Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Snap.do und SpyHunter entfernen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 03.03.2013, 19:05   #1
Smilims
 
Snap.do und SpyHunter entfernen - Standard

Snap.do und SpyHunter entfernen



Hallo "Trojaner-Board" Team,

ich habe folgendes Problem: Heute nachmittag habe ich mir den "Freemake Video Downloader" heruntergeladen und dabei wurde auch "snap.do" installiert. Da dies dann immer als Internetstartseite angezeigt wurde, habe ich es wieder deinstalliert. Allerdings wurde snap.do weiterhin als Internetstartseite angezeigt. Daraufhin bin ich auf "SpyHunter" gestoßen und hoffte damit das Problem zu beseitigen. Tja Pustekuchen.. Nun kann ich SpyHunter nicht deinstallieren, bzw. bin mir nicht sicher, ob es überhaupt schon komplett installiert ist.
Den Scan habe ich durchgeführt und die Logfiles ist erstellt. Der Freemake Video Downloader ist auch deinstalliert, jedoch gab es die Meldung, dass nicht alle Komponenten gelöscht worden sind. Snap.do wird jetzt zum Glück endlich nicht mehr angezeigt!
Meine Bitte daher, könnte mir jemand helfen die Programme wieder vollständig von meinem Laptop zu entfernen?

Mit freundlichen Grüßen,

Smilims

Geändert von Smilims (03.03.2013 um 19:35 Uhr)

Alt 03.03.2013, 19:52   #2
markusg
/// Malware-holic
 
Snap.do und SpyHunter entfernen - Standard

Snap.do und SpyHunter entfernen



Hi

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 03.03.2013, 23:51   #3
Smilims
 
Snap.do und SpyHunter entfernen - Standard

Snap.do und SpyHunter entfernen



OTL EXTRAS Logfile:
Code:
ATTFilter
OTL logfile created on: 03.03.2013 23:44:27 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sarah\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 55,28% Memory free
7,35 Gb Paging File | 5,63 Gb Available in Paging File | 76,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285,30 Gb Total Space | 208,58 Gb Free Space | 73,11% Space Free | Partition Type: NTFS
 
Computer Name: SARAH-PC | User Name: Sarah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Sarah\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Sarah\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe (Uniblue Systems Limited)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Programme\eMachines\eMachines Updater\UpdaterService.exe (Acer Group)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Acer Incorporated)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\PLFSetI.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll ()
MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe (Symantec Corporation)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (ePowerSvc) -- C:\Programme\eMachines\eMachines Power Management\ePowerSvc.exe (Acer Incorporated)
SRV - (Updater Service) -- C:\Programme\eMachines\eMachines Updater\UpdaterService.exe (Acer Group)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (Greg_Service) -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SYMTDIv) -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symtdiv.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symefa64.sys (Symantec Corporation)
DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\cchpx64.sys (Symantec Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (npf) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (SymIM) -- C:\Windows\SysNative\drivers\SymIMV.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\ironx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symds64.sys (Symantec Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (PVUSB) -- C:\Windows\SysNative\drivers\CESG64.sys (CASIO COMPUTER CO.,LTD.)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20130302.016\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20130302.016\eng64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20130208.001\BHDrvx64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20130301.002\IDSviA64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=g730&r=27361210s0c6l0450z165r46216556
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=g730&r=27361210s0c6l0450z165r46216556
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=g730&r=27361210s0c6l0450z165r46216556
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=g730&r=27361210s0c6l0450z165r46216556
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1530750314-1823746422-2989766619-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=g730&r=27361210s0c6l0450z165r46216556
IE - HKU\S-1-5-21-1530750314-1823746422-2989766619-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com
IE - HKU\S-1-5-21-1530750314-1823746422-2989766619-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1530750314-1823746422-2989766619-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKU\S-1-5-21-1530750314-1823746422-2989766619-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-1530750314-1823746422-2989766619-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKU\S-1-5-21-1530750314-1823746422-2989766619-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1530750314-1823746422-2989766619-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1530750314-1823746422-2989766619-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_deDE409
IE - HKU\S-1-5-21-1530750314-1823746422-2989766619-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1530750314-1823746422-2989766619-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..extensions.enabledItems: {2ad12297-01a9-4e1c-b219-add3751a8e5a}:1.0
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.4.7
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.13.0.6
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2010.9.0.6
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.8
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sarah\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sarah\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2011.07.21 11:29:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn_2010_9_0_6 [2013.03.03 22:50:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013.02.03 20:34:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.19 19:22:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.29 20:58:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013.02.03 20:34:42 | 000,000,000 | ---D | M]
 
[2010.12.08 18:14:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Extensions
[2013.03.03 17:41:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\mqbuilnh.default\extensions
[2012.03.17 14:26:15 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\mqbuilnh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.06.26 14:39:19 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\mqbuilnh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.12.08 18:11:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.03 20:34:42 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2013.03.03 22:50:55 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\COFFPLGN_2010_9_0_6
[2011.07.21 11:29:18 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPLGN
File not found (No name found) -- C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MQBUILNH.DEFAULT\EXTENSIONS\{2AD12297-01A9-4E1C-B219-ADD3751A8E5A}
File not found (No name found) -- C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MQBUILNH.DEFAULT\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07}
File not found (No name found) -- C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MQBUILNH.DEFAULT\EXTENSIONS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
File not found (No name found) -- C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MQBUILNH.DEFAULT\EXTENSIONS\ENGINE@CONDUIT.COM
[2012.05.19 19:22:43 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.05.19 19:22:43 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.05.19 19:22:43 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.05.19 19:22:43 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.05.19 19:22:44 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sarah\AppData\Local\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sarah\AppData\Local\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sarah\AppData\Local\Google\Chrome\Application\25.0.1364.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Sahara = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnplnldbhjbakploidcdefoebhmengpm\2.0_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1530750314-1823746422-2989766619-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-1530750314-1823746422-2989766619-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\eMachines\eMachines Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1530750314-1823746422-2989766619-1000..\Run: [DriverScanner] C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Sarah\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube to DVD Converter - C:\Users\Sarah\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sarah\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to DVD Converter - C:\Users\Sarah\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sarah\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C5C1E74-7170-4962-A318-D2234ADA1AD4}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4B585D3-4E04-40CE-AABB-A13192FAB352}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.03.03 17:23:01 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.03 23:25:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.03.03 22:58:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
[2013.03.03 18:19:45 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Malwarebytes
[2013.03.03 18:19:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.03 18:19:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.03 18:19:28 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.03 18:19:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.03.03 18:18:51 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\Programs
[2013.03.03 17:46:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2013.03.03 17:16:25 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013.03.03 17:16:24 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2013.03.03 17:16:24 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.03.03 17:14:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013.03.03 16:02:25 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\FreemakeVideoDownloader
[2013.03.03 15:35:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013.03.03 15:28:37 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2013.03.03 15:28:27 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Uniblue
[2013.03.03 15:28:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2013.03.03 15:28:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2013.03.03 15:28:12 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Documents\Freemake
[2013.03.03 15:28:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake
[2013.03.03 15:27:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freemake
[2013.02.04 22:31:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013.02.03 21:14:40 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2013.02.03 21:08:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2013.02.03 20:39:58 | 000,000,000 | ---D | C] -- C:\ProgramData\HPSSUPPLY
[2013.02.03 20:39:31 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\HP
[2013.02.03 20:38:00 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\HP
[2013.02.03 20:33:28 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2013.02.03 20:32:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2013.02.03 20:32:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2013.02.03 20:31:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2013.02.03 20:29:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2013.02.03 20:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2013.02.03 20:24:03 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2013.02.02 16:22:45 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\OpenOffice.org
[2013.02.02 16:20:56 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2013.02.02 16:19:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2013.02.02 16:17:38 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Desktop\OpenOffice.org 3.4.1 (de) Installation Files
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.03 23:23:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.03 23:01:41 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.03 23:01:41 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.03 22:58:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
[2013.03.03 22:54:15 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1530750314-1823746422-2989766619-1000UA.job
[2013.03.03 22:52:05 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.03 22:52:02 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job
[2013.03.03 22:50:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.03 22:50:28 | 2960,523,264 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.03 18:19:30 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.03 17:54:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1530750314-1823746422-2989766619-1000Core.job
[2013.03.03 17:23:01 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013.02.28 18:56:27 | 000,002,376 | ---- | M] () -- C:\Users\Sarah\Desktop\Google Chrome.lnk
[2013.02.20 20:25:13 | 001,486,084 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.20 20:25:13 | 000,648,704 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.20 20:25:13 | 000,611,332 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.20 20:25:13 | 000,128,930 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.20 20:25:13 | 000,105,512 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.13 21:18:16 | 000,449,864 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.03 21:14:34 | 000,225,522 | ---- | M] () -- C:\Windows\hpoins46.dat
[2013.02.03 21:14:25 | 000,001,159 | ---- | M] () -- C:\Users\Sarah\Desktop\HP Deskjet F4500 series - Verknüpfung (2).lnk
[2013.02.03 21:08:19 | 000,001,881 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2013.02.03 21:08:19 | 000,001,866 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2013.02.03 20:59:21 | 000,001,159 | ---- | M] () -- C:\Users\Sarah\Desktop\HP Deskjet F4500 series - Verknüpfung.lnk
[2013.02.03 20:33:24 | 000,001,360 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2013.02.03 20:32:47 | 000,002,108 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2013.02.03 20:31:58 | 000,002,313 | ---- | M] () -- C:\Users\Public\Desktop\Windows Live Fotogalerie.lnk
[2013.02.02 16:23:03 | 000,001,248 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013.02.02 16:21:02 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.03 18:19:30 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.03 17:23:01 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013.03.03 15:28:29 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\DriverScanner.job
[2013.02.03 21:18:31 | 000,449,864 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.03 21:14:25 | 000,001,159 | ---- | C] () -- C:\Users\Sarah\Desktop\HP Deskjet F4500 series - Verknüpfung (2).lnk
[2013.02.03 21:08:19 | 000,001,881 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2013.02.03 21:08:19 | 000,001,866 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2013.02.03 20:59:21 | 000,001,159 | ---- | C] () -- C:\Users\Sarah\Desktop\HP Deskjet F4500 series - Verknüpfung.lnk
[2013.02.03 20:42:01 | 000,000,606 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2013.02.03 20:33:24 | 000,001,360 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2013.02.03 20:32:47 | 000,002,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2013.02.03 20:31:58 | 000,002,313 | ---- | C] () -- C:\Users\Public\Desktop\Windows Live Fotogalerie.lnk
[2013.02.03 20:24:29 | 000,225,522 | ---- | C] () -- C:\Windows\hpoins46.dat
[2013.02.02 16:23:03 | 000,001,248 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013.02.02 16:21:02 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2013.01.23 20:35:13 | 000,002,787 | ---- | C] () -- C:\Users\Sarah\.recently-used.xbel
[2012.11.29 20:59:23 | 000,000,715 | ---- | C] () -- C:\Windows\ManagerPLUS.INI
[2012.03.29 23:47:19 | 000,004,096 | -H-- | C] () -- C:\Users\Sarah\AppData\Local\keyfile3.drm
[2011.03.28 15:21:36 | 000,040,734 | ---- | C] () -- C:\Users\Sarah\Kunst Gesicht.JPG
[2011.03.14 19:23:58 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.12.12 19:49:07 | 000,000,000 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.03.03 22:54:27 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Dropbox
[2012.10.06 12:48:02 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\DVDVideoSoft
[2013.03.03 16:02:25 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\FreemakeVideoDownloader
[2013.01.23 20:35:13 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\gtk-2.0
[2012.01.14 11:49:58 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\ICQ
[2013.02.02 16:22:45 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\OpenOffice.org
[2010.12.12 19:49:19 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Template
[2011.03.30 16:46:45 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Tific
[2013.03.03 15:28:27 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Uniblue
[2010.12.26 22:51:57 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\WildTangent
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< OTL Extras logfile created on: 03.03.2013 23:00:41 - Run 1 >
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.12.08 18:17:54 | 000,001,106 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2010.12.08 18:17:56 | 000,001,110 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2010.12.23 19:00:42 | 000,001,068 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1530750314-1823746422-2989766619-1000Core.job
[2010.12.23 19:00:42 | 000,001,120 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1530750314-1823746422-2989766619-1000UA.job
[2013.03.03 15:28:29 | 000,000,340 | ---- | C] () -- C:\Windows\Tasks\DriverScanner.job
 
< OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sarah\Downloads >
 
< 64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation >
 
< Internet Explorer (Version = 8.0.7600.16385) >
 
< Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy >
 
<   >
 
< 3,68 Gb Total Physical Memory | 1,64 Gb Available Physical Memory | 44,64% Memory free >
 
< 7,35 Gb Paging File | 5,20 Gb Available in Paging File | 70,76% Paging File free >
 
< Paging file location(s): ?:\pagefile.sys [binary data] >
 
<   >
 
< %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) >
 
< Drive C: | 285,30 Gb Total Space | 208,58 Gb Free Space | 73,11% Space Free | Partition Type: NTFS >
 
<   >
 
< Computer Name: SARAH-PC | User Name: Sarah | Logged in as Administrator. >
 
< Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans >
 
< Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days >
 
<   >
 
< ========== Extra Registry (SafeList) ========== >
Invalid Switch: color]
 
<   >
 
<   >
 
< ========== File Associations ========== >
Invalid Switch: color]
 
<   >
 
< 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] >
Invalid Switch: b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
< .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) >
 
<   >
 
< [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] >
 
< .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) >
 
<   >
 
< ========== Shell Spawning ========== >
Invalid Switch: color]
 
<   >
 
< 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] >
Invalid Switch: b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
 
< batfile [open] -- "%1" %* >
 
< cmdfile [open] -- "%1" %* >
 
< comfile [open] -- "%1" %* >
 
< exefile [open] -- "%1" %* >
 
< helpfile [open] -- Reg Error: Key error. >
 
< htafile [open] -- "%1" %* >
 
< inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) >
 
< InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) >
 
< InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) >
 
< piffile [open] -- "%1" %* >
 
< regfile [merge] -- Reg Error: Key error. >
 
< scrfile [config] -- "%1" >
 
< scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l >
 
< scrfile [open] -- "%1" /S >
 
< txtfile [edit] -- Reg Error: Key error. >
 
< Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 >
 
< Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) >
 
< Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) >
 
< Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) >
 
< Folder [explore] -- Reg Error: Value error. >
 
< Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) >
 
<   >
 
< [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] >
 
< batfile [open] -- "%1" %* >
 
< cmdfile [open] -- "%1" %* >
 
< comfile [open] -- "%1" %* >
 
< cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) >
 
< exefile [open] -- "%1" %* >
 
< helpfile [open] -- Reg Error: Key error. >
 
< htafile [open] -- "%1" %* >
 
< inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) >
 
< piffile [open] -- "%1" %* >
 
< regfile [merge] -- Reg Error: Key error. >
 
< scrfile [config] -- "%1" >
 
< scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l >
 
< scrfile [open] -- "%1" /S >
 
< txtfile [edit] -- Reg Error: Key error. >
 
< Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 >
 
< Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) >
 
< Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) >
 
< Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) >
 
< Folder [explore] -- Reg Error: Value error. >
 
< Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) >
 
<   >
 
< ========== Security Center Settings ========== >
Invalid Switch: color]
 
<   >
 
< 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] >
Invalid Switch: b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
< "cval" = 1 >
 
<   >
 
< 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] >
Invalid Switch: b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
<   >
 
< 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] >
Invalid Switch: b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
< "VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data] >
 
< "AntiVirusOverride" = 0 >
 
< "AntiSpywareOverride" = 0 >
 
< "FirewallOverride" = 0 >
 
<   >
 
< 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] >
Invalid Switch: b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
<   >
 
< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] >
 
<   >
 
< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] >
 
<   >
 
< ========== Firewall Settings ========== >
Invalid Switch: color]
 
<   >
 
< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] >
 
< "DisableNotifications" = 0 >
 
< "EnableFirewall" = 1 >
 
<   >
 
< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] >
 
< "DisableNotifications" = 0 >
 
< "EnableFirewall" = 1 >
 
<   >
 
< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] >
 
< "DisableNotifications" = 0 >
 
< "EnableFirewall" = 1 >
 
<   >
 
< ========== Authorized Applications List ========== >
Invalid Switch: color]
 
<   >
 
<   >
 
< ========== Vista Active Open Ports Exception List ========== >
Invalid Switch: color]
 
<   >
 
< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] >
 
< "{02E560B9-ACFD-4DCF-AA7E-31276D3EF7E8}" = lport=138 | protocol=17 | dir=in | app=system |  >
 
< "{0A5D2F14-7E93-4190-BDF9-3FA12EE83976}" = rport=138 | protocol=17 | dir=out | app=system |  >
 
< "{0A7F0C14-7981-4A0B-BE98-B26C2C274636}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |  >
 
< "{0C169743-2240-4AC8-829D-2EFD9C59E6B6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |  >
 
< "{10B51755-8641-4D84-A8F9-8D41259C5B63}" = lport=137 | protocol=17 | dir=in | app=system |  >
 
< "{16E4FBC3-5B8B-469D-9A66-89020AB69A3A}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |  >
 
< "{1DAACFC5-8258-4341-A771-2486BF2A3180}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |  >
 
< "{1E8D0DFD-14EA-4AB0-9DA4-1AD8862C75FC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |  >
 
< "{224D50E3-7287-4375-A7DF-1706EE332CEC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |  >
 
< "{35409B81-A00A-495C-BCEA-45173D608A75}" = lport=2869 | protocol=6 | dir=in | app=system |  >
 
< "{3CBF7BAB-DDB2-4587-B478-F4D3D54E9ADB}" = lport=2869 | protocol=6 | dir=in | app=system |  >
 
< "{49ED43E4-D24D-4121-90D2-7C2D16B75779}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |  >
 
< "{535F4414-D319-432D-B481-CF5B8DA4E0DA}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |  >
 
< "{544640E7-3F39-4B84-89DB-94D13F39B60B}" = rport=10243 | protocol=6 | dir=out | app=system |  >
 
< "{57DE36FC-BFD1-44DC-8BE6-DD0B09A02966}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |  >
 
< "{59DC71A5-00E9-4F32-AD60-A2F833AFE938}" = rport=137 | protocol=17 | dir=out | app=system |  >
 
< "{7396E6B6-43AA-4448-9CE8-C1744AECBEFD}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |  >
 
< "{8050A616-C7B8-4FF4-8461-2AAF707CB326}" = rport=139 | protocol=6 | dir=out | app=system |  >
 
< "{81E98AF7-0376-4E1D-8581-CF8B5F3204C9}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |  >
 
< "{871C2FF2-4CD5-4035-9869-3AD508B92F26}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |  >
 
< "{8884BA0A-23CA-4E4A-AC96-0D909BE4B3E3}" = lport=10243 | protocol=6 | dir=in | app=system |  >
 
< "{897E572A-BCC1-4011-818B-02BDA31C4B42}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |  >
 
< "{8AB98AF9-AA3D-4A88-A96B-4445AE4A1E33}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |  >
 
< "{9075456E-DD7D-4AB8-81A0-D018038825D4}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |  >
 
< "{90BA20D6-F364-40A3-ACA6-CDED0F919328}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |  >
 
< "{93BECE9F-F231-40C7-896A-F3AF43F109E9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |  >
 
< "{9D67AFFF-B5EF-44D3-AC94-26F81DC9BCC9}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |  >
 
< "{A3E1D349-6639-42DB-9ED8-4285954B6315}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |  >
 
< "{B0666CCF-F888-4FB3-9CD7-85D63D8E2598}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |  >
 
< "{B52E3136-A7DA-4491-879E-14D259A06179}" = rport=445 | protocol=6 | dir=out | app=system |  >
 
< "{B559DA58-4ABB-4789-96FC-05D76DF59AF8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |  >
 
< "{B5F9EF2F-DE5C-41F6-8F8D-7EA28057A171}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |  >
 
< "{CA9B2CE6-2B10-4B27-8483-E3F93EA4C3AD}" = lport=2869 | protocol=6 | dir=in | app=system |  >
 
< "{CE7156C1-A588-4C85-BF92-8EF07E26420B}" = rport=2869 | protocol=6 | dir=out | app=system |  >
 
< "{CEC0ABF4-2FC5-4BDE-BBB9-13D03F81EF35}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |  >
 
< "{D13C722B-F61C-40DC-92D2-DD2394B917EF}" = lport=139 | protocol=6 | dir=in | app=system |  >
 
< "{DD25274F-7C9B-469E-982B-0D01790FD898}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |  >
 
< "{E4D46C06-5800-4A59-B164-AE3B633A450A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |  >
 
< "{E8BAB55C-3F4A-4FCC-9FAD-A01BB2262A3D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |  >
 
< "{EE505EB0-BE43-4997-BDDC-3B8F0CB2E8B2}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |  >
 
< "{EED38836-D1E9-4778-8541-8606AE9DB5F9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |  >
 
< "{F79A3CF5-C39A-47D2-8ED5-E4969A135046}" = lport=445 | protocol=6 | dir=in | app=system |  >
 
<   >
 
< ========== Vista Active Application Exception List ========== >
Invalid Switch: color]
 
<   >
 
< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] >
 
< "{01325272-C373-48F0-B247-442B457FB54D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |  >
 
< "{09DE98A0-EE10-479B-AB38-82F12FE256C4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |  >
 
< "{1181B667-752A-4422-B81F-9994F6F4A02E}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |  >
 
< "{11BF11C9-502B-4FAC-A458-948DFF282343}" = dir=in | app=d:\setup\hpznui40.exe |  >
 
< "{12194258-DEC2-46CC-88E1-67BDF2C2EA6B}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |  >
 
< "{15609DD8-5353-48B0-B514-12624C79507F}" = protocol=17 | dir=in | app=c:\users\sarah\appdata\roaming\dropbox\bin\dropbox.exe |  >
 
< "{16B816E1-34CA-456A-842D-F9BA5C44CCC2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |  >
 
< "{16BD5F0E-73B9-4E8B-A503-B70196216753}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |  >
 
< "{197A1EE6-3290-4826-B8E8-3BBA7849AC61}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |  >
 
< "{1C2E0654-6B3F-4D81-BEF9-2644C92D568C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |  >
 
< "{1C7E0163-F2E3-46C4-B1F5-AF4704B864EE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |  >
 
< "{20F7A05F-82E0-4EE6-ADAD-64A835186B35}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |  >
 
< "{215AE1D4-97BE-4581-9799-8D2519F64C92}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |  >
 
< "{251B9962-0F75-47C8-8A59-9221F63ACEE1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |  >
 
< "{2B01595E-1C5D-4F86-BD39-FC4ECE9D9B74}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |  >
 
< "{310B740E-947B-4D65-8CB1-A06ADE8B359D}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |  >
 
< "{33B93F3E-F469-4068-A1CC-040962670F54}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |  >
 
< "{36CD377B-922A-42C9-9740-E4FA3453071B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |  >
 
< "{3CAA1EF1-6C47-42C8-8A9C-B8FFEEA85A66}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |  >
 
< "{43BB6A5D-6052-4BE2-8A5B-D1587996F060}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |  >
 
< "{468BD279-8304-4D9F-8847-8A01C40A2501}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |  >
 
< "{538774C7-83DC-42F3-A328-DC9ACA5ACA60}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |  >
 
< "{548AF0BE-61FC-4B94-ABF4-F1F4E121041B}" = protocol=6 | dir=out | app=system |  >
 
< "{5871EA16-BC7E-40B0-9A75-47B434F16F85}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |  >
 
< "{588DEA38-14E3-41E9-96E7-26116F3D2B13}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |  >
 
< "{603A3C43-0B6C-4A6E-AABA-CC0C71A693ED}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |  >
 
< "{62AB305A-F1E3-45B7-A288-30F0711AA655}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |  >
 
< "{64BE7C9F-A878-4440-AA06-CD803D40FF1D}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |  >
 
< "{6F8C0130-52A7-4E66-8406-9AD2E40E1694}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |  >
 
< "{6FDD7378-190F-4285-B739-CFAD1F178C13}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |  >
 
< "{74DD49EB-4119-4446-A203-7A0ED4D48D66}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |  >
 
< "{77B7F16C-691C-4B6B-ADBF-6D0DAC1A269D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |  >
 
< "{79A23AE9-3900-4940-A5E3-827B22BE99EF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |  >
 
< "{7A449B80-525B-47D8-AF9E-9DD6EAFB0527}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |  >
 
< "{7E8845CA-CEEB-48E1-AC27-BE123C6A9FB0}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |  >
 
< "{7F005C8B-D339-4FCF-BFD3-EF5CEBB404A4}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |  >
 
< "{84960B25-606C-4810-8D6E-470045DF7911}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |  >
 
< "{85515082-65A4-4657-B4BF-8DC27EA0B926}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |  >
 
< "{85BE4258-B0C0-4C0C-841C-737500F075FE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |  >
 
< "{90FE6BAD-4A02-4A63-A7FD-1080F193A5F7}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |  >
 
< "{951DF364-8C16-4CD4-8BD4-23393F3F3515}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |  >
 
< "{9940EB60-A657-460A-8708-896F030A6555}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |  >
 
< "{9F2D6276-4CAD-4F9E-B77D-9B904E702A86}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |  >
 
< "{9F821BCA-7059-4BE3-B110-53B333022C8F}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |  >
 
< "{A3577D87-14C4-44F3-8F20-CE96CFCA174D}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |  >
 
< "{A9CE400C-8052-422F-8A01-E3015E34A10B}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |  >
 
< "{ADBAA774-8DA6-4642-840D-27F729BDD22F}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |  >
 
< "{B002CBB9-6A6D-4240-A2EC-FAC779813D63}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |  >
 
< "{B1304A00-E7DB-459C-B912-62DADC109F50}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |  >
 
< "{B845DA90-A072-47B4-9D00-B7EFC862CBE0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |  >
 
< "{CEFC3EBC-FA88-408F-84DD-847BBA42BF2C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |  >
 
< "{D2E5ABA4-F66E-4C59-B26C-8A4F9EB56C39}" = protocol=6 | dir=in | app=c:\users\sarah\appdata\roaming\dropbox\bin\dropbox.exe |  >
 
< "{D78697A6-A2D0-46DB-9AB9-E46899666091}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |  >
 
< "{E1254349-CCF9-4E4A-B448-B2CF07027BA2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |  >
 
< "{E4377567-E397-4645-B009-D2627696B83C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |  >
 
< "{E52B2D27-F1D0-4812-8BDC-03C12F2262FD}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |  >
 
< "{E55AF2D3-55D0-487A-81D3-6008EB1ACEAB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |  >
 
< "{E5F3AE42-E711-40EC-B21C-65FD25AB2556}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |  >
 
< "{FCDCF18D-0A15-4BD8-AB6C-6B76084EF83F}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |  >
 
< "{FFCEB4B8-AA9C-49BA-9BA1-7AEC72D5E974}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |  >
 
<   >
 
< ========== HKEY_LOCAL_MACHINE Uninstall List ========== >
Invalid Switch: color]
 
<   >
 
< 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] >
 
< "{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64 >
 
< "{22B3AE66-7A37-4118-BADB-3680C15CA366}" = SpyHunter >
 
< "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 >
 
< "{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer >
 
< "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 >
 
< "{7F08A772-2816-4F46-84F1-49578502AD28}" = HP Deskjet F4500 Printer Driver Software 13.0 Rel .6 >
 
< "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting >
 
< "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver >
 
< "{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller >
 
< "CCleaner" = CCleaner >
 
< "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 >
 
< "HP Print Projects" = HP Print Projects 1.0 >
 
< "HP Smart Web Printing" = HP Smart Web Printing 4.5 >
 
< "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 >
 
< "HPExtendedCapabilities" = HP Customer Participation Program 13.0 >
 
< "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile >
 
< "Shop for HP Supplies" = Shop for HP Supplies >
 
<   >
 
< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] >
 
< "{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller >
 
< "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan >
 
< "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard >
 
< "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch >
 
< "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer >
 
< "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 >
 
< "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 >
 
< "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool >
 
< "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery >
 
< "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT >
 
< "{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1 >
 
< "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer >
 
< "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 >
 
< "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com >
 
< "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie >
 
< "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm >
 
< "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform >
 
< "{3DB0448D-AD82-4923-B305-D001E521A964}" = eMachines Power Management >
 
< "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology >
 
< "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker >
 
< "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger >
 
< "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg >
 
< "{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_06_F4500_SW_MIN >
 
< "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter >
 
< "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent >
 
< "{55A7B938-3D1E-4819-A87B-F83E736EF52E}" = F4500 >
 
< "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call >
 
< "{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}" = Alcor Micro USB Card Reader >
 
< "{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works >
 
< "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 >
 
< "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components >
 
< "{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting >
 
< "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply >
 
< "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox >
 
< "{6DB7AD00-F781-11DF-9EEF-001279CD8240}" = Google Earth >
 
< "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update >
 
< "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 >
 
< "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync >
 
< "{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Video Web Camera >
 
< "{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management >
 
< "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0 >
 
< "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight >
 
< "{8DD67C37-BA7A-4CBE-AD3C-308100D61ED7}" = fx-9860G Slim Manager PLUS (30 Day Trial) >
 
< "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 >
 
< "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System >
 
< "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 >
 
< "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR >
 
< "{A6473724-A851-11D5-986D-00500443CF9F}" = Moorhuhn 3 >
 
< "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper >
 
< "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI >
 
< "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status >
 
< "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations >
 
< "{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner >
 
< "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant >
 
< "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail >
 
< "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup >
 
< "{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects >
 
< "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget >
 
< "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp >
 
< "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer >
 
< "{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide >
 
< "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update >
 
< "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant >
 
< "{EE171732-BEB4-4576-887D-CB62727F01CA}" = eMachines Updater >
 
< "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] >
 
< "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard >
 
< "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver >
 
< "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver >
 
< "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center >
 
< "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials >
 
< "{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy >
 
< "{FB47E710-6249-4EFA-BE36-E922B0612AF4}" = CASIO FA-124 >
 
< "Adobe AIR" = Adobe AIR >
 
< "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX >
 
< "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin >
 
< "AudibleManager" = AudibleManager >
 
< "eMachines Game Console" = eMachines Game Console >
 
< "eMachines Registration" = eMachines Registration >
 
< "eMachines Screensaver" = eMachines ScreenSaver >
 
< "eMachines Welcome Center" = Welcome Center >
 
< "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4 >
 
< "Free Video to DVD Converter_is1" = Free Video to DVD Converter version 5.0.11.508 >
 
< "Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.2.13 >
 
< "Free YouTube to DVD Converter_is1" = Free YouTube to DVD Converter version 3.0.14.508 >
 
< "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.33.1005 >
 
< "Identity Card" = Identity Card >
 
< "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 >
 
< "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 >
 
< "InstallShield_{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}" = Alcor Micro USB Card Reader >
 
< "Klett Software Horizons Sicher ins Abitur" = Klett Software Horizons Sicher ins Abitur >
 
< "LManager" = Launch Manager >
 
< "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 >
 
< "Moorhuhn 2 deinstallieren" = Moorhuhn 2 >
 
< "Mozilla Firefox (3.6.28)" = Mozilla Firefox (3.6.28) >
 
< "NIS" = Norton Internet Security >
 
< "Uninstall_is1" = Uninstall 1.0.0.1 >
 
< "WildTangent emachines Master Uninstall" = eMachines Games >
 
< "WinGimp-2.0_is1" = GIMP 2.6.10 >
 
< "WinLiveSuite_Wave3" = Windows Live Essentials >
 
< "WinPcapInst" = WinPcap 4.1.2 >
 
< "WT078910" = Bejeweled 2 Deluxe >
 
< "WT078919" = Insaniquarium Deluxe >
 
< "WT078930" = Zuma Deluxe >
 
< "WT078958" = Blasterball 3 >
 
< "WT078962" = Bob the Builder Can-Do-Zoo >
 
< "WT079018" = Faerie Solitaire >
 
< "WT079022" = FATE - The Traitor Soul >
 
< "WT079062" = Jewel Quest >
 
< "WT079066" = Jewel Quest Solitaire 3 >
 
< "WT079106" = Penguins! >
 
< "WT079114" = Polar Bowler >
 
< "WT079118" = Polar Golfer >
 
< "WT079122" = Polar Pool >
 
< "WT079175" = Virtual Villagers - A New Home >
 
< "WT079180" = Yahtzee >
 
< "WT079283" = Build-a-lot 2 >
 
< "WT079296" = Chicken Invaders 3 - Revenge of the Yolk >
 
< "WT079316" = Escape Rosecliff Island >
 
< "WT079329" = Mahjongg Artifacts >
 
< "WT079418" = Virtual Families >
 
<   >
 
< ========== HKEY_USERS Uninstall List ========== >
Invalid Switch: color]
 
<   >
 
< [HKEY_USERS\S-1-5-21-1530750314-1823746422-2989766619-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] >
 
< "Dropbox" = Dropbox >
 
< "Google Chrome" = Google Chrome >
 
<   >
 
< ========== Last 20 Event Log Errors ========== >
Invalid Switch: color]
 
<   >
 
< [ Application Events ] >
 
< Error - 01.06.2012 10:08:08 | Computer Name = Sarah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 >
 
< Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen >
 
<  Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. >
Invalid Switch: authrootstl.cab>.
 
<  Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum >
 
<  gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. >
 
< . >
 
<   >
 
< Error - 01.06.2012 11:16:29 | Computer Name = Sarah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 >
 
< Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen >
 
<  Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. >
Invalid Switch: authrootstl.cab>.
 
<  Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum >
 
<  gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. >
 
< . >
 
<   >
 
< Error - 01.06.2012 12:12:31 | Computer Name = Sarah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 >
 
< Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen >
 
<  Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. >
Invalid Switch: authrootstl.cab>.
 
<  Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum >
 
<  gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. >
 
< . >
 
<   >
 
< Error - 01.06.2012 13:13:26 | Computer Name = Sarah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 >
 
< Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen >
 
<  Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. >
Invalid Switch: authrootstl.cab>.
 
<  Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum >
 
<  gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. >
 
< . >
 
<   >
 
< Error - 01.06.2012 14:13:48 | Computer Name = Sarah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 >
 
< Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen >
 
<  Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. >
Invalid Switch: authrootstl.cab>.
 
<  Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum >
 
<  gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. >
 
< . >
 
<   >
 
< Error - 01.06.2012 15:12:01 | Computer Name = Sarah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 >
 
< Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen >
 
<  Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. >
Invalid Switch: authrootstl.cab>.
 
<  Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum >
 
<  gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. >
 
< . >
 
<   >
 
< Error - 01.06.2012 16:00:40 | Computer Name = Sarah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 >
 
< Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen >
 
<  Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. >
Invalid Switch: authrootstl.cab>.
 
<  Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum >
 
<  gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. >
 
< . >
 
<   >
 
< Error - 01.06.2012 17:08:48 | Computer Name = Sarah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 >
 
< Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen >
 
<  Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. >
Invalid Switch: authrootstl.cab>.
 
<  Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum >
 
<  gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. >
 
< . >
 
<   >
 
< Error - 02.06.2012 04:00:53 | Computer Name = Sarah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 >
 
< Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen >
 
<  Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. >
Invalid Switch: authrootstl.cab>.
 
<  Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum >
 
<  gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. >
 
< . >
 
<   >
 
< Error - 02.06.2012 04:11:40 | Computer Name = Sarah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 >
 
< Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen >
 
<  Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. >
Invalid Switch: authrootstl.cab>.
 
<  Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum >
 
<  gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. >
 
< . >
 
<   >
 
< [ System Events ] >
 
< Error - 02.03.2013 17:54:48 | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7000 >
 
< Description = Der Dienst "Intel(R) Rapid Storage Technology" wurde aufgrund folgenden >
 
<  Fehlers nicht gestartet:   %%1053 >
 
<   >
 
< Error - 03.03.2013 06:07:13 | Computer Name = Sarah-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000 >
 
< Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad: >
 
<  C:\Windows\system32\athExt.dll  Fehlercode: 126   >
 
<   >
 
< Error - 03.03.2013 06:08:18 | Computer Name = Sarah-PC | Source = DCOM | ID = 10010 >
 
< Description =  >
 
<   >
 
< Error - 03.03.2013 12:08:28 | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7034 >
 
< Description = Dienst "hpqcxs08" wurde unerwartet beendet. Dies ist bereits 1 Mal >
 
<  passiert. >
 
<   >
 
< Error - 03.03.2013 12:08:28 | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7034 >
 
< Description = Dienst "HP CUE DeviceDiscovery Service" wurde unerwartet beendet.  >
 
< Dies ist bereits 1 Mal passiert. >
 
<   >
 
< Error - 03.03.2013 12:22:51 | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7034 >
 
< Description = Dienst "hpqcxs08" wurde unerwartet beendet. Dies ist bereits 2 Mal >
 
<  passiert. >
 
<   >
 
< Error - 03.03.2013 12:43:49 | Computer Name = Sarah-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000 >
 
< Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad: >
 
<  C:\Windows\system32\athExt.dll  Fehlercode: 126   >
 
<   >
 
< Error - 03.03.2013 12:45:38 | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7009 >
 
< Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst >
 
<  IPsec-Richtlinien-Agent erreicht. >
 
<   >
 
< Error - 03.03.2013 12:45:38 | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7000 >
 
< Description = Der Dienst "IPsec-Richtlinien-Agent" wurde aufgrund folgenden Fehlers >
 
<  nicht gestartet:   %%1053 >
 
<   >
 
< Error - 03.03.2013 17:50:41 | Computer Name = Sarah-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000 >
 
< Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad: >
 
<  C:\Windows\system32\athExt.dll  Fehlercode: 126   >
 
<   >
 
<   >
 
< < End of report >
         

--- --- ---
>


< >

< End of report >[/CODE]
__________________

Alt 03.03.2013, 23:55   #4
Smilims
 
Snap.do und SpyHunter entfernen - Standard

Snap.do und SpyHunter entfernen



Code:
ATTFilter
OTL Extras logfile created on: 03.03.2013 23:00:41 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sarah\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 1,64 Gb Available Physical Memory | 44,64% Memory free
7,35 Gb Paging File | 5,20 Gb Available in Paging File | 70,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285,30 Gb Total Space | 208,58 Gb Free Space | 73,11% Space Free | Partition Type: NTFS
 
Computer Name: SARAH-PC | User Name: Sarah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02E560B9-ACFD-4DCF-AA7E-31276D3EF7E8}" = lport=138 | protocol=17 | dir=in | app=system | 
"{0A5D2F14-7E93-4190-BDF9-3FA12EE83976}" = rport=138 | protocol=17 | dir=out | app=system | 
"{0A7F0C14-7981-4A0B-BE98-B26C2C274636}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0C169743-2240-4AC8-829D-2EFD9C59E6B6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{10B51755-8641-4D84-A8F9-8D41259C5B63}" = lport=137 | protocol=17 | dir=in | app=system | 
"{16E4FBC3-5B8B-469D-9A66-89020AB69A3A}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{1DAACFC5-8258-4341-A771-2486BF2A3180}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1E8D0DFD-14EA-4AB0-9DA4-1AD8862C75FC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{224D50E3-7287-4375-A7DF-1706EE332CEC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{35409B81-A00A-495C-BCEA-45173D608A75}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3CBF7BAB-DDB2-4587-B478-F4D3D54E9ADB}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{49ED43E4-D24D-4121-90D2-7C2D16B75779}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{535F4414-D319-432D-B481-CF5B8DA4E0DA}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{544640E7-3F39-4B84-89DB-94D13F39B60B}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{57DE36FC-BFD1-44DC-8BE6-DD0B09A02966}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{59DC71A5-00E9-4F32-AD60-A2F833AFE938}" = rport=137 | protocol=17 | dir=out | app=system | 
"{7396E6B6-43AA-4448-9CE8-C1744AECBEFD}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{8050A616-C7B8-4FF4-8461-2AAF707CB326}" = rport=139 | protocol=6 | dir=out | app=system | 
"{81E98AF7-0376-4E1D-8581-CF8B5F3204C9}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{871C2FF2-4CD5-4035-9869-3AD508B92F26}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8884BA0A-23CA-4E4A-AC96-0D909BE4B3E3}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{897E572A-BCC1-4011-818B-02BDA31C4B42}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8AB98AF9-AA3D-4A88-A96B-4445AE4A1E33}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9075456E-DD7D-4AB8-81A0-D018038825D4}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{90BA20D6-F364-40A3-ACA6-CDED0F919328}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{93BECE9F-F231-40C7-896A-F3AF43F109E9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9D67AFFF-B5EF-44D3-AC94-26F81DC9BCC9}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{A3E1D349-6639-42DB-9ED8-4285954B6315}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B0666CCF-F888-4FB3-9CD7-85D63D8E2598}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{B52E3136-A7DA-4491-879E-14D259A06179}" = rport=445 | protocol=6 | dir=out | app=system | 
"{B559DA58-4ABB-4789-96FC-05D76DF59AF8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B5F9EF2F-DE5C-41F6-8F8D-7EA28057A171}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{CA9B2CE6-2B10-4B27-8483-E3F93EA4C3AD}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{CE7156C1-A588-4C85-BF92-8EF07E26420B}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{CEC0ABF4-2FC5-4BDE-BBB9-13D03F81EF35}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{D13C722B-F61C-40DC-92D2-DD2394B917EF}" = lport=139 | protocol=6 | dir=in | app=system | 
"{DD25274F-7C9B-469E-982B-0D01790FD898}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{E4D46C06-5800-4A59-B164-AE3B633A450A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E8BAB55C-3F4A-4FCC-9FAD-A01BB2262A3D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EE505EB0-BE43-4997-BDDC-3B8F0CB2E8B2}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{EED38836-D1E9-4778-8541-8606AE9DB5F9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F79A3CF5-C39A-47D2-8ED5-E4969A135046}" = lport=445 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01325272-C373-48F0-B247-442B457FB54D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{09DE98A0-EE10-479B-AB38-82F12FE256C4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1181B667-752A-4422-B81F-9994F6F4A02E}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{11BF11C9-502B-4FAC-A458-948DFF282343}" = dir=in | app=d:\setup\hpznui40.exe | 
"{12194258-DEC2-46CC-88E1-67BDF2C2EA6B}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{15609DD8-5353-48B0-B514-12624C79507F}" = protocol=17 | dir=in | app=c:\users\sarah\appdata\roaming\dropbox\bin\dropbox.exe | 
"{16B816E1-34CA-456A-842D-F9BA5C44CCC2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{16BD5F0E-73B9-4E8B-A503-B70196216753}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{197A1EE6-3290-4826-B8E8-3BBA7849AC61}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1C2E0654-6B3F-4D81-BEF9-2644C92D568C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1C7E0163-F2E3-46C4-B1F5-AF4704B864EE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{20F7A05F-82E0-4EE6-ADAD-64A835186B35}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{215AE1D4-97BE-4581-9799-8D2519F64C92}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{251B9962-0F75-47C8-8A59-9221F63ACEE1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2B01595E-1C5D-4F86-BD39-FC4ECE9D9B74}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{310B740E-947B-4D65-8CB1-A06ADE8B359D}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{33B93F3E-F469-4068-A1CC-040962670F54}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{36CD377B-922A-42C9-9740-E4FA3453071B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3CAA1EF1-6C47-42C8-8A9C-B8FFEEA85A66}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{43BB6A5D-6052-4BE2-8A5B-D1587996F060}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{468BD279-8304-4D9F-8847-8A01C40A2501}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{538774C7-83DC-42F3-A328-DC9ACA5ACA60}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{548AF0BE-61FC-4B94-ABF4-F1F4E121041B}" = protocol=6 | dir=out | app=system | 
"{5871EA16-BC7E-40B0-9A75-47B434F16F85}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{588DEA38-14E3-41E9-96E7-26116F3D2B13}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{603A3C43-0B6C-4A6E-AABA-CC0C71A693ED}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{62AB305A-F1E3-45B7-A288-30F0711AA655}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{64BE7C9F-A878-4440-AA06-CD803D40FF1D}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{6F8C0130-52A7-4E66-8406-9AD2E40E1694}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{6FDD7378-190F-4285-B739-CFAD1F178C13}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{74DD49EB-4119-4446-A203-7A0ED4D48D66}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{77B7F16C-691C-4B6B-ADBF-6D0DAC1A269D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{79A23AE9-3900-4940-A5E3-827B22BE99EF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7A449B80-525B-47D8-AF9E-9DD6EAFB0527}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{7E8845CA-CEEB-48E1-AC27-BE123C6A9FB0}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{7F005C8B-D339-4FCF-BFD3-EF5CEBB404A4}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{84960B25-606C-4810-8D6E-470045DF7911}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{85515082-65A4-4657-B4BF-8DC27EA0B926}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{85BE4258-B0C0-4C0C-841C-737500F075FE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{90FE6BAD-4A02-4A63-A7FD-1080F193A5F7}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{951DF364-8C16-4CD4-8BD4-23393F3F3515}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9940EB60-A657-460A-8708-896F030A6555}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{9F2D6276-4CAD-4F9E-B77D-9B904E702A86}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{9F821BCA-7059-4BE3-B110-53B333022C8F}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{A3577D87-14C4-44F3-8F20-CE96CFCA174D}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{A9CE400C-8052-422F-8A01-E3015E34A10B}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{ADBAA774-8DA6-4642-840D-27F729BDD22F}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{B002CBB9-6A6D-4240-A2EC-FAC779813D63}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{B1304A00-E7DB-459C-B912-62DADC109F50}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe | 
"{B845DA90-A072-47B4-9D00-B7EFC862CBE0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{CEFC3EBC-FA88-408F-84DD-847BBA42BF2C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D2E5ABA4-F66E-4C59-B26C-8A4F9EB56C39}" = protocol=6 | dir=in | app=c:\users\sarah\appdata\roaming\dropbox\bin\dropbox.exe | 
"{D78697A6-A2D0-46DB-9AB9-E46899666091}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{E1254349-CCF9-4E4A-B448-B2CF07027BA2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E4377567-E397-4645-B009-D2627696B83C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E52B2D27-F1D0-4812-8BDC-03C12F2262FD}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{E55AF2D3-55D0-487A-81D3-6008EB1ACEAB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{E5F3AE42-E711-40EC-B21C-65FD25AB2556}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{FCDCF18D-0A15-4BD8-AB6C-6B76084EF83F}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{FFCEB4B8-AA9C-49BA-9BA1-7AEC72D5E974}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{22B3AE66-7A37-4118-BADB-3680C15CA366}" = SpyHunter
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7F08A772-2816-4F46-84F1-49578502AD28}" = HP Deskjet F4500 Printer Driver Software 13.0 Rel .6
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Shop for HP Supplies" = Shop for HP Supplies
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DB0448D-AD82-4923-B305-D001E521A964}" = eMachines Power Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_06_F4500_SW_MIN
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{55A7B938-3D1E-4819-A87B-F83E736EF52E}" = F4500
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}" = Alcor Micro USB Card Reader
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6DB7AD00-F781-11DF-9EEF-001279CD8240}" = Google Earth
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Video Web Camera
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD67C37-BA7A-4CBE-AD3C-308100D61ED7}" = fx-9860G Slim Manager PLUS (30 Day Trial)
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6473724-A851-11D5-986D-00500443CF9F}" = Moorhuhn 3
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = eMachines Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"{FB47E710-6249-4EFA-BE36-E922B0612AF4}" = CASIO FA-124
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AudibleManager" = AudibleManager
"eMachines Game Console" = eMachines Game Console
"eMachines Registration" = eMachines Registration
"eMachines Screensaver" = eMachines ScreenSaver
"eMachines Welcome Center" = Welcome Center
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 5.0.11.508
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.2.13
"Free YouTube to DVD Converter_is1" = Free YouTube to DVD Converter version 3.0.14.508
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.33.1005
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}" = Alcor Micro USB Card Reader
"Klett Software Horizons Sicher ins Abitur" = Klett Software Horizons Sicher ins Abitur
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Moorhuhn 2 deinstallieren" = Moorhuhn 2
"Mozilla Firefox (3.6.28)" = Mozilla Firefox (3.6.28)
"NIS" = Norton Internet Security
"Uninstall_is1" = Uninstall 1.0.0.1
"WildTangent emachines Master Uninstall" = eMachines Games
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WT078910" = Bejeweled 2 Deluxe
"WT078919" = Insaniquarium Deluxe
"WT078930" = Zuma Deluxe
"WT078958" = Blasterball 3
"WT078962" = Bob the Builder Can-Do-Zoo
"WT079018" = Faerie Solitaire
"WT079022" = FATE - The Traitor Soul
"WT079062" = Jewel Quest
"WT079066" = Jewel Quest Solitaire 3
"WT079106" = Penguins!
"WT079114" = Polar Bowler
"WT079118" = Polar Golfer
"WT079122" = Polar Pool
"WT079175" = Virtual Villagers - A New Home
"WT079180" = Yahtzee
"WT079283" = Build-a-lot 2
"WT079296" = Chicken Invaders 3 - Revenge of the Yolk
"WT079316" = Escape Rosecliff Island
"WT079329" = Mahjongg Artifacts
"WT079418" = Virtual Families
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1530750314-1823746422-2989766619-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 01.06.2012 10:08:08 | Computer Name = Sarah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 01.06.2012 11:16:29 | Computer Name = Sarah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 01.06.2012 12:12:31 | Computer Name = Sarah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 01.06.2012 13:13:26 | Computer Name = Sarah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 01.06.2012 14:13:48 | Computer Name = Sarah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 01.06.2012 15:12:01 | Computer Name = Sarah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 01.06.2012 16:00:40 | Computer Name = Sarah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 01.06.2012 17:08:48 | Computer Name = Sarah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 02.06.2012 04:00:53 | Computer Name = Sarah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 02.06.2012 04:11:40 | Computer Name = Sarah-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
[ System Events ]
Error - 02.03.2013 17:54:48 | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Intel(R) Rapid Storage Technology" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 03.03.2013 06:07:13 | Computer Name = Sarah-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\Windows\system32\athExt.dll  Fehlercode: 126  
 
Error - 03.03.2013 06:08:18 | Computer Name = Sarah-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 03.03.2013 12:08:28 | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "hpqcxs08" wurde unerwartet beendet. Dies ist bereits 1 Mal
 passiert.
 
Error - 03.03.2013 12:08:28 | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "HP CUE DeviceDiscovery Service" wurde unerwartet beendet. 
Dies ist bereits 1 Mal passiert.
 
Error - 03.03.2013 12:22:51 | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "hpqcxs08" wurde unerwartet beendet. Dies ist bereits 2 Mal
 passiert.
 
Error - 03.03.2013 12:43:49 | Computer Name = Sarah-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\Windows\system32\athExt.dll  Fehlercode: 126  
 
Error - 03.03.2013 12:45:38 | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 IPsec-Richtlinien-Agent erreicht.
 
Error - 03.03.2013 12:45:38 | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IPsec-Richtlinien-Agent" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 03.03.2013 17:50:41 | Computer Name = Sarah-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\Windows\system32\athExt.dll  Fehlercode: 126  
 
 
< End of report >
         

Alt 04.03.2013, 17:55   #5
markusg
/// Malware-holic
 
Snap.do und SpyHunter entfernen - Standard

Snap.do und SpyHunter entfernen



Hi,


otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O8:64bit: - Extra context menu item: Export to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube to DVD Converter - C:\Users\Sarah\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm
File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sarah\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
File not found
O8:64bit: - Extra context menu item: Nach Microsoft Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Export to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to DVD Converter - C:\Users\Sarah\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm File not
found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sarah\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not
found
O8 - Extra context menu item: Nach Microsoft Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
:files
:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 04.03.2013, 22:51   #6
Smilims
 
Snap.do und SpyHunter entfernen - Standard

Snap.do und SpyHunter entfernen



HI

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Export to Microsoft Excel\ not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube to DVD Converter\ not found.
File C:\Users\Sarah\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube to MP3 Converter\ not found.
File C:\Users\Sarah\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft Excel exportieren\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Export to Microsoft Excel\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube to DVD Converter\ not found.
File C:\Users\Sarah\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm File not not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube to MP3 Converter\ not found.
File C:\Users\Sarah\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft Excel exportieren\ not found.
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Sarah
->Temp folder emptied: 325152 bytes
->Temporary Internet Files folder emptied: 33207 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 6489339 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15972 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 7,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 03042013_224536

Files\Folders moved on Reboot...
File\Folder C:\Users\Sarah\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Alt 05.03.2013, 14:47   #7
markusg
/// Malware-holic
 
Snap.do und SpyHunter entfernen - Standard

Snap.do und SpyHunter entfernen



Hi,
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.03.2013, 23:14   #8
Smilims
 
Snap.do und SpyHunter entfernen - Standard

Snap.do und SpyHunter entfernen



HI,

ich habe die Logfile, allerdings bekam ich die Nachricht, dass sie zu lang ist um sie zu posten..

LG

Alt 06.03.2013, 13:55   #9
markusg
/// Malware-holic
 
Snap.do und SpyHunter entfernen - Standard

Snap.do und SpyHunter entfernen



dann packen und anhängen oder teilen
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.03.2013, 18:28   #10
Smilims
 
Snap.do und SpyHunter entfernen - Standard

Snap.do und SpyHunter entfernen



Code:
ATTFilter
LOGFILE 5.3.2013


22:52:24.0954 2604  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:52:25.0218 2604  ============================================================
22:52:25.0218 2604  Current date / time: 2013/03/05 22:52:25.0218
22:52:25.0218 2604  SystemInfo:
22:52:25.0218 2604  
22:52:25.0218 2604  OS Version: 6.1.7600 ServicePack: 0.0
22:52:25.0218 2604  Product type: Workstation
22:52:25.0219 2604  ComputerName: SARAH-PC
22:52:25.0219 2604  UserName: Sarah
22:52:25.0219 2604  Windows directory: C:\Windows
22:52:25.0219 2604  System windows directory: C:\Windows
22:52:25.0219 2604  Running under WOW64
22:52:25.0219 2604  Processor architecture: Intel x64
22:52:25.0219 2604  Number of processors: 4
22:52:25.0219 2604  Page size: 0x1000
22:52:25.0219 2604  Boot type: Normal boot
22:52:25.0219 2604  ============================================================
22:52:29.0342 2604  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:52:29.0350 2604  ============================================================
22:52:29.0350 2604  \Device\Harddisk0\DR0:
22:52:29.0350 2604  MBR partitions:
22:52:29.0350 2604  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1964800, BlocksNum 0x32000
22:52:29.0350 2604  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1996800, BlocksNum 0x23A97AB0
22:52:29.0350 2604  ============================================================
22:52:29.0425 2604  C: <-> \Device\Harddisk0\DR0\Partition2
22:52:29.0426 2604  ============================================================
22:52:29.0426 2604  Initialize success
22:52:29.0426 2604  ============================================================
22:53:16.0617 5364  ============================================================
22:53:16.0617 5364  Scan started
22:53:16.0617 5364  Mode: Manual; SigCheck; TDLFS; 
22:53:16.0617 5364  ============================================================
22:53:17.0990 5364  ================ Scan system memory ========================
22:53:17.0990 5364  System memory - ok
22:53:17.0990 5364  ================ Scan services =============================
22:53:18.0520 5364  [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
22:53:18.0786 5364  1394ohci - ok
22:53:18.0848 5364  [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
22:53:18.0988 5364  ACPI - ok
22:53:19.0051 5364  [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
22:53:19.0456 5364  AcpiPmi - ok
22:53:19.0519 5364  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
22:53:19.0831 5364  adp94xx - ok
22:53:19.0893 5364  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
22:53:20.0143 5364  adpahci - ok
22:53:20.0190 5364  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
22:53:20.0470 5364  adpu320 - ok
22:53:20.0486 5364  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:53:20.0923 5364  AeLookupSvc - ok
22:53:20.0985 5364  [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD             C:\Windows\system32\drivers\afd.sys
22:53:21.0266 5364  AFD - ok
22:53:21.0328 5364  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
22:53:21.0547 5364  agp440 - ok
22:53:21.0609 5364  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
22:53:21.0890 5364  ALG - ok
22:53:21.0937 5364  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
22:53:22.0093 5364  aliide - ok
22:53:22.0140 5364  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
22:53:22.0296 5364  amdide - ok
22:53:22.0327 5364  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
22:53:22.0483 5364  AmdK8 - ok
22:53:22.0545 5364  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
22:53:22.0717 5364  AmdPPM - ok
22:53:22.0764 5364  [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
22:53:22.0935 5364  amdsata - ok
22:53:22.0998 5364  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
22:53:23.0138 5364  amdsbs - ok
22:53:23.0169 5364  [ DB27766102C7BF7E95140A2AA81D042E ] amdxata         C:\Windows\system32\drivers\amdxata.sys
22:53:23.0263 5364  amdxata - ok
22:53:23.0310 5364  [ 391887990CDAA83DE5C56C3FDE966DA1 ] AmUStor         C:\Windows\system32\drivers\AmUStor.SYS
22:53:23.0450 5364  AmUStor - ok
22:53:23.0512 5364  [ FAB590E0FC28CB474B965F8267458E14 ] ApfiltrService  C:\Windows\system32\DRIVERS\Apfiltr.sys
22:53:23.0590 5364  ApfiltrService - ok
22:53:23.0653 5364  [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID           C:\Windows\system32\drivers\appid.sys
22:53:23.0840 5364  AppID - ok
22:53:23.0887 5364  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
22:53:24.0027 5364  AppIDSvc - ok
22:53:24.0074 5364  [ D065BE66822847B7F127D1F90158376E ] Appinfo         C:\Windows\System32\appinfo.dll
22:53:24.0199 5364  Appinfo - ok
22:53:24.0230 5364  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
22:53:24.0261 5364  arc - ok
22:53:24.0292 5364  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
22:53:24.0324 5364  arcsas - ok
22:53:24.0355 5364  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:53:24.0480 5364  AsyncMac - ok
22:53:24.0542 5364  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
22:53:24.0589 5364  atapi - ok
22:53:24.0729 5364  [ 70260C7C98CC0101316F5B2650C3BB44 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
22:53:24.0963 5364  athr - ok
22:53:25.0026 5364  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:53:25.0104 5364  AudioEndpointBuilder - ok
22:53:25.0119 5364  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv        C:\Windows\System32\Audiosrv.dll
22:53:25.0229 5364  AudioSrv - ok
22:53:25.0275 5364  [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
22:53:25.0385 5364  AxInstSV - ok
22:53:25.0541 5364  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
22:53:25.0681 5364  b06bdrv - ok
22:53:25.0712 5364  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
22:53:25.0806 5364  b57nd60a - ok
22:53:25.0884 5364  [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
22:53:25.0977 5364  BCM43XX - ok
22:53:26.0087 5364  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
22:53:26.0149 5364  BDESVC - ok
22:53:26.0180 5364  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:53:26.0243 5364  Beep - ok
22:53:26.0305 5364  [ 4992C609A6315671463E30F6512BC022 ] BFE             C:\Windows\System32\bfe.dll
22:53:26.0383 5364  BFE - ok
22:53:27.0584 5364  [ 866335C9C0E6733C753FB472C539A6B9 ] BHDrvx64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20130301.001\BHDrvx64.sys
22:53:27.0631 5364  BHDrvx64 - ok
22:53:27.0678 5364  [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS            C:\Windows\System32\qmgr.dll
22:53:27.0771 5364  BITS - ok
22:53:27.0803 5364  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
22:53:27.0849 5364  blbdrive - ok
22:53:27.0896 5364  [ 19D20159708E152267E53B66677A4995 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:53:27.0974 5364  bowser - ok
22:53:28.0021 5364  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:53:28.0052 5364  BrFiltLo - ok
22:53:28.0083 5364  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:53:28.0099 5364  BrFiltUp - ok
22:53:28.0146 5364  [ 6B054C67AAA87843504E8E3C09102009 ] Browser         C:\Windows\System32\browser.dll
22:53:28.0224 5364  Browser - ok
22:53:28.0239 5364  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
22:53:28.0333 5364  Brserid - ok
22:53:28.0364 5364  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
22:53:28.0411 5364  BrSerWdm - ok
22:53:28.0458 5364  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
22:53:28.0505 5364  BrUsbMdm - ok
22:53:28.0551 5364  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
22:53:28.0583 5364  BrUsbSer - ok
22:53:28.0614 5364  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
22:53:28.0661 5364  BTHMODEM - ok
22:53:28.0707 5364  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
22:53:28.0785 5364  bthserv - ok
22:53:28.0926 5364  [ 37F1BAEC39B505B3B51893A35C8337EA ] ccHP            C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys
22:53:28.0957 5364  ccHP - ok
22:53:29.0019 5364  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:53:29.0097 5364  cdfs - ok
22:53:29.0160 5364  [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
22:53:29.0207 5364  cdrom - ok
22:53:29.0269 5364  [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc     C:\Windows\System32\certprop.dll
22:53:29.0331 5364  CertPropSvc - ok
22:53:29.0425 5364  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
22:53:29.0456 5364  circlass - ok
22:53:29.0534 5364  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
22:53:29.0565 5364  CLFS - ok
22:53:29.0877 5364  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:53:29.0909 5364  clr_optimization_v2.0.50727_32 - ok
22:53:29.0955 5364  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:53:29.0971 5364  clr_optimization_v2.0.50727_64 - ok
22:53:30.0049 5364  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
22:53:30.0096 5364  CmBatt - ok
22:53:30.0127 5364  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
22:53:30.0158 5364  cmdide - ok
22:53:30.0221 5364  [ CA7720B73446FDDEC5C69519C1174C98 ] CNG             C:\Windows\system32\Drivers\cng.sys
22:53:30.0252 5364  CNG - ok
22:53:30.0314 5364  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
22:53:30.0330 5364  Compbatt - ok
22:53:30.0377 5364  [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
22:53:30.0423 5364  CompositeBus - ok
22:53:30.0455 5364  COMSysApp - ok
22:53:30.0486 5364  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
22:53:30.0501 5364  crcdisk - ok
22:53:30.0548 5364  [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:53:30.0626 5364  CryptSvc - ok
22:53:30.0673 5364  [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:53:30.0751 5364  DcomLaunch - ok
22:53:30.0782 5364  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
22:53:30.0860 5364  defragsvc - ok
22:53:30.0907 5364  [ 9C253CE7311CA60FC11C774692A13208 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:53:30.0985 5364  DfsC - ok
22:53:31.0079 5364  [ CE3B9562D997F69B330D181A8875960F ] Dhcp            C:\Windows\system32\dhcpcore.dll
22:53:31.0235 5364  Dhcp - ok
22:53:31.0281 5364  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
22:53:31.0359 5364  discache - ok
22:53:31.0422 5364  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
22:53:31.0453 5364  Disk - ok
22:53:31.0500 5364  [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:53:31.0578 5364  Dnscache - ok
22:53:31.0671 5364  [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc         C:\Windows\System32\dot3svc.dll
22:53:31.0734 5364  dot3svc - ok
22:53:31.0765 5364  [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS             C:\Windows\system32\dps.dll
22:53:31.0843 5364  DPS - ok
22:53:31.0890 5364  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:53:31.0921 5364  drmkaud - ok
22:53:32.0155 5364  [ E2B2853A0210D6EDAB2261870BD80C1A ] DsiWMIService   C:\Program Files (x86)\Launch Manager\dsiwmis.exe
22:53:32.0186 5364  DsiWMIService - ok
22:53:32.0264 5364  [ 24CE1ECF9D0AE0301775B07F5FEA175B ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:53:32.0311 5364  DXGKrnl - ok
22:53:32.0342 5364  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
22:53:32.0420 5364  EapHost - ok
22:53:33.0013 5364  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
22:53:33.0153 5364  ebdrv - ok
22:53:33.0434 5364  [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
22:53:33.0465 5364  eeCtrl - ok
22:53:33.0512 5364  [ 156F6159457D0AA7E59B62681B56EB90 ] EFS             C:\Windows\System32\lsass.exe
22:53:33.0575 5364  EFS - ok
22:53:33.0824 5364  [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
22:53:33.0918 5364  ehRecvr - ok
22:53:33.0965 5364  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
22:53:34.0011 5364  ehSched - ok
22:53:34.0121 5364  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
22:53:34.0152 5364  elxstor - ok
22:53:34.0401 5364  [ 49EEF52BFB986A2B5D70F4EC12637D7B ] ePowerSvc       C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
22:53:34.0433 5364  ePowerSvc - ok
22:53:34.0479 5364  [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
22:53:34.0495 5364  EraserUtilRebootDrv - ok
22:53:34.0542 5364  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
22:53:34.0635 5364  ErrDev - ok
22:53:34.0682 5364  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
22:53:34.0745 5364  EventSystem - ok
22:53:34.0807 5364  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
22:53:34.0885 5364  exfat - ok
22:53:34.0932 5364  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:53:35.0025 5364  fastfat - ok
22:53:35.0088 5364  [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax             C:\Windows\system32\fxssvc.exe
22:53:35.0166 5364  Fax - ok
22:53:35.0213 5364  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
22:53:35.0228 5364  fdc - ok
22:53:35.0259 5364  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
22:53:35.0306 5364  fdPHost - ok
22:53:35.0337 5364  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
22:53:35.0400 5364  FDResPub - ok
22:53:35.0431 5364  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:53:35.0447 5364  FileInfo - ok
22:53:35.0478 5364  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:53:35.0525 5364  Filetrace - ok
22:53:35.0540 5364  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
22:53:35.0571 5364  flpydisk - ok
22:53:35.0603 5364  [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:53:35.0618 5364  FltMgr - ok
22:53:35.0805 5364  [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache       C:\Windows\system32\FntCache.dll
22:53:35.0883 5364  FontCache - ok
22:53:36.0024 5364  [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:53:36.0039 5364  FontCache3.0.0.0 - ok
22:53:36.0071 5364  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
22:53:36.0086 5364  FsDepends - ok
22:53:36.0133 5364  [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:53:36.0164 5364  Fs_Rec - ok
22:53:36.0227 5364  [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
22:53:36.0258 5364  fvevol - ok
22:53:36.0289 5364  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
22:53:36.0320 5364  gagp30kx - ok
22:53:36.0461 5364  [ 6858C318E8DAA40E747E6FB9B214E104 ] GameConsoleService C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe
22:53:36.0492 5364  GameConsoleService - ok
22:53:36.0554 5364  [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc           C:\Windows\System32\gpsvc.dll
22:53:36.0632 5364  gpsvc - ok
22:53:36.0757 5364  [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service    C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
22:53:36.0819 5364  Greg_Service - ok
22:53:37.0007 5364  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:53:37.0038 5364  gupdate - ok
22:53:37.0100 5364  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:53:37.0131 5364  gupdatem - ok
22:53:37.0194 5364  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:53:37.0225 5364  gusvc - ok
22:53:37.0272 5364  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
22:53:37.0334 5364  hcw85cir - ok
22:53:37.0365 5364  [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:53:37.0443 5364  HdAudAddService - ok
22:53:37.0475 5364  [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
22:53:37.0521 5364  HDAudBus - ok
22:53:37.0568 5364  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
22:53:37.0599 5364  HECIx64 - ok
22:53:37.0631 5364  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
22:53:37.0662 5364  HidBatt - ok
22:53:37.0693 5364  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
22:53:37.0740 5364  HidBth - ok
22:53:37.0771 5364  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
22:53:37.0818 5364  HidIr - ok
22:53:37.0880 5364  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
22:53:37.0974 5364  hidserv - ok
22:53:38.0005 5364  [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
22:53:38.0052 5364  HidUsb - ok
22:53:38.0114 5364  [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:53:38.0192 5364  hkmsvc - ok
22:53:38.0255 5364  [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:53:38.0317 5364  HomeGroupListener - ok
22:53:38.0379 5364  [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:53:38.0442 5364  HomeGroupProvider - ok
22:53:39.0019 5364  [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
22:53:39.0066 5364  hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
22:53:39.0066 5364  hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
22:53:39.0097 5364  [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
22:53:39.0144 5364  hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
22:53:39.0144 5364  hpqddsvc - detected UnsignedFile.Multi.Generic (1)
22:53:39.0206 5364  [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
22:53:39.0222 5364  HpSAMD - ok
22:53:39.0409 5364  [ 7F57926169C1B8ABA9274EA7D4B70F18 ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
22:53:39.0425 5364  HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
22:53:39.0425 5364  HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
22:53:39.0471 5364  [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:53:39.0534 5364  HTTP - ok
22:53:39.0549 5364  [ F17766A19145F111856378DF337A5D79 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
22:53:39.0565 5364  hwpolicy - ok
22:53:39.0612 5364  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
22:53:39.0643 5364  i8042prt - ok
22:53:39.0737 5364  [ 42E00996DFC13C46366689C0EA8ABC5E ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
22:53:39.0752 5364  iaStor - ok
22:53:39.0861 5364  [ 48362E5DB5CB2C000C514EE1F3890ACD ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
22:53:39.0877 5364  IAStorDataMgrSvc - ok
22:53:39.0939 5364  [ B75E45C564E944A2657167D197AB29DA ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
22:53:39.0971 5364  iaStorV - ok
22:53:40.0095 5364  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:53:40.0127 5364  IDriverT ( UnsignedFile.Multi.Generic ) - warning
22:53:40.0127 5364  IDriverT - detected UnsignedFile.Multi.Generic (1)
22:53:40.0361 5364  [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:53:40.0407 5364  idsvc - ok
22:53:40.0751 5364  [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20130301.002\IDSvia64.sys
22:53:40.0782 5364  IDSVia64 - ok
22:53:41.0702 5364  [ 2A22AB054F4630D2EF4BAB2853F6D5F6 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
22:53:42.0030 5364  igfx - ok
22:53:42.0092 5364  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
22:53:42.0123 5364  iirsp - ok
22:53:42.0201 5364  [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT          C:\Windows\System32\ikeext.dll
22:53:42.0311 5364  IKEEXT - ok
22:53:42.0373 5364  [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
22:53:42.0420 5364  Impcd - ok
22:53:42.0623 5364  [ 53019327813FF5AB2964B33B2C61307C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:53:42.0669 5364  IntcAzAudAddService - ok
22:53:42.0810 5364  [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
22:53:42.0872 5364  IntcDAud - ok
22:53:42.0903 5364  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
22:53:42.0935 5364  intelide - ok
22:53:42.0997 5364  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:53:43.0028 5364  intelppm - ok
22:53:43.0091 5364  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:53:43.0169 5364  IPBusEnum - ok
22:53:43.0200 5364  [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:53:43.0293 5364  IpFilterDriver - ok
22:53:43.0309 5364  [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:53:43.0387 5364  iphlpsvc - ok
22:53:43.0434 5364  [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
22:53:43.0496 5364  IPMIDRV - ok
22:53:43.0559 5364  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
22:53:43.0652 5364  IPNAT - ok
22:53:43.0699 5364  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:53:43.0715 5364  IRENUM - ok
22:53:43.0761 5364  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
22:53:43.0777 5364  isapnp - ok
22:53:43.0824 5364  [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
22:53:43.0855 5364  iScsiPrt - ok
22:53:43.0902 5364  [ 9D7EA8C7215D8D4AE7BE110EEE61085D ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
22:53:43.0933 5364  k57nd60a - ok
22:53:43.0980 5364  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
22:53:43.0995 5364  kbdclass - ok
22:53:44.0042 5364  [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
22:53:44.0073 5364  kbdhid - ok
22:53:44.0120 5364  [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso          C:\Windows\system32\lsass.exe
22:53:44.0136 5364  KeyIso - ok
22:53:44.0151 5364  [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:53:44.0183 5364  KSecDD - ok
22:53:44.0198 5364  [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
22:53:44.0214 5364  KSecPkg - ok
22:53:44.0261 5364  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
22:53:44.0323 5364  ksthunk - ok
22:53:44.0370 5364  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:53:44.0432 5364  KtmRm - ok
22:53:44.0510 5364  [ 2AC603C3188C704CFCE353659AA7AD71 ] L1E             C:\Windows\system32\DRIVERS\L1E62x64.sys
22:53:44.0541 5364  L1E - ok
22:53:44.0588 5364  [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer    C:\Windows\system32\srvsvc.dll
22:53:44.0666 5364  LanmanServer - ok
22:53:44.0697 5364  [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:53:44.0760 5364  LanmanWorkstation - ok
22:53:44.0807 5364  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:53:44.0869 5364  lltdio - ok
22:53:44.0994 5364  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:53:45.0087 5364  lltdsvc - ok
22:53:45.0119 5364  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:53:45.0165 5364  lmhosts - ok
22:53:45.0275 5364  [ 7485FBCEF9136F530953575E2977859D ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:53:45.0306 5364  LMS - ok
22:53:45.0368 5364  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
22:53:45.0399 5364  LSI_FC - ok
22:53:45.0399 5364  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
22:53:45.0415 5364  LSI_SAS - ok
22:53:45.0431 5364  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:53:45.0462 5364  LSI_SAS2 - ok
22:53:45.0477 5364  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:53:45.0509 5364  LSI_SCSI - ok
22:53:45.0524 5364  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
22:53:45.0571 5364  luafv - ok
22:53:45.0618 5364  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
22:53:45.0633 5364  MBAMProtector - ok
22:53:45.0727 5364  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
22:53:45.0758 5364  MBAMScheduler - ok
22:53:45.0821 5364  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:53:45.0883 5364  MBAMService - ok
22:53:45.0914 5364  [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
22:53:45.0961 5364  Mcx2Svc - ok
22:53:46.0055 5364  [ 11F714F85530A2BD134074DC30E99FCA ] MDM             C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
22:53:46.0086 5364  MDM - ok
22:53:46.0148 5364  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
22:53:46.0164 5364  megasas - ok
22:53:46.0195 5364  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
22:53:46.0226 5364  MegaSR - ok
22:53:46.0273 5364  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
22:53:46.0351 5364  MMCSS - ok
22:53:46.0367 5364  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
22:53:46.0445 5364  Modem - ok
22:53:46.0476 5364  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:53:46.0523 5364  monitor - ok
22:53:46.0569 5364  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
22:53:46.0601 5364  mouclass - ok
22:53:46.0632 5364  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:53:46.0679 5364  mouhid - ok
22:53:46.0710 5364  [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
22:53:46.0741 5364  mountmgr - ok
22:53:46.0788 5364  [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
22:53:46.0803 5364  mpio - ok
22:53:46.0835 5364  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:53:46.0897 5364  mpsdrv - ok
22:53:46.0944 5364  [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:53:47.0053 5364  MpsSvc - ok
22:53:47.0084 5364  [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:53:47.0131 5364  MRxDAV - ok
22:53:47.0178 5364  [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:53:47.0225 5364  mrxsmb - ok
22:53:47.0303 5364  [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:53:47.0381 5364  mrxsmb10 - ok
22:53:47.0396 5364  [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:53:47.0443 5364  mrxsmb20 - ok
22:53:47.0490 5364  [ 5C37497276E3B3A5488B23A326A754B7 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
22:53:47.0505 5364  msahci - ok
22:53:47.0552 5364  [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
22:53:47.0568 5364  msdsm - ok
22:53:47.0583 5364  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
22:53:47.0615 5364  MSDTC - ok
22:53:47.0646 5364  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:53:47.0693 5364  Msfs - ok
22:53:47.0739 5364  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
22:53:47.0802 5364  mshidkmdf - ok
22:53:47.0817 5364  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
22:53:47.0849 5364  msisadrv - ok
22:53:47.0927 5364  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:53:48.0005 5364  MSiSCSI - ok
22:53:48.0005 5364  msiserver - ok
22:53:48.0051 5364  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:53:48.0098 5364  MSKSSRV - ok
22:53:48.0129 5364  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:53:48.0192 5364  MSPCLOCK - ok
22:53:48.0223 5364  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:53:48.0285 5364  MSPQM - ok
22:53:48.0457 5364  [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:53:48.0488 5364  MsRPC - ok
22:53:48.0519 5364  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
22:53:48.0535 5364  mssmbios - ok
22:53:48.0738 5364  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:53:48.0800 5364  MSTEE - ok
22:53:48.0831 5364  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
22:53:48.0863 5364  MTConfig - ok
22:53:48.0894 5364  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
22:53:48.0925 5364  Mup - ok
22:53:49.0097 5364  [ 4987E079A4530FA737A128BE54B63B12 ] napagent        C:\Windows\system32\qagentRT.dll
22:53:49.0175 5364  napagent - ok
22:53:49.0284 5364  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:53:49.0331 5364  NativeWifiP - ok
22:53:49.0580 5364  [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20130305.005\ENG64.SYS
22:53:49.0596 5364  NAVENG - ok
22:53:50.0048 5364  [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20130305.005\EX64.SYS
22:53:50.0095 5364  NAVEX15 - ok
22:53:50.0142 5364  [ CAD515DBD07D082BB317D9928CE8962C ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:53:50.0220 5364  NDIS - ok
22:53:50.0267 5364  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
22:53:50.0329 5364  NdisCap - ok
22:53:50.0360 5364  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:53:50.0438 5364  NdisTapi - ok
22:53:50.0485 5364  [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:53:50.0547 5364  Ndisuio - ok
22:53:50.0579 5364  [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:53:50.0625 5364  NdisWan - ok
22:53:50.0641 5364  [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:53:50.0735 5364  NDProxy - ok
22:53:50.0781 5364  [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
22:53:50.0828 5364  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:53:50.0828 5364  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:53:50.0859 5364  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:53:50.0937 5364  NetBIOS - ok
22:53:50.0969 5364  [ 9162B273A44AB9DCE5B44362731D062A ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
22:53:51.0015 5364  NetBT - ok
22:53:51.0047 5364  [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon        C:\Windows\system32\lsass.exe
22:53:51.0078 5364  Netlogon - ok
22:53:51.0140 5364  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
22:53:51.0234 5364  Netman - ok
22:53:51.0234 5364  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
22:53:51.0327 5364  netprofm - ok
22:53:51.0374 5364  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:53:51.0405 5364  NetTcpPortSharing - ok
22:53:51.0468 5364  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
22:53:51.0483 5364  nfrd960 - ok
22:53:51.0624 5364  [ B4187346F54E362DAFFE647B25A58D50 ] NIS             C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
22:53:51.0655 5364  NIS - ok
22:53:51.0733 5364  [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:53:51.0811 5364  NlaSvc - ok
22:53:51.0983 5364  [ 351533ACC2A069B94E80BBFC177E8FDF ] npf             C:\Windows\system32\drivers\npf.sys
22:53:51.0998 5364  npf - ok
22:53:52.0029 5364  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:53:52.0107 5364  Npfs - ok
22:53:52.0154 5364  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
22:53:52.0232 5364  nsi - ok
22:53:52.0279 5364  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:53:52.0326 5364  nsiproxy - ok
22:53:52.0653 5364  [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:53:52.0716 5364  Ntfs - ok
22:53:52.0841 5364  [ 15221DD637D9D0FFC60848EBBF1DF538 ] NTIBackupSvc    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
22:53:52.0872 5364  NTIBackupSvc - ok
22:53:52.0934 5364  [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
22:53:52.0950 5364  NTIDrvr - ok
22:53:53.0012 5364  [ B5071E15D4C3F5EF5018AFF7E85A85E5 ] NTISchedulerSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
22:53:53.0121 5364  NTISchedulerSvc - ok
22:53:53.0168 5364  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
22:53:53.0246 5364  Null - ok
22:53:53.0293 5364  [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:53:53.0324 5364  nvraid - ok
22:53:53.0355 5364  [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:53:53.0387 5364  nvstor - ok
22:53:53.0433 5364  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
22:53:53.0449 5364  nv_agp - ok
22:53:53.0465 5364  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
22:53:53.0496 5364  ohci1394 - ok
22:53:53.0558 5364  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:53:53.0621 5364  ose - ok
22:53:53.0683 5364  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
22:53:53.0761 5364  p2pimsvc - ok
22:53:53.0917 5364  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
22:53:53.0948 5364  p2psvc - ok
22:53:53.0979 5364  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
22:53:53.0995 5364  Parport - ok
22:53:54.0026 5364  [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:53:54.0042 5364  partmgr - ok
22:53:54.0073 5364  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:53:54.0120 5364  PcaSvc - ok
22:53:54.0198 5364  [ F36F6504009F2FB0DFD1B17A116AD74B ] pci             C:\Windows\system32\DRIVERS\pci.sys
22:53:54.0213 5364  pci - ok
22:53:54.0229 5364  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
22:53:54.0245 5364  pciide - ok
22:53:54.0276 5364  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
22:53:54.0307 5364  pcmcia - ok
22:53:54.0323 5364  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
22:53:54.0338 5364  pcw - ok
22:53:54.0541 5364  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:53:54.0993 5364  PEAUTH - ok
22:53:55.0259 5364  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
22:53:55.0305 5364  PerfHost - ok
22:53:55.0508 5364  [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla             C:\Windows\system32\pla.dll
22:53:55.0633 5364  pla - ok
22:53:55.0711 5364  [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:53:55.0805 5364  PlugPlay - ok
22:53:55.0883 5364  [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
22:53:55.0898 5364  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:53:55.0898 5364  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:53:55.0914 5364  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
22:53:55.0961 5364  PNRPAutoReg - ok
22:53:56.0070 5364  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
22:53:56.0101 5364  PNRPsvc - ok
22:53:56.0132 5364  [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:53:56.0226 5364  PolicyAgent - ok
22:53:56.0351 5364  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
22:53:56.0444 5364  Power - ok
22:53:56.0522 5364  [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:53:56.0600 5364  PptpMiniport - ok
22:53:56.0616 5364  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
22:53:56.0663 5364  Processor - ok
22:53:56.0694 5364  [ 97293447431311C06703368AD0F6C4BE ] ProfSvc         C:\Windows\system32\profsvc.dll
22:53:56.0772 5364  ProfSvc - ok
22:53:56.0787 5364  [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:53:56.0803 5364  ProtectedStorage - ok
22:53:56.0834 5364  [ EE992183BD8EAEFD9973F352E587A299 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
22:53:56.0881 5364  Psched - ok
22:53:56.0943 5364  [ CCE65976AAEB1DB4C3B98243B8AC448E ] PVUSB           C:\Windows\system32\DRIVERS\CESG64.sys
22:53:56.0959 5364  PVUSB - ok
22:53:57.0021 5364  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
22:53:57.0099 5364  ql2300 - ok
22:53:57.0146 5364  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
22:53:57.0162 5364  ql40xx - ok
22:53:57.0224 5364  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
22:53:57.0255 5364  QWAVE - ok
22:53:57.0271 5364  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:53:57.0318 5364  QWAVEdrv - ok
22:53:57.0333 5364  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:53:57.0411 5364  RasAcd - ok
22:53:57.0458 5364  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
22:53:57.0505 5364  RasAgileVpn - ok
22:53:57.0567 5364  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
22:53:57.0630 5364  RasAuto - ok
22:53:57.0661 5364  [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:53:57.0739 5364  Rasl2tp - ok
22:53:57.0801 5364  [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan          C:\Windows\System32\rasmans.dll
22:53:57.0879 5364  RasMan - ok
22:53:57.0911 5364  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:53:57.0973 5364  RasPppoe - ok
22:53:58.0004 5364  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:53:58.0082 5364  RasSstp - ok
22:53:58.0098 5364  [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:53:58.0160 5364  rdbss - ok
22:53:58.0191 5364  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
22:53:58.0238 5364  rdpbus - ok
22:53:58.0285 5364  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:53:58.0332 5364  RDPCDD - ok
22:53:58.0332 5364  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:53:58.0425 5364  RDPENCDD - ok
22:53:58.0457 5364  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
22:53:58.0503 5364  RDPREFMP - ok
22:53:58.0535 5364  [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:53:58.0597 5364  RDPWD - ok
22:53:58.0644 5364  [ 634B9A2181D98F15941236886164EC8B ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
22:53:58.0675 5364  rdyboost - ok
22:53:58.0706 5364  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:53:58.0784 5364  RemoteAccess - ok
22:53:58.0847 5364  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:53:58.0940 5364  RemoteRegistry - ok
22:53:58.0971 5364  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
22:53:59.0049 5364  RpcEptMapper - ok
22:53:59.0081 5364  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
22:53:59.0096 5364  RpcLocator - ok
22:53:59.0127 5364  [ 7266972E86890E2B30C0C322E906B027 ] RpcSs           C:\Windows\system32\rpcss.dll
22:53:59.0205 5364  RpcSs - ok
22:53:59.0252 5364  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:53:59.0330 5364  rspndr - ok
22:53:59.0346 5364  [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs           C:\Windows\system32\lsass.exe
22:53:59.0377 5364  SamSs - ok
22:53:59.0393 5364  [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
22:53:59.0424 5364  sbp2port - ok
22:53:59.0439 5364  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:53:59.0502 5364  SCardSvr - ok
22:53:59.0517 5364  [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
22:53:59.0580 5364  scfilter - ok
22:53:59.0705 5364  [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule        C:\Windows\system32\schedsvc.dll
22:53:59.0798 5364  Schedule - ok
22:53:59.0814 5364  [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:53:59.0876 5364  SCPolicySvc - ok
22:53:59.0923 5364  [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:53:59.0985 5364  SDRSVC - ok
22:54:00.0032 5364  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:54:00.0110 5364  secdrv - ok
22:54:00.0157 5364  [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon        C:\Windows\system32\seclogon.dll
22:54:00.0251 5364  seclogon - ok
22:54:00.0329 5364  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
22:54:00.0407 5364  SENS - ok
22:54:00.0422 5364  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
22:54:00.0578 5364  SensrSvc - ok
22:54:00.0625 5364  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
22:54:00.0641 5364  Serenum - ok
22:54:00.0672 5364  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
22:54:00.0719 5364  Serial - ok
22:54:00.0828 5364  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
22:54:00.0843 5364  sermouse - ok
22:54:00.0921 5364  [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv      C:\Windows\system32\sessenv.dll
22:54:00.0984 5364  SessionEnv - ok
22:54:00.0999 5364  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
22:54:01.0046 5364  sffdisk - ok
22:54:01.0093 5364  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
22:54:01.0124 5364  sffp_mmc - ok
22:54:01.0155 5364  [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
22:54:01.0187 5364  sffp_sd - ok
22:54:01.0218 5364  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
22:54:01.0265 5364  sfloppy - ok
22:54:01.0327 5364  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:54:01.0389 5364  SharedAccess - ok
22:54:01.0436 5364  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:54:01.0499 5364  ShellHWDetection - ok
22:54:01.0545 5364  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:54:01.0577 5364  SiSRaid2 - ok
22:54:01.0608 5364  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
22:54:01.0639 5364  SiSRaid4 - ok
22:54:01.0670 5364  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:54:01.0733 5364  Smb - ok
22:54:01.0779 5364  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:54:01.0826 5364  SNMPTRAP - ok
22:54:01.0857 5364  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
22:54:01.0889 5364  spldr - ok
22:54:01.0982 5364  [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler         C:\Windows\System32\spoolsv.exe
22:54:02.0029 5364  Spooler - ok
22:54:02.0138 5364  [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc          C:\Windows\system32\sppsvc.exe
22:54:02.0325 5364  sppsvc - ok
22:54:02.0357 5364  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
22:54:02.0403 5364  sppuinotify - ok
22:54:02.0606 5364  [ 96BABC4906ECDB1C69D1176F8647AD8E ] SRTSP           C:\Windows\System32\Drivers\NISx64\1109000.00C\SRTSP64.SYS
22:54:02.0637 5364  SRTSP - ok
22:54:02.0669 5364  [ C7F491A290E0E4222F5CDCD50EEB8167 ] SRTSPX          C:\Windows\system32\drivers\NISx64\1109000.00C\SRTSPX64.SYS
22:54:02.0700 5364  SRTSPX - ok
22:54:02.0809 5364  [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:54:02.0856 5364  srv - ok
22:54:02.0871 5364  [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:54:02.0934 5364  srv2 - ok
22:54:02.0981 5364  [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:54:03.0027 5364  srvnet - ok
22:54:03.0074 5364  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:54:03.0152 5364  SSDPSRV - ok
22:54:03.0168 5364  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:54:03.0230 5364  SstpSvc - ok
22:54:03.0277 5364  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
22:54:03.0293 5364  stexstor - ok
22:54:03.0339 5364  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
22:54:03.0386 5364  StillCam - ok
22:54:03.0464 5364  [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc          C:\Windows\System32\wiaservc.dll
22:54:03.0511 5364  stisvc - ok
22:54:03.0542 5364  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
22:54:03.0573 5364  swenum - ok
22:54:03.0636 5364  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
22:54:03.0698 5364  swprv - ok
22:54:03.0745 5364  [ 659B227A72B76115975A6A9491B2FE1F ] SymDS           C:\Windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS
22:54:03.0776 5364  SymDS - ok
22:54:03.0839 5364  [ 9F5783A4A03D0091CDBDAA858B566926 ] SymEFA          C:\Windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS
22:54:03.0870 5364  SymEFA - ok
22:54:03.0917 5364  [ 3F9D5FE52585E2653E59FDBFDF09A94C ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
22:54:03.0932 5364  SymEvent - ok
22:54:03.0995 5364  [ F7F3DEB5FDD6CEA69A8D1544F7BECAF1 ] SymIM           C:\Windows\system32\DRIVERS\SymIMv.sys
22:54:04.0026 5364  SymIM - ok
22:54:04.0041 5364  [ F57588546E738DB1583981D8F44E9BC2 ] SymIRON         C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS
22:54:04.0073 5364  SymIRON - ok
22:54:04.0135 5364  [ 3ADFB72F0797AE3832509FE030755E21 ] SYMTDIv         C:\Windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS
22:54:04.0166 5364  SYMTDIv - ok
22:54:04.0400 5364  [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain         C:\Windows\system32\sysmain.dll
22:54:04.0494 5364  SysMain - ok
22:54:04.0525 5364  [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:54:04.0587 5364  TabletInputService - ok
22:54:04.0619 5364  [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:54:04.0697 5364  TapiSrv - ok
22:54:04.0728 5364  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
22:54:04.0775 5364  TBS - ok
22:54:05.0352 5364  [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:54:05.0414 5364  Tcpip - ok
22:54:05.0461 5364  [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
22:54:05.0523 5364  TCPIP6 - ok
22:54:05.0570 5364  [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:54:05.0633 5364  tcpipreg - ok
22:54:05.0648 5364  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:54:05.0726 5364  TDPIPE - ok
22:54:05.0757 5364  [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:54:05.0835 5364  TDTCP - ok
22:54:05.0851 5364  [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:54:05.0929 5364  tdx - ok
22:54:05.0976 5364  [ C448651339196C0E869A355171875522 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
22:54:06.0007 5364  TermDD - ok
22:54:06.0038 5364  [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService     C:\Windows\System32\termsrv.dll
22:54:06.0132 5364  TermService - ok
22:54:06.0163 5364  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
22:54:06.0210 5364  Themes - ok
22:54:06.0257 5364  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
22:54:06.0319 5364  THREADORDER - ok
22:54:06.0319 5364  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
22:54:06.0397 5364  TrkWks - ok
22:54:06.0475 5364  [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:54:06.0522 5364  TrustedInstaller - ok
22:54:06.0553 5364  [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:54:06.0615 5364  tssecsrv - ok
22:54:06.0678 5364  [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:54:06.0740 5364  tunnel - ok
22:54:06.0756 5364  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
22:54:06.0787 5364  uagp35 - ok
22:54:06.0818 5364  [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
22:54:06.0834 5364  UBHelper - ok
22:54:06.0959 5364  [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:54:07.0037 5364  udfs - ok
22:54:07.0099 5364  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:54:07.0115 5364  UI0Detect - ok
22:54:07.0146 5364  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
22:54:07.0161 5364  uliagpkx - ok
22:54:07.0224 5364  [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
22:54:07.0271 5364  umbus - ok
22:54:07.0302 5364  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
22:54:07.0349 5364  UmPass - ok
22:54:07.0676 5364  [ 765F2DD351BA064F657751D8D75E58C0 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:54:07.0754 5364  UNS - ok
22:54:07.0926 5364  [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
22:54:07.0988 5364  Updater Service - ok
22:54:08.0035 5364  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
22:54:08.0113 5364  upnphost - ok
22:54:08.0175 5364  [ 537A4E03D7103C12D42DFD8FFDB5BDC9 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
22:54:08.0238 5364  usbccgp - ok
22:54:08.0285 5364  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
22:54:08.0331 5364  usbcir - ok
22:54:08.0363 5364  [ FBB21EBE49F6D560DB37AC25FBC68E66 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
22:54:08.0394 5364  usbehci - ok
22:54:08.0456 5364  [ 6B7A8A99C4A459E73C286A6763EA24CC ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:54:08.0487 5364  usbhub - ok
22:54:08.0534 5364  [ 8C88AA7617B4CBC2E4BED61D26B33A27 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
22:54:08.0597 5364  usbohci - ok
22:54:08.0643 5364  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
22:54:08.0690 5364  usbprint - ok
22:54:08.0737 5364  [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:54:08.0815 5364  USBSTOR - ok
22:54:08.0862 5364  [ 0B5B3B2DF3FD1709618ACFA50B8392B0 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
22:54:08.0877 5364  usbuhci - ok
22:54:08.0955 5364  [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
22:54:09.0002 5364  usbvideo - ok
22:54:09.0049 5364  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
22:54:09.0096 5364  UxSms - ok
22:54:09.0127 5364  [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc        C:\Windows\system32\lsass.exe
22:54:09.0143 5364  VaultSvc - ok
22:54:09.0189 5364  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
22:54:09.0221 5364  vdrvroot - ok
22:54:09.0392 5364  [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds             C:\Windows\System32\vds.exe
22:54:09.0423 5364  vds - ok
22:54:09.0470 5364  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:54:09.0501 5364  vga - ok
22:54:09.0517 5364  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:54:09.0595 5364  VgaSave - ok
22:54:09.0657 5364  [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
22:54:09.0673 5364  vhdmp - ok
22:54:09.0704 5364  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
22:54:09.0720 5364  viaide - ok
22:54:09.0735 5364  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
22:54:09.0751 5364  volmgr - ok
22:54:09.0782 5364  [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:54:09.0813 5364  volmgrx - ok
22:54:09.0829 5364  [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:54:09.0860 5364  volsnap - ok
22:54:09.0876 5364  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
22:54:09.0907 5364  vsmraid - ok
22:54:09.0954 5364  [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS             C:\Windows\system32\vssvc.exe
22:54:10.0032 5364  VSS - ok
22:54:10.0094 5364  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
22:54:10.0125 5364  vwifibus - ok
22:54:10.0141 5364  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
22:54:10.0188 5364  vwififlt - ok
22:54:10.0219 5364  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
22:54:10.0250 5364  vwifimp - ok
22:54:10.0281 5364  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
22:54:10.0359 5364  W32Time - ok
22:54:10.0422 5364  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
22:54:10.0469 5364  WacomPen - ok
22:54:10.0515 5364  [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
22:54:10.0562 5364  WANARP - ok
22:54:10.0578 5364  [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:54:10.0625 5364  Wanarpv6 - ok
22:54:10.0937 5364  [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine        C:\Windows\system32\wbengine.exe
22:54:11.0077 5364  wbengine - ok
22:54:11.0093 5364  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
22:54:11.0124 5364  WbioSrvc - ok
22:54:11.0155 5364  [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:54:11.0249 5364  wcncsvc - ok
22:54:11.0280 5364  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:54:11.0327 5364  WcsPlugInService - ok
22:54:11.0373 5364  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
22:54:11.0389 5364  Wd - ok
22:54:11.0498 5364  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:54:11.0545 5364  Wdf01000 - ok
22:54:11.0576 5364  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:54:11.0639 5364  WdiServiceHost - ok
22:54:11.0639 5364  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:54:11.0670 5364  WdiSystemHost - ok
22:54:11.0701 5364  [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient       C:\Windows\System32\webclnt.dll
22:54:11.0779 5364  WebClient - ok
22:54:11.0810 5364  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:54:11.0873 5364  Wecsvc - ok
22:54:11.0888 5364  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:54:11.0935 5364  wercplsupport - ok
22:54:11.0982 5364  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:54:12.0060 5364  WerSvc - ok
22:54:12.0107 5364  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
22:54:12.0153 5364  WfpLwf - ok
22:54:12.0169 5364  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
22:54:12.0185 5364  WIMMount - ok
22:54:12.0247 5364  WinDefend - ok
22:54:12.0247 5364  WinHttpAutoProxySvc - ok
22:54:12.0356 5364  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:54:12.0434 5364  Winmgmt - ok
22:54:12.0887 5364  [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM           C:\Windows\system32\WsmSvc.dll
22:54:12.0980 5364  WinRM - ok
22:54:13.0043 5364  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:54:13.0089 5364  Wlansvc - ok
22:54:13.0121 5364  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
22:54:13.0136 5364  WmiAcpi - ok
22:54:13.0214 5364  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:54:13.0261 5364  wmiApSrv - ok
22:54:13.0323 5364  WMPNetworkSvc - ok
22:54:13.0355 5364  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:54:13.0401 5364  WPCSvc - ok
22:54:13.0433 5364  [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:54:13.0448 5364  WPDBusEnum - ok
22:54:13.0511 5364  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:54:13.0589 5364  ws2ifsl - ok
22:54:13.0620 5364  [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc          C:\Windows\System32\wscsvc.dll
22:54:13.0682 5364  wscsvc - ok
22:54:13.0682 5364  WSearch - ok
22:54:13.0916 5364  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
22:54:14.0010 5364  wuauserv - ok
22:54:14.0041 5364  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:54:14.0088 5364  WudfPf - ok
22:54:14.0135 5364  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:54:14.0166 5364  WUDFRd - ok
22:54:14.0197 5364  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:54:14.0213 5364  wudfsvc - ok
22:54:14.0244 5364  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
22:54:14.0306 5364  WwanSvc - ok
22:54:14.0353 5364  ================ Scan global ===============================
22:54:14.0369 5364  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:54:14.0400 5364  [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
22:54:14.0415 5364  [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
22:54:14.0431 5364  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:54:14.0478 5364  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:54:14.0478 5364  [Global] - ok
22:54:14.0478 5364  ================ Scan MBR ==================================
22:54:14.0493 5364  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
22:54:15.0897 5364  \Device\Harddisk0\DR0 - ok
22:54:15.0897 5364  ================ Scan VBR ==================================
22:54:15.0960 5364  [ 57F5A1A999CD0DE83BD23E429B6980D0 ] \Device\Harddisk0\DR0\Partition1
22:54:15.0960 5364  \Device\Harddisk0\DR0\Partition1 - ok
22:54:15.0975 5364  [ CDBDF3D60BC3BBD793440B5B8B961A7C ] \Device\Harddisk0\DR0\Partition2
22:54:15.0991 5364  \Device\Harddisk0\DR0\Partition2 - ok
22:54:15.0991 5364  ============================================================
22:54:15.0991 5364  Scan finished
22:54:15.0991 5364  ============================================================
22:54:15.0991 5356  Detected object count: 6
22:54:15.0991 5356  Actual detected object count: 6
22:54:34.0524 5356  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
22:54:34.0524 5356  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:54:34.0524 5356  hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
22:54:34.0524 5356  hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:54:34.0524 5356  HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
22:54:34.0524 5356  HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:54:34.0524 5356  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
22:54:34.0524 5356  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:54:34.0524 5356  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:54:34.0524 5356  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:54:34.0524 5356  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:54:34.0524 5356  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:55:03.0930 5176  ============================================================
22:55:03.0930 5176  Scan started
22:55:03.0930 5176  Mode: Manual; SigCheck; TDLFS; 
22:55:03.0930 5176  ============================================================
22:55:04.0117 5176  ================ Scan system memory ========================
22:55:04.0117 5176  System memory - ok
22:55:04.0117 5176  ================ Scan services =============================
22:55:04.0928 5176  [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
22:55:04.0959 5176  1394ohci - ok
22:55:05.0084 5176  [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
22:55:05.0115 5176  ACPI - ok
22:55:05.0131 5176  [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
22:55:05.0162 5176  AcpiPmi - ok
22:55:05.0271 5176  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
22:55:05.0287 5176  adp94xx - ok
22:55:05.0505 5176  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
22:55:05.0537 5176  adpahci - ok
22:55:05.0583 5176  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
22:55:05.0615 5176  adpu320 - ok
22:55:05.0677 5176  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:55:05.0739 5176  AeLookupSvc - ok
22:55:05.0802 5176  [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD             C:\Windows\system32\drivers\afd.sys
22:55:05.0833 5176  AFD - ok
22:55:05.0895 5176  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
22:55:05.0927 5176  agp440 - ok
22:55:05.0973 5176  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
22:55:05.0989 5176  ALG - ok
22:55:06.0036 5176  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
22:55:06.0051 5176  aliide - ok
22:55:06.0114 5176  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
22:55:06.0129 5176  amdide - ok
22:55:06.0145 5176  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
22:55:06.0176 5176  AmdK8 - ok
22:55:06.0239 5176  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
22:55:06.0254 5176  AmdPPM - ok
22:55:06.0301 5176  [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
22:55:06.0332 5176  amdsata - ok
22:55:06.0457 5176  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
22:55:06.0488 5176  amdsbs - ok
22:55:06.0535 5176  [ DB27766102C7BF7E95140A2AA81D042E ] amdxata         C:\Windows\system32\drivers\amdxata.sys
22:55:06.0566 5176  amdxata - ok
22:55:06.0613 5176  [ 391887990CDAA83DE5C56C3FDE966DA1 ] AmUStor         C:\Windows\system32\drivers\AmUStor.SYS
22:55:06.0629 5176  AmUStor - ok
22:55:06.0707 5176  [ FAB590E0FC28CB474B965F8267458E14 ] ApfiltrService  C:\Windows\system32\DRIVERS\Apfiltr.sys
22:55:06.0722 5176  ApfiltrService - ok
22:55:06.0800 5176  [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID           C:\Windows\system32\drivers\appid.sys
22:55:06.0831 5176  AppID - ok
22:55:06.0878 5176  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
22:55:06.0925 5176  AppIDSvc - ok
22:55:06.0956 5176  [ D065BE66822847B7F127D1F90158376E ] Appinfo         C:\Windows\System32\appinfo.dll
22:55:06.0972 5176  Appinfo - ok
22:55:07.0034 5176  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
22:55:07.0065 5176  arc - ok
22:55:07.0175 5176  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
22:55:07.0190 5176  arcsas - ok
22:55:07.0268 5176  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:55:07.0315 5176  AsyncMac - ok
22:55:07.0346 5176  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
22:55:07.0377 5176  atapi - ok
22:55:07.0487 5176  [ 70260C7C98CC0101316F5B2650C3BB44 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
22:55:07.0549 5176  athr - ok
22:55:07.0674 5176  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:55:07.0752 5176  AudioEndpointBuilder - ok
22:55:07.0892 5176  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv        C:\Windows\System32\Audiosrv.dll
         

Alt 06.03.2013, 18:30   #11
Smilims
 
Snap.do und SpyHunter entfernen - Standard

Snap.do und SpyHunter entfernen



Code:
ATTFilter
22:55:07.0970 5176  AudioSrv - ok
22:55:08.0048 5176  [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
22:55:08.0079 5176  AxInstSV - ok
22:55:08.0142 5176  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
22:55:08.0157 5176  b06bdrv - ok
22:55:08.0251 5176  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
22:55:08.0282 5176  b57nd60a - ok
22:55:08.0485 5176  [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
22:55:08.0532 5176  BCM43XX - ok
22:55:08.0610 5176  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
22:55:08.0625 5176  BDESVC - ok
22:55:08.0657 5176  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:55:08.0703 5176  Beep - ok
22:55:08.0828 5176  [ 4992C609A6315671463E30F6512BC022 ] BFE             C:\Windows\System32\bfe.dll
22:55:08.0875 5176  BFE - ok
22:55:10.0014 5176  [ 866335C9C0E6733C753FB472C539A6B9 ] BHDrvx64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20130301.001\BHDrvx64.sys
22:55:10.0045 5176  BHDrvx64 - ok
22:55:10.0154 5176  [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS            C:\Windows\System32\qmgr.dll
22:55:10.0232 5176  BITS - ok
22:55:10.0263 5176  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
22:55:10.0295 5176  blbdrive - ok
22:55:10.0373 5176  [ 19D20159708E152267E53B66677A4995 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:55:10.0404 5176  bowser - ok
22:55:10.0451 5176  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:55:10.0466 5176  BrFiltLo - ok
22:55:10.0497 5176  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:55:10.0513 5176  BrFiltUp - ok
22:55:10.0591 5176  [ 6B054C67AAA87843504E8E3C09102009 ] Browser         C:\Windows\System32\browser.dll
22:55:10.0622 5176  Browser - ok
22:55:10.0716 5176  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
22:55:10.0731 5176  Brserid - ok
22:55:10.0747 5176  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
22:55:10.0778 5176  BrSerWdm - ok
22:55:10.0856 5176  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
22:55:10.0872 5176  BrUsbMdm - ok
22:55:10.0934 5176  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
22:55:10.0950 5176  BrUsbSer - ok
22:55:10.0997 5176  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
22:55:11.0028 5176  BTHMODEM - ok
22:55:11.0106 5176  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
22:55:11.0153 5176  bthserv - ok
22:55:11.0309 5176  [ 37F1BAEC39B505B3B51893A35C8337EA ] ccHP            C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys
22:55:11.0340 5176  ccHP - ok
22:55:11.0418 5176  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:55:11.0480 5176  cdfs - ok
22:55:11.0527 5176  [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
22:55:11.0543 5176  cdrom - ok
22:55:11.0589 5176  [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc     C:\Windows\System32\certprop.dll
22:55:11.0636 5176  CertPropSvc - ok
22:55:11.0683 5176  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
22:55:11.0699 5176  circlass - ok
22:55:11.0808 5176  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
22:55:11.0839 5176  CLFS - ok
22:55:11.0979 5176  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:55:12.0011 5176  clr_optimization_v2.0.50727_32 - ok
22:55:12.0151 5176  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:55:12.0167 5176  clr_optimization_v2.0.50727_64 - ok
22:55:12.0198 5176  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
22:55:12.0213 5176  CmBatt - ok
22:55:12.0245 5176  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
22:55:12.0260 5176  cmdide - ok
22:55:12.0401 5176  [ CA7720B73446FDDEC5C69519C1174C98 ] CNG             C:\Windows\system32\Drivers\cng.sys
22:55:12.0432 5176  CNG - ok
22:55:12.0572 5176  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
22:55:12.0603 5176  Compbatt - ok
22:55:12.0650 5176  [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
22:55:12.0666 5176  CompositeBus - ok
22:55:12.0681 5176  COMSysApp - ok
22:55:12.0728 5176  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
22:55:12.0744 5176  crcdisk - ok
22:55:12.0791 5176  [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:55:12.0806 5176  CryptSvc - ok
22:55:12.0978 5176  [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:55:13.0040 5176  DcomLaunch - ok
22:55:13.0165 5176  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
22:55:13.0212 5176  defragsvc - ok
22:55:13.0259 5176  [ 9C253CE7311CA60FC11C774692A13208 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:55:13.0274 5176  DfsC - ok
22:55:13.0415 5176  [ CE3B9562D997F69B330D181A8875960F ] Dhcp            C:\Windows\system32\dhcpcore.dll
22:55:13.0446 5176  Dhcp - ok
22:55:13.0493 5176  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
22:55:13.0539 5176  discache - ok
22:55:13.0555 5176  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
22:55:13.0586 5176  Disk - ok
22:55:13.0680 5176  [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:55:13.0695 5176  Dnscache - ok
22:55:13.0742 5176  [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc         C:\Windows\System32\dot3svc.dll
22:55:13.0789 5176  dot3svc - ok
22:55:13.0898 5176  [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS             C:\Windows\system32\dps.dll
22:55:13.0961 5176  DPS - ok
22:55:14.0023 5176  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:55:14.0054 5176  drmkaud - ok
22:55:14.0335 5176  [ E2B2853A0210D6EDAB2261870BD80C1A ] DsiWMIService   C:\Program Files (x86)\Launch Manager\dsiwmis.exe
22:55:14.0382 5176  DsiWMIService - ok
22:55:14.0553 5176  [ 24CE1ECF9D0AE0301775B07F5FEA175B ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:55:14.0600 5176  DXGKrnl - ok
22:55:14.0647 5176  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
22:55:14.0694 5176  EapHost - ok
22:55:15.0271 5176  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
22:55:15.0349 5176  ebdrv - ok
22:55:15.0630 5176  [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
22:55:15.0645 5176  eeCtrl - ok
22:55:15.0708 5176  [ 156F6159457D0AA7E59B62681B56EB90 ] EFS             C:\Windows\System32\lsass.exe
22:55:15.0739 5176  EFS - ok
22:55:16.0051 5176  [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
22:55:16.0098 5176  ehRecvr - ok
22:55:16.0145 5176  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
22:55:16.0176 5176  ehSched - ok
22:55:16.0347 5176  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
22:55:16.0379 5176  elxstor - ok
22:55:16.0847 5176  [ 49EEF52BFB986A2B5D70F4EC12637D7B ] ePowerSvc       C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
22:55:16.0878 5176  ePowerSvc - ok
22:55:16.0971 5176  [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
22:55:16.0987 5176  EraserUtilRebootDrv - ok
22:55:17.0003 5176  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
22:55:17.0034 5176  ErrDev - ok
22:55:17.0221 5176  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
22:55:17.0268 5176  EventSystem - ok
22:55:17.0346 5176  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
22:55:17.0393 5176  exfat - ok
22:55:17.0486 5176  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:55:17.0533 5176  fastfat - ok
22:55:17.0611 5176  [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax             C:\Windows\system32\fxssvc.exe
22:55:17.0642 5176  Fax - ok
22:55:17.0720 5176  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
22:55:17.0736 5176  fdc - ok
22:55:17.0798 5176  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
22:55:17.0861 5176  fdPHost - ok
22:55:17.0892 5176  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
22:55:17.0939 5176  FDResPub - ok
22:55:17.0985 5176  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:55:18.0001 5176  FileInfo - ok
22:55:18.0079 5176  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:55:18.0126 5176  Filetrace - ok
22:55:18.0157 5176  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
22:55:18.0173 5176  flpydisk - ok
22:55:18.0266 5176  [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:55:18.0282 5176  FltMgr - ok
22:55:18.0531 5176  [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache       C:\Windows\system32\FntCache.dll
22:55:18.0563 5176  FontCache - ok
22:55:18.0672 5176  [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:55:18.0687 5176  FontCache3.0.0.0 - ok
22:55:18.0703 5176  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
22:55:18.0734 5176  FsDepends - ok
22:55:18.0781 5176  [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:55:18.0812 5176  Fs_Rec - ok
22:55:18.0875 5176  [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
22:55:18.0906 5176  fvevol - ok
22:55:18.0968 5176  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
22:55:18.0984 5176  gagp30kx - ok
22:55:19.0312 5176  [ 6858C318E8DAA40E747E6FB9B214E104 ] GameConsoleService C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe
22:55:19.0343 5176  GameConsoleService - ok
22:55:19.0577 5176  [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc           C:\Windows\System32\gpsvc.dll
22:55:19.0639 5176  gpsvc - ok
22:55:19.0982 5176  [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service    C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
22:55:20.0029 5176  Greg_Service - ok
22:55:20.0248 5176  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:55:20.0279 5176  gupdate - ok
22:55:20.0279 5176  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:55:20.0310 5176  gupdatem - ok
22:55:20.0388 5176  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:55:20.0419 5176  gusvc - ok
22:55:20.0450 5176  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
22:55:20.0497 5176  hcw85cir - ok
22:55:20.0638 5176  [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:55:20.0669 5176  HdAudAddService - ok
22:55:20.0716 5176  [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
22:55:20.0762 5176  HDAudBus - ok
22:55:20.0794 5176  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
22:55:20.0809 5176  HECIx64 - ok
22:55:20.0872 5176  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
22:55:20.0887 5176  HidBatt - ok
22:55:20.0903 5176  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
22:55:20.0934 5176  HidBth - ok
22:55:20.0996 5176  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
22:55:21.0028 5176  HidIr - ok
22:55:21.0074 5176  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
22:55:21.0121 5176  hidserv - ok
22:55:21.0184 5176  [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
22:55:21.0215 5176  HidUsb - ok
22:55:21.0277 5176  [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:55:21.0340 5176  hkmsvc - ok
22:55:21.0418 5176  [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:55:21.0433 5176  HomeGroupListener - ok
22:55:21.0542 5176  [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:55:21.0558 5176  HomeGroupProvider - ok
22:55:22.0057 5176  [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
22:55:22.0088 5176  hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
22:55:22.0088 5176  hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
22:55:22.0135 5176  [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
22:55:22.0151 5176  hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
22:55:22.0151 5176  hpqddsvc - detected UnsignedFile.Multi.Generic (1)
22:55:22.0198 5176  [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
22:55:22.0213 5176  HpSAMD - ok
22:55:22.0541 5176  [ 7F57926169C1B8ABA9274EA7D4B70F18 ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
22:55:22.0572 5176  HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
22:55:22.0572 5176  HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
22:55:22.0588 5176  [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:55:22.0666 5176  HTTP - ok
22:55:22.0712 5176  [ F17766A19145F111856378DF337A5D79 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
22:55:22.0728 5176  hwpolicy - ok
22:55:22.0806 5176  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
22:55:22.0822 5176  i8042prt - ok
22:55:22.0884 5176  [ 42E00996DFC13C46366689C0EA8ABC5E ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
22:55:22.0915 5176  iaStor - ok
22:55:23.0024 5176  [ 48362E5DB5CB2C000C514EE1F3890ACD ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
22:55:23.0056 5176  IAStorDataMgrSvc - ok
22:55:23.0196 5176  [ B75E45C564E944A2657167D197AB29DA ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
22:55:23.0227 5176  iaStorV - ok
22:55:23.0383 5176  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:55:23.0399 5176  IDriverT ( UnsignedFile.Multi.Generic ) - warning
22:55:23.0399 5176  IDriverT - detected UnsignedFile.Multi.Generic (1)
22:55:23.0726 5176  [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:55:23.0758 5176  idsvc - ok
22:55:23.0945 5176  [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20130301.002\IDSvia64.sys
22:55:23.0960 5176  IDSVia64 - ok
22:55:24.0928 5176  [ 2A22AB054F4630D2EF4BAB2853F6D5F6 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
22:55:25.0068 5176  igfx - ok
22:55:25.0115 5176  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
22:55:25.0146 5176  iirsp - ok
22:55:25.0411 5176  [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT          C:\Windows\System32\ikeext.dll
22:55:25.0474 5176  IKEEXT - ok
22:55:25.0583 5176  [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
22:55:25.0598 5176  Impcd - ok
22:55:25.0910 5176  [ 53019327813FF5AB2964B33B2C61307C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:55:25.0957 5176  IntcAzAudAddService - ok
22:55:26.0035 5176  [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
22:55:26.0066 5176  IntcDAud - ok
22:55:26.0113 5176  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
22:55:26.0129 5176  intelide - ok
22:55:26.0191 5176  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:55:26.0207 5176  intelppm - ok
22:55:26.0254 5176  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:55:26.0316 5176  IPBusEnum - ok
22:55:26.0363 5176  [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:55:26.0410 5176  IpFilterDriver - ok
22:55:26.0612 5176  [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:55:26.0659 5176  iphlpsvc - ok
22:55:26.0690 5176  [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
22:55:26.0706 5176  IPMIDRV - ok
22:55:26.0753 5176  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
22:55:26.0800 5176  IPNAT - ok
22:55:26.0831 5176  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:55:26.0862 5176  IRENUM - ok
22:55:26.0924 5176  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
22:55:26.0956 5176  isapnp - ok
22:55:27.0112 5176  [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
22:55:27.0127 5176  iScsiPrt - ok
22:55:27.0268 5176  [ 9D7EA8C7215D8D4AE7BE110EEE61085D ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
22:55:27.0283 5176  k57nd60a - ok
22:55:27.0314 5176  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
22:55:27.0330 5176  kbdclass - ok
22:55:27.0408 5176  [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
22:55:27.0424 5176  kbdhid - ok
22:55:27.0470 5176  [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso          C:\Windows\system32\lsass.exe
22:55:27.0502 5176  KeyIso - ok
22:55:27.0548 5176  [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:55:27.0564 5176  KSecDD - ok
22:55:27.0611 5176  [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
22:55:27.0626 5176  KSecPkg - ok
22:55:27.0673 5176  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
22:55:27.0720 5176  ksthunk - ok
22:55:27.0860 5176  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:55:27.0907 5176  KtmRm - ok
22:55:27.0970 5176  [ 2AC603C3188C704CFCE353659AA7AD71 ] L1E             C:\Windows\system32\DRIVERS\L1E62x64.sys
22:55:27.0985 5176  L1E - ok
22:55:28.0110 5176  [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer    C:\Windows\system32\srvsvc.dll
22:55:28.0126 5176  LanmanServer - ok
22:55:28.0188 5176  [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:55:28.0235 5176  LanmanWorkstation - ok
22:55:28.0250 5176  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:55:28.0313 5176  lltdio - ok
22:55:28.0422 5176  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:55:28.0484 5176  lltdsvc - ok
22:55:28.0516 5176  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:55:28.0578 5176  lmhosts - ok
22:55:28.0734 5176  [ 7485FBCEF9136F530953575E2977859D ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:55:28.0765 5176  LMS - ok
22:55:28.0890 5176  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
22:55:28.0906 5176  LSI_FC - ok
22:55:28.0921 5176  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
22:55:28.0952 5176  LSI_SAS - ok
22:55:28.0984 5176  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:55:28.0999 5176  LSI_SAS2 - ok
22:55:29.0030 5176  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:55:29.0046 5176  LSI_SCSI - ok
22:55:29.0093 5176  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
22:55:29.0140 5176  luafv - ok
22:55:29.0186 5176  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
22:55:29.0202 5176  MBAMProtector - ok
22:55:29.0452 5176  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
22:55:29.0483 5176  MBAMScheduler - ok
22:55:29.0608 5176  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:55:29.0654 5176  MBAMService - ok
22:55:29.0686 5176  [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
22:55:29.0717 5176  Mcx2Svc - ok
22:55:30.0060 5176  [ 11F714F85530A2BD134074DC30E99FCA ] MDM             C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
22:55:30.0091 5176  MDM - ok
22:55:30.0122 5176  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
22:55:30.0138 5176  megasas - ok
22:55:30.0232 5176  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
22:55:30.0247 5176  MegaSR - ok
22:55:30.0325 5176  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
22:55:30.0388 5176  MMCSS - ok
22:55:30.0419 5176  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
22:55:30.0466 5176  Modem - ok
22:55:30.0481 5176  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:55:30.0512 5176  monitor - ok
22:55:30.0590 5176  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
22:55:30.0606 5176  mouclass - ok
22:55:30.0653 5176  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:55:30.0668 5176  mouhid - ok
22:55:30.0746 5176  [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
22:55:30.0778 5176  mountmgr - ok
22:55:30.0840 5176  [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
22:55:30.0871 5176  mpio - ok
22:55:30.0934 5176  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:55:30.0980 5176  mpsdrv - ok
22:55:31.0074 5176  [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:55:31.0152 5176  MpsSvc - ok
22:55:31.0230 5176  [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:55:31.0261 5176  MRxDAV - ok
22:55:31.0339 5176  [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:55:31.0370 5176  mrxsmb - ok
22:55:31.0464 5176  [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:55:31.0495 5176  mrxsmb10 - ok
22:55:31.0558 5176  [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:55:31.0573 5176  mrxsmb20 - ok
22:55:31.0636 5176  [ 5C37497276E3B3A5488B23A326A754B7 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
22:55:31.0667 5176  msahci - ok
22:55:31.0714 5176  [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
22:55:31.0729 5176  msdsm - ok
22:55:31.0792 5176  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
22:55:31.0807 5176  MSDTC - ok
22:55:31.0838 5176  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:55:31.0885 5176  Msfs - ok
22:55:31.0948 5176  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
22:55:31.0994 5176  mshidkmdf - ok
22:55:32.0041 5176  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
22:55:32.0057 5176  msisadrv - ok
22:55:32.0150 5176  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:55:32.0197 5176  MSiSCSI - ok
22:55:32.0197 5176  msiserver - ok
22:55:32.0244 5176  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:55:32.0291 5176  MSKSSRV - ok
22:55:32.0384 5176  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:55:32.0431 5176  MSPCLOCK - ok
22:55:32.0478 5176  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:55:32.0525 5176  MSPQM - ok
22:55:32.0572 5176  [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:55:32.0587 5176  MsRPC - ok
22:55:32.0634 5176  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
22:55:32.0650 5176  mssmbios - ok
22:55:32.0696 5176  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:55:32.0743 5176  MSTEE - ok
22:55:32.0774 5176  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
22:55:32.0790 5176  MTConfig - ok
22:55:32.0868 5176  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
22:55:32.0899 5176  Mup - ok
22:55:33.0102 5176  [ 4987E079A4530FA737A128BE54B63B12 ] napagent        C:\Windows\system32\qagentRT.dll
22:55:33.0164 5176  napagent - ok
22:55:33.0242 5176  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:55:33.0258 5176  NativeWifiP - ok
22:55:33.0461 5176  [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20130305.005\ENG64.SYS
22:55:33.0476 5176  NAVENG - ok
22:55:34.0709 5176  [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20130305.005\EX64.SYS
22:55:34.0771 5176  NAVEX15 - ok
22:55:34.0818 5176  [ CAD515DBD07D082BB317D9928CE8962C ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:55:34.0880 5176  NDIS - ok
22:55:34.0943 5176  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
22:55:34.0990 5176  NdisCap - ok
22:55:35.0052 5176  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:55:35.0099 5176  NdisTapi - ok
22:55:35.0161 5176  [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:55:35.0208 5176  Ndisuio - ok
22:55:35.0333 5176  [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:55:35.0380 5176  NdisWan - ok
22:55:35.0442 5176  [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:55:35.0489 5176  NDProxy - ok
22:55:35.0582 5176  [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
22:55:35.0598 5176  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:55:35.0598 5176  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:55:35.0676 5176  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:55:35.0723 5176  NetBIOS - ok
22:55:35.0770 5176  [ 9162B273A44AB9DCE5B44362731D062A ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
22:55:35.0816 5176  NetBT - ok
22:55:35.0863 5176  [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon        C:\Windows\system32\lsass.exe
22:55:35.0879 5176  Netlogon - ok
22:55:36.0082 5176  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
22:55:36.0144 5176  Netman - ok
22:55:36.0487 5176  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
22:55:36.0565 5176  netprofm - ok
22:55:36.0659 5176  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:55:36.0674 5176  NetTcpPortSharing - ok
22:55:36.0784 5176  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
22:55:36.0799 5176  nfrd960 - ok
22:55:37.0252 5176  [ B4187346F54E362DAFFE647B25A58D50 ] NIS             C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
22:55:37.0298 5176  NIS - ok
22:55:37.0532 5176  [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:55:37.0579 5176  NlaSvc - ok
22:55:37.0704 5176  [ 351533ACC2A069B94E80BBFC177E8FDF ] npf             C:\Windows\system32\drivers\npf.sys
22:55:37.0720 5176  npf - ok
22:55:37.0766 5176  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:55:37.0813 5176  Npfs - ok
22:55:37.0891 5176  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
22:55:37.0938 5176  nsi - ok
22:55:37.0985 5176  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:55:38.0032 5176  nsiproxy - ok
22:55:38.0281 5176  [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:55:38.0328 5176  Ntfs - ok
22:55:38.0531 5176  [ 15221DD637D9D0FFC60848EBBF1DF538 ] NTIBackupSvc    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
22:55:38.0546 5176  NTIBackupSvc - ok
22:55:38.0593 5176  [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
22:55:38.0609 5176  NTIDrvr - ok
22:55:38.0702 5176  [ B5071E15D4C3F5EF5018AFF7E85A85E5 ] NTISchedulerSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
22:55:38.0718 5176  NTISchedulerSvc - ok
22:55:38.0796 5176  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
22:55:38.0843 5176  Null - ok
22:55:38.0921 5176  [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:55:38.0952 5176  nvraid - ok
22:55:39.0030 5176  [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:55:39.0046 5176  nvstor - ok
22:55:39.0092 5176  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
22:55:39.0108 5176  nv_agp - ok
22:55:39.0155 5176  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
22:55:39.0170 5176  ohci1394 - ok
22:55:39.0358 5176  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:55:39.0420 5176  ose - ok
22:55:39.0467 5176  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
22:55:39.0482 5176  p2pimsvc - ok
22:55:39.0576 5176  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
22:55:39.0607 5176  p2psvc - ok
22:55:39.0654 5176  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
22:55:39.0685 5176  Parport - ok
22:55:39.0716 5176  [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:55:39.0732 5176  partmgr - ok
22:55:39.0748 5176  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:55:39.0779 5176  PcaSvc - ok
22:55:39.0794 5176  [ F36F6504009F2FB0DFD1B17A116AD74B ] pci             C:\Windows\system32\DRIVERS\pci.sys
22:55:39.0810 5176  pci - ok
22:55:39.0841 5176  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
22:55:39.0857 5176  pciide - ok
22:55:39.0919 5176  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
22:55:39.0950 5176  pcmcia - ok
22:55:39.0966 5176  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
22:55:39.0982 5176  pcw - ok
22:55:40.0013 5176  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:55:40.0075 5176  PEAUTH - ok
22:55:40.0184 5176  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
22:55:40.0216 5176  PerfHost - ok
22:55:40.0387 5176  [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla             C:\Windows\system32\pla.dll
22:55:40.0450 5176  pla - ok
22:55:40.0496 5176  [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:55:40.0512 5176  PlugPlay - ok
22:55:40.0590 5176  [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
22:55:40.0606 5176  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:55:40.0606 5176  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:55:40.0621 5176  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
22:55:40.0637 5176  PNRPAutoReg - ok
22:55:40.0746 5176  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
22:55:40.0762 5176  PNRPsvc - ok
22:55:40.0855 5176  [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:55:40.0918 5176  PolicyAgent - ok
22:55:40.0964 5176  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
22:55:41.0027 5176  Power - ok
22:55:41.0074 5176  [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:55:41.0120 5176  PptpMiniport - ok
22:55:41.0136 5176  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
22:55:41.0167 5176  Processor - ok
22:55:41.0198 5176  [ 97293447431311C06703368AD0F6C4BE ] ProfSvc         C:\Windows\system32\profsvc.dll
22:55:41.0214 5176  ProfSvc - ok
22:55:41.0261 5176  [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:55:41.0292 5176  ProtectedStorage - ok
22:55:41.0339 5176  [ EE992183BD8EAEFD9973F352E587A299 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
22:55:41.0401 5176  Psched - ok
22:55:41.0432 5176  [ CCE65976AAEB1DB4C3B98243B8AC448E ] PVUSB           C:\Windows\system32\DRIVERS\CESG64.sys
22:55:41.0448 5176  PVUSB - ok
22:55:41.0542 5176  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
22:55:41.0588 5176  ql2300 - ok
22:55:41.0635 5176  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
22:55:41.0666 5176  ql40xx - ok
22:55:41.0760 5176  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
22:55:41.0776 5176  QWAVE - ok
22:55:41.0807 5176  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:55:41.0838 5176  QWAVEdrv - ok
22:55:41.0869 5176  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:55:41.0916 5176  RasAcd - ok
22:55:41.0978 5176  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
22:55:42.0025 5176  RasAgileVpn - ok
22:55:42.0072 5176  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
22:55:42.0119 5176  RasAuto - ok
22:55:42.0134 5176  [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:55:42.0197 5176  Rasl2tp - ok
22:55:42.0228 5176  [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan          C:\Windows\System32\rasmans.dll
22:55:42.0290 5176  RasMan - ok
22:55:42.0306 5176  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:55:42.0368 5176  RasPppoe - ok
22:55:42.0400 5176  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:55:42.0446 5176  RasSstp - ok
22:55:42.0493 5176  [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:55:42.0556 5176  rdbss - ok
22:55:42.0571 5176  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
22:55:42.0602 5176  rdpbus - ok
22:55:42.0618 5176  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:55:42.0665 5176  RDPCDD - ok
22:55:42.0680 5176  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:55:42.0727 5176  RDPENCDD - ok
22:55:42.0743 5176  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
22:55:42.0790 5176  RDPREFMP - ok
22:55:42.0899 5176  [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:55:42.0914 5176  RDPWD - ok
22:55:43.0008 5176  [ 634B9A2181D98F15941236886164EC8B ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
22:55:43.0024 5176  rdyboost - ok
22:55:43.0070 5176  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:55:43.0117 5176  RemoteAccess - ok
22:55:43.0195 5176  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:55:43.0242 5176  RemoteRegistry - ok
22:55:43.0258 5176  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
22:55:43.0304 5176  RpcEptMapper - ok
22:55:43.0336 5176  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
22:55:43.0367 5176  RpcLocator - ok
22:55:43.0445 5176  [ 7266972E86890E2B30C0C322E906B027 ] RpcSs           C:\Windows\system32\rpcss.dll
22:55:43.0492 5176  RpcSs - ok
22:55:43.0523 5176  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:55:43.0570 5176  rspndr - ok
22:55:43.0585 5176  [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs           C:\Windows\system32\lsass.exe
22:55:43.0601 5176  SamSs - ok
22:55:43.0648 5176  [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
22:55:43.0663 5176  sbp2port - ok
22:55:43.0741 5176  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:55:43.0788 5176  SCardSvr - ok
22:55:43.0804 5176  [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
22:55:43.0850 5176  scfilter - ok
22:55:43.0975 5176  [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule        C:\Windows\system32\schedsvc.dll
22:55:44.0038 5176  Schedule - ok
22:55:44.0084 5176  [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:55:44.0131 5176  SCPolicySvc - ok
22:55:44.0209 5176  [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:55:44.0225 5176  SDRSVC - ok
22:55:44.0287 5176  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:55:44.0334 5176  secdrv - ok
22:55:44.0350 5176  [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon        C:\Windows\system32\seclogon.dll
22:55:44.0396 5176  seclogon - ok
22:55:44.0428 5176  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
22:55:44.0474 5176  SENS - ok
22:55:44.0506 5176  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
22:55:44.0521 5176  SensrSvc - ok
22:55:44.0568 5176  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
22:55:44.0599 5176  Serenum - ok
22:55:44.0646 5176  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
22:55:44.0662 5176  Serial - ok
22:55:44.0693 5176  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
22:55:44.0708 5176  sermouse - ok
22:55:44.0802 5176  [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv      C:\Windows\system32\sessenv.dll
22:55:44.0849 5176  SessionEnv - ok
22:55:44.0896 5176  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
22:55:44.0911 5176  sffdisk - ok
22:55:44.0989 5176  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
22:55:45.0005 5176  sffp_mmc - ok
22:55:45.0052 5176  [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
22:55:45.0067 5176  sffp_sd - ok
22:55:45.0130 5176  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
22:55:45.0145 5176  sfloppy - ok
22:55:45.0239 5176  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:55:45.0301 5176  SharedAccess - ok
22:55:45.0379 5176  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:55:45.0410 5176  ShellHWDetection - ok
22:55:45.0442 5176  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:55:45.0473 5176  SiSRaid2 - ok
22:55:45.0504 5176  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
22:55:45.0535 5176  SiSRaid4 - ok
22:55:45.0551 5176  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:55:45.0613 5176  Smb - ok
22:55:45.0691 5176  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:55:45.0722 5176  SNMPTRAP - ok
22:55:45.0785 5176  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
22:55:45.0816 5176  spldr - ok
22:55:45.0988 5176  [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler         C:\Windows\System32\spoolsv.exe
22:55:46.0034 5176  Spooler - ok
22:55:46.0237 5176  [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc          C:\Windows\system32\sppsvc.exe
22:55:46.0346 5176  sppsvc - ok
22:55:46.0393 5176  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
22:55:46.0440 5176  sppuinotify - ok
22:55:46.0658 5176  [ 96BABC4906ECDB1C69D1176F8647AD8E ] SRTSP           C:\Windows\System32\Drivers\NISx64\1109000.00C\SRTSP64.SYS
22:55:46.0690 5176  SRTSP - ok
22:55:46.0721 5176  [ C7F491A290E0E4222F5CDCD50EEB8167 ] SRTSPX          C:\Windows\system32\drivers\NISx64\1109000.00C\SRTSPX64.SYS
22:55:46.0752 5176  SRTSPX - ok
22:55:46.0799 5176  [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:55:46.0830 5176  srv - ok
22:55:46.0955 5176  [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:55:46.0986 5176  srv2 - ok
22:55:47.0158 5176  [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:55:47.0173 5176  srvnet - ok
22:55:47.0220 5176  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:55:47.0282 5176  SSDPSRV - ok
22:55:47.0314 5176  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:55:47.0360 5176  SstpSvc - ok
22:55:47.0407 5176  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
22:55:47.0423 5176  stexstor - ok
22:55:47.0470 5176  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
22:55:47.0501 5176  StillCam - ok
22:55:47.0657 5176  [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc          C:\Windows\System32\wiaservc.dll
22:55:47.0688 5176  stisvc - ok
22:55:47.0719 5176  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
22:55:47.0750 5176  swenum - ok
22:55:47.0938 5176  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
22:55:48.0000 5176  swprv - ok
22:55:48.0109 5176  [ 659B227A72B76115975A6A9491B2FE1F ] SymDS           C:\Windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS
22:55:48.0140 5176  SymDS - ok
22:55:48.0203 5176  [ 9F5783A4A03D0091CDBDAA858B566926 ] SymEFA          C:\Windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS
22:55:48.0218 5176  SymEFA - ok
22:55:48.0250 5176  [ 3F9D5FE52585E2653E59FDBFDF09A94C ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
22:55:48.0265 5176  SymEvent - ok
22:55:48.0312 5176  [ F7F3DEB5FDD6CEA69A8D1544F7BECAF1 ] SymIM           C:\Windows\system32\DRIVERS\SymIMv.sys
22:55:48.0328 5176  SymIM - ok
22:55:48.0359 5176  [ F57588546E738DB1583981D8F44E9BC2 ] SymIRON         C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS
22:55:48.0390 5176  SymIRON - ok
22:55:48.0452 5176  [ 3ADFB72F0797AE3832509FE030755E21 ] SYMTDIv         C:\Windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS
22:55:48.0468 5176  SYMTDIv - ok
22:55:48.0515 5176  [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain         C:\Windows\system32\sysmain.dll
22:55:48.0577 5176  SysMain - ok
22:55:48.0624 5176  [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:55:48.0655 5176  TabletInputService - ok
22:55:48.0686 5176  [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:55:48.0749 5176  TapiSrv - ok
22:55:48.0796 5176  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
22:55:48.0842 5176  TBS - ok
22:55:49.0201 5176  [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:55:49.0248 5176  Tcpip - ok
22:55:49.0732 5176  [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
22:55:49.0794 5176  TCPIP6 - ok
22:55:49.0856 5176  [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:55:49.0903 5176  tcpipreg - ok
22:55:49.0919 5176  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:55:49.0950 5176  TDPIPE - ok
22:55:49.0997 5176  [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:55:50.0028 5176  TDTCP - ok
22:55:50.0044 5176  [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:55:50.0106 5176  tdx - ok
22:55:50.0184 5176  [ C448651339196C0E869A355171875522 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
22:55:50.0200 5176  TermDD - ok
22:55:50.0324 5176  [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService     C:\Windows\System32\termsrv.dll
22:55:50.0371 5176  TermService - ok
22:55:50.0418 5176  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
22:55:50.0449 5176  Themes - ok
22:55:50.0480 5176  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
22:55:50.0543 5176  THREADORDER - ok
22:55:50.0558 5176  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
22:55:50.0605 5176  TrkWks - ok
22:55:50.0730 5176  [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:55:50.0746 5176  TrustedInstaller - ok
22:55:50.0808 5176  [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:55:50.0855 5176  tssecsrv - ok
22:55:50.0886 5176  [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:55:50.0933 5176  tunnel - ok
22:55:50.0964 5176  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
22:55:50.0980 5176  uagp35 - ok
22:55:51.0073 5176  [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
22:55:51.0089 5176  UBHelper - ok
22:55:51.0182 5176  [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:55:51.0245 5176  udfs - ok
22:55:51.0323 5176  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:55:51.0354 5176  UI0Detect - ok
22:55:51.0401 5176  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
22:55:51.0416 5176  uliagpkx - ok
22:55:51.0463 5176  [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
22:55:51.0494 5176  umbus - ok
22:55:51.0541 5176  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
22:55:51.0572 5176  UmPass - ok
22:55:52.0056 5176  [ 765F2DD351BA064F657751D8D75E58C0 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:55:52.0134 5176  UNS - ok
22:55:52.0477 5176  [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
22:55:52.0540 5176  Updater Service - ok
22:55:52.0742 5176  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
22:55:52.0789 5176  upnphost - ok
22:55:52.0867 5176  [ 537A4E03D7103C12D42DFD8FFDB5BDC9 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
22:55:52.0883 5176  usbccgp - ok
22:55:52.0945 5176  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
22:55:52.0976 5176  usbcir - ok
22:55:53.0039 5176  [ FBB21EBE49F6D560DB37AC25FBC68E66 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
22:55:53.0054 5176  usbehci - ok
22:55:53.0148 5176  [ 6B7A8A99C4A459E73C286A6763EA24CC ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:55:53.0164 5176  usbhub - ok
22:55:53.0195 5176  [ 8C88AA7617B4CBC2E4BED61D26B33A27 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
22:55:53.0226 5176  usbohci - ok
22:55:53.0304 5176  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
22:55:53.0320 5176  usbprint - ok
22:55:53.0398 5176  [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:55:53.0413 5176  USBSTOR - ok
22:55:53.0491 5176  [ 0B5B3B2DF3FD1709618ACFA50B8392B0 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
22:55:53.0507 5176  usbuhci - ok
22:55:53.0616 5176  [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
22:55:53.0647 5176  usbvideo - ok
22:55:53.0725 5176  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
22:55:53.0772 5176  UxSms - ok
22:55:53.0819 5176  [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc        C:\Windows\system32\lsass.exe
22:55:53.0834 5176  VaultSvc - ok
22:55:53.0897 5176  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
22:55:53.0912 5176  vdrvroot - ok
22:55:54.0037 5176  [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds             C:\Windows\System32\vds.exe
22:55:54.0068 5176  vds - ok
22:55:54.0100 5176  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:55:54.0131 5176  vga - ok
22:55:54.0162 5176  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:55:54.0224 5176  VgaSave - ok
22:55:54.0302 5176  [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
22:55:54.0318 5176  vhdmp - ok
22:55:54.0349 5176  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
22:55:54.0365 5176  viaide - ok
22:55:54.0380 5176  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
22:55:54.0396 5176  volmgr - ok
22:55:54.0412 5176  [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:55:54.0443 5176  volmgrx - ok
22:55:54.0568 5176  [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:55:54.0599 5176  volsnap - ok
22:55:54.0661 5176  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
22:55:54.0677 5176  vsmraid - ok
22:55:55.0270 5176  [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS             C:\Windows\system32\vssvc.exe
22:55:55.0316 5176  VSS - ok
22:55:55.0394 5176  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
22:55:55.0410 5176  vwifibus - ok
22:55:55.0441 5176  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
22:55:55.0472 5176  vwififlt - ok
22:55:55.0488 5176  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
22:55:55.0519 5176  vwifimp - ok
22:55:55.0628 5176  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
22:55:55.0706 5176  W32Time - ok
22:55:55.0894 5176  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
22:55:55.0909 5176  WacomPen - ok
22:55:55.0925 5176  [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
22:55:55.0972 5176  WANARP - ok
22:55:55.0987 5176  [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:55:56.0034 5176  Wanarpv6 - ok
22:55:56.0471 5176  [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine        C:\Windows\system32\wbengine.exe
22:55:56.0502 5176  wbengine - ok
22:55:56.0580 5176  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
22:55:56.0611 5176  WbioSrvc - ok
22:55:56.0752 5176  [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:55:56.0767 5176  wcncsvc - ok
22:55:56.0814 5176  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:55:56.0830 5176  WcsPlugInService - ok
22:55:56.0908 5176  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
22:55:56.0923 5176  Wd - ok
22:55:57.0095 5176  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:55:57.0142 5176  Wdf01000 - ok
22:55:57.0204 5176  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:55:57.0235 5176  WdiServiceHost - ok
22:55:57.0235 5176  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:55:57.0266 5176  WdiSystemHost - ok
22:55:57.0376 5176  [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient       C:\Windows\System32\webclnt.dll
22:55:57.0407 5176  WebClient - ok
22:55:57.0500 5176  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:55:57.0547 5176  Wecsvc - ok
22:55:57.0594 5176  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:55:57.0641 5176  wercplsupport - ok
22:55:57.0750 5176  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:55:57.0812 5176  WerSvc - ok
22:55:57.0890 5176  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
22:55:57.0937 5176  WfpLwf - ok
22:55:57.0984 5176  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
22:55:58.0000 5176  WIMMount - ok
22:55:58.0093 5176  WinDefend - ok
22:55:58.0093 5176  WinHttpAutoProxySvc - ok
22:55:58.0421 5176  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:55:58.0468 5176  Winmgmt - ok
22:55:58.0951 5176  [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM           C:\Windows\system32\WsmSvc.dll
22:55:59.0014 5176  WinRM - ok
22:55:59.0154 5176  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:55:59.0185 5176  Wlansvc - ok
22:55:59.0248 5176  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
22:55:59.0279 5176  WmiAcpi - ok
22:55:59.0341 5176  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:55:59.0357 5176  wmiApSrv - ok
22:55:59.0435 5176  WMPNetworkSvc - ok
22:55:59.0482 5176  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:55:59.0497 5176  WPCSvc - ok
22:55:59.0560 5176  [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:55:59.0591 5176  WPDBusEnum - ok
22:55:59.0669 5176  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:55:59.0716 5176  ws2ifsl - ok
22:55:59.0794 5176  [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc          C:\Windows\System32\wscsvc.dll
22:55:59.0825 5176  wscsvc - ok
22:55:59.0825 5176  WSearch - ok
22:56:00.0059 5176  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
22:56:00.0121 5176  wuauserv - ok
22:56:00.0402 5176  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:56:00.0418 5176  WudfPf - ok
22:56:00.0511 5176  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:56:00.0527 5176  WUDFRd - ok
22:56:00.0652 5176  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:56:00.0667 5176  wudfsvc - ok
22:56:00.0839 5176  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
22:56:00.0870 5176  WwanSvc - ok
22:56:00.0886 5176  ================ Scan global ===============================
22:56:00.0932 5176  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:56:01.0088 5176  [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
22:56:01.0104 5176  [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
22:56:01.0166 5176  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:56:01.0463 5176  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:56:01.0463 5176  [Global] - ok
22:56:01.0478 5176  ================ Scan MBR ==================================
22:56:01.0494 5176  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
22:56:03.0350 5176  \Device\Harddisk0\DR0 - ok
22:56:03.0350 5176  ================ Scan VBR ==================================
22:56:03.0397 5176  [ 57F5A1A999CD0DE83BD23E429B6980D0 ] \Device\Harddisk0\DR0\Partition1
22:56:03.0413 5176  \Device\Harddisk0\DR0\Partition1 - ok
22:56:03.0413 5176  [ CDBDF3D60BC3BBD793440B5B8B961A7C ] \Device\Harddisk0\DR0\Partition2
22:56:03.0413 5176  \Device\Harddisk0\DR0\Partition2 - ok
22:56:03.0428 5176  ============================================================
22:56:03.0428 5176  Scan finished
22:56:03.0428 5176  ============================================================
22:56:03.0428 5168  Detected object count: 6
22:56:03.0428 5168  Actual detected object count: 6
22:56:21.0056 5168  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
22:56:21.0056 5168  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:56:21.0056 5168  hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
22:56:21.0056 5168  hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:56:21.0056 5168  HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
22:56:21.0056 5168  HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:56:21.0056 5168  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
22:56:21.0056 5168  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:56:21.0056 5168  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:56:21.0056 5168  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:56:21.0056 5168  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:56:21.0056 5168  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 06.03.2013, 18:31   #12
markusg
/// Malware-holic
 
Snap.do und SpyHunter entfernen - Standard

Snap.do und SpyHunter entfernen



Hi,
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.03.2013, 18:32   #13
Smilims
 
Snap.do und SpyHunter entfernen - Standard

Snap.do und SpyHunter entfernen



HI

Ich habe die Logfile jetzt in zwei Teile geteilt, anders habe ich es nicht hinbekommen.

Alt 06.03.2013, 18:33   #14
markusg
/// Malware-holic
 
Snap.do und SpyHunter entfernen - Standard

Snap.do und SpyHunter entfernen



und ich hab schon ne neue Anweisung gepostet :-)
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.03.2013, 19:43   #15
Smilims
 
Snap.do und SpyHunter entfernen - Standard

Snap.do und SpyHunter entfernen



Ich habs bemerkt

Code:
ATTFilter
ComboFix 13-03-05.01 - Sarah 06.03.2013  19:28:42.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3765.2482 [GMT 1:00]
ausgeführt von:: c:\users\Sarah\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\windows\IsUn0407.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-06 bis 2013-03-06  ))))))))))))))))))))))))))))))
.
.
2013-03-06 18:34 . 2013-03-06 18:34	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-05 21:46 . 2013-03-05 21:46	--------	d-----w-	C:\TDSSKiller_Quarantine
2013-03-03 22:25 . 2013-03-03 22:25	--------	d-----w-	C:\_OTL
2013-03-03 17:19 . 2013-03-03 17:19	--------	d-----w-	c:\users\Sarah\AppData\Roaming\Malwarebytes
2013-03-03 17:19 . 2013-03-03 17:19	--------	d-----w-	c:\programdata\Malwarebytes
2013-03-03 17:19 . 2013-03-03 17:19	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-03 17:19 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-03-03 17:18 . 2013-03-03 17:18	--------	d-----w-	c:\users\Sarah\AppData\Local\Programs
2013-03-03 16:46 . 2013-03-03 16:46	--------	d-----w-	c:\programdata\Uniblue
2013-03-03 16:16 . 2013-03-03 16:16	110080	----a-r-	c:\users\Sarah\AppData\Roaming\Microsoft\Installer\{22B3AE66-7A37-4118-BADB-3680C15CA366}\IconF7A21AF7.exe
2013-03-03 16:16 . 2013-03-03 16:16	110080	----a-r-	c:\users\Sarah\AppData\Roaming\Microsoft\Installer\{22B3AE66-7A37-4118-BADB-3680C15CA366}\IconD7F16134.exe
2013-03-03 16:16 . 2013-03-03 16:16	110080	----a-r-	c:\users\Sarah\AppData\Roaming\Microsoft\Installer\{22B3AE66-7A37-4118-BADB-3680C15CA366}\Icon1226A4C5.exe
2013-03-03 16:16 . 2013-03-03 16:23	--------	d-----w-	C:\sh4ldr
2013-03-03 16:16 . 2013-03-03 16:16	--------	d-----w-	c:\program files\Enigma Software Group
2013-03-03 16:14 . 2013-03-03 16:14	--------	d-----w-	c:\program files (x86)\Common Files\Wise Installation Wizard
2013-03-03 15:02 . 2013-03-03 15:02	--------	d-----w-	c:\users\Sarah\AppData\Roaming\FreemakeVideoDownloader
2013-03-03 14:35 . 2013-03-03 14:35	71024	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-03 14:35 . 2013-03-03 14:35	691568	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-03 14:35 . 2013-03-03 14:35	--------	d-----w-	c:\windows\system32\Macromed
2013-03-03 14:28 . 2013-03-03 14:28	--------	d-----w-	c:\program files\WinPcap
2013-03-03 14:28 . 2013-03-03 14:28	--------	d-----w-	c:\users\Sarah\AppData\Roaming\Uniblue
2013-03-03 14:28 . 2013-03-03 14:28	--------	d-----w-	c:\program files (x86)\Uniblue
2013-03-03 14:28 . 2013-03-03 18:17	--------	d-----w-	c:\programdata\Freemake
2013-03-03 14:27 . 2013-03-03 18:16	--------	d-----w-	c:\program files (x86)\Freemake
2013-02-13 15:41 . 2013-01-04 05:37	362496	----a-w-	c:\windows\system32\wow64win.dll
2013-02-13 15:35 . 2012-12-26 05:57	1111040	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 15:35 . 2012-12-26 04:51	760320	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-04 21:31 . 2013-02-04 21:31	--------	d-----w-	c:\program files (x86)\MSXML 4.0
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-13 18:05 . 2010-12-08 17:20	70004024	----a-w-	c:\windows\system32\MRT.exe
2013-01-04 04:43 . 2013-02-13 15:41	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-12-16 16:52 . 2012-12-21 13:21	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:40 . 2012-12-21 13:21	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:25 . 2012-12-21 13:21	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:25 . 2012-12-21 13:21	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-07 05:41 . 2013-01-09 14:43	441856	----a-w-	c:\windows\system32\Wpc.dll
2012-12-07 05:35 . 2013-01-09 14:43	2745856	----a-w-	c:\windows\system32\gameux.dll
2012-12-07 05:04 . 2013-01-09 14:43	308736	----a-w-	c:\windows\SysWow64\Wpc.dll
2012-12-07 04:57 . 2013-01-09 14:43	2576384	----a-w-	c:\windows\SysWow64\gameux.dll
2012-12-07 03:45 . 2013-01-09 14:43	43520	----a-w-	c:\windows\system32\csrr.rs
2012-12-07 03:45 . 2013-01-09 14:43	45568	----a-w-	c:\windows\system32\oflc-nz.rs
2012-12-07 03:45 . 2013-01-09 14:43	30720	----a-w-	c:\windows\system32\usk.rs
2012-12-07 03:45 . 2013-01-09 14:43	23552	----a-w-	c:\windows\system32\oflc.rs
2012-12-07 03:45 . 2013-01-09 14:43	44544	----a-w-	c:\windows\system32\pegibbfc.rs
2012-12-07 03:45 . 2013-01-09 14:43	40960	----a-w-	c:\windows\system32\cob-au.rs
2012-12-07 03:45 . 2013-01-09 14:43	21504	----a-w-	c:\windows\system32\grb.rs
2012-12-07 03:45 . 2013-01-09 14:43	20480	----a-w-	c:\windows\system32\pegi-pt.rs
2012-12-07 03:45 . 2013-01-09 14:43	20480	----a-w-	c:\windows\system32\pegi-fi.rs
2012-12-07 03:45 . 2013-01-09 14:43	46592	----a-w-	c:\windows\system32\fpb.rs
2012-12-07 03:45 . 2013-01-09 14:43	20480	----a-w-	c:\windows\system32\pegi.rs
2012-12-07 03:45 . 2013-01-09 14:43	15360	----a-w-	c:\windows\system32\djctq.rs
2012-12-07 03:45 . 2013-01-09 14:43	55296	----a-w-	c:\windows\system32\cero.rs
2012-12-07 03:45 . 2013-01-09 14:43	51712	----a-w-	c:\windows\system32\esrb.rs
2012-12-07 03:21 . 2013-01-09 14:43	45568	----a-w-	c:\windows\SysWow64\oflc-nz.rs
2012-12-07 03:21 . 2013-01-09 14:43	44544	----a-w-	c:\windows\SysWow64\pegibbfc.rs
2012-12-07 03:21 . 2013-01-09 14:43	43520	----a-w-	c:\windows\SysWow64\csrr.rs
2012-12-07 03:21 . 2013-01-09 14:43	30720	----a-w-	c:\windows\SysWow64\usk.rs
2012-12-07 03:21 . 2013-01-09 14:43	23552	----a-w-	c:\windows\SysWow64\oflc.rs
2012-12-07 03:21 . 2013-01-09 14:43	20480	----a-w-	c:\windows\SysWow64\pegi-pt.rs
2012-12-07 03:21 . 2013-01-09 14:43	20480	----a-w-	c:\windows\SysWow64\pegi.rs
2012-12-07 03:21 . 2013-01-09 14:43	20480	----a-w-	c:\windows\SysWow64\pegi-fi.rs
2012-12-07 03:21 . 2013-01-09 14:43	46592	----a-w-	c:\windows\SysWow64\fpb.rs
2012-12-07 03:21 . 2013-01-09 14:43	21504	----a-w-	c:\windows\SysWow64\grb.rs
2012-12-07 03:21 . 2013-01-09 14:43	55296	----a-w-	c:\windows\SysWow64\cero.rs
2012-12-07 03:21 . 2013-01-09 14:43	51712	----a-w-	c:\windows\SysWow64\esrb.rs
2012-12-07 03:21 . 2013-01-09 14:43	40960	----a-w-	c:\windows\SysWow64\cob-au.rs
2012-12-07 03:21 . 2013-01-09 14:43	15360	----a-w-	c:\windows\SysWow64\djctq.rs
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	94208	----a-w-	c:\users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	94208	----a-w-	c:\users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	94208	----a-w-	c:\users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-25 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"DriverScanner"="c:\program files (x86)\Uniblue\DriverScanner\launcher.exe" [2012-07-10 338848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-12-24 284696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-04-08 908368]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2012-12-12 163000]
.
c:\users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Sarah\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-4 27087944]
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-12-02 40448]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-06 50432]
R3 PVUSB;CESG502 64bit USB Driver;c:\windows\system32\DRIVERS\CESG64.sys [2007-02-19 63808]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-04-08 312400]
S2 ePowerSvc;Acer ePower Service;c:\program files\eMachines\eMachines Power Management\ePowerSvc.exe [2010-02-05 865824]
S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-24 13336]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-06 144640]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2010-01-28 243232]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-10-16 321064]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-06 c:\windows\Tasks\DriverScanner.job
- c:\program files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2013-03-03 11:51]
.
2013-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-08 17:17]
.
2013-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-08 17:17]
.
2013-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1530750314-1823746422-2989766619-1000Core.job
- c:\users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-23 18:00]
.
2013-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1530750314-1823746422-2989766619-1000UA.job
- c:\users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-23 18:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	97792	----a-w-	c:\users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	97792	----a-w-	c:\users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	97792	----a-w-	c:\users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	97792	----a-w-	c:\users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-22 323584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-07 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-07 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-07 413208]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-11 9643552]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-11-20 200704]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-10-22 325120]
"Acer ePower Management"="c:\program files\eMachines\eMachines Power Management\ePowerTray.exe" [2010-02-05 860192]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=g730&r=27361210s0c6l0450z165r46216556
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=g730&r=27361210s0c6l0450z165r46216556
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{1C5C1E74-7170-4962-A318-D2234ADA1AD4}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
TCP: Interfaces\{E4B585D3-4E04-40CE-AABB-A13192FAB352}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
FF - ProfilePath - c:\users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\mqbuilnh.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Moorhuhn 2 deinstallieren - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-06  19:36:31
ComboFix-quarantined-files.txt  2013-03-06 18:36
.
Vor Suchlauf: 19 Verzeichnis(se), 225.294.241.792 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 224.921.473.024 Bytes frei
.
- - End Of File - - 797A35D6C72F3A98DC922F1B913AC528
         

Antwort

Themen zu Snap.do und SpyHunter entfernen
angezeigt, deinstalliere, deinstallieren, downloader, durchgeführt, entferne, entfernen, erstell, folge, folgendes, heute, interne, komplett, laptop, loader, logfiles, problem, scan, seite, spyhunter, spyhunter entfernen, startseite, troja, trojaner-board, video, vollständig, überhaupt



Ähnliche Themen: Snap.do und SpyHunter entfernen


  1. Kann Snap.do & Snap.do engine gar nicht deinstallieren?
    Plagegeister aller Art und deren Bekämpfung - 12.09.2015 (3)
  2. Windows 8: Entfernen von Safefinder, Snap.do, SideCubes und Co
    Log-Analyse und Auswertung - 20.08.2015 (16)
  3. Spyhunter entfernen
    Plagegeister aller Art und deren Bekämpfung - 13.09.2014 (15)
  4. Snap.do Engine vollständig entfernen
    Plagegeister aller Art und deren Bekämpfung - 05.06.2014 (6)
  5. Snap.do nicht zu entfernen
    Plagegeister aller Art und deren Bekämpfung - 15.03.2014 (7)
  6. ich kann snap.do nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 03.02.2014 (16)
  7. Snap.do lässt sich nicht entfernen
    Log-Analyse und Auswertung - 01.02.2014 (3)
  8. Windows XP Prof.SP3 (alter Firmenrechner) Problem mit xtendmedia, SpyHunter, MyPCBackup u. Snap.Do
    Plagegeister aller Art und deren Bekämpfung - 28.11.2013 (24)
  9. Entfernung von snap.do und SpyHunter
    Plagegeister aller Art und deren Bekämpfung - 10.11.2013 (9)
  10. snap.do entfernen
    Log-Analyse und Auswertung - 31.07.2013 (11)
  11. snap do entfernen
    Plagegeister aller Art und deren Bekämpfung - 14.05.2013 (2)
  12. Snap.do entfernen. Ich finde keine Lösungen!
    Log-Analyse und Auswertung - 13.04.2013 (32)
  13. snap.do entfernen, malwarebytes findet nichts!
    Plagegeister aller Art und deren Bekämpfung - 06.04.2013 (11)
  14. Snap.do lange nicht bemerkt, was kann der anrichten? Und Spyhunter kam dann auch noch dazu, wie werde ich beide los?
    Plagegeister aller Art und deren Bekämpfung - 06.04.2013 (16)
  15. Spyhunter4 und Snap.do entfernen zum zweiten...
    Plagegeister aller Art und deren Bekämpfung - 25.03.2013 (16)
  16. Spyhunter4 und Snap.do entfernen
    Plagegeister aller Art und deren Bekämpfung - 25.03.2013 (39)
  17. snap do entfernen (warscheinlich von chip.de/pdf creator)
    Plagegeister aller Art und deren Bekämpfung - 11.03.2013 (1)

Zum Thema Snap.do und SpyHunter entfernen - Hallo "Trojaner-Board" Team, ich habe folgendes Problem: Heute nachmittag habe ich mir den " Freemake Video Downloader " heruntergeladen und dabei wurde auch " snap.do " installiert. Da dies dann - Snap.do und SpyHunter entfernen...
Archiv
Du betrachtest: Snap.do und SpyHunter entfernen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.