL [2013.04.12 16:39:50 | 000,069,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pdc.sys [2013.04.12 16:39:50 | 000,058,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2013.04.12 16:39:50 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevDispItemProvider.dll [2013.04.12 16:39:49 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\storewuauth.dll [2013.04.12 16:39:49 | 000,141,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2013.04.12 16:39:49 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSyncInfo.dll [2013.04.12 16:39:49 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2013.04.12 16:39:49 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll [2013.04.12 16:39:49 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2013.04.12 16:39:49 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevDispItemProvider.dll [2013.04.12 16:39:49 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe [2013.04.11 20:35:59 | 000,000,000 | ---D | C] -- C:\Users\Yogette\AppData\Roaming\IDT [2013.04.11 18:09:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2013.04.11 17:58:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 [2013.04.11 17:56:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15 [2013.04.11 17:07:39 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.04.11 17:07:25 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll [2013.04.11 17:07:24 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.04.11 17:07:24 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.04.11 17:07:23 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.04.11 17:07:21 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.04.11 17:07:21 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.04.11 17:07:21 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.04.11 17:07:20 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.04.11 17:07:20 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.04.11 17:07:00 | 006,991,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.04.09 19:37:31 | 000,000,000 | ---D | C] -- C:\Users\Yogette\Documents\Outlook-Dateien [2013.04.09 19:30:41 | 000,000,000 | ---D | C] -- C:\Users\Yogette\Documents\OneNote-Notizbücher [2013.04.02 16:54:12 | 090,130,256 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes64Setup.exe [2013.03.25 18:42:27 | 020,379,232 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 18.0.1_de.exe [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.07 20:35:00 | 001,949,368 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.07 20:35:00 | 000,830,120 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.07 20:35:00 | 000,774,720 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.07 20:35:00 | 000,188,224 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.07 20:35:00 | 000,158,234 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.07 20:32:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.07 20:30:11 | 000,034,752 | ---- | M] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys [2013.05.07 20:30:09 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013.05.07 20:30:08 | 2489,962,495 | -HS- | M] () -- C:\hiberfil.sys [2013.05.07 20:26:57 | 000,628,743 | ---- | M] () -- C:\Users\Yogette\Desktop\adwcleaner.exe [2013.05.07 20:18:33 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Yogette\Desktop\JRT.exe [2013.05.06 20:26:22 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Yogette\Desktop\tdsskiller.exe [2013.05.06 20:23:18 | 000,000,512 | ---- | M] () -- C:\Users\Yogette\Desktop\MBR.dat [2013.05.06 20:20:46 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Yogette\Desktop\aswMBR.exe [2013.05.05 18:24:46 | 012,917,756 | ---- | M] () -- C:\Users\Yogette\Desktop\mbar-1.05.0.1001.zip [2013.05.01 17:16:20 | 002,213,922 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1403010.016\Cat.DB [2013.05.01 16:18:00 | 000,000,000 | ---- | M] () -- C:\autoexec.bat [2013.05.01 16:09:41 | 000,047,496 | ---- | M] (GFI Software) -- C:\Windows\SysNative\sbbd.exe [2013.05.01 16:09:41 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys [2013.04.17 20:13:42 | 000,034,229 | ---- | M] () -- C:\Users\Yogette\AppData\Local\WiDiSetupLog.20130417.201128.wdl [2013.04.17 16:42:05 | 000,436,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.17 16:41:53 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1403010.016\VT20130115.021 [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.07 20:26:56 | 000,628,743 | ---- | C] () -- C:\Users\Yogette\Desktop\adwcleaner.exe [2013.05.06 20:23:18 | 000,000,512 | ---- | C] () -- C:\Users\Yogette\Desktop\MBR.dat [2013.05.05 18:23:58 | 012,917,756 | ---- | C] () -- C:\Users\Yogette\Desktop\mbar-1.05.0.1001.zip [2013.05.01 16:18:00 | 000,000,000 | ---- | C] () -- C:\autoexec.bat [2013.04.17 20:12:43 | 000,002,024 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) WiDi.lnk [2013.04.17 20:11:28 | 000,034,229 | ---- | C] () -- C:\Users\Yogette\AppData\Local\WiDiSetupLog.20130417.201128.wdl [2013.04.17 16:42:03 | 000,436,816 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.14 19:48:07 | 000,000,458 | ---- | C] () -- C:\Users\Yogette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVD-RW-Laufwerk (E) INTO_THE_WILD_KS.lnk [2013.04.12 16:39:49 | 000,387,867 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml [2013.03.27 20:36:26 | 000,003,584 | ---- | C] () -- C:\Users\Yogette\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.03.27 16:34:36 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll [2013.03.22 18:42:54 | 000,001,493 | ---- | C] () -- C:\Users\Yogette\AppData\Roaming\AbsoluteReminder.xml [2012.08.04 00:40:09 | 000,916,510 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.07.28 02:32:08 | 000,597,244 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin [2012.07.28 02:31:48 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.07.28 02:31:46 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin [2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012.07.25 22:22:54 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2012.07.25 22:22:54 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2012.07.25 22:22:54 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin [2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2012.04.20 13:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2012.09.12 19:15:35 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.03.02 04:45:01 | 019,748,864 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.03.02 10:23:07 | 017,560,576 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 07.05.2013 20:36:42 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Yogette\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,90 Gb Total Physical Memory | 6,12 Gb Available Physical Memory | 77,47% Memory free
9,09 Gb Paging File | 7,25 Gb Available in Paging File | 79,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448,53 Gb Total Space | 366,67 Gb Free Space | 81,75% Space Free | Partition Type: NTFS
Drive D: | 16,46 Gb Total Space | 2,11 Gb Free Space | 12,82% Space Free | Partition Type: NTFS
Computer Name: BRUNO | User Name: Yogette | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3766985610-2849600927-783385817-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B946176-73B1-4B9B-9B00-613C5C009610}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{34501439-B0B0-4BC8-A0E1-0EC1E2D628A4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3813E741-8C16-4238-A008-2E0B22539CA9}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{48DA744E-8B4A-44B2-A81A-844C8FE36956}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{49A78C90-B19F-49B3-B809-B27882600788}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{626A5BB2-29E2-4881-BDE6-34F482F272C3}" = lport=137 | protocol=17 | dir=in | app=system |
"{66911DD8-BDBD-4B9A-A5E8-B85EC729C84C}" = lport=445 | protocol=6 | dir=in | app=system |
"{6BF38056-E2E2-47B2-BB21-0F3F82C0014F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{6D1A9D80-6B0B-4F5E-8C07-BAA111825D40}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6EF4B54F-26A8-483F-BCAD-959AA5AD7117}" = rport=445 | protocol=6 | dir=out | app=system |
"{7F3CE505-62DE-476B-9A43-34A0A3744A13}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{85C870C3-B487-4C6F-A083-56E62E24064E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |
"{9C2D85FD-4923-4B43-AA75-3C864AD348D9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9DD9D5DB-D4A7-4099-91F9-4346E57685A4}" = rport=139 | protocol=6 | dir=out | app=system |
"{A064BB27-14AC-4D46-A410-053EAB03D62D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B4119E71-2D95-41D3-90C9-A98C10EB44CF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B4EAE771-A276-46E0-8D68-51D060018478}" = lport=139 | protocol=6 | dir=in | app=system |
"{B7E98106-A9AD-47FD-BBAF-A5293D2AA2BE}" = rport=137 | protocol=17 | dir=out | app=system |
"{BBEAAB0E-16C9-4272-9F84-5F58FD5EFBE5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CDA3CEF0-14DE-4C3C-9C1C-C4D705484A3E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DC4DDB0F-A4FB-4FC3-8E71-1A4A8CA32568}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E1CE83B5-9E82-48C1-9DD4-F87E2A5D5672}" = rport=138 | protocol=17 | dir=out | app=system |
"{E8281A7C-867F-44D2-9A57-4A05FB13C0DD}" = lport=138 | protocol=17 | dir=in | app=system |
"{E85D51B2-9734-4402-9A1D-BDD0687EA7D4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{005F744E-5F74-45EE-A412-F71BBD416BDC}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{0D8DC9D5-A100-4FB1-8C30-6342785C6832}" = dir=out | name=kindle |
"{11B16E4F-519F-4CE5-BDFE-DAC84C0EEE7E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{12625806-84ED-4178-A8C2-7151DF545BE4}" = dir=out | name=skype |
"{179FC2BF-E6FA-4ACA-BF13-342AA4BF396F}" = dir=out | name=@{microsoft.bingnews_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{191487FE-D290-4C6D-BE29-896BB8402A76}" = dir=out | name=windows_ie_ac_001 |
"{1D6FD8B9-8D00-4F12-8A5F-A72B1EF54493}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{243ADF4D-2BEF-495C-8ADE-1FF2E1D1B290}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector10\pdr10.exe |
"{2650ABDB-1305-4514-A6A3-784C3084A290}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{28E6D8BB-B0B4-4FBA-91D5-9732D831C2B1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2CF39DB3-3648-46D3-AA69-5FFC0FD132BD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2EB085A8-D710-4AB9-9C56-0F25E7C136D8}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{41879AE6-B0D5-42B4-AAAB-764DA95C8923}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |
"{433DAA7C-79D5-40E6-AA75-EC84A0723AD3}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{45EB9496-9C27-4CB5-8530-0A7645AB5ACC}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{484E0276-99D3-440A-B5BF-9799F069E25B}" = dir=out | name=getting started with windows 8 |
"{488ACB16-B1F4-48C7-AF3C-008CC775CC74}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{49DEFF1E-52EF-40FB-90DE-74DB5EE5C23B}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |
"{4BA44EC4-4FC9-4B8C-AFFE-BE49AC370A55}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{4F2EFA98-2DAC-42D5-9E1D-4DCDF9C23686}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{586A23B0-A108-4EF2-8526-4702E7207084}" = dir=in | app=c:\program files\apowersoft\streaming video recorder\streaming video recorder.exe |
"{586E9FD1-763F-47C8-AD6F-DBBFC9510CE0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{59C1BE4D-E7AC-48D6-99B5-8D83DE4D7AA8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{61B6A3FE-A201-4058-8EA8-110A870070C0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{626E1384-E113-496B-95C3-4B8823207D82}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{62B49F06-E501-4A6B-AD40-13C1AA420E24}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{651707C8-6648-4DC8-AE7D-48B45DEA51CD}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{6C6A7F2A-431E-49F4-8916-B94841EF760C}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{6E2384B3-6616-444C-B787-4672F97E657C}" = dir=in | app=c:\program files\apowersoft\streaming video recorder\apowersoftac.dll |
"{7A801DF5-3204-4178-BBDB-0B97E8A76B16}" = dir=out | name=@{microsoft.zunemusic_1.2.150.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{7BA49F4A-659C-4A56-9D6C-36589750728E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7BF66284-B539-474B-BFE7-D41AD38E90B4}" = dir=out | name=hp registration |
"{8044C24E-DA78-4DBC-BF0F-C2F2883E3819}" = dir=in | app=c:\program files\apowersoft\streaming video recorder\apowersoftplayer.dll |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{8108AA1A-DF34-431D-80D0-47612B85377E}" = protocol=6 | dir=out | app=system |
"{82AE75D2-BFE0-4AC4-A1B8-EDC69F2AEC4D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{88DF63D3-7A2C-49BE-A251-4CB4A7302A40}" = dir=out | name=norton studio |
"{88FBFE54-35C3-45E7-B1D7-F4E5A585394D}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
"{897DC6CE-1088-44C2-9F5F-D942E8795CB6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8C22566D-EFFE-4ADA-B27E-A29E1E38832D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{908CCAEC-8D2C-410E-8419-3CEC0028DA61}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{930B3992-6D0C-49C1-AE0B-1EF62D29BDE4}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
"{946D3E90-4469-4885-9AE3-0F239940C623}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{99888C75-A3B5-4EA7-BA4C-536439BE6C42}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9CD7E79C-9B61-4F85-8323-A248828C527C}" = dir=in | name=skype |
"{A098A6F6-2BDB-4FDD-A7AC-5C783DFD6685}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A2653AA8-7996-4383-BCAD-FA386780F026}" = dir=out | name=@{microsoft.zunevideo_1.2.150.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{A618661C-078C-46B1-BBF7-6FA1B6C8AF07}" = dir=out | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{AB4C886F-C4EC-498C-98D3-6B354521B349}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{B7245D2E-F107-4D6A-983E-29A6937C007F}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{C3817085-1D21-41FA-8A21-6F8C074438E4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C4F90918-0CD7-4D03-8719-838478CDDEA9}" = dir=in | app=c:\program files\intel corporation\intel widi\widiapp.exe |
"{C5F4BFDF-5C79-451D-82E9-97AF0EFC423A}" = dir=in | app=c:\program files\apowersoft\streaming video recorder\apowersoftdump.dll |
"{C69B044D-4120-4B55-B440-0C2C16804B3F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{C770EF3B-D11C-4DEB-9AE5-378205BE7B7A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C90C592B-2616-402D-86D6-E1219AC63192}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C9907DFA-5AE2-4E10-AB43-81475A594A16}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{CAA646A0-3A78-4EED-9BE3-F66844E5162F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CC65D411-4CD2-4A8B-900F-3ABC8637544F}" = dir=in | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{CDC7C334-A928-4B0A-B5BD-858C66DACB81}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{CE3DD132-7412-46D7-AA68-9D045C8529CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D0F01145-352A-427D-93CB-58DE528DB25E}" = dir=in | name=ebay |
"{D4D01DBA-7239-4A59-B7CF-8F08497744CC}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{D704915E-45BF-4257-9128-0A3DC6849105}" = dir=out | name=hp connected photo powered by snapfish |
"{DE8EFE35-CBE8-4125-A527-420DB1EB05BB}" = dir=in | name=kindle |
"{E49B47EE-F3FB-48AC-A74C-7F3714B13AB6}" = dir=in | app=c:\program files\apowersoft\streaming video recorder\apowersoftsrv.dll |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E7D368E3-0C58-4923-AA88-52BFAE18BA9C}" = dir=out | name=@{microsoft.bingtravel_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{F0E5A74A-BE58-47CB-8F37-D51D371CEA42}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FACF90D2-EA44-4814-879A-9BEDF8AA18D1}" = dir=out | name=ebay |
"{FB54A8C7-2D89-45B9-86EA-25577352BFA4}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{FE2CECBD-20FD-4573-A63C-99F4C98CDF7A}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0FA995CC-C849-4755-B14B-5404CC75DC24}" = Energy Star
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2DEDBE5B-D538-43F3-83A7-B037D6B51A89}" = HP 3D DriveGuard
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{62E7C369-64FF-452C-8F46-6BE9B77FF097}" = Intel(R) WiDi
"{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7854AA22-A2F0-4F29-A2E9-D0C5A2B685E7}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{89478C31-5CE8-461A-9084-9A0AF059F84F}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99FDAE3B-6905-45A6-8F73-595363AAD3D1}" = Intel® PROSet/Wireless WiFi-Software
"{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}" = HP Registration Service
"{EE21578E-DE14-46D5-83D7-EA4D347B2F9A}" = Intel(R) Smart Connect Technology 3.0 x64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"ProInst" = Intel PROSet Wireless
"ProPlusRetail - de-de" = Microsoft Office Professional Plus 2013 - de-de
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C57987A-A03A-4B95-A309-D23F78F406CA}" = HP Utility Center
"{16B7BDA1-B967-4D2D-8B27-E12727C28350}" = HP CoolSense
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{40F4FF7A-B214-4453-B973-080B09CED019}" = Absolute Reminder
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1" = Connected Music powered by Universal Music Group version 1.0
"{4862344A-A39C-4897-ACD4-A1BED5163C5A}" = CyberLink PhotoDirector
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4ED7050C-9332-4FB2-AB07-E94F25A53D39}" = HP Quick Launch
"{528AB81B-D65A-4AB0-A2B6-82B51A087D01}" = HP Recovery Manager
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A33079-D1A0-4469-8903-C4A48B4975E2}" = HP Documentation
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89704656-98FA-4EB0-9CC9-9C9839255FA0}" = Intel(R) Update Manager
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0407-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{941DE69D-6CEE-4171-8F1F-3D7E352AA498}" = HP Wireless Button Driver
"{94BB4B4F-BD6D-4166-A580-F868C8384CA6}" = HP Software Framework
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B8019B54-F9BE-490A-9619-6D06F18F129F}" = HP Support Assistant
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"3D073343-CEEB-4ce7-85AC-A69A7631B5D6" = Intel(R) Rapid Start Technology
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}" = CyberLink PhotoDirector
"InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"StartHPConnectedMusic" = HP Connected Music (Meridian - installer)
"VLC media player" = VLC media player 2.0.6
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3766985610-2849600927-783385817-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"31dfee6c296bca85" = VpnOneClick
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 21.04.2013 15:22:36 | Computer Name = Bruno | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler:
Type-ID=254, Autor-ID=311, Lieferant-ID=14122, Lieferant-Typ=1
Error - 21.04.2013 15:22:36 | Computer Name = Bruno | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler:
Type-ID=17, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error - 21.04.2013 15:22:36 | Computer Name = Bruno | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler:
Type-ID=25, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error - 21.04.2013 15:22:36 | Computer Name = Bruno | Source = Microsoft-Windows-EapHost | ID = 2002
Description = Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler:
Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error - 21.04.2013 16:10:33 | Computer Name = Bruno | Source = RasClient | ID = 20227
Description =
Error - 21.04.2013 16:10:33 | Computer Name = Bruno | Source = RasClient | ID = 20227
Description =
Error - 23.04.2013 11:17:22 | Computer Name = Bruno | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: devmonsrv.exe, Version: 2.5.0.244,
Zeitstempel: 0x50220e70 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften
Prozesses: 0xd50 Startzeit der fehlerhaften Anwendung: 0x01ce3b9777611486 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: e531c8d5-ac28-11e2-be7d-84a6c882b3dc
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 27.04.2013 04:11:00 | Computer Name = Bruno | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 27.04.2013 04:11:00 | Computer Name = Bruno | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1234
Error - 27.04.2013 04:11:00 | Computer Name = Bruno | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1234
[ System Events ]
Error - 09.04.2013 13:34:49 | Computer Name = Bruno | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus
lautet: 10.
Error - 10.04.2013 13:55:04 | Computer Name = Bruno | Source = RasSstp | ID = 1
Description =
Error - 11.04.2013 13:52:18 | Computer Name = Bruno | Source = RasSstp | ID = 1
Description =
Error - 12.04.2013 10:44:27 | Computer Name = Bruno | Source = Service Control Manager | ID = 7034
Description = Dienst "Bluetooth Device Monitor" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 17.04.2013 11:43:07 | Computer Name = Bruno | Source = RasSstp | ID = 1
Description =
Error - 17.04.2013 12:32:49 | Computer Name = Bruno | Source = RasSstp | ID = 1
Description =
Error - 20.04.2013 15:51:40 | Computer Name = Bruno | Source = RasSstp | ID = 1
Description =
Error - 20.04.2013 15:53:40 | Computer Name = Bruno | Source = RasSstp | ID = 1
Description =
Error - 21.04.2013 15:23:41 | Computer Name = Bruno | Source = RasSstp | ID = 1
Description =
Error - 21.04.2013 16:10:32 | Computer Name = Bruno | Source = RasSstp | ID = 1
Description =
< End of report >
|
|
07.05.2013, 21:11
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Langanhaltendes Fiepen und Probleme bei der Deinstallation von Spyhunter Bevor ich mir die Logs anschaue, was ist aus dem ursprünglichen Problem geworden?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.05.2013, 18:47
| #13 |
| | Langanhaltendes Fiepen und Probleme bei der Deinstallation von Spyhunter Hallo cosinus, das Fiepen und die Geräusche sind nicht mehr vorgekommen, Spyhunter scheint auch gelöscht zu sein, allerdings ist nach wie vor die Verbindung mit dem Internte instabil. Da ich mit dem iPod diese Probleme nicht habe gehe ich davon aus, dass es nicht an der Leitung/Verbindung liegt. Viele Grüße |
|
08.05.2013, 22:43
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Langanhaltendes Fiepen und Probleme bei der Deinstallation von SpyhunterFixen mit OTL
Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-3766985610-2849600927-783385817-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8888;https=127.0.0.1:8888
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.05.2013, 16:35
| #15 |
| | Langanhaltendes Fiepen und Probleme bei der Deinstallation von Spyhunter Hallo cosinus, sorry dass es diesmal ein wenig lnänger gedauert hat mit der Antwort. Ich habe eben meine Ordner nach Spyhunter durchsucht und leider noch immer diverse Ordner und logs gefunden... Vielen Dank und einen schönen Sonntag noch Hier das Ergebnis von OTL Code:
ATTFilter All processes killed
========== OTL ==========
HKU\S-1-5-21-3766985610-2849600927-783385817-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Yogette\Downloads\cmd.bat deleted successfully.
C:\Users\Yogette\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: Yogette
->Temp folder emptied: 181059177 bytes
->Temporary Internet Files folder emptied: 57294893 bytes
->FireFox cache emptied: 386445865 bytes
->Flash cache emptied: 1613 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1524955 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 94656 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12899839 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 23777834 bytes
Total Files Cleaned = 632,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 05122013_172826
Files\Folders moved on Reboot...
C:\Users\Yogette\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\SysNative\WPRO_41_2001woem.tmp moved successfully.
C:\Windows\temp\FireFly(2013050720301153C).log moved successfully.
C:\Windows\temp\integratedoffice.exe_c2rdll(2013050720301153C).log moved successfully.
C:\Windows\temp\integratedoffice.exe_c2ruidll(2013050720301153C).log moved successfully.
C:\Windows\temp\integratedoffice.exe_streamserver(2013050720301153C).log moved successfully.
File move failed. C:\Windows\temp\ood_stream.x86.de-de.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ood_stream.x86.x-none.dat scheduled to be moved on reboot.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
| Themen zu Langanhaltendes Fiepen und Probleme bei der Deinstallation von Spyhunter |
| ad-aware, appdatalow, avira, bho, bonjour, ebay, enigma, error, excel, fiepen, flash player, helper, homepage, iexplore.exe, install.exe, logfile, programm, proxy, realtek, scan, security, senden, server, software, spy hunter, svchost.exe, symantec, trojaner, windows |
Textbox. 
Linear-Darstellung
