| |
| |||||||
Log-Analyse und Auswertung: VerschusselungstrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
06.01.2013, 17:40
| #1 |
| |  Verschusselungstrojaner Hallo Trojaner-Board-Team ! Ich hbae mir auf dem Laptop den Verschlüsselungstrojaner (mit Webcam) eingefangen  Betriebssystem Windows 7, Internet Explorer 9 Im abgesicherten Modus mit Netzwerktreibern lässt sich der Rechner noch starten. Internetzugriff funktioniert. Ich habe inzwischen einen Scan mit Malwarebytes durchgeführt, dort wurde aber nichts gefunden  OTL-Scan habe ich auch durchgeführt, hier ist das Logfile dazu. Code:
ATTFilter OTL logfile created on: 06.01.2013 16:02:09 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Program Files 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 3,06 Gb Available Physical Memory | 79,28% Memory free 7,72 Gb Paging File | 6,91 Gb Available in Paging File | 89,55% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 448,47 Gb Total Space | 378,61 Gb Free Space | 84,42% Space Free | Partition Type: NTFS Drive F: | 1,99 Gb Total Space | 1,48 Gb Free Space | 74,57% Space Free | Partition Type: FAT32 Computer Name: PIETZ-HP | User Name: pietz | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.06 16:01:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Program Files\OTL.exe PRC - [2010.07.16 13:54:06 | 000,634,192 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2010.08.05 00:22:44 | 000,203,264 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.07.16 13:54:06 | 000,462,160 | ---- | M] (DigitalPersona, Inc.) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost) SRV:64bit: - [2010.06.19 01:25:12 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service) SRV:64bit: - [2010.06.09 08:55:14 | 000,952,096 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2010.05.10 08:42:40 | 000,090,112 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe -- (HPDayStarterService) SRV:64bit: - [2010.04.05 20:12:00 | 000,103,992 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service) SRV:64bit: - [2010.03.17 13:48:42 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\stacsv64.exe -- (STacSV) SRV:64bit: - [2009.12.16 02:11:14 | 000,281,192 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService) SRV:64bit: - [2009.12.16 02:08:40 | 000,704,512 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe -- (DEBridge) SRV:64bit: - [2009.12.14 20:15:58 | 002,019,120 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService) SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009.07.08 22:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:64bit: - [2009.03.03 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe -- (AESTFilters) SRV - [2012.12.23 10:43:03 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2011.04.17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe -- (NIS) SRV - [2010.10.19 11:26:46 | 000,032,768 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service) SRV - [2010.08.20 16:57:28 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2010.03.18 20:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.17 13:48:42 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe -- (STacSV) SRV - [2010.03.04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.03.01 19:27:22 | 000,264,248 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor) SRV - [2009.12.14 19:47:46 | 001,639,728 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService) SRV - [2009.12.12 02:57:20 | 000,297,984 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService) SRV - [2009.12.04 13:22:40 | 000,506,472 | ---- | M] (ArcSoft, Inc.) [Auto | Stopped] -- C:\Windows\system\uArcCapture.exe -- (uArcCapture) SRV - [2009.12.02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2009.12.02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2009.11.17 23:39:16 | 000,362,040 | ---- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- c:\Windows\SysWOW64\flcdlock.exe -- (FLCDLOCK) SRV - [2009.11.04 22:46:56 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009.11.04 22:46:54 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009.10.23 20:52:36 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Stopped] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.03 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe -- (AESTFilters) SRV - [2007.07.24 20:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.23 17:24:53 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2011.04.21 02:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symnets.sys -- (SymNetS) DRV:64bit: - [2011.03.31 04:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\srtsp64.sys -- (SRTSP) DRV:64bit: - [2011.03.31 04:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2011.03.15 03:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symefa64.sys -- (SymEFA) DRV:64bit: - [2011.01.31 02:13:19 | 003,063,360 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2011.01.27 07:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symds64.sys -- (SymDS) DRV:64bit: - [2011.01.27 06:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\ironx64.sys -- (SymIRON) DRV:64bit: - [2010.10.14 03:43:54 | 001,803,904 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) DRV:64bit: - [2010.08.05 00:52:36 | 006,859,776 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.08.04 23:47:20 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.06.10 02:24:24 | 000,342,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl) DRV:64bit: - [2010.06.10 02:23:34 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2010.06.10 02:23:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2010.06.10 02:23:32 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2010.06.10 02:23:32 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2010.06.04 04:18:56 | 001,379,376 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010.05.12 09:37:32 | 000,107,912 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2010.05.12 09:37:32 | 000,027,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.05.06 01:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2010.03.17 13:48:42 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2010.03.04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.02.16 21:24:20 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV:64bit: - [2010.02.10 12:01:58 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010.01.12 23:37:34 | 000,325,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.12.16 02:12:22 | 000,015,688 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\windows\SysNative\drivers\SbFsLock.sys -- (SbFsLock) DRV:64bit: - [2009.12.16 02:12:20 | 000,058,184 | ---- | M] (McAfee, Inc.) [Kernel | System | Stopped] -- C:\windows\SysNative\drivers\RsvLock.sys -- (RsvLock) DRV:64bit: - [2009.12.16 02:12:18 | 000,056,648 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\SafeBoot.sys -- (SafeBoot) DRV:64bit: - [2009.12.04 11:48:18 | 000,032,640 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ArcSoftVCapture.sys -- (ARCVCAM) DRV:64bit: - [2009.12.02 22:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2009.12.02 22:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2009.12.02 22:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2009.12.02 22:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2009.11.11 10:11:00 | 000,232,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009.10.21 22:37:52 | 000,040,760 | ---- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DAMDrv64.sys -- (DAMDrv) DRV:64bit: - [2009.09.17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 00:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2009.07.14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009.07.08 22:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2009.07.08 22:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2009.06.10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.04 20:32:52 | 000,060,160 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\SbAlg.sys -- (SbAlg) DRV:64bit: - [2008.12.13 11:28:20 | 000,116,864 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2008.04.14 09:36:30 | 000,691,712 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mod7700.sys -- (mod7700) DRV:64bit: - [2007.08.09 04:10:54 | 000,029,696 | ---- | M] (Huawei Tech. Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewdcsc.sys -- (Huawei) DRV - [2011.03.26 00:20:28 | 001,791,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110325.035\EX64.SYS -- (NAVEX15) DRV - [2011.03.26 00:20:28 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110325.035\ENG64.SYS -- (NAVENG) DRV - [2011.03.09 21:11:42 | 001,124,472 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2010.11.09 01:50:27 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110325.001\IDSviA64.sys -- (IDSVia64) DRV - [2010.08.13 10:00:00 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2009.12.16 02:12:28 | 000,051,800 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysWow64\drivers\SbAlg.sys -- (SbAlg) DRV - [2009.12.16 02:12:16 | 000,013,256 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\windows\SysWow64\drivers\SbFsLock.sys -- (SbFsLock) DRV - [2009.12.16 02:12:14 | 000,040,088 | ---- | M] (McAfee, Inc.) [Kernel | System | Stopped] -- C:\windows\SysWow64\drivers\rsvlock.sys -- (RsvLock) DRV - [2009.12.16 02:12:10 | 000,110,520 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysWow64\drivers\SafeBoot.sys -- (SafeBoot) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {AA5CC064-C92C-4050-82FD-3CA90F36F4FF} IE:64bit: - HKLM\..\SearchScopes\{AA5CC064-C92C-4050-82FD-3CA90F36F4FF}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10 IE - HKLM\..\SearchScopes,DefaultScope = {AA5CC064-C92C-4050-82FD-3CA90F36F4FF} IE - HKLM\..\SearchScopes\{AA5CC064-C92C-4050-82FD-3CA90F36F4FF}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/br/ie9_startpage IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/br/ie9_startpage IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = {CD05E62A-CE27-489A-993E-1B656303B1C3} IE - HKCU\..\SearchScopes\{AA5CC064-C92C-4050-82FD-3CA90F36F4FF}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKCU\..\SearchScopes\{CD05E62A-CE27-489A-993E-1B656303B1C3}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=571A4F6D-B93B-46CA-B11A-28308B87F6F5&apn_sauid=33C61496-D03B-4049-8D0C-B4F2347BC0C5 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\Firefox [2010.12.07 13:19:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010.12.07 13:19:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010.12.07 13:19:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2012.05.08 22:53:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2 [2013.01.02 18:09:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2012.10.25 20:45:12 | 000,000,000 | ---D | M] O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2:64bit: - BHO: (WEB.DE MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (WEB.DE MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKLM\..\Toolbar: (WEB.DE MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (WEB.DE MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (WEB.DE MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (WEB.DE MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard Company) O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe () O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe (ArcSoft Inc.) O4 - HKLM..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [MailCheck IE Broker] C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (1und1 Mail und Media GmbH) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TotalMediaTVMonitor] C:\Program Files (x86)\ArcSoft\TotalMedia TV 1.0\TotalMediaTVMonitor.exe (ArcSoft, Inc.) O4 - HKCU..\Run: [aqyarobczodqvej] C:\ProgramData\aqyarobc.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9246AEF8-6CC0-446B-9984-3BE1C5B674BA}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8222CA2-973A-4C08-A496-FD021340B003}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ipp - No CLSID value found O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\SysWow64\DeviceNP.dll (Hewlett-Packard Limited) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{09be74e3-4705-11e0-a9e4-e02a82aa5586}\Shell - "" = AutoRun O33 - MountPoints2\{09be74e3-4705-11e0-a9e4-e02a82aa5586}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{09be74ec-4705-11e0-a9e4-e02a82aa5586}\Shell - "" = AutoRun O33 - MountPoints2\{09be74ec-4705-11e0-a9e4-e02a82aa5586}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{4ffaf410-522c-11e0-9c74-e02a82aa5586}\Shell - "" = AutoRun O33 - MountPoints2\{4ffaf410-522c-11e0-9c74-e02a82aa5586}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{c9e8b6f3-52d8-11e0-9ce7-e02a82aa5586}\Shell - "" = AutoRun O33 - MountPoints2\{c9e8b6f3-52d8-11e0-9ce7-e02a82aa5586}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.06 16:01:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Program Files\OTL.exe [2013.01.02 12:51:07 | 000,000,000 | ---D | C] -- C:\Users\pietz\AppData\Roaming\Malwarebytes [2013.01.02 12:50:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.02 12:50:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.02 12:50:56 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2013.01.02 12:50:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.12.27 11:28:25 | 000,000,000 | ---D | C] -- C:\ProgramData\fdigjxzizvwhgmy [2012.12.12 07:23:39 | 000,000,000 | ---D | C] -- C:\Users\pietz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GeoGebra 4.2 [4 C:\Users\pietz\Desktop\*.tmp files -> C:\Users\pietz\Desktop\*.tmp -> ] [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] [1 C:\Users\pietz\Documents\*.tmp files -> C:\Users\pietz\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.06 16:01:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Program Files\OTL.exe [2013.01.06 15:04:33 | 001,500,018 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013.01.06 15:04:33 | 000,654,372 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013.01.06 15:04:33 | 000,616,254 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013.01.06 15:04:33 | 000,129,986 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013.01.06 15:04:33 | 000,106,376 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013.01.06 15:00:20 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.01.06 15:00:15 | 4143,374,336 | -HS- | M] () -- C:\hiberfil.sys [2013.01.02 12:50:57 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.02 11:07:39 | 000,019,536 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.02 11:07:39 | 000,019,536 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.02 11:05:41 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012.12.27 11:28:24 | 000,142,478 | ---- | M] () -- C:\ProgramData\ivwbgorfhgpojtk [2012.12.27 11:28:11 | 000,076,800 | ---- | M] () -- C:\ProgramData\aqyarobc.exe [2012.12.27 11:28:11 | 000,076,800 | ---- | M] () -- C:\Users\pietz\8033223.exe [2012.12.27 01:06:50 | 000,000,113 | ---- | M] () -- C:\windows\Brownie.ini [2012.12.23 10:43:02 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2012.12.23 10:43:02 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2012.12.21 13:53:33 | 000,000,332 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForpietz.job [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2012.12.12 07:23:39 | 000,002,045 | ---- | M] () -- C:\Users\pietz\Desktop\GeoGebra 4.2.lnk [4 C:\Users\pietz\Desktop\*.tmp files -> C:\Users\pietz\Desktop\*.tmp -> ] [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] [1 C:\Users\pietz\Documents\*.tmp files -> C:\Users\pietz\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.02 12:50:57 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.27 11:28:24 | 000,076,800 | ---- | C] () -- C:\ProgramData\aqyarobc.exe [2012.12.27 11:28:12 | 000,142,478 | ---- | C] () -- C:\ProgramData\ivwbgorfhgpojtk [2012.12.27 11:28:11 | 000,076,800 | ---- | C] () -- C:\Users\***\8033223.exe [2012.12.23 10:43:04 | 000,000,884 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012.12.12 07:23:39 | 000,002,045 | ---- | C] () -- C:\Users\pietz\Desktop\GeoGebra 4.2.lnk [2012.06.04 12:43:53 | 000,000,151 | ---- | C] () -- C:\windows\BRVIDEO.INI [2012.06.04 12:43:53 | 000,000,113 | ---- | C] () -- C:\windows\Brownie.ini [2012.06.04 12:43:53 | 000,000,000 | ---- | C] () -- C:\windows\brmx2001.ini [2012.06.04 12:43:49 | 000,008,981 | ---- | C] () -- C:\windows\HL-2030.INI [2012.06.04 12:43:49 | 000,000,114 | ---- | C] () -- C:\windows\SysWow64\brlmw03a.ini [2012.06.04 12:43:28 | 000,000,432 | ---- | C] () -- C:\windows\BRWMARK.INI [2012.06.04 12:43:28 | 000,000,034 | ---- | C] () -- C:\windows\SysWow64\BD2030.DAT [2011.05.19 07:50:58 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\DPPassFilter.dll.hpsign [2011.05.19 07:50:58 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\DPCrProv.dll.hpsign [2011.02.15 18:32:22 | 000,001,471 | ---- | C] () -- C:\windows\ODBCINST.INI [2011.02.15 18:32:22 | 000,000,400 | ---- | C] () -- C:\windows\ODBC.INI [2011.02.09 21:20:56 | 000,000,088 | RHS- | C] () -- C:\ProgramData\3F883D040D.sys [2011.02.09 21:20:50 | 000,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2011.02.09 20:46:53 | 003,949,594 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011.01.31 02:19:29 | 000,255,360 | ---- | C] ( ) -- C:\windows\SysWow64\rsnp2uvc.dll [2011.01.31 02:19:29 | 000,025,984 | ---- | C] () -- C:\windows\snuvcdsm.exe [2011.01.31 02:19:29 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini [2011.01.31 02:09:33 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2010.12.07 13:43:19 | 014,162,944 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2010.12.07 13:43:19 | 012,867,584 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 06.01.2013 16:02:09 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Program Files
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,86 Gb Total Physical Memory | 3,06 Gb Available Physical Memory | 79,28% Memory free
7,72 Gb Paging File | 6,91 Gb Available in Paging File | 89,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448,47 Gb Total Space | 378,61 Gb Free Space | 84,42% Space Free | Partition Type: NTFS
Drive F: | 1,99 Gb Total Space | 1,48 Gb Free Space | 74,57% Space Free | Partition Type: FAT32
Computer Name: pie-hp | User Name: yukon | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{072FC2D7-B5DB-41A6-A3EC-09496F6FB3CC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{080C65BA-7949-4F8F-B4F2-0E36B6C818EB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{12C1BF31-EF34-451E-9C6C-FD7020621955}" = rport=138 | protocol=17 | dir=out | app=system |
"{179AC51D-8230-422E-B224-C6B4E1CD81C3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1A3DE5CA-3E1B-4B29-B106-BF7E61095B68}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{32A82AA6-33A5-434D-B769-3C4BA589E7D6}" = rport=137 | protocol=17 | dir=out | app=system |
"{44155631-21AC-4D1A-B3D7-31526E64FB82}" = rport=10243 | protocol=6 | dir=out | app=system |
"{45C03CAE-1BB6-43BD-9D33-651A788D8862}" = rport=139 | protocol=6 | dir=out | app=system |
"{4948928E-0110-4766-BEA0-5BE34F747809}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{54248382-BD16-4F16-BA8B-A9E97D065CA4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{57CEA27E-E21B-4528-A336-A89DD4D937DF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5BD94DA4-DBC5-44DB-8F9A-8019A1F4482E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6F670A03-8FD7-477E-AA0D-4B2300DB944B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{71AC0579-CA54-42DF-8E25-1716E8BD02BD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7B25C496-8B69-41D3-AB7B-616248E98BBE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{96C051B3-BBF8-4285-A3B3-0F09F95E3716}" = lport=137 | protocol=17 | dir=in | app=system |
"{A0E5EBD2-CECF-43B6-9EA5-441B72A9ECF5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A8EC4606-6912-45B2-AFC3-D71A423E44E5}" = lport=445 | protocol=6 | dir=in | app=system |
"{BD06D189-F008-4BFB-89EB-29DC951B3C47}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C0049962-10BB-4867-BA4F-D8EFD250BF1C}" = rport=445 | protocol=6 | dir=out | app=system |
"{C5D46B5A-7354-4ACD-A5B7-16249F3C7F72}" = lport=138 | protocol=17 | dir=in | app=system |
"{D5141C22-4294-44F7-A8E9-1E5CC99A3D0F}" = lport=139 | protocol=6 | dir=in | app=system |
"{E1D29729-DA00-464C-9F6D-036C02A71B84}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E2EB1B92-647A-4938-A318-081C11E94CE9}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E4E550F2-2B52-4EE4-9C0B-47DA14482794}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EAF0BBF6-5D9F-4420-96D8-4CA8E1D32222}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ED69112E-FE55-46BF-9112-5B4A1BF68A9E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F2E38E19-1E09-41FD-AD42-1244F9DCFABD}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F42208AC-CDAE-4666-BEE3-BF3C6D016C0D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D6994A-19FB-4952-B45E-FFC50C576334}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0A7C48BB-0A1D-4084-B4FB-4B58A328C52C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{10DCD6F0-0C30-4281-A0F7-08E3735A659D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{142294B7-1240-4D7F-8AA2-A605C991664A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1801B619-E600-4F3F-8BE7-05722309AF4B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{439FCB85-364B-495B-A8DF-22AB3D6A95C2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{43FA5876-00ED-4107-B501-44F9C0C71340}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4DCEA6E2-C986-48CE-BB2B-93C623FC7ED4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4FD710EC-0BC7-4376-9E7D-9AB8F96B26DF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{56652EBA-05DF-4D5A-8BCA-E2DD5D0ADCA8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5F39D1F0-E778-4220-8CC6-7C54D961495B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{68A0507B-CC66-4AC7-B270-2C58BE41CC3F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8360169F-DDAB-405C-9E37-9592054F70FC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8B0A3405-CDB7-4397-A1AA-8F10CC7C3FA7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9850B208-5302-4C18-89CC-B57F0F6DDDDE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{994A5C14-C57C-412B-A1AD-F67EFE79D454}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A5210064-3846-42E4-BDB0-CEB9CD22D960}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D4135B9A-36FD-4B61-AE72-6AE2C7062E67}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F41FA690-FB8E-44E3-B014-CB2B6684DF8B}" = protocol=6 | dir=out | app=system |
"{F518EE2B-EC31-4B50-BA14-2105D983EA60}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F70B35FC-6F09-4EB3-9307-5EDE5846B3EC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04255D34-6C6D-4F63-A218-EE8FD2D13AF0}" = Privacy Manager for HP ProtectTools
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{18B7C522-0623-C939-C17D-65359FB42BDB}" = ccc-utility64
"{32C278B2-BC1F-4018-8FB4-2012A40D9FC1}" = HP Power Assistant
"{3513DD3C-7680-4C7C-BF18-BA375D5F4132}" = Pre-Boot Security for HP ProtectTools
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Broadcom 2070 Bluetooth 3.0
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BBA5224-C5B1-4B8C-AAA4-68DA6654B9C1}" = HP HotKey Support
"{516DA517-73A0-40F8-8CD9-E5ED4EC383E5}" = Validity Fingerprint Driver
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{67C090D6-109A-47D7-8DED-4160C4D96F32}" = HP 3D DriveGuard
"{75126DE9-C8EC-46B2-949F-EFA770AAFD9B}" = HP ProtectTools Security Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89D7DD37-5A15-46E0-9C3C-A0004C4F1A38}" = Drive Encryption for HP ProtectTools
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{E534C3AC-6D49-4EAC-8993-C1F0FF545B67}" = ATI Catalyst Install Manager
"{E6BEE2A9-04CF-42FF-B95B-BB70FAD2DC3E}" = HP QuickLook
"{E793990C-90BE-4B69-AC29-BF5E8FD4ED54}" = Face Recognition for HP ProtectTools
"{EC720706-3F19-4B7F-BDDD-E31D9B3921D2}" = HP Wireless Assistant
"{F2177395-FD90-44B0-AFB8-2E0566855E5C}" = HP Power Data
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"HPProtectTools" = HP ProtectTools Security Manager
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"{00010407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{016E43D3-6E3A-507C-5180-08A592A09D93}" = CCC Help Russian
"{04801E42-B1A6-4C52-9F3D-CADB5A050433}" = HP Software Setup
"{049F82E6-AA8C-D885-07A0-FF69690DD9C5}" = CCC Help Chinese Standard
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B2187A6-8ACC-4012-9817-9221211EF407}" = Corel Home Office - IPM
"{0EAB8F33-5A3E-BE80-3D11-7BBD79FB002A}" = CCC Help Thai
"{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}" = ArcSoft Webcam Sharing Manager
"{1A1E33D2-9824-454A-B8CB-50072118635A}" = Corel Home Office - CS Templates
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1D11E96F-0405-4B99-8356-5750B1D9FAE9}" = Corel Home Office - JP Templates
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21385719-E020-4ED8-A3D4-6B46D0E5DAB1}" = ArcSoft TotalMedia
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{2606650A-9367-D0AE-EF8D-CF627C9082E4}" = Catalyst Control Center Graphics Previews Vista
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26D19512-874B-4EDA-B7F1-779850B2AD5A}" = Corel Home Office - CT Templates
"{2DA697D7-FED3-4DE2-A174-92A2A12F9688}" = HP SoftPaq Download Manager
"{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}" = Theft Recovery
"{345E500B-471A-593B-BCEA-EE73E391CFBD}" = CCC Help Korean
"{3556F018-53B9-2715-5F8A-4C40E529DA76}" = CCC Help Hungarian
"{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{466AA29C-0BE5-902A-BD90-D87C846CD947}" = CCC Help Turkish
"{46A5EF84-99CF-2BA6-EF3E-5438190CBA5F}" = Catalyst Control Center Localization All
"{480E1460-BEEA-828B-9802-82C440EA5E5B}" = CCC Help Swedish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5017D60D-C0A5-4CC8-8D2F-0BDA1ADF39D0}" = Corel Home Office - Templates1
"{54B29835-EF99-41D2-9104-F159DE62F165}" = Bing Bar Platform
"{5746E4F9-77C6-47E8-A737-A5975A57B4AA}" = Corel Home Office - KR Templates
"{586414D6-B3E1-F163-223D-D298E80727E1}" = CCC Help Czech
"{5BF8E079-D6E2-4323-B794-75152371122A}" = Windows 7 Default Setting
"{5DFE5A09-5030-6B21-6E8E-987FAD247BD2}" = CCC Help Polish
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}" = File Sanitizer For HP ProtectTools
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7861911B-4270-498A-8F7A-FCF0570F487D}" = HP QuickWeb
"{7CE13DFB-7320-4630-865F-DE98D8FE6791}" = ArcSoft TotalMedia TV
"{7D90F99D-0D3A-9B0F-1AB6-4C142098A23C}" = CCC Help Portuguese
"{8111D017-F77E-4387-B07E-4C4ACF4866FA}" = CCC Help Norwegian
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DAEAB1B-72AC-4C99-B5CB-C9B37C86F11F}" = Catalyst Control Center - Branding
"{9FA32684-39EF-10A1-4896-95A28BD2A51C}" = CCC Help English
"{A60F1207-CB8B-DFE4-B0B2-28781A9918F5}" = CCC Help Greek
"{B31E60DA-0FB3-8C8F-7F00-8FC5A2E716A6}" = CCC Help Danish
"{BB922B1F-5CFB-C323-F35C-517FA74BF17E}" = CCC Help French
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C6ECAA80-073B-48AE-AE52-9152773EFD78}" = Brother HL-2035
"{C7FD3148-0065-253C-E0A9-62C1B2307421}" = CCC Help Italian
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D21160A2-8B5F-409C-99C8-03582F5324B7}" = HP Documentation
"{D3E71122-71F0-C06F-A482-8997D22301F4}" = CCC Help Japanese
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D89F6F7C-1966-9408-40A7-4877F5A85005}" = ccc-core-static
"{DC1F523C-FB0A-885F-CC3F-FA7E749213B6}" = CCC Help Dutch
"{E05DB9F9-C8E7-45F2-BE9E-76D4C447CE9B}" = HP Software Framework
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E74EA3B1-7192-489D-9A57-0AE918FEC001}" = Corel Home Office - Launcher
"{E7C34ED4-BBB6-4C57-9FBD-B29CA5878051}" = HP Setup
"{E9729C11-2758-5F56-B661-3D99498454CA}" = CCC Help Spanish
"{F1410C34-CCC7-4443-B698-7E9FF42F4FA3}" = Corel Home Office
"{F45048A1-12C4-4B08-A3EB-32D88033368A}" = Corel Home Office - Templates RU
"{F5F16745-6FCB-4134-83F9-2688ACFF5DC9}" = HP ESU for Microsoft Windows 7
"{F626688A-B307-2D16-DDCE-F24633F848F2}" = Catalyst Control Center InstallProxy
"{F75A2405-6EF2-8651-3C36-FEA98F6681ED}" = CCC Help German
"{F7E55D3B-D675-4511-6B36-2766DC819432}" = CCC Help Chinese Traditional
"{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver
"{FC023480-A05B-ED84-877F-547EA3CD3DCB}" = CCC Help Finnish
"{FC17E0A7-EAA9-4902-92F8-C83B9FD02246}" = HP Support Assistant
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE MailCheck für Internet Explorer
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"ArcSoft TotalMedia" = ArcSoft TotalMedia
"Derive5" = Derive 5
"Drive Encryption" = Drive Encryption for HP ProtectTools
"InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}" = Theft Recovery
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"NIS" = Norton Internet Security
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"PDF Complete" = PDF Complete Special Edition
"Web & TV Stick" = Web & TV Stick
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"GeoGebra 4" = GeoGebra 4
"GeoGebra 4.2" = GeoGebra 4.2
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 06.12.2012 14:31:24 | Computer Name = pie-hp | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Die Daten sind unzulässig. .
Error - 06.12.2012 14:31:54 | Computer Name = pie-hp | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Die Daten sind unzulässig. .
Error - 07.12.2012 06:18:01 | Computer Name = pie-hp | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Die Daten sind unzulässig. .
Error - 07.12.2012 06:26:49 | Computer Name = pie-hp | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Die Daten sind unzulässig. .
Error - 08.12.2012 05:06:48 | Computer Name = pie-hp | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Die Daten sind unzulässig. .
Error - 08.12.2012 05:16:01 | Computer Name = pie-hp | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Die Daten sind unzulässig. .
Error - 08.12.2012 07:38:30 | Computer Name = pie-hp | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Die Daten sind unzulässig. .
Error - 08.12.2012 19:44:59 | Computer Name = pie-hp | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error - 08.12.2012 19:48:59 | Computer Name = pie-hp | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Die Daten sind unzulässig. .
Error - 09.12.2012 07:01:34 | Computer Name = pie-hp | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Die Daten sind unzulässig. .
[ Hewlett-Packard Events ]
Error - 14.03.2011 15:44:23 | Computer Name = pie-hp | Source = Hewlett-Packard | ID = 0
Description = de-DE Ein Teil des Pfades "C:\ProgramData\Hewlett-Packard\HP Support
Framework\Logs\Temp\HPSA\HPSASession_201103142044.xml" konnte nicht gefunden werden.
mscorlib
bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) bei
System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32
rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options,
SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String
path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions
options) bei System.IO.StreamWriter.CreateFile(String path, Boolean append)
bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding,
Int32 bufferSize) bei System.IO.StreamWriter..ctor(String path, Boolean append,
Encoding encoding) bei System.IO.File.WriteAllText(String path, String contents,
Encoding encoding) bei HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()
Error - 21.04.2011 14:13:09 | Computer Name = pie-hp | Source = Hewlett-Packard | ID = 0
Description = de-DE Ein Teil des Pfades "C:\ProgramData\Hewlett-Packard\HP Support
Framework\Logs\Temp\HPSA\HPSASession_201104212013.xml" konnte nicht gefunden werden.
mscorlib
bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) bei
System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32
rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options,
SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String
path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions
options) bei System.IO.StreamWriter.CreateFile(String path, Boolean append)
bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding,
Int32 bufferSize) bei System.IO.StreamWriter..ctor(String path, Boolean append,
Encoding encoding) bei System.IO.File.WriteAllText(String path, String contents,
Encoding encoding) bei HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()
Error - 20.06.2011 10:08:22 | Computer Name = pie-hp | Source = Hewlett-Packard | ID = 0
Description = de-DE Ein Teil des Pfades "C:\ProgramData\Hewlett-Packard\HP Support
Framework\Logs\Temp\HPSA\HPSASession_201106201608.xml" konnte nicht gefunden werden.
mscorlib
bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) bei
System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32
rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options,
SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String
path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions
options) bei System.IO.StreamWriter.CreateFile(String path, Boolean append)
bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding,
Int32 bufferSize) bei System.IO.StreamWriter..ctor(String path, Boolean append,
Encoding encoding) bei System.IO.File.WriteAllText(String path, String contents,
Encoding encoding) bei HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()
Error - 13.07.2011 11:47:19 | Computer Name = pie-hp | Source = Hewlett-Packard | ID = 0
Description = de-DE Ein Teil des Pfades "C:\ProgramData\Hewlett-Packard\HP Support
Framework\Logs\Temp\HPSA\HPSASession_201107131747.xml" konnte nicht gefunden werden.
mscorlib
bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) bei
System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32
rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options,
SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String
path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions
options) bei System.IO.StreamWriter.CreateFile(String path, Boolean append)
bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding,
Int32 bufferSize) bei System.IO.StreamWriter..ctor(String path, Boolean append,
Encoding encoding) bei System.IO.File.WriteAllText(String path, String contents,
Encoding encoding) bei HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()
Error - 17.09.2011 09:43:34 | Computer Name = pie-hp | Source = Hewlett-Packard | ID = 0
Description = de-DE Ein Teil des Pfades "C:\ProgramData\Hewlett-Packard\HP Support
Framework\Logs\Temp\HPSA\HPSASession_201109171543.xml" konnte nicht gefunden werden.
mscorlib
bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) bei
System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32
rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options,
SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String
path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions
options) bei System.IO.StreamWriter.CreateFile(String path, Boolean append)
bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding,
Int32 bufferSize) bei System.IO.StreamWriter..ctor(String path, Boolean append,
Encoding encoding) bei System.IO.File.WriteAllText(String path, String contents,
Encoding encoding) bei HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()
[ HP Power Assistant Events ]
Error - 24.12.2012 04:52:17 | Computer Name = pie-hp | Source = HP PA Application | ID = 0
Description = Device not found in the dat file (planName=HP powerSource=AC deviceId=USB\VID_0A5C&PID_21B4).
Error - 24.12.2012 04:52:17 | Computer Name = pie-hp | Source = HP PA Application | ID = 0
Description = HPPA_Main.IncompleteDatFileException Device not found in the dat file
(planName=HP powerSource=AC deviceId=USB\VID_0A5C&PID_21B4). bei HPPA_Main.DatFileAccess.LogError(Nullable`1
throwException, String formatString, Object[] args) bei HPPA_Main.DatFileAccess.EnsureDevicesExist(PowerUsage
pu) bei HPPA_Main.DatFileAccess.EnsurePowerUsagesExist(Boolean throwOnSystemIdNotFound)
bei HPPA_Main.DatFileAccess.IsValid(Boolean throwOnSystemIdNotFound)
Error - 26.12.2012 11:45:10 | Computer Name = pie-hp | Source = HP PA Application | ID = 0
Description = Device not found in the dat file (planName=HP powerSource=AC deviceId=USB\VID_0A5C&PID_21B4).
Error - 26.12.2012 11:45:10 | Computer Name = pie-hp | Source = HP PA Application | ID = 0
Description = HPPA_Main.IncompleteDatFileException Device not found in the dat file
(planName=HP powerSource=AC deviceId=USB\VID_0A5C&PID_21B4). bei HPPA_Main.DatFileAccess.LogError(Nullable`1
throwException, String formatString, Object[] args) bei HPPA_Main.DatFileAccess.EnsureDevicesExist(PowerUsage
pu) bei HPPA_Main.DatFileAccess.EnsurePowerUsagesExist(Boolean throwOnSystemIdNotFound)
bei HPPA_Main.DatFileAccess.IsValid(Boolean throwOnSystemIdNotFound)
Error - 27.12.2012 04:49:04 | Computer Name = pie-hp | Source = HP PA Application | ID = 0
Description = Device not found in the dat file (planName=HP powerSource=AC deviceId=USB\VID_0A5C&PID_21B4).
Error - 27.12.2012 04:49:04 | Computer Name = pie-hp | Source = HP PA Application | ID = 0
Description = HPPA_Main.IncompleteDatFileException Device not found in the dat file
(planName=HP powerSource=AC deviceId=USB\VID_0A5C&PID_21B4). bei HPPA_Main.DatFileAccess.LogError(Nullable`1
throwException, String formatString, Object[] args) bei HPPA_Main.DatFileAccess.EnsureDevicesExist(PowerUsage
pu) bei HPPA_Main.DatFileAccess.EnsurePowerUsagesExist(Boolean throwOnSystemIdNotFound)
bei HPPA_Main.DatFileAccess.IsValid(Boolean throwOnSystemIdNotFound)
Error - 27.12.2012 06:24:49 | Computer Name = pie-hp | Source = HP PA Application | ID = 0
Description = Device not found in the dat file (planName=HP powerSource=AC deviceId=USB\VID_0A5C&PID_21B4).
Error - 27.12.2012 06:24:49 | Computer Name = pie-hp | Source = HP PA Application | ID = 0
Description = HPPA_Main.IncompleteDatFileException Device not found in the dat file
(planName=HP powerSource=AC deviceId=USB\VID_0A5C&PID_21B4). bei HPPA_Main.DatFileAccess.LogError(Nullable`1
throwException, String formatString, Object[] args) bei HPPA_Main.DatFileAccess.EnsureDevicesExist(PowerUsage
pu) bei HPPA_Main.DatFileAccess.EnsurePowerUsagesExist(Boolean throwOnSystemIdNotFound)
bei HPPA_Main.DatFileAccess.IsValid(Boolean throwOnSystemIdNotFound)
Error - 27.12.2012 14:31:26 | Computer Name = pie-hp | Source = HP PA Application | ID = 0
Description = Device not found in the dat file (planName=HP powerSource=AC deviceId=USB\VID_0A5C&PID_21B4).
Error - 27.12.2012 14:31:26 | Computer Name = pie-hp | Source = HP PA Application | ID = 0
Description = HPPA_Main.IncompleteDatFileException Device not found in the dat file
(planName=HP powerSource=AC deviceId=USB\VID_0A5C&PID_21B4). bei HPPA_Main.DatFileAccess.LogError(Nullable`1
throwException, String formatString, Object[] args) bei HPPA_Main.DatFileAccess.EnsureDevicesExist(PowerUsage
pu) bei HPPA_Main.DatFileAccess.EnsurePowerUsagesExist(Boolean throwOnSystemIdNotFound)
bei HPPA_Main.DatFileAccess.IsValid(Boolean throwOnSystemIdNotFound)
[ Media Center Events ]
Error - 06.12.2012 04:53:00 | Computer Name = pie-hp | Source = MCUpdate | ID = 0
Description = 09:53:00 - Fehler beim Herstellen der Internetverbindung. 09:53:00
- Serververbindung konnte nicht hergestellt werden..
< End of report >
Ich hoffe, ihr könnt mir weiterhelfen  ich wäre euch sehr dankbar dafür ! |
|
06.01.2013, 19:57
| #2 |
| /// Malware-holic   | Verschusselungstrojaner hi
__________________dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
O4 - HKCU..\Run: [aqyarobczodqvej] C:\ProgramData\aqyarobc.exe ()
[2012.12.27 11:28:24 | 000,142,478 | ---- | M] () -- C:\ProgramData\ivwbgorfhgpojtk
[2012.12.27 11:28:11 | 000,076,800 | ---- | M] () -- C:\ProgramData\aqyarobc.exe
[2012.12.27 11:28:11 | 000,076,800 | ---- | M] () -- C:\Users\pietz\8033223.exe
:Files
:Commands
[EMPTYFLASH]
[emptytemp]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden
__________________ |
|
07.01.2013, 20:08
| #3 |
| | Verschusselungstrojaner Scheint gut geklappt zu haben
__________________ Dem ersten Eindruck nach ist der Spuk vorbei Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\aqyarobczodqvej deleted successfully.
C:\ProgramData\aqyarobc.exe moved successfully.
C:\ProgramData\ivwbgorfhgpojtk moved successfully.
File C:\ProgramData\aqyarobc.exe not found.
C:\Users\***\8033223.exe moved successfully.
========== COMMANDS ==========
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default
User: Default User
User: ***
->Flash cache emptied: 3368 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
[EMPTYTEMP]
User: Administrator
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: ***
->Temp folder emptied: 183144565 bytes
->Temporary Internet Files folder emptied: 244753264 bytes
->Java cache emptied: 19452706 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16099168 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50568 bytes
RecycleBin emptied: 3651987170 bytes
Total Files Cleaned = 3.925,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 01072013_195436
Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S7687CZ2\ads[1].htm moved successfully.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S7687CZ2\si[1].htm moved successfully.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K0O7W0UI\ads[1].htm moved successfully.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DE4CGPLA\si[2].htm moved successfully.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AM1I8PN9\129111-verschusselungstrojaner[1].htm moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
07.01.2013, 20:29
| #4 |
| /// Malware-holic | Verschusselungstrojaner Hi download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.01.2013, 19:28
| #5 |
| | Verschusselungstrojaner Gut, das Scannen des TDSS-Killers ist durch Code:
ATTFilter 19:08:13.0107 4292 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:08:13.0403 4292 ============================================================
19:08:13.0404 4292 Current date / time: 2013/01/08 19:08:13.0403
19:08:13.0404 4292 SystemInfo:
19:08:13.0404 4292
19:08:13.0404 4292 OS Version: 6.1.7600 ServicePack: 0.0
19:08:13.0404 4292 Product type: Workstation
19:08:13.0404 4292 ComputerName: ***-HP
19:08:13.0404 4292 UserName: pietz
19:08:13.0404 4292 Windows directory: C:\windows
19:08:13.0404 4292 System windows directory: C:\windows
19:08:13.0404 4292 Running under WOW64
19:08:13.0404 4292 Processor architecture: Intel x64
19:08:13.0404 4292 Number of processors: 4
19:08:13.0404 4292 Page size: 0x1000
19:08:13.0404 4292 Boot type: Normal boot
19:08:13.0404 4292 ============================================================
19:08:13.0900 4292 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:08:13.0907 4292 ============================================================
19:08:13.0907 4292 \Device\Harddisk0\DR0:
19:08:13.0908 4292 MBR partitions:
19:08:13.0908 4292 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x96000
19:08:13.0908 4292 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x96800, BlocksNum 0x380F1800
19:08:13.0908 4292 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38188000, BlocksNum 0x1E00000
19:08:13.0908 4292 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x39F88000, BlocksNum 0x3FD830
19:08:13.0908 4292 ============================================================
19:08:13.0936 4292 C: <-> \Device\Harddisk0\DR0\Partition2
19:08:13.0960 4292 F: <-> \Device\Harddisk0\DR0\Partition4
19:08:13.0960 4292 ============================================================
19:08:13.0960 4292 Initialize success
19:08:13.0960 4292 ============================================================
19:10:30.0643 5460 ============================================================
19:10:30.0643 5460 Scan started
19:10:30.0643 5460 Mode: Manual; SigCheck; TDLFS;
19:10:30.0643 5460 ============================================================
19:10:31.0566 5460 ================ Scan system memory ========================
19:10:31.0567 5460 System memory - ok
19:10:31.0567 5460 ================ Scan services =============================
19:10:31.0730 5460 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\windows\system32\DRIVERS\1394ohci.sys
19:10:31.0847 5460 1394ohci - ok
19:10:31.0885 5460 [ 1CFFE9C06E66A57DAE1452E449A58240 ] Accelerometer C:\windows\system32\DRIVERS\Accelerometer.sys
19:10:31.0929 5460 Accelerometer - ok
19:10:32.0010 5460 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
19:10:32.0027 5460 ACDaemon - ok
19:10:32.0046 5460 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\windows\system32\DRIVERS\ACPI.sys
19:10:32.0073 5460 ACPI - ok
19:10:32.0097 5460 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\windows\system32\DRIVERS\acpipmi.sys
19:10:32.0149 5460 AcpiPmi - ok
19:10:32.0292 5460 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:10:32.0312 5460 AdobeFlashPlayerUpdateSvc - ok
19:10:32.0348 5460 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
19:10:32.0381 5460 adp94xx - ok
19:10:32.0412 5460 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
19:10:32.0440 5460 adpahci - ok
19:10:32.0468 5460 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
19:10:32.0491 5460 adpu320 - ok
19:10:32.0542 5460 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
19:10:32.0636 5460 AeLookupSvc - ok
19:10:32.0786 5460 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe
19:10:32.0825 5460 AESTFilters - ok
19:10:32.0913 5460 [ 6CCD1135320109D6B219F1A6E04AD9F6 ] Afc C:\windows\syswow64\drivers\Afc.sys
19:10:32.0926 5460 Afc - ok
19:10:33.0129 5460 [ B9384E03479D2506BC924C16A3DB87BC ] AFD C:\windows\system32\drivers\afd.sys
19:10:33.0225 5460 AFD - ok
19:10:33.0290 5460 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\windows\system32\DRIVERS\agrsm64.sys
19:10:33.0362 5460 AgereSoftModem - ok
19:10:33.0410 5460 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\DRIVERS\agp440.sys
19:10:33.0427 5460 agp440 - ok
19:10:33.0454 5460 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
19:10:33.0501 5460 ALG - ok
19:10:33.0534 5460 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\DRIVERS\aliide.sys
19:10:33.0549 5460 aliide - ok
19:10:33.0726 5460 [ 5A06AB7AB4D389DFE3C109599DF0BB65 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
19:10:33.0766 5460 AMD External Events Utility - ok
19:10:33.0784 5460 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\DRIVERS\amdide.sys
19:10:33.0801 5460 amdide - ok
19:10:33.0830 5460 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
19:10:34.0038 5460 AmdK8 - ok
19:10:34.0265 5460 [ 650DDCCD6657E20737433CB774521B81 ] amdkmdag C:\windows\system32\DRIVERS\atikmdag.sys
19:10:34.0476 5460 amdkmdag - ok
19:10:34.0514 5460 [ F51B013C55B30DBE3AD59A7FE197C5BA ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys
19:10:34.0556 5460 amdkmdap - ok
19:10:34.0588 5460 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
19:10:34.0633 5460 AmdPPM - ok
19:10:34.0668 5460 [ AB3166C09438A161FBDE13099A72E0AF ] amdsata C:\windows\system32\DRIVERS\amdsata.sys
19:10:34.0688 5460 amdsata - ok
19:10:34.0716 5460 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
19:10:34.0738 5460 amdsbs - ok
19:10:34.0754 5460 [ 5118DCD2065D8C8D752AD5EC0B2D6AA6 ] amdxata C:\windows\system32\DRIVERS\amdxata.sys
19:10:34.0769 5460 amdxata - ok
19:10:34.0802 5460 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\windows\system32\drivers\appid.sys
19:10:34.0849 5460 AppID - ok
19:10:34.0894 5460 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
19:10:34.0980 5460 AppIDSvc - ok
19:10:35.0006 5460 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\windows\System32\appinfo.dll
19:10:35.0051 5460 Appinfo - ok
19:10:35.0067 5460 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
19:10:35.0086 5460 arc - ok
19:10:35.0104 5460 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
19:10:35.0122 5460 arcsas - ok
19:10:35.0148 5460 [ CE2168C926927BA926301BAF172BC693 ] ARCVCAM C:\windows\system32\DRIVERS\ArcSoftVCapture.sys
19:10:35.0161 5460 ARCVCAM - ok
19:10:35.0180 5460 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
19:10:35.0256 5460 AsyncMac - ok
19:10:35.0304 5460 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\DRIVERS\atapi.sys
19:10:35.0319 5460 atapi - ok
19:10:35.0363 5460 [ 2D648572BA9A610952FCAFBA1E119C2D ] AtiHdmiService C:\windows\system32\drivers\AtiHdmi.sys
19:10:35.0379 5460 AtiHdmiService - ok
19:10:35.0427 5460 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
19:10:35.0521 5460 AudioEndpointBuilder - ok
19:10:35.0536 5460 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\windows\System32\Audiosrv.dll
19:10:35.0619 5460 AudioSrv - ok
19:10:35.0662 5460 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\windows\System32\AxInstSV.dll
19:10:35.0717 5460 AxInstSV - ok
19:10:35.0759 5460 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
19:10:35.0801 5460 b06bdrv - ok
19:10:35.0860 5460 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
19:10:35.0902 5460 b57nd60a - ok
19:10:36.0033 5460 [ 810BE94A9E42309B3F74217AC28BC6AC ] BCM43XX C:\windows\system32\DRIVERS\bcmwl664.sys
19:10:36.0140 5460 BCM43XX - ok
19:10:36.0188 5460 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
19:10:36.0223 5460 BDESVC - ok
19:10:36.0253 5460 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
19:10:36.0338 5460 Beep - ok
19:10:36.0413 5460 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\windows\System32\bfe.dll
19:10:36.0510 5460 BFE - ok
19:10:36.0663 5460 [ 0163C18A9EBC4A76542790CEC49F5120 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx64.sys
19:10:36.0710 5460 BHDrvx64 - ok
19:10:36.0760 5460 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\windows\System32\qmgr.dll
19:10:36.0862 5460 BITS - ok
19:10:36.0891 5460 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
19:10:36.0925 5460 blbdrive - ok
19:10:36.0969 5460 [ 91CE0D3DC57DD377E690A2D324022B08 ] bowser C:\windows\system32\DRIVERS\bowser.sys
19:10:37.0059 5460 bowser - ok
19:10:37.0101 5460 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
19:10:37.0128 5460 BrFiltLo - ok
19:10:37.0145 5460 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
19:10:37.0171 5460 BrFiltUp - ok
19:10:37.0207 5460 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\windows\System32\browser.dll
19:10:37.0297 5460 Browser - ok
19:10:37.0341 5460 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
19:10:37.0375 5460 Brserid - ok
19:10:37.0398 5460 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
19:10:37.0446 5460 BrSerWdm - ok
19:10:37.0470 5460 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
19:10:37.0512 5460 BrUsbMdm - ok
19:10:37.0532 5460 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
19:10:37.0565 5460 BrUsbSer - ok
19:10:37.0598 5460 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\DRIVERS\BthEnum.sys
19:10:37.0626 5460 BthEnum - ok
19:10:37.0644 5460 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
19:10:37.0685 5460 BTHMODEM - ok
19:10:37.0701 5460 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
19:10:37.0740 5460 BthPan - ok
19:10:37.0775 5460 [ D0168821EB2593A2DC5C5BF71BB21CBB ] BTHPORT C:\windows\system32\Drivers\BTHport.sys
19:10:37.0822 5460 BTHPORT - ok
19:10:37.0848 5460 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
19:10:37.0932 5460 bthserv - ok
19:10:37.0969 5460 [ 857667B6A26A307A78758E5EA2CE05D9 ] BTHUSB C:\windows\system32\Drivers\BTHUSB.sys
19:10:38.0018 5460 BTHUSB - ok
19:10:38.0040 5460 [ 59E3510784548C6939C1B3B985C232E3 ] btwampfl C:\windows\system32\drivers\btwampfl.sys
19:10:38.0063 5460 btwampfl - ok
19:10:38.0096 5460 [ 1872074ED0A3FB22E3F1E3197B984BFA ] btwaudio C:\windows\system32\drivers\btwaudio.sys
19:10:38.0110 5460 btwaudio - ok
19:10:38.0132 5460 [ 691CF076C33AB1C3A5B2FD5450300733 ] btwavdt C:\windows\system32\DRIVERS\btwavdt.sys
19:10:38.0148 5460 btwavdt - ok
19:10:38.0258 5460 [ 8BA6E93A182126781952A7895EC1E4B2 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
19:10:38.0301 5460 btwdins - ok
19:10:38.0334 5460 [ 07096D2BC22CCB6CEA5A532DF0BE8A75 ] btwl2cap C:\windows\system32\DRIVERS\btwl2cap.sys
19:10:38.0346 5460 btwl2cap - ok
19:10:38.0363 5460 [ C9273B20DEC8CE38DBCE5D29DE63C907 ] btwrchid C:\windows\system32\DRIVERS\btwrchid.sys
19:10:38.0375 5460 btwrchid - ok
19:10:38.0403 5460 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
19:10:38.0477 5460 cdfs - ok
19:10:38.0528 5460 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
19:10:38.0552 5460 cdrom - ok
19:10:38.0589 5460 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\windows\System32\certprop.dll
19:10:38.0686 5460 CertPropSvc - ok
19:10:38.0726 5460 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
19:10:38.0770 5460 circlass - ok
19:10:38.0796 5460 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
19:10:38.0824 5460 CLFS - ok
19:10:38.0900 5460 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:10:38.0915 5460 clr_optimization_v2.0.50727_32 - ok
19:10:38.0957 5460 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:10:38.0973 5460 clr_optimization_v2.0.50727_64 - ok
19:10:39.0061 5460 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:10:39.0076 5460 clr_optimization_v4.0.30319_32 - ok
19:10:39.0106 5460 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:10:39.0121 5460 clr_optimization_v4.0.30319_64 - ok
19:10:39.0152 5460 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
19:10:39.0184 5460 CmBatt - ok
19:10:39.0202 5460 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\DRIVERS\cmdide.sys
19:10:39.0218 5460 cmdide - ok
19:10:39.0275 5460 [ F95FD4CB7DA00BA2A63CE9F6B5C053E1 ] CNG C:\windows\system32\Drivers\cng.sys
19:10:39.0313 5460 CNG - ok
19:10:39.0348 5460 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
19:10:39.0363 5460 Compbatt - ok
19:10:39.0390 5460 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
19:10:39.0417 5460 CompositeBus - ok
19:10:39.0439 5460 COMSysApp - ok
19:10:39.0467 5460 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
19:10:39.0485 5460 crcdisk - ok
19:10:39.0515 5460 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\windows\system32\cryptsvc.dll
19:10:39.0598 5460 CryptSvc - ok
19:10:39.0691 5460 [ 61A86809B62769643892BC0812B204AA ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:10:39.0729 5460 cvhsvc - ok
19:10:39.0786 5460 [ A8BA4DA23AC20BDA23CA15234D42A3FA ] DAMDrv C:\windows\system32\DRIVERS\DAMDrv64.sys
19:10:39.0804 5460 DAMDrv - ok
19:10:39.0839 5460 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\windows\system32\rpcss.dll
19:10:39.0941 5460 DcomLaunch - ok
19:10:40.0019 5460 [ 0FD1090009949C58C86B40DD705D0F5D ] DEBridge c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
19:10:40.0040 5460 DEBridge ( UnsignedFile.Multi.Generic ) - warning
19:10:40.0040 5460 DEBridge - detected UnsignedFile.Multi.Generic (1)
19:10:40.0075 5460 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
19:10:40.0171 5460 defragsvc - ok
19:10:40.0214 5460 [ 3F1DC527070ACB87E40AFE46EF6DA749 ] DfsC C:\windows\system32\Drivers\dfsc.sys
19:10:40.0305 5460 DfsC - ok
19:10:40.0346 5460 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\windows\system32\dhcpcore.dll
19:10:40.0389 5460 Dhcp - ok
19:10:40.0416 5460 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
19:10:40.0487 5460 discache - ok
19:10:40.0554 5460 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
19:10:40.0571 5460 Disk - ok
19:10:40.0597 5460 [ 676108C4E3AA6F6B34633748BD0BEBD9 ] Dnscache C:\windows\System32\dnsrslvr.dll
19:10:40.0687 5460 Dnscache - ok
19:10:40.0720 5460 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\windows\System32\dot3svc.dll
19:10:40.0806 5460 dot3svc - ok
19:10:40.0904 5460 [ E0E65ED0985A28FB18128D6099E985C4 ] DpHost C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
19:10:40.0928 5460 DpHost - ok
19:10:40.0947 5460 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\windows\system32\dps.dll
19:10:41.0024 5460 DPS - ok
19:10:41.0060 5460 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
19:10:41.0095 5460 drmkaud - ok
19:10:41.0178 5460 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
19:10:41.0225 5460 DXGKrnl - ok
19:10:41.0260 5460 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
19:10:41.0345 5460 EapHost - ok
19:10:41.0503 5460 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
19:10:41.0622 5460 ebdrv - ok
19:10:41.0670 5460 [ 066108AE4C35835081598827A1A7D08D ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
19:10:41.0697 5460 eeCtrl - ok
19:10:41.0736 5460 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\windows\System32\lsass.exe
19:10:41.0769 5460 EFS - ok
19:10:41.0848 5460 [ 3D69FAE60EDE442E004611A4EE4DB44C ] ehRecvr C:\windows\ehome\ehRecvr.exe
19:10:41.0891 5460 ehRecvr - ok
19:10:41.0931 5460 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
19:10:41.0968 5460 ehSched - ok
19:10:42.0017 5460 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
19:10:42.0051 5460 elxstor - ok
19:10:42.0083 5460 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\DRIVERS\errdev.sys
19:10:42.0117 5460 ErrDev - ok
19:10:42.0168 5460 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
19:10:42.0277 5460 EventSystem - ok
19:10:42.0335 5460 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
19:10:42.0423 5460 exfat - ok
19:10:42.0452 5460 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
19:10:42.0540 5460 fastfat - ok
19:10:42.0593 5460 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\windows\system32\fxssvc.exe
19:10:42.0637 5460 Fax - ok
19:10:42.0689 5460 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
19:10:42.0746 5460 fdc - ok
19:10:42.0776 5460 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
19:10:42.0870 5460 fdPHost - ok
19:10:42.0907 5460 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
19:10:42.0993 5460 FDResPub - ok
19:10:43.0042 5460 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
19:10:43.0059 5460 FileInfo - ok
19:10:43.0080 5460 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
19:10:43.0153 5460 Filetrace - ok
19:10:43.0249 5460 [ 7E728680AA428506A82351D859C32C95 ] FLCDLOCK c:\Windows\SysWOW64\flcdlock.exe
19:10:43.0273 5460 FLCDLOCK - ok
19:10:43.0308 5460 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
19:10:43.0328 5460 flpydisk - ok
19:10:43.0356 5460 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
19:10:43.0380 5460 FltMgr - ok
19:10:43.0455 5460 [ BC00505CFDA789ED3BE95D2FF38C4875 ] FontCache C:\windows\system32\FntCache.dll
19:10:43.0519 5460 FontCache - ok
19:10:43.0561 5460 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:10:43.0573 5460 FontCache3.0.0.0 - ok
19:10:43.0587 5460 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
19:10:43.0604 5460 FsDepends - ok
19:10:43.0632 5460 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
19:10:43.0647 5460 Fs_Rec - ok
19:10:43.0690 5460 [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
19:10:43.0717 5460 fvevol - ok
19:10:43.0751 5460 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
19:10:43.0769 5460 gagp30kx - ok
19:10:43.0813 5460 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\windows\System32\gpsvc.dll
19:10:43.0881 5460 gpsvc - ok
19:10:43.0925 5460 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
19:10:43.0960 5460 hcw85cir - ok
19:10:44.0014 5460 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
19:10:44.0065 5460 HdAudAddService - ok
19:10:44.0104 5460 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
19:10:44.0140 5460 HDAudBus - ok
19:10:44.0183 5460 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\windows\system32\DRIVERS\HECIx64.sys
19:10:44.0196 5460 HECIx64 - ok
19:10:44.0218 5460 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
19:10:44.0250 5460 HidBatt - ok
19:10:44.0270 5460 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
19:10:44.0309 5460 HidBth - ok
19:10:44.0334 5460 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
19:10:44.0374 5460 HidIr - ok
19:10:44.0400 5460 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
19:10:44.0485 5460 hidserv - ok
19:10:44.0516 5460 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
19:10:44.0548 5460 HidUsb - ok
19:10:44.0570 5460 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\windows\system32\kmsvc.dll
19:10:44.0653 5460 hkmsvc - ok
19:10:44.0692 5460 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\windows\system32\ListSvc.dll
19:10:44.0735 5460 HomeGroupListener - ok
19:10:44.0785 5460 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\windows\system32\provsvc.dll
19:10:44.0809 5460 HomeGroupProvider - ok
19:10:44.0871 5460 [ 3F4ADD4196E2B860019539837BE305F9 ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
19:10:44.0895 5460 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
19:10:44.0895 5460 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
19:10:44.0948 5460 [ A094A4096AD7A90E2D790B590D3CBFD4 ] HP Power Assistant Service C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
19:10:44.0961 5460 HP Power Assistant Service - ok
19:10:45.0115 5460 [ 657E81DF0625198C97F91C09AE9611FC ] HP ProtectTools Service C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
19:10:45.0138 5460 HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - warning
19:10:45.0138 5460 HP ProtectTools Service - detected UnsignedFile.Multi.Generic (1)
19:10:45.0185 5460 [ 58CC11D14D88EF70EF7ABBC75B5EEBD8 ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
19:10:45.0197 5460 HP Wireless Assistant Service - ok
19:10:45.0250 5460 [ 94C74D758E0F7B1D962DA452B4D28C91 ] HPDayStarterService c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
19:10:45.0257 5460 HPDayStarterService ( UnsignedFile.Multi.Generic ) - warning
19:10:45.0257 5460 HPDayStarterService - detected UnsignedFile.Multi.Generic (1)
19:10:45.0318 5460 [ A48A151D3FA7CB032A51453F087221C7 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
19:10:45.0330 5460 HPDrvMntSvc.exe - ok
19:10:45.0362 5460 [ 05712FDDBD45A5864EB326FAABC6A4E3 ] hpdskflt C:\windows\system32\DRIVERS\hpdskflt.sys
19:10:45.0375 5460 hpdskflt - ok
19:10:45.0420 5460 [ 393383FE7F577B4A111B44445716FCB3 ] HpFkCryptService c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
19:10:45.0442 5460 HpFkCryptService - ok
19:10:45.0475 5460 [ C9D858E20AE696E7A0D9A05B595F850A ] HPFSService C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
19:10:45.0495 5460 HPFSService ( UnsignedFile.Multi.Generic ) - warning
19:10:45.0495 5460 HPFSService - detected UnsignedFile.Multi.Generic (1)
19:10:45.0557 5460 [ 4D94F4D7782657E79EB1352570B563DB ] hpHotkeyMonitor C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
19:10:45.0574 5460 hpHotkeyMonitor - ok
19:10:45.0608 5460 [ B98EE5D4535A685634B90F7E04DE0DF7 ] HpqKbFiltr C:\windows\system32\DRIVERS\HpqKbFiltr.sys
19:10:45.0619 5460 HpqKbFiltr - ok
19:10:45.0675 5460 [ 71BD8A611E0677175D3938C9CEA7339A ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
19:10:45.0706 5460 hpqwmiex - ok
19:10:45.0749 5460 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\windows\system32\DRIVERS\HpSAMD.sys
19:10:45.0767 5460 HpSAMD - ok
19:10:45.0787 5460 [ AA036CC5F5221D9B915F4D4DCE74BA9A ] hpsrv C:\windows\system32\Hpservice.exe
19:10:45.0801 5460 hpsrv - ok
19:10:45.0841 5460 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\windows\system32\drivers\HTTP.sys
19:10:45.0944 5460 HTTP - ok
19:10:45.0999 5460 [ 84D3088475BD9BC56ED76D6E0F740A63 ] Huawei C:\windows\system32\DRIVERS\ewdcsc.sys
19:10:46.0015 5460 Huawei - ok
19:10:46.0064 5460 [ 4B5C07DB91A0099272FAAE732E1152BD ] hwdatacard C:\windows\system32\DRIVERS\ewusbmdm.sys
19:10:46.0095 5460 hwdatacard - ok
19:10:46.0111 5460 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
19:10:46.0127 5460 hwpolicy - ok
19:10:46.0184 5460 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
19:10:46.0207 5460 i8042prt - ok
19:10:46.0235 5460 [ ABBF174CB394F5C437410A788B7E404A ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
19:10:46.0265 5460 iaStor - ok
19:10:46.0343 5460 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
19:10:46.0355 5460 IAStorDataMgrSvc - ok
19:10:46.0407 5460 [ 513DC087CFED7D2BB82F005385D3531F ] iaStorV C:\windows\system32\DRIVERS\iaStorV.sys
19:10:46.0436 5460 iaStorV - ok
19:10:46.0527 5460 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:10:46.0571 5460 idsvc - ok
19:10:46.0709 5460 [ 6F9B281BC4AFFF5FE784D7DA699D347F ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110325.001\IDSvia64.sys
19:10:46.0737 5460 IDSVia64 - ok
19:10:46.0758 5460 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
19:10:46.0774 5460 iirsp - ok
19:10:46.0836 5460 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\windows\System32\ikeext.dll
19:10:46.0935 5460 IKEEXT - ok
19:10:46.0984 5460 [ 4B6363CD4610BB848531BB260B15DFCC ] Impcd C:\windows\system32\DRIVERS\Impcd.sys
19:10:47.0014 5460 Impcd - ok
19:10:47.0049 5460 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\DRIVERS\intelide.sys
19:10:47.0064 5460 intelide - ok
19:10:47.0084 5460 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
19:10:47.0121 5460 intelppm - ok
19:10:47.0152 5460 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
19:10:47.0234 5460 IPBusEnum - ok
19:10:47.0271 5460 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
19:10:47.0343 5460 IpFilterDriver - ok
19:10:47.0389 5460 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
19:10:47.0488 5460 iphlpsvc - ok
19:10:47.0519 5460 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\windows\system32\DRIVERS\IPMIDrv.sys
19:10:47.0553 5460 IPMIDRV - ok
19:10:47.0577 5460 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
19:10:47.0658 5460 IPNAT - ok
19:10:47.0686 5460 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
19:10:47.0715 5460 IRENUM - ok
19:10:47.0741 5460 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\DRIVERS\isapnp.sys
19:10:47.0757 5460 isapnp - ok
19:10:47.0773 5460 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\windows\system32\DRIVERS\msiscsi.sys
19:10:47.0796 5460 iScsiPrt - ok
19:10:47.0826 5460 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
19:10:47.0842 5460 kbdclass - ok
19:10:47.0863 5460 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
19:10:47.0897 5460 kbdhid - ok
19:10:47.0920 5460 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\windows\system32\lsass.exe
19:10:47.0943 5460 KeyIso - ok
19:10:47.0969 5460 [ E8B6FCC9C83535C67F835D407620BD27 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
19:10:47.0988 5460 KSecDD - ok
19:10:48.0017 5460 [ A8C63880EF6F4D3FEC7B616B9C060215 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
19:10:48.0038 5460 KSecPkg - ok
19:10:48.0052 5460 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
19:10:48.0129 5460 ksthunk - ok
19:10:48.0181 5460 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
19:10:48.0255 5460 KtmRm - ok
19:10:48.0304 5460 [ C926920B8978DE6ACFE9E15C709E9B57 ] LanmanServer C:\windows\system32\srvsvc.dll
19:10:48.0406 5460 LanmanServer - ok
19:10:48.0452 5460 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
19:10:48.0540 5460 LanmanWorkstation - ok
19:10:48.0626 5460 [ 83D8BE94E1CBCBE2EA8372DB1A95A159 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
19:10:48.0660 5460 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
19:10:48.0660 5460 LightScribeService - detected UnsignedFile.Multi.Generic (1)
19:10:48.0698 5460 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
19:10:48.0785 5460 lltdio - ok
19:10:48.0827 5460 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
19:10:48.0924 5460 lltdsvc - ok
19:10:48.0973 5460 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
19:10:49.0058 5460 lmhosts - ok
19:10:49.0124 5460 [ BB4E55778D8DE3885E1CDAC795DE7BCE ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:10:49.0143 5460 LMS - ok
19:10:49.0187 5460 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
19:10:49.0207 5460 LSI_FC - ok
19:10:49.0236 5460 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
19:10:49.0255 5460 LSI_SAS - ok
19:10:49.0284 5460 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
19:10:49.0302 5460 LSI_SAS2 - ok
19:10:49.0327 5460 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
19:10:49.0346 5460 LSI_SCSI - ok
19:10:49.0371 5460 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
19:10:49.0457 5460 luafv - ok
19:10:49.0504 5460 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\windows\system32\drivers\mbam.sys
19:10:49.0517 5460 MBAMProtector - ok
19:10:49.0586 5460 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:10:49.0606 5460 MBAMScheduler - ok
19:10:49.0652 5460 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:10:49.0683 5460 MBAMService - ok
19:10:49.0729 5460 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
19:10:49.0767 5460 Mcx2Svc - ok
19:10:49.0784 5460 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
19:10:49.0801 5460 megasas - ok
19:10:49.0833 5460 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
19:10:49.0859 5460 MegaSR - ok
19:10:49.0890 5460 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
19:10:49.0976 5460 MMCSS - ok
19:10:50.0023 5460 [ DF5BD9CCFFBF9AA9D5096C6DAAAF0A00 ] mod7700 C:\windows\system32\DRIVERS\mod7700.sys
19:10:50.0056 5460 mod7700 - ok
19:10:50.0077 5460 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
19:10:50.0161 5460 Modem - ok
19:10:50.0193 5460 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
19:10:50.0236 5460 monitor - ok
19:10:50.0258 5460 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
19:10:50.0274 5460 mouclass - ok
19:10:50.0303 5460 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
19:10:50.0340 5460 mouhid - ok
19:10:50.0373 5460 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\windows\system32\drivers\mountmgr.sys
19:10:50.0391 5460 mountmgr - ok
19:10:50.0414 5460 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\windows\system32\DRIVERS\mpio.sys
19:10:50.0435 5460 mpio - ok
19:10:50.0454 5460 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
19:10:50.0525 5460 mpsdrv - ok
19:10:50.0583 5460 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\windows\system32\mpssvc.dll
19:10:50.0688 5460 MpsSvc - ok
19:10:50.0719 5460 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
19:10:50.0759 5460 MRxDAV - ok
19:10:50.0791 5460 [ 767A4C3BCF9410C286CED15A2DB17108 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
19:10:50.0822 5460 mrxsmb - ok
19:10:50.0844 5460 [ 920EE0FF995FCFDEB08C41605A959E1C ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
19:10:50.0877 5460 mrxsmb10 - ok
19:10:50.0895 5460 [ 740D7EA9D72C981510A5292CF6ADC941 ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
19:10:50.0914 5460 mrxsmb20 - ok
19:10:50.0945 5460 [ 2BA4FF3D5EB68587DD662A896F649C7D ] msahci C:\windows\system32\DRIVERS\msahci.sys
19:10:50.0960 5460 msahci - ok
19:10:50.0982 5460 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\windows\system32\DRIVERS\msdsm.sys
19:10:51.0001 5460 msdsm - ok
19:10:51.0020 5460 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
19:10:51.0050 5460 MSDTC - ok
19:10:51.0096 5460 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
19:10:51.0167 5460 Msfs - ok
19:10:51.0196 5460 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
19:10:51.0271 5460 mshidkmdf - ok
19:10:51.0290 5460 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\DRIVERS\msisadrv.sys
19:10:51.0303 5460 msisadrv - ok
19:10:51.0346 5460 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
19:10:51.0434 5460 MSiSCSI - ok
19:10:51.0441 5460 msiserver - ok
19:10:51.0475 5460 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
19:10:51.0559 5460 MSKSSRV - ok
19:10:51.0584 5460 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
19:10:51.0654 5460 MSPCLOCK - ok
19:10:51.0662 5460 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
19:10:51.0743 5460 MSPQM - ok
19:10:51.0778 5460 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
19:10:51.0804 5460 MsRPC - ok
19:10:51.0835 5460 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
19:10:51.0848 5460 mssmbios - ok
19:10:51.0867 5460 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
19:10:51.0944 5460 MSTEE - ok
19:10:51.0976 5460 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
19:10:52.0007 5460 MTConfig - ok
19:10:52.0022 5460 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
19:10:52.0036 5460 Mup - ok
19:10:52.0084 5460 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\windows\system32\qagentRT.dll
19:10:52.0165 5460 napagent - ok
19:10:52.0232 5460 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
19:10:52.0276 5460 NativeWifiP - ok
19:10:52.0351 5460 [ 7BE93DBB02B66E72872FF76D8A92E662 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110325.035\ENG64.SYS
19:10:52.0362 5460 NAVENG - ok
19:10:52.0420 5460 [ BE99EDBBA322CA59B3F2FE17B9BF987A ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110325.035\EX64.SYS
19:10:52.0491 5460 NAVEX15 - ok
19:10:52.0551 5460 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\windows\system32\drivers\ndis.sys
19:10:52.0588 5460 NDIS - ok
19:10:52.0630 5460 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
19:10:52.0694 5460 NdisCap - ok
19:10:52.0723 5460 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
19:10:52.0794 5460 NdisTapi - ok
19:10:52.0835 5460 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
19:10:52.0908 5460 Ndisuio - ok
19:10:52.0952 5460 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
19:10:53.0019 5460 NdisWan - ok
19:10:53.0054 5460 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\windows\system32\drivers\NDProxy.sys
19:10:53.0116 5460 NDProxy - ok
19:10:53.0152 5460 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
19:10:53.0203 5460 NetBIOS - ok
19:10:53.0235 5460 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\windows\system32\DRIVERS\netbt.sys
19:10:53.0299 5460 NetBT - ok
19:10:53.0337 5460 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\windows\system32\lsass.exe
19:10:53.0352 5460 Netlogon - ok
19:10:53.0392 5460 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
19:10:53.0466 5460 Netman - ok
19:10:53.0502 5460 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
19:10:53.0574 5460 netprofm - ok
19:10:53.0613 5460 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:10:53.0624 5460 NetTcpPortSharing - ok
19:10:53.0651 5460 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
19:10:53.0663 5460 nfrd960 - ok
19:10:53.0713 5460 [ E78A365CC3E0FBFC018A33DCE01909F8 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
19:10:53.0723 5460 NIS - ok
19:10:53.0749 5460 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\windows\System32\nlasvc.dll
19:10:53.0816 5460 NlaSvc - ok
19:10:53.0836 5460 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
19:10:53.0884 5460 Npfs - ok
19:10:53.0919 5460 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
19:10:53.0985 5460 nsi - ok
19:10:54.0012 5460 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
19:10:54.0077 5460 nsiproxy - ok
19:10:54.0156 5460 [ 1AD8FEF2D6AC7116B68B887A9782FD33 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
19:10:54.0210 5460 Ntfs - ok
19:10:54.0231 5460 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
19:10:54.0290 5460 Null - ok
19:10:54.0345 5460 [ DEAB10231CBDB0881FC25428EBE11506 ] nvraid C:\windows\system32\DRIVERS\nvraid.sys
19:10:54.0358 5460 nvraid - ok
19:10:54.0382 5460 [ 0AF7B8136794E23E87BE138992880E64 ] nvstor C:\windows\system32\DRIVERS\nvstor.sys
19:10:54.0396 5460 nvstor - ok
19:10:54.0427 5460 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\DRIVERS\nv_agp.sys
19:10:54.0440 5460 nv_agp - ok
19:10:54.0456 5460 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\DRIVERS\ohci1394.sys
19:10:54.0487 5460 ohci1394 - ok
19:10:54.0524 5460 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:10:54.0537 5460 ose - ok
19:10:54.0680 5460 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:10:54.0806 5460 osppsvc - ok
19:10:54.0847 5460 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
19:10:54.0874 5460 p2pimsvc - ok
19:10:54.0903 5460 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
19:10:54.0931 5460 p2psvc - ok
19:10:54.0967 5460 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
19:10:54.0981 5460 Parport - ok
19:10:55.0009 5460 [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr C:\windows\system32\drivers\partmgr.sys
19:10:55.0019 5460 partmgr - ok
19:10:55.0043 5460 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
19:10:55.0074 5460 PcaSvc - ok
19:10:55.0091 5460 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\windows\system32\DRIVERS\pci.sys
19:10:55.0104 5460 pci - ok
19:10:55.0136 5460 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\DRIVERS\pciide.sys
19:10:55.0146 5460 pciide - ok
19:10:55.0162 5460 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
19:10:55.0176 5460 pcmcia - ok
19:10:55.0194 5460 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
19:10:55.0204 5460 pcw - ok
19:10:55.0227 5460 pdfcDispatcher - ok
19:10:55.0261 5460 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
19:10:55.0337 5460 PEAUTH - ok
19:10:55.0444 5460 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
19:10:55.0473 5460 PerfHost - ok
19:10:55.0541 5460 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\windows\system32\pla.dll
19:10:55.0632 5460 pla - ok
19:10:55.0691 5460 [ 23157D583244400E1D7FBAEE2E4B31B7 ] PlugPlay C:\windows\system32\umpnpmgr.dll
19:10:55.0736 5460 PlugPlay - ok
19:10:55.0775 5460 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
19:10:55.0786 5460 PNRPAutoReg - ok
19:10:55.0805 5460 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
19:10:55.0818 5460 PNRPsvc - ok
19:10:55.0850 5460 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
19:10:55.0898 5460 PolicyAgent - ok
19:10:55.0944 5460 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
19:10:56.0000 5460 Power - ok
19:10:56.0053 5460 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
19:10:56.0125 5460 PptpMiniport - ok
19:10:56.0163 5460 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
19:10:56.0191 5460 Processor - ok
19:10:56.0220 5460 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\windows\system32\profsvc.dll
19:10:56.0269 5460 ProfSvc - ok
19:10:56.0303 5460 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\windows\system32\lsass.exe
19:10:56.0316 5460 ProtectedStorage - ok
19:10:56.0343 5460 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\windows\system32\DRIVERS\pacer.sys
19:10:56.0382 5460 Psched - ok
19:10:56.0404 5460 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
19:10:56.0412 5460 PSI_SVC_2 - ok
19:10:56.0475 5460 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
19:10:56.0514 5460 ql2300 - ok
19:10:56.0544 5460 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
19:10:56.0556 5460 ql40xx - ok
19:10:56.0574 5460 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
19:10:56.0593 5460 QWAVE - ok
19:10:56.0614 5460 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
19:10:56.0629 5460 QWAVEdrv - ok
19:10:56.0641 5460 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
19:10:56.0683 5460 RasAcd - ok
19:10:56.0722 5460 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
19:10:56.0759 5460 RasAgileVpn - ok
19:10:56.0788 5460 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
19:10:56.0839 5460 RasAuto - ok
19:10:56.0850 5460 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
19:10:56.0888 5460 Rasl2tp - ok
19:10:56.0945 5460 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\windows\System32\rasmans.dll
19:10:56.0995 5460 RasMan - ok
19:10:57.0022 5460 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
19:10:57.0075 5460 RasPppoe - ok
19:10:57.0109 5460 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
19:10:57.0155 5460 RasSstp - ok
19:10:57.0176 5460 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
19:10:57.0228 5460 rdbss - ok
19:10:57.0240 5460 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
19:10:57.0264 5460 rdpbus - ok
19:10:57.0288 5460 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
19:10:57.0323 5460 RDPCDD - ok
19:10:57.0339 5460 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
19:10:57.0386 5460 RDPENCDD - ok
19:10:57.0394 5460 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
19:10:57.0439 5460 RDPREFMP - ok
19:10:57.0476 5460 [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
19:10:57.0522 5460 RDPWD - ok
19:10:57.0569 5460 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\windows\system32\drivers\rdyboost.sys
19:10:57.0582 5460 rdyboost - ok
19:10:57.0607 5460 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
19:10:57.0669 5460 RemoteAccess - ok
19:10:57.0710 5460 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
19:10:57.0759 5460 RemoteRegistry - ok
19:10:57.0797 5460 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
19:10:57.0833 5460 RFCOMM - ok
19:10:57.0844 5460 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
19:10:57.0893 5460 RpcEptMapper - ok
19:10:57.0923 5460 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
19:10:57.0946 5460 RpcLocator - ok
19:10:57.0974 5460 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\windows\system32\rpcss.dll
19:10:58.0058 5460 RpcSs - ok
19:10:58.0102 5460 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
19:10:58.0177 5460 rspndr - ok
19:10:58.0231 5460 [ 30F463768D5143BFD7B2DF822B53CF4D ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
19:10:58.0250 5460 RSUSBSTOR - ok
19:10:58.0279 5460 [ ECBAB4CD65CBEDBE26EC6838E4FB7C1C ] RsvLock C:\windows\system32\drivers\RsvLock.sys
19:10:58.0291 5460 RsvLock - ok
19:10:58.0341 5460 [ FD978B2BF8A9B2390DCBEF435E9C1F9F ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
19:10:58.0362 5460 RTL8167 - ok
19:10:58.0382 5460 [ 317A99735C3A26C5CD60AB59E5E7E4E2 ] SafeBoot C:\windows\system32\drivers\SafeBoot.sys
19:10:58.0382 5460 Suspicious file (NoAccess): C:\windows\system32\drivers\SafeBoot.sys. md5: 317A99735C3A26C5CD60AB59E5E7E4E2
19:10:58.0383 5460 SafeBoot ( LockedFile.Multi.Generic ) - warning
19:10:58.0383 5460 SafeBoot - detected LockedFile.Multi.Generic (1)
19:10:58.0404 5460 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\windows\system32\lsass.exe
19:10:58.0427 5460 SamSs - ok
19:10:58.0446 5460 [ FD8714A36C4646DE22DDC7E36F6D09EF ] SbAlg C:\windows\system32\drivers\SbAlg.sys
19:10:58.0460 5460 SbAlg - ok
19:10:58.0482 5460 [ FCAA034231E58B0DE64D0A7904015535 ] SbFsLock C:\windows\system32\drivers\SbFsLock.sys
19:10:58.0494 5460 SbFsLock - ok
19:10:58.0519 5460 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\windows\system32\DRIVERS\sbp2port.sys
19:10:58.0540 5460 sbp2port - ok
19:10:58.0573 5460 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
19:10:58.0649 5460 SCardSvr - ok
19:10:58.0687 5460 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
19:10:58.0766 5460 scfilter - ok
19:10:58.0820 5460 [ EC56B171F85C7E855E7B0588AC503EEA ] Schedule C:\windows\system32\schedsvc.dll
19:10:58.0913 5460 Schedule - ok
19:10:58.0942 5460 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\windows\System32\certprop.dll
19:10:59.0017 5460 SCPolicySvc - ok
19:10:59.0057 5460 [ 54E47AD086782D3AE9417C155CDCEB9B ] sdbus C:\windows\system32\DRIVERS\sdbus.sys
19:10:59.0086 5460 sdbus - ok
19:10:59.0110 5460 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\windows\System32\SDRSVC.dll
19:10:59.0146 5460 SDRSVC - ok
19:10:59.0182 5460 [ 4A5809A1D796E2675AC0332BF7B0CB11 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
19:10:59.0204 5460 SeaPort - ok
19:10:59.0240 5460 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
19:10:59.0324 5460 secdrv - ok
19:10:59.0356 5460 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\windows\system32\seclogon.dll
19:10:59.0443 5460 seclogon - ok
19:10:59.0477 5460 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
19:10:59.0568 5460 SENS - ok
19:10:59.0586 5460 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
19:10:59.0619 5460 SensrSvc - ok
19:10:59.0648 5460 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
19:10:59.0684 5460 Serenum - ok
19:10:59.0714 5460 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
19:10:59.0738 5460 Serial - ok
19:10:59.0786 5460 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
19:10:59.0806 5460 sermouse - ok
19:10:59.0848 5460 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\windows\system32\sessenv.dll
19:10:59.0932 5460 SessionEnv - ok
19:10:59.0963 5460 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\DRIVERS\sffdisk.sys
19:11:00.0001 5460 sffdisk - ok
19:11:00.0022 5460 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\DRIVERS\sffp_mmc.sys
19:11:00.0056 5460 sffp_mmc - ok
19:11:00.0081 5460 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\windows\system32\DRIVERS\sffp_sd.sys
19:11:00.0111 5460 sffp_sd - ok
19:11:00.0149 5460 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
19:11:00.0189 5460 sfloppy - ok
19:11:00.0246 5460 [ D5183ED285D2795491DC15BDDCBEE5AD ] Sftfs C:\windows\system32\DRIVERS\Sftfslh.sys
19:11:00.0279 5460 Sftfs - ok
19:11:00.0317 5460 [ BFDB58616FF5EA540A5F58301D50641E ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:11:00.0344 5460 sftlist - ok
19:11:00.0367 5460 [ 00F118B68C50D2206DD51634F9142B83 ] Sftplay C:\windows\system32\DRIVERS\Sftplaylh.sys
19:11:00.0386 5460 Sftplay - ok
19:11:00.0409 5460 [ 76A827DF5640BFE16A0CDBB4108ADECA ] Sftredir C:\windows\system32\DRIVERS\Sftredirlh.sys
19:11:00.0420 5460 Sftredir - ok
19:11:00.0442 5460 [ 1B4C9701645086BAB8CAFFFCE30ED284 ] Sftvol C:\windows\system32\DRIVERS\Sftvollh.sys
19:11:00.0453 5460 Sftvol - ok
19:11:00.0471 5460 [ B94C3C4DCA2093243C76CA218EDE2A97 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:11:00.0489 5460 sftvsa - ok
19:11:00.0527 5460 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
19:11:00.0624 5460 SharedAccess - ok
19:11:00.0664 5460 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\windows\System32\shsvcs.dll
19:11:00.0716 5460 ShellHWDetection - ok
19:11:00.0763 5460 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
19:11:00.0780 5460 SiSRaid2 - ok
19:11:00.0805 5460 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
19:11:00.0823 5460 SiSRaid4 - ok
19:11:00.0863 5460 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
19:11:00.0954 5460 Smb - ok
19:11:00.0995 5460 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
19:11:01.0018 5460 SNMPTRAP - ok
19:11:01.0162 5460 [ 8A401CF988063ABB6FC958F05020E611 ] SNP2UVC C:\windows\system32\DRIVERS\snp2uvc.sys
19:11:01.0226 5460 SNP2UVC - ok
19:11:01.0255 5460 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
19:11:01.0271 5460 spldr - ok
19:11:01.0301 5460 [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler C:\windows\System32\spoolsv.exe
19:11:01.0350 5460 Spooler - ok
19:11:01.0497 5460 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\windows\system32\sppsvc.exe
19:11:01.0628 5460 sppsvc - ok
19:11:01.0646 5460 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
19:11:01.0728 5460 sppuinotify - ok
19:11:01.0823 5460 [ 90EF30C3867BCDE4579C01A6D6E75A7A ] SRTSP C:\windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS
19:11:01.0862 5460 SRTSP - ok
19:11:01.0890 5460 [ C513E8A5E7978DA49077F5484344EE1B ] SRTSPX C:\windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS
19:11:01.0903 5460 SRTSPX - ok
19:11:01.0952 5460 [ 43067A65522EAEC33D31A12D6FA8E3F4 ] srv C:\windows\system32\DRIVERS\srv.sys
19:11:01.0983 5460 srv - ok
19:11:02.0009 5460 [ 03715CF9C30B563DA35FC5F2B8F7B8E0 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
19:11:02.0049 5460 srv2 - ok
19:11:02.0069 5460 [ FBD09635227A8026C0F7790F604343C6 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
19:11:02.0102 5460 srvnet - ok
19:11:02.0128 5460 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
19:11:02.0216 5460 SSDPSRV - ok
19:11:02.0242 5460 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
19:11:02.0326 5460 SstpSvc - ok
19:11:02.0418 5460 [ E455F5FE92EDC3CAD3F2963C5CCA47E6 ] STacSV C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe
19:11:02.0451 5460 STacSV - ok
19:11:02.0471 5460 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
19:11:02.0487 5460 stexstor - ok
19:11:02.0525 5460 [ 4A9D087C9A97071B9D06DB38567DA906 ] STHDA C:\windows\system32\DRIVERS\stwrt64.sys
19:11:02.0573 5460 STHDA - ok
19:11:02.0632 5460 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\windows\System32\wiaservc.dll
19:11:02.0689 5460 stisvc - ok
19:11:02.0737 5460 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
19:11:02.0752 5460 swenum - ok
19:11:02.0789 5460 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
19:11:02.0876 5460 swprv - ok
19:11:02.0908 5460 [ 6160145C7A87FC7672E8E3B886888176 ] SymDS C:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS
19:11:02.0936 5460 SymDS - ok
19:11:02.0986 5460 [ 96AEED40D4D3521568B42027687E69E0 ] SymEFA C:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS
19:11:03.0031 5460 SymEFA - ok
19:11:03.0073 5460 [ 21A1C2D694C3CF962D31F5E873AB3D6F ] SymEvent C:\windows\system32\Drivers\SYMEVENT64x86.SYS
19:11:03.0089 5460 SymEvent - ok
19:11:03.0113 5460 [ BD0D711D8CBFCAA19CA123306EAF53A5 ] SymIRON C:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS
19:11:03.0130 5460 SymIRON - ok
19:11:03.0151 5460 [ A6ADB3D83023F8DAA0F7B6FDA785D83B ] SymNetS C:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS
19:11:03.0175 5460 SymNetS - ok
19:11:03.0271 5460 [ D268D2A0DB2A2BBE963E688D0B039267 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
19:11:03.0325 5460 SynTP - ok
19:11:03.0407 5460 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\windows\system32\sysmain.dll
19:11:03.0508 5460 SysMain - ok
19:11:03.0535 5460 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\windows\System32\TabSvc.dll
19:11:03.0570 5460 TabletInputService - ok
19:11:03.0604 5460 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\windows\System32\tapisrv.dll
19:11:03.0684 5460 TapiSrv - ok
19:11:03.0714 5460 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
19:11:03.0787 5460 TBS - ok
19:11:03.0850 5460 [ 90A2D722CF64D911879D6C4A4F802A4D ] Tcpip C:\windows\system32\drivers\tcpip.sys
19:11:03.0932 5460 Tcpip - ok
19:11:03.0994 5460 [ 90A2D722CF64D911879D6C4A4F802A4D ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
19:11:04.0069 5460 TCPIP6 - ok
19:11:04.0118 5460 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
19:11:04.0200 5460 tcpipreg - ok
19:11:04.0234 5460 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
19:11:04.0326 5460 TDPIPE - ok
19:11:04.0360 5460 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
19:11:04.0427 5460 TDTCP - ok
19:11:04.0458 5460 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\windows\system32\DRIVERS\tdx.sys
19:11:04.0525 5460 tdx - ok
19:11:04.0580 5460 [ C448651339196C0E869A355171875522 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
19:11:04.0597 5460 TermDD - ok
19:11:04.0635 5460 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\windows\System32\termsrv.dll
19:11:04.0741 5460 TermService - ok
19:11:04.0773 5460 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
19:11:04.0814 5460 Themes - ok
19:11:04.0858 5460 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
19:11:04.0930 5460 THREADORDER - ok
19:11:04.0982 5460 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\windows\system32\drivers\tpm.sys
19:11:05.0015 5460 TPM - ok
19:11:05.0036 5460 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
19:11:05.0122 5460 TrkWks - ok
19:11:05.0183 5460 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
19:11:05.0224 5460 TrustedInstaller - ok
19:11:05.0247 5460 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
19:11:05.0331 5460 tssecsrv - ok
19:11:05.0382 5460 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
19:11:05.0464 5460 tunnel - ok
19:11:05.0492 5460 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
19:11:05.0509 5460 uagp35 - ok
19:11:05.0554 5460 [ 9EEA84226ED2A028BC3FDFDDE03FE95C ] uArcCapture C:\windows\system\uArcCapture.exe
19:11:05.0582 5460 uArcCapture - ok
19:11:05.0632 5460 [ 0E5E962B5649D544BE54E8C90761EA2B ] udfs C:\windows\system32\DRIVERS\udfs.sys
19:11:05.0664 5460 udfs - ok
19:11:05.0697 5460 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
19:11:05.0722 5460 UI0Detect - ok
19:11:05.0776 5460 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\DRIVERS\uliagpkx.sys
19:11:05.0793 5460 uliagpkx - ok
19:11:05.0814 5460 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\windows\system32\DRIVERS\umbus.sys
19:11:05.0857 5460 umbus - ok
19:11:05.0879 5460 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
19:11:05.0916 5460 UmPass - ok
19:11:06.0048 5460 [ 44AA8D5D3B3B5610FEF46CA8A9C52D8C ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:11:06.0132 5460 UNS - ok
19:11:06.0168 5460 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
19:11:06.0262 5460 upnphost - ok
19:11:06.0288 5460 [ B26AFB54A534D634523C4FB66765B026 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
19:11:06.0323 5460 usbccgp - ok
19:11:06.0355 5460 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\DRIVERS\usbcir.sys
19:11:06.0392 5460 usbcir - ok
19:11:06.0414 5460 [ CB490987A7F6928A04BB838E3BD8A936 ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
19:11:06.0442 5460 usbehci - ok
19:11:06.0474 5460 [ 18124EF0A881A00EE222D02A3EE30270 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
19:11:06.0511 5460 usbhub - ok
19:11:06.0555 5460 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\windows\system32\DRIVERS\usbohci.sys
19:11:06.0582 5460 usbohci - ok
19:11:06.0612 5460 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
19:11:06.0639 5460 usbprint - ok
19:11:06.0653 5460 [ A60E7E0FA88FF067D049D525547CD5E9 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
19:11:06.0689 5460 USBSTOR - ok
19:11:06.0703 5460 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys
19:11:06.0739 5460 usbuhci - ok
19:11:06.0765 5460 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
19:11:06.0803 5460 usbvideo - ok
19:11:06.0859 5460 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
19:11:06.0934 5460 UxSms - ok
19:11:06.0955 5460 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\windows\system32\lsass.exe
19:11:06.0978 5460 VaultSvc - ok
19:11:07.0054 5460 [ F81A2648BFF893C8EFD9897811B14263 ] vcsFPService C:\windows\system32\vcsFPService.exe
19:11:07.0141 5460 vcsFPService - ok
19:11:07.0171 5460 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\DRIVERS\vdrvroot.sys
19:11:07.0187 5460 vdrvroot - ok
19:11:07.0214 5460 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\windows\System32\vds.exe
19:11:07.0268 5460 vds - ok
19:11:07.0303 5460 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
19:11:07.0330 5460 vga - ok
19:11:07.0348 5460 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
19:11:07.0420 5460 VgaSave - ok
19:11:07.0455 5460 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\windows\system32\DRIVERS\vhdmp.sys
19:11:07.0477 5460 vhdmp - ok
19:11:07.0498 5460 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\DRIVERS\viaide.sys
19:11:07.0513 5460 viaide - ok
19:11:07.0537 5460 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\windows\system32\DRIVERS\volmgr.sys
19:11:07.0554 5460 volmgr - ok
19:11:07.0575 5460 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\windows\system32\drivers\volmgrx.sys
19:11:07.0602 5460 volmgrx - ok
19:11:07.0646 5460 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\windows\system32\DRIVERS\volsnap.sys
19:11:07.0673 5460 volsnap - ok
19:11:07.0699 5460 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
19:11:07.0721 5460 vsmraid - ok
19:11:07.0791 5460 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\windows\system32\vssvc.exe
19:11:07.0854 5460 VSS - ok
19:11:07.0899 5460 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
19:11:07.0925 5460 vwifibus - ok
19:11:07.0955 5460 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
19:11:07.0985 5460 vwififlt - ok
19:11:08.0011 5460 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
19:11:08.0040 5460 vwifimp - ok
19:11:08.0083 5460 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
19:11:08.0167 5460 W32Time - ok
19:11:08.0195 5460 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
19:11:08.0225 5460 WacomPen - ok
19:11:08.0248 5460 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
19:11:08.0333 5460 WANARP - ok
19:11:08.0345 5460 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
19:11:08.0420 5460 Wanarpv6 - ok
19:11:08.0480 5460 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\windows\system32\wbengine.exe
19:11:08.0572 5460 wbengine - ok
19:11:08.0599 5460 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
19:11:08.0639 5460 WbioSrvc - ok
19:11:08.0661 5460 [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc C:\windows\System32\wcncsvc.dll
19:11:08.0705 5460 wcncsvc - ok
19:11:08.0745 5460 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
19:11:08.0774 5460 WcsPlugInService - ok
19:11:08.0792 5460 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
19:11:08.0808 5460 Wd - ok
19:11:08.0847 5460 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
19:11:08.0891 5460 Wdf01000 - ok
19:11:08.0922 5460 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
19:11:08.0975 5460 WdiServiceHost - ok
19:11:08.0981 5460 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
19:11:09.0016 5460 WdiSystemHost - ok
19:11:09.0036 5460 [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient C:\windows\System32\webclnt.dll
19:11:09.0081 5460 WebClient - ok
19:11:09.0102 5460 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
19:11:09.0204 5460 Wecsvc - ok
19:11:09.0231 5460 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
19:11:09.0312 5460 wercplsupport - ok
19:11:09.0361 5460 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
19:11:09.0449 5460 WerSvc - ok
19:11:09.0478 5460 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
19:11:09.0557 5460 WfpLwf - ok
19:11:09.0590 5460 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
19:11:09.0607 5460 WIMMount - ok
19:11:09.0632 5460 WinDefend - ok
19:11:09.0638 5460 WinHttpAutoProxySvc - ok
19:11:09.0697 5460 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
19:11:09.0775 5460 Winmgmt - ok
19:11:09.0874 5460 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\windows\system32\WsmSvc.dll
19:11:10.0020 5460 WinRM - ok
19:11:10.0061 5460 [ 4D52C872018AF7E18D078978DCC3F6F2 ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
19:11:10.0082 5460 WinUsb - ok
19:11:10.0152 5460 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
19:11:10.0219 5460 Wlansvc - ok
19:11:10.0377 5460 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:11:10.0471 5460 wlidsvc - ok
19:11:10.0501 5460 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
19:11:10.0521 5460 WmiAcpi - ok
19:11:10.0570 5460 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
19:11:10.0609 5460 wmiApSrv - ok
19:11:10.0652 5460 WMPNetworkSvc - ok
19:11:10.0684 5460 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
19:11:10.0704 5460 WPCSvc - ok
19:11:10.0740 5460 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
19:11:10.0780 5460 WPDBusEnum - ok
19:11:10.0831 5460 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
19:11:10.0895 5460 ws2ifsl - ok
19:11:10.0917 5460 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll
19:11:10.0963 5460 wscsvc - ok
19:11:10.0968 5460 WSearch - ok
19:11:11.0066 5460 [ 38340204A2D0228F1E87740FC5E554A7 ] wuauserv C:\windows\system32\wuaueng.dll
19:11:11.0213 5460 wuauserv - ok
19:11:11.0241 5460 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
19:11:11.0313 5460 WudfPf - ok
19:11:11.0353 5460 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
19:11:11.0429 5460 WUDFRd - ok
19:11:11.0458 5460 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\windows\System32\WUDFSvc.dll
19:11:11.0545 5460 wudfsvc - ok
19:11:11.0590 5460 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
19:11:11.0638 5460 WwanSvc - ok
19:11:11.0676 5460 ================ Scan global ===============================
19:11:11.0699 5460 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
19:11:11.0721 5460 [ 457B44AB6D502E55F64A867D4F35C76C ] C:\windows\system32\winsrv.dll
19:11:11.0733 5460 [ 457B44AB6D502E55F64A867D4F35C76C ] C:\windows\system32\winsrv.dll
19:11:11.0813 5460 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
19:11:11.0865 5460 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
19:11:11.0872 5460 [Global] - ok
19:11:11.0873 5460 ================ Scan MBR ==================================
19:11:11.0886 5460 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:11:12.0736 5460 \Device\Harddisk0\DR0 - ok
19:11:12.0737 5460 ================ Scan VBR ==================================
19:11:12.0746 5460 [ 4DB08B6E9F490247FA59C00F98C438A2 ] \Device\Harddisk0\DR0\Partition1
19:11:12.0748 5460 \Device\Harddisk0\DR0\Partition1 - ok
19:11:12.0763 5460 [ F33A59E879746765B14C324DE2E06AA5 ] \Device\Harddisk0\DR0\Partition2
19:11:12.0765 5460 \Device\Harddisk0\DR0\Partition2 - ok
19:11:12.0789 5460 [ 3F12C7C1C1223A67D78493C0DE8423B0 ] \Device\Harddisk0\DR0\Partition3
19:11:12.0791 5460 \Device\Harddisk0\DR0\Partition3 - ok
19:11:12.0805 5460 [ A094293C5230B4058E0AEA206337E666 ] \Device\Harddisk0\DR0\Partition4
19:11:12.0806 5460 \Device\Harddisk0\DR0\Partition4 - ok
19:11:12.0807 5460 ============================================================
19:11:12.0807 5460 Scan finished
19:11:12.0807 5460 ============================================================
19:11:12.0821 6720 Detected object count: 7
19:11:12.0821 6720 Actual detected object count: 7
19:21:29.0166 6720 DEBridge ( UnsignedFile.Multi.Generic ) - skipped by user
19:21:29.0166 6720 DEBridge ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:21:29.0167 6720 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:21:29.0167 6720 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:21:29.0169 6720 HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:21:29.0169 6720 HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:21:29.0171 6720 HPDayStarterService ( UnsignedFile.Multi.Generic ) - skipped by user
19:21:29.0172 6720 HPDayStarterService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:21:29.0174 6720 HPFSService ( UnsignedFile.Multi.Generic ) - skipped by user
19:21:29.0174 6720 HPFSService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:21:29.0176 6720 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
19:21:29.0176 6720 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:21:29.0178 6720 SafeBoot ( LockedFile.Multi.Generic ) - skipped by user
19:21:29.0178 6720 SafeBoot ( LockedFile.Multi.Generic ) - User select action: Skip
|
|
| Themen zu Verschusselungstrojaner |
| autorun, bho, error, failed, fehler, firefox, flash player, format, helper, home, install.exe, internet, internet explorer, logfile, microsoft office starter 2010, netzwerk, object, plug-in, realtek, registry, rundll, scan, security, software, stick, svchost.exe, symantec, windows |
Linear-Darstellung
