Guten Abend zusammen,

ich habe mich gerade hier angemeldet, weil ich leider absolut keine Ahnung mit Viren, Spyware oder was ich da auch immer habe. Ich habe mir so eben ein Programm namens System Progressive Protection eingefangen. Es sieht genau so aus wie das Programm Live Security Platinum. Dieses Live Security Platinum war bereits auf dem Laptop und mit einem youtube Hilfe Video habe ich dieses als absoluter Laie sogar weg bekommen, nur bei diesem will es nicht wirklich klappen. Lange Rede kurzer Sinn wie bekomme ich dieses Schadprogramm weg?
Es ist wirklich optisch identisch mit dem Live Security Platinum. Ich kann keine Programm oder der gleichen öffnen und es wird mir gesagt das mein Rechner vollkommen übersäht mit Schadprogrammen ist.
Ich würde ich sehr freuen, wenn jemand die Zeit findet mir weiter zu helfen. Ich möchte nochmal erwähnen das ich absoluter PC Laie bin und wenig mit Fachbegriffen oder ähnlichem anfangen kann .
Vielen Dank

hi
neustart, f8 drücken, abgesicherter modus mit netzwerk wählen, din deinem konto anmelden, dort solltest du arbeiten können
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

• Starte bitte die
  OTL.exe
  .
  Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Kopiere nun den Inhalt in die
  Textbox.

Code: Alles auswählenAufklappen

ATTFilter

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         

• Schliesse bitte nun alle Programme. (Wichtig)
• Klicke nun bitte auf den Quick Scan Button.
• Kopiere
  nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Hallo Markus,
danke für die schnelle Nachricht!
Also das steht drin:OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 21.09.2012 21:02:39 - Run 1
OTL by OldTimer - Version 3.2.65.1     Folder = C:\Users\PC\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 73,99% Memory free
4,00 Gb Paging File | 3,51 Gb Available in Paging File | 87,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 404,82 Gb Free Space | 86,92% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive I: | 596,17 Gb Total Space | 485,11 Gb Free Space | 81,37% Space Free | Partition Type: NTFS
 
Computer Name: PC-PC | User Name: PC | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.21 20:58:55 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\PC\Desktop\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.06.04 15:38:53 | 000,168,448 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04)
SRV:64bit: - [2012.06.04 15:38:53 | 000,131,072 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012.09.21 19:52:54 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.07 23:44:34 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.05.10 18:18:11 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.10 18:18:10 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.03.23 23:22:08 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.10 18:18:11 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.10 18:18:11 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.07.26 19:49:12 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011.05.10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.03 17:59:20 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.07.29 00:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007.05.14 17:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B1 85 39 B1 21 98 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = hxxp://search.hotspotshield.com/g/results.php?c=s&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.5
FF - prefs.js..keyword.URL: "hxxp://search.hotspotshield.com/g/results.php?c=s&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.10: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\PC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 23:44:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.17 23:48:20 | 000,000,204 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 23:44:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.17 23:48:20 | 000,000,204 | ---- | M] ()
 
[2011.06.22 19:23:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\Extensions
[2012.07.25 20:29:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\Firefox\Profiles\o2kblm24.default\extensions
[2011.06.22 19:48:39 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\PC\AppData\Roaming\mozilla\Firefox\Profiles\o2kblm24.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.07.25 20:29:12 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\o2kblm24.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.09.07 23:44:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.07 23:44:34 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.01.11 14:29:10 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 17:34:21 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.11 14:29:10 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.11 14:29:10 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.11 14:29:10 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.11 14:29:10 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [EPSON SX230 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHKE.EXE /FU "C:\Users\PC\AppData\Local\Temp\E_S2F59.tmp" /EF "HKCU" File not found
O4 - HKCU..\RunOnce: [55013878321FF75D004C5500EC6EEEBA] C:\ProgramData\55013878321FF75D004C5500EC6EEEBA\55013878321FF75D004C5500EC6EEEBA.exe ()
O4 - Startup: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F444305-E681-40E7-8182-7105B76FECD1}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1F7A232-8438-464C-9B40-DDCD16522D60}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.21 20:58:53 | 000,600,576 | ---- | C] (OldTimer Tools) -- C:\Users\PC\Desktop\OTL.exe
[2012.09.21 20:16:49 | 002,691,192 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\PC\Desktop\iexplore.exe
[2012.09.21 19:36:22 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection
[2012.09.21 19:35:22 | 000,000,000 | ---D | C] -- C:\ProgramData\55013878321FF75D004C5500EC6EEEBA
[2012.09.21 09:12:32 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\{A9FDE863-AE1B-4DB4-AD57-7DC3415097FD}
[2012.09.19 18:06:27 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\{1126312A-F29A-4176-AE45-AE5157304EF4}
[2012.09.17 20:12:02 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\{07242069-C4C2-4D08-ABC0-F509C9444EF2}
[2012.09.15 11:28:41 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\{92CD088B-463E-4823-8F1E-D1D076DF4D4A}
[2012.09.14 12:24:21 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\{A5CDC98C-6AB3-4EE5-8268-B993BE9902B3}
[2012.09.13 09:49:08 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\{18884EF2-A110-47D2-8DCE-6F57021BCCBA}
[2012.09.12 18:37:11 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\{7075CEF4-3E29-4165-846A-934F40E3DAA2}
[2012.09.11 18:35:48 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\{96145E1E-1934-4522-8C2F-67FA2D4CACB3}
[2012.09.09 10:41:57 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\{4F8EBD93-24E0-428B-8308-211D77797603}
[2012.09.08 17:33:54 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\{DC06D175-A1C1-4FA2-9286-233FED9A8BF7}
[2012.09.07 23:44:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.09.07 11:35:18 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\{1939B216-9C03-4863-8EF2-618A8F12D925}
[2012.09.06 17:48:19 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\{AAE8B878-D604-4035-85D5-89A05950DD8F}
[2012.09.05 18:03:48 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\{4B753D29-6E71-4574-A5DF-49570A0790E4}
[2012.09.04 19:39:34 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\{95C5A7FF-9BC4-41B3-97E6-1B869066255F}
[2012.09.03 18:12:03 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\{A5299439-FF52-4863-947D-A6D506951715}
[2012.09.02 10:36:27 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\{0871FC63-F51C-4DC8-AD4D-9496BBFC1302}
[2012.09.01 16:15:04 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\{D0B73D19-54A7-4767-89EB-C13789C6ADDC}
[2012.08.31 17:24:00 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\{1F98A230-D538-4351-A63B-429BD3066D99}
[2012.08.30 17:44:10 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\{4172CAB3-EBD0-43FC-B3E2-B4D7B149EC76}
[2012.08.29 20:40:13 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\{A75A7BFC-3443-4CE8-972E-8BDF51373CA2}
[2012.08.28 18:26:58 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\{6BFF9343-69EB-4BAD-84F4-BCEEB44A4927}
[2012.08.27 11:46:32 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\{5ED24E3D-FC04-47F4-A2AF-958BAF835EFE}
[2012.08.27 08:44:59 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\{D34D492B-18AF-4918-9503-CB5241C27EB8}
[2012.08.26 10:34:26 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\{A23FA05E-4951-4F8C-8DA9-CE2196889FEC}
[2012.08.25 09:10:53 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\{89D09588-5133-4781-B694-62561E1365ED}
[2012.08.23 12:17:38 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\{A82C4449-64E5-4315-A21E-8F6B5C8CF1FA}
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.21 20:58:55 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\PC\Desktop\OTL.exe
[2012.09.21 20:17:06 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.21 20:17:06 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.21 20:17:06 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.21 20:17:06 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.21 20:17:06 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.21 20:17:02 | 002,691,192 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\PC\Desktop\iexplore.exe
[2012.09.21 20:12:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.21 20:12:32 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.21 19:52:57 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.21 19:44:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.21 19:36:22 | 000,002,064 | ---- | M] () -- C:\Users\PC\Desktop\System Progressive Protection.lnk
[2012.09.21 11:44:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.21 09:19:29 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.21 09:19:29 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.31 22:48:56 | 259,024,864 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.08.31 21:27:00 | 000,015,709 | ---- | M] () -- C:\Users\PC\Documents\Training.ods
 
========== Files Created - No Company Name ==========
 
[2012.09.21 19:36:22 | 000,002,064 | ---- | C] () -- C:\Users\PC\Desktop\System Progressive Protection.lnk
[2012.08.31 20:58:53 | 000,015,709 | ---- | C] () -- C:\Users\PC\Documents\Training.ods
[2011.11.28 07:49:33 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
 
========== ZeroAccess Check ==========
 
[2012.08.05 14:20:54 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\LocalLow\Microsoft\Silverlight\is\40c0u0xb.x0n\v1b3ur0l.0pa\1\l
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
========== LOP Check ==========
 
[2011.09.24 08:58:49 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\DVDVideoSoft
[2011.06.22 19:48:38 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.06.05 22:18:09 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\elsterformular
[2011.09.15 21:01:24 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Encryptomatic, LLC
[2012.06.04 17:09:45 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Epson
[2012.08.06 21:05:44 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\FXTS2
[2011.09.15 21:01:27 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\MessageViewer
[2011.12.17 23:38:42 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\OpenCandy
[2011.06.25 12:12:17 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\OpenOffice.org
[2012.02.06 11:53:37 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\pdfforge
[2011.12.17 19:27:41 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Unity
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.01.07 20:27:57 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.07.13 22:45:11 | 000,000,000 | ---D | M] -- C:\86a6896030a955fa305e2d60d51aa5
[2011.06.22 20:07:11 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.06.22 19:15:01 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.06.04 15:44:36 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.09.08 10:19:55 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.09.21 19:35:22 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.06.22 19:15:01 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.09.21 20:12:38 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.06.22 19:15:10 | 000,000,000 | R--D | M] -- C:\Users
[2012.09.21 20:12:34 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.21 05:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.01.11 22:18:07 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012.01.11 22:18:08 | 000,001,102 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.05.05 15:25:55 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012.09.21 21:10:41 | 002,097,152 | -HS- | M] () -- C:\Users\PC\ntuser.dat
[2012.09.21 21:10:41 | 000,262,144 | -HS- | M] () -- C:\Users\PC\ntuser.dat.LOG1
[2011.06.22 19:15:12 | 000,000,000 | -HS- | M] () -- C:\Users\PC\ntuser.dat.LOG2
[2011.06.22 22:33:26 | 000,065,536 | -HS- | M] () -- C:\Users\PC\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011.06.22 22:33:26 | 000,524,288 | -HS- | M] () -- C:\Users\PC\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011.06.22 22:33:26 | 000,524,288 | -HS- | M] () -- C:\Users\PC\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012.09.21 20:12:48 | 001,048,576 | -HS- | M] () -- C:\Users\PC\ntuser.dat{49ccc0c9-9eb8-11e1-88ce-001d7d9e1777}.TxR.0.regtrans-ms
[2012.09.21 20:12:48 | 001,048,576 | -HS- | M] () -- C:\Users\PC\ntuser.dat{49ccc0c9-9eb8-11e1-88ce-001d7d9e1777}.TxR.1.regtrans-ms
[2012.09.21 20:12:48 | 001,048,576 | -HS- | M] () -- C:\Users\PC\ntuser.dat{49ccc0c9-9eb8-11e1-88ce-001d7d9e1777}.TxR.2.regtrans-ms
[2012.09.21 20:12:47 | 000,065,536 | -HS- | M] () -- C:\Users\PC\ntuser.dat{49ccc0c9-9eb8-11e1-88ce-001d7d9e1777}.TxR.blf
[2012.09.21 20:10:51 | 000,065,536 | -HS- | M] () -- C:\Users\PC\ntuser.dat{49ccc0ca-9eb8-11e1-88ce-001d7d9e1777}.TM.blf
[2012.09.21 20:10:51 | 000,524,288 | -HS- | M] () -- C:\Users\PC\ntuser.dat{49ccc0ca-9eb8-11e1-88ce-001d7d9e1777}.TMContainer00000000000000000001.regtrans-ms
[2012.05.15 20:12:50 | 000,524,288 | -HS- | M] () -- C:\Users\PC\ntuser.dat{49ccc0ca-9eb8-11e1-88ce-001d7d9e1777}.TMContainer00000000000000000002.regtrans-ms
[2011.07.13 22:44:25 | 000,065,536 | -HS- | M] () -- C:\Users\PC\ntuser.dat{91ee91e2-ad7c-11e0-b16d-001d7d9e1777}.TM.blf
[2011.07.13 22:44:25 | 000,524,288 | -HS- | M] () -- C:\Users\PC\ntuser.dat{91ee91e2-ad7c-11e0-b16d-001d7d9e1777}.TMContainer00000000000000000001.regtrans-ms
[2011.07.13 22:44:25 | 000,524,288 | -HS- | M] () -- C:\Users\PC\ntuser.dat{91ee91e2-ad7c-11e0-b16d-001d7d9e1777}.TMContainer00000000000000000002.regtrans-ms
[2011.11.28 07:49:32 | 000,065,536 | -HS- | M] () -- C:\Users\PC\ntuser.dat{b42c2964-1984-11e1-9897-001d7d9e1777}.TM.blf
[2011.11.28 07:49:32 | 000,524,288 | -HS- | M] () -- C:\Users\PC\ntuser.dat{b42c2964-1984-11e1-9897-001d7d9e1777}.TMContainer00000000000000000001.regtrans-ms
[2011.11.28 07:49:33 | 000,524,288 | -HS- | M] () -- C:\Users\PC\ntuser.dat{b42c2964-1984-11e1-9897-001d7d9e1777}.TMContainer00000000000000000002.regtrans-ms
[2011.06.22 19:15:13 | 000,000,020 | -HS- | M] () -- C:\Users\PC\ntuser.ini
[2012.06.04 15:54:06 | 000,000,000 | ---- | M] () -- C:\Users\PC\Sti_Trace.log
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >
         

--- --- ---


achso und das:OTL EXTRAS Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 21.09.2012 21:02:39 - Run 1
OTL by OldTimer - Version 3.2.65.1     Folder = C:\Users\PC\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 73,99% Memory free
4,00 Gb Paging File | 3,51 Gb Available in Paging File | 87,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 404,82 Gb Free Space | 86,92% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive I: | 596,17 Gb Total Space | 485,11 Gb Free Space | 81,37% Space Free | Partition Type: NTFS
 
Computer Name: PC-PC | User Name: PC | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{013131E1-70B3-4292-A593-9538B5EF9F9A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{04229AF2-2705-4569-A8BF-2C9C23961217}" = lport=138 | protocol=17 | dir=in | app=system | 
"{158B3FFB-F11C-491E-9EEC-EAE8CFA8D050}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1A58273A-7688-41EB-9EA3-C7DB2FFD778C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2679F291-9A97-4E9F-BF24-808C16146C23}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{365B2503-A19D-4CD4-81F2-6AF9EE161E36}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{41D77982-6CDB-4451-9FF0-9FE9E3CEA935}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{48C68201-B9B8-4DE4-90F0-C6C9C4660425}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{590663E5-1FDE-434C-9216-355F9A9B3475}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{62750C00-FFCE-4BD1-B470-131B21BA712D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{690A4881-0257-4108-BF80-9F782E5D291A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{6B60B89A-B782-4858-852D-735EDC94F1DA}" = lport=137 | protocol=17 | dir=in | app=system | 
"{700475FA-61B7-44A7-BB4E-0D69B5ACCEF6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{702EB74D-6A70-45CE-9FF0-7B95D8441D49}" = rport=137 | protocol=17 | dir=out | app=system | 
"{71760E3B-27A8-4E70-9D49-A02F268147AC}" = rport=445 | protocol=6 | dir=out | app=system | 
"{7F34572E-1CA4-4184-8911-168F6BC31F81}" = lport=139 | protocol=6 | dir=in | app=system | 
"{92FAE8CC-A804-411C-9AC9-33CBC7F2EFA9}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
"{97B1C596-703F-44C9-9909-151206EF6533}" = rport=139 | protocol=6 | dir=out | app=system | 
"{993BE85C-56A4-460F-9287-40E0005E7824}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A227BFD7-50DC-4E99-AACF-1407FC751793}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{AE9AEC48-7E97-4FCF-BD10-9B571134DBA8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{BC68812C-1CB3-4FF4-A19D-16B4E578A73F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{BFF7BED9-A18A-4467-ACBD-C0E7AC8F9960}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C684AC07-C49D-4AF5-9CC1-A1506B94FF27}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{CF044175-9790-4724-B4C5-ECF8F32F0B86}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F74CCB9E-D76A-4B1E-BED3-1E4738E19341}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{125A955C-A378-4998-A784-8979A660551C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{17706280-AFD2-4A01-87BF-1E7CA460B816}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{1C8CA2E6-BF28-4159-BEB4-12BE09044D6B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2461F6E2-A958-4F6E-AB38-150F29AF36B5}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{281AC285-3C42-492C-8DB7-BE475AE6D7B2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2E793E5F-EF7B-48BB-BAD0-CD70D1C04712}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe | 
"{3E37B62C-8F9A-4936-BCA7-7CCAC95DE1D3}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe | 
"{4166E814-0AEF-4995-9205-3718D137CF1A}" = protocol=6 | dir=out | app=system | 
"{4305005C-AA03-408E-A7D0-F1007613899F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{441536BE-A095-4F16-A82E-35ADD9FE551B}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{472E334F-5CFB-4D5F-984A-741458CC8730}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{4DC0A0D2-EBA7-46E3-ADC9-B9EA47C74433}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4E84A635-9685-43E1-A66B-71287D2051E0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{510F11AA-AB4E-4B81-A66E-D4EAE76A3EFC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{567FE577-D847-4C5C-86DC-79681A482A36}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{58A44481-BB11-4A3E-AEF4-C375F4116FE5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{5C3245C2-896D-46D2-B72A-4AE9CEABE99F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5CC918D9-7A24-4057-8A4C-F84ECEA5CF32}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{5E9AD94F-532D-4C90-B0B4-C71E29C79558}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{63DC2994-C678-4982-A8D3-552B4777C16B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"{68080D3B-CE58-43B6-BDB3-57E78444E6E3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"{6C81BE76-F7DB-46D6-96AA-120DA7E82373}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{7CC7181E-B29E-4145-AD49-E85CB9D2D371}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7D8924F1-D987-485B-9641-FE34723980B5}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{7F7EC6D4-1000-4328-ADBC-59976C6C955E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{825D9AAC-3A84-4F06-BE6D-A7E850F0B1EC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{86620FDF-FD77-43E1-A1C4-2A15E00A0BC9}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{872BAC00-8BDF-4D4D-A38E-3AD6DE459AF6}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{9B687B1C-A230-44F2-A485-B61766924CC4}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{A13CCFD1-7428-49CB-BFE8-3452072535EC}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{A5F2ADFD-BCD6-43D0-BFE7-7055C5EA6C7F}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{AA6DB747-FBA1-4D67-80DC-32DCBB5B93A7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{B1B8FD05-C10D-4A2D-A83C-3EC02D7CE6E3}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{B2B86310-6DD2-4D1F-9960-316DA15BDD69}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{B2FAF5CE-CDB0-4771-AFD1-09F938ADA165}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{B6B229CB-A585-4FA9-8152-5E0C5B347479}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C610C78A-99EF-4735-8952-1D33B48DE8BF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{CEEB22BE-0635-4354-BE0C-B82082DA9C57}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D4E74D98-9307-4294-9884-4926B2D23CE9}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | 
"{D82144B0-692E-4653-81B0-9CB71FD3648E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D8D72628-2699-4F48-9D77-CC25B2088D2B}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | 
"{D9F8E63C-C5B9-4B5F-9AD5-EB53EC7D3229}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DEFC0939-2EA1-4462-8C84-6763258AE01A}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{E24E4DCA-2807-41A5-957A-8092B3995431}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E3B21B87-614D-4E6F-942F-3A3A3E0B6AB0}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{E4D0CF0B-482B-4A95-B215-051D5EF98492}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{E7BA9804-E3EF-49C3-AECA-BBD9F2EBAF27}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{EE8B8027-31C5-4CAC-82A5-AF7689DFDDDE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{F615CC03-CFE7-4B42-92B5-FBC5A117ABF7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{F6C7AAC2-E8B5-47B0-84A6-7566D6B2F2F8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FFF91B36-E827-441B-AA28-F3E253D6C943}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"TCP Query User{03A5278F-D761-4B13-8704-93E9DE62F2C7}C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18574\sc2.exe | 
"TCP Query User{190C7A89-3AB5-4B8C-A49E-E7791BEFF3E7}C:\program files (x86)\starcraft ii\versions\base22612\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base22612\sc2.exe | 
"TCP Query User{21DA7841-916A-413B-9235-976848C39C56}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"TCP Query User{3ED9D918-A771-48D0-AC01-990A018DBA34}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe | 
"TCP Query User{6545ECC7-04FA-430F-AA3C-BC1BBB31295D}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"TCP Query User{7335BB65-6B37-4670-86C7-5DD2A1EE635F}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe | 
"TCP Query User{95C4AA9C-9F49-4AA3-8284-A223571C0096}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe | 
"TCP Query User{C7296B6D-209B-40C6-B74D-9057DA471519}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"TCP Query User{E065D308-48D4-45BB-B610-62E942348AC8}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"TCP Query User{E872C178-F9CC-45DB-A0C3-9A574E1EE3A8}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"TCP Query User{E94E14DC-5F36-4BC4-AD51-47768C2094B3}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"UDP Query User{052E074E-307C-47B6-B92A-1505832C5AB6}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"UDP Query User{0B1E91A0-7B1C-4F96-995D-3E0390B722D7}C:\program files (x86)\starcraft ii\versions\base22612\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base22612\sc2.exe | 
"UDP Query User{1EC00426-90B1-4177-8CE6-474257C64E34}C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18574\sc2.exe | 
"UDP Query User{2099368A-FF53-4FD4-8412-AC0CB2F3FB16}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"UDP Query User{25676598-6669-4E49-9510-D62E6BAEE3AC}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"UDP Query User{2F606033-ABFC-4201-B329-65E737814D10}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"UDP Query User{5B721275-8A83-48F4-B1A9-7EB73D3410D9}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe | 
"UDP Query User{71EDD8D1-119D-4F78-91A0-D8A4D54D69BD}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"UDP Query User{75877574-9629-4E44-A0F8-48647E90525D}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"UDP Query User{A14D6DFD-4115-441F-B062-F732457549BD}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe | 
"UDP Query User{F40379F6-E993-4B79-97AB-4CBF37907F26}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 267.85
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 267.85
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 267.85
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 267.85
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.22.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"EPSON SX230 Series" = EPSON SX230 Series Printer Uninstall
"GPL Ghostscript" = GPL Ghostscript
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1A1FA4C1-2701-401C-8CE1-FDDE45304FF5}" = ASUS nVidia Driver
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{494367EC-82A9-4C0D-A788-74A967998E8C}" = FXCM Trading Station
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}" = Epson Easy Photo Print 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Diablo III" = Diablo III
"ElsterFormular 13.2.0.8623k" = ElsterFormular
"EPSON Scanner" = EPSON Scan
"EPSON SX230 Series Bog" = Benutzerhandbuch - Grundlagen EPSON SX230 Series
"EPSON SX230 Series Useg" = Benutzerhandbuch EPSON SX230 Series
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"FXCM Trading Station" = FXCM Trading Station
"GamersFirst LIVE!" = GamersFirst LIVE!
"KaloMa_is1" = KaloMa 4.93
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PDF Blender" = PDF Blender
"StarCraft II" = StarCraft II
"VLC media player" = VLC media player 1.1.10
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"System Progressive Protection" = System Progressive Protection
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21.09.2012 07:23:03 | Computer Name = PC-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 21.09.2012 07:23:03 | Computer Name = PC-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11045
 
Error - 21.09.2012 07:23:03 | Computer Name = PC-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11045
 
Error - 21.09.2012 07:23:04 | Computer Name = PC-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 21.09.2012 07:23:04 | Computer Name = PC-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12043
 
Error - 21.09.2012 07:23:04 | Computer Name = PC-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12043
 
Error - 21.09.2012 07:23:05 | Computer Name = PC-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 21.09.2012 07:23:05 | Computer Name = PC-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13042
 
Error - 21.09.2012 07:23:05 | Computer Name = PC-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13042
 
Error - 21.09.2012 14:14:24 | Computer Name = PC-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 21.09.2012 15:02:40 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 21.09.2012 15:04:46 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 21.09.2012 15:04:46 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 21.09.2012 15:04:46 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 21.09.2012 15:09:46 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 21.09.2012 15:09:46 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 21.09.2012 15:09:46 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 21.09.2012 15:11:54 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 21.09.2012 15:11:54 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 21.09.2012 15:11:54 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >
         

--- --- ---

hi
falls du deinen nutzernamen unkenntlich gemacht hast, passe ihn im script an
dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

Code: Alles auswählenAufklappen

ATTFilter

:OTL
O4 - HKCU..\RunOnce: [55013878321FF75D004C5500EC6EEEBA] C:\ProgramData\55013878321FF75D004C5500EC6EEEBA\55013878321FF75D004C5500EC6EEEBA.exe ()
[2012.09.21 19:36:22 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection
[2012.09.21 19:36:22 | 000,002,064 | ---- | M] () -- C:\Users\PC\Desktop\System Progressive Protection.lnk
 :Files
C:\ProgramData\55013878321FF75D004C5500EC6EEEBA
:Commands
[Reboot]
         

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblendenlade unhide:
Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!



Drücke bitte die + E Taste.

• Öffne dein Systemlaufwerk ( meistens C: )
• Suche nun
  folgenden Ordner: _OTL und öffne diesen.
• Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner
• 
  Dies wird eine Movedfiles.zip Datei in _OTL erstellen
• Lade diese bitte in unseren Uploadchannel
  hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )

Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus



für eine weitere analyse benötige ich mal folgendes.
c:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache
dort rechtsklick auf den ordner cache, diesen mit winrar oder einem anderen programm packen, und im upload channel hochladen bitte
Trojaner-Board Upload Channel
wenn dies erledigt ist, bittemelden.

ich habe irgendwas falsch gemacht. ich habe das angeklickt was in der verlangten Zip Datei war. Jetzt ploppt das irgendwie wieder auf manchmal kurz sorry!
Also erstmal der Inhalt der Datei:
[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21799
und
[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183

Ich hoffe das ist das was du haben wolltest. Also ist eine textdatei und liegt auf meinem Desktop mit dem Namen: desktop.ini

also der upload hat geklappt!

was hasst du angeklickt?
führe den fix noch mal aus + lade den gepackten cache ordner hoch im upload channel

also den Fix habe ich gemacht und es kommt auch keine Meldung mehr von dem Programm, abe der Upload der Cache geht irgendwie nicht.
Was soll ich sonst noch machen?

hi
File-Upload.net - Ihr kostenloser File Hoster!
dort mal den cache ordner hochladen, link als private nachicht an mich.
das ist ne neue schadsoftware, sie gehört zwar zu einer uns bekannten schadware familie, aber ich möchte dann trotzdem noch einige infos von deinem pc einsammeln

Ok ist gerade dabei hochzuladen, schick ich dir dann gleich.
Habe ich jetzt alles weg von meinem Rechner oder muss ich nochwas löschen oder so?

ist meine Nachricht angekommen?

hi
danke
weiter gehts:

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop

• Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Hallo Markus,
Danke für die Rückmeldung. Hier die gewünschte Datei:
Combofix Logfile:

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 12-09-22.02 - PC 22.09.2012  20:23:54.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.2046.1183 [GMT 2:00]
ausgeführt von:: c:\users\PC\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\PC\4.0
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-08-22 bis 2012-09-22  ))))))))))))))))))))))))))))))
.
.
2012-09-22 18:29 . 2012-09-22 18:29	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-09-22 08:23 . 2012-09-22 08:23	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-09-22 08:23 . 2012-09-22 08:23	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-09-22 08:23 . 2012-09-22 08:23	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-09-22 08:23 . 2012-09-22 08:23	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-09-22 08:23 . 2012-09-22 08:23	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-09-22 08:23 . 2012-09-22 08:23	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-09-22 08:23 . 2012-09-22 08:23	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-09-22 08:23 . 2012-09-22 08:23	--------	d-----w-	c:\program files (x86)\QuickTime
2012-09-22 07:51 . 2012-08-21 11:01	33240	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-22 07:50 . 2012-09-22 07:50	--------	d-----w-	c:\program files (x86)\FileHippo.com
2012-09-22 07:50 . 2012-09-22 07:50	--------	d-----w-	c:\program files\iPod
2012-09-22 07:50 . 2012-09-22 07:51	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-22 07:50 . 2012-09-22 07:51	--------	d-----w-	c:\program files\iTunes
2012-09-22 07:47 . 2012-09-22 07:47	--------	d-----w-	c:\program files (x86)\Apple Software Update
2012-09-22 07:40 . 2012-09-22 07:40	--------	d-----w-	c:\users\PC\AppData\Local\Secunia PSI
2012-09-22 07:40 . 2012-09-22 07:40	--------	d-----w-	c:\program files (x86)\Secunia
2012-09-22 07:31 . 2012-05-04 11:00	366592	----a-w-	c:\windows\system32\qdvd.dll
2012-09-22 07:31 . 2012-05-04 09:59	514560	----a-w-	c:\windows\SysWow64\qdvd.dll
2012-09-22 07:31 . 2011-02-19 12:05	1139200	----a-w-	c:\windows\system32\FntCache.dll
2012-09-22 07:31 . 2011-02-19 12:04	902656	----a-w-	c:\windows\system32\d2d1.dll
2012-09-22 07:31 . 2011-02-19 06:30	739840	----a-w-	c:\windows\SysWow64\d2d1.dll
2012-09-22 07:16 . 2012-09-22 07:16	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-09-22 07:15 . 2012-09-22 07:15	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-22 07:15 . 2012-09-22 07:15	--------	d-----w-	c:\program files (x86)\Java
2012-09-21 19:31 . 2012-09-21 19:35	--------	d-----w-	C:\_OTL
2012-09-21 17:35 . 2012-09-21 19:45	--------	d-----w-	c:\programdata\55013878321FF75D004C5500EC6EEEBA
2012-09-21 15:38 . 2012-08-30 07:27	9308616	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{930DE148-7965-476E-933A-BCDFED6042AA}\mpengine.dll
2012-09-12 16:42 . 2012-08-22 18:12	950128	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-09-12 16:42 . 2012-07-04 20:26	41472	----a-w-	c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 16:42 . 2012-08-02 17:58	574464	----a-w-	c:\windows\system32\d3d10level9.dll
2012-09-12 16:42 . 2012-08-02 16:57	490496	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2012-09-12 16:42 . 2012-08-22 18:12	1913200	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-09-12 16:42 . 2012-08-22 18:12	376688	----a-w-	c:\windows\system32\drivers\netio.sys
2012-09-12 16:42 . 2012-08-22 18:12	288624	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-22 07:15 . 2012-07-31 21:23	821736	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-09-22 07:15 . 2011-06-25 09:59	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-09-21 17:52 . 2012-05-05 13:25	696240	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-21 17:52 . 2011-06-22 20:56	73136	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-12 16:58 . 2011-06-22 17:29	64462936	----a-w-	c:\windows\system32\MRT.exe
2012-08-21 11:01 . 2011-06-22 17:36	125872	----a-w-	c:\windows\system32\GEARAspi64.dll
2012-08-21 11:01 . 2011-06-22 17:36	106928	----a-w-	c:\windows\SysWow64\GEARAspi.dll
2012-08-05 12:09 . 2011-03-28 16:36	19720	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-18 18:15 . 2012-08-15 17:12	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-07-04 22:16 . 2012-08-15 17:12	73216	----a-w-	c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-15 17:12	59392	----a-w-	c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-15 17:12	136704	----a-w-	c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-15 17:12	41984	----a-w-	c:\windows\SysWow64\browcli.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
.
c:\users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GamersFirst LIVE!.lnk - c:\program files (x86)\GamersFirst\LIVE!\Live.exe [2011-8-16 2589808]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2012-7-25 572000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-11 136176]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-07-25 681056]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-11 136176]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 29720]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-07 114144]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-06 1255736]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 27760]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-10 86224]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2012-06-04 168448]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2012-06-04 131072]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-07-25 1326176]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-03-03 174184]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 17:52]
.
2012-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-11 20:17]
.
2012-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-11 20:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\users\PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\o2kblm24.default\
FF - prefs.js: keyword.URL - hxxp://search.hotspotshield.com/g/results.php?c=s&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
AddRemove-System Progressive Protection - c:\programdata\55013878321FF75D004C5500EC6EEEBA\55013878321FF75D004C5500EC6EEEBA.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-22  20:36:44 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-09-22 18:36
.
Vor Suchlauf: 8 Verzeichnis(se), 432.430.899.200 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 433.902.972.928 Bytes frei
.
- - End Of File - - 01933974FFB8F4B1276502477D826F1D
         

--- --- ---

hi
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten

Hallo,
nochmal Danke Danke für die nette Hilfe!
Hier der Log:

Code: Alles auswählenAufklappen

ATTFilter

18:37:29.0190 3688  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
18:37:29.0346 3688  ============================================================
18:37:29.0346 3688  Current date / time: 2012/09/24 18:37:29.0346
18:37:29.0346 3688  SystemInfo:
18:37:29.0346 3688  
18:37:29.0346 3688  OS Version: 6.1.7601 ServicePack: 1.0
18:37:29.0346 3688  Product type: Workstation
18:37:29.0346 3688  ComputerName: PC-PC
18:37:29.0346 3688  UserName: PC
18:37:29.0346 3688  Windows directory: C:\Windows
18:37:29.0346 3688  System windows directory: C:\Windows
18:37:29.0346 3688  Running under WOW64
18:37:29.0346 3688  Processor architecture: Intel x64
18:37:29.0346 3688  Number of processors: 4
18:37:29.0346 3688  Page size: 0x1000
18:37:29.0346 3688  Boot type: Normal boot
18:37:29.0346 3688  ============================================================
18:37:30.0594 3688  Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:37:30.0610 3688  Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:37:30.0625 3688  ============================================================
18:37:30.0625 3688  \Device\Harddisk0\DR0:
18:37:30.0625 3688  MBR partitions:
18:37:30.0625 3688  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384000
18:37:30.0625 3688  \Device\Harddisk1\DR1:
18:37:30.0625 3688  MBR partitions:
18:37:30.0625 3688  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A856E82
18:37:30.0625 3688  ============================================================
18:37:30.0641 3688  C: <-> \Device\Harddisk0\DR0\Partition1
18:37:30.0656 3688  I: <-> \Device\Harddisk1\DR1\Partition1
18:37:30.0656 3688  ============================================================
18:37:30.0656 3688  Initialize success
18:37:30.0656 3688  ============================================================
18:39:02.0011 1792  ============================================================
18:39:02.0011 1792  Scan started
18:39:02.0011 1792  Mode: Manual; SigCheck; TDLFS; 
18:39:02.0011 1792  ============================================================
18:39:03.0041 1792  ================ Scan system memory ========================
18:39:03.0041 1792  System memory - ok
18:39:03.0041 1792  ================ Scan services =============================
18:39:03.0166 1792  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
18:39:03.0290 1792  1394ohci - ok
18:39:03.0368 1792  [ B33CF4DE909A5B30F526D82053A63C8E ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
18:39:03.0400 1792  ABBYY.Licensing.FineReader.Sprint.9.0 - ok
18:39:03.0415 1792  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
18:39:03.0446 1792  ACPI - ok
18:39:03.0462 1792  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
18:39:03.0540 1792  AcpiPmi - ok
18:39:03.0587 1792  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:39:03.0602 1792  AdobeARMservice - ok
18:39:03.0696 1792  [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:39:03.0727 1792  AdobeFlashPlayerUpdateSvc - ok
18:39:03.0758 1792  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
18:39:03.0790 1792  adp94xx - ok
18:39:03.0805 1792  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
18:39:03.0836 1792  adpahci - ok
18:39:03.0852 1792  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
18:39:03.0883 1792  adpu320 - ok
18:39:03.0899 1792  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:39:04.0055 1792  AeLookupSvc - ok
18:39:04.0102 1792  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
18:39:04.0164 1792  AFD - ok
18:39:04.0195 1792  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
18:39:04.0211 1792  agp440 - ok
18:39:04.0226 1792  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
18:39:04.0289 1792  ALG - ok
18:39:04.0304 1792  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:39:04.0320 1792  aliide - ok
18:39:04.0336 1792  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
18:39:04.0351 1792  amdide - ok
18:39:04.0382 1792  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
18:39:04.0414 1792  AmdK8 - ok
18:39:04.0445 1792  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
18:39:04.0492 1792  AmdPPM - ok
18:39:04.0523 1792  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
18:39:04.0554 1792  amdsata - ok
18:39:04.0585 1792  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
18:39:04.0601 1792  amdsbs - ok
18:39:04.0616 1792  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
18:39:04.0616 1792  amdxata - ok
18:39:04.0694 1792  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
18:39:04.0710 1792  AntiVirSchedulerService - ok
18:39:04.0757 1792  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
18:39:04.0772 1792  AntiVirService - ok
18:39:04.0804 1792  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
18:39:04.0944 1792  AppID - ok
18:39:04.0991 1792  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
18:39:05.0038 1792  AppIDSvc - ok
18:39:05.0069 1792  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
18:39:05.0131 1792  Appinfo - ok
18:39:05.0209 1792  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:39:05.0225 1792  Apple Mobile Device - ok
18:39:05.0272 1792  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
18:39:05.0287 1792  arc - ok
18:39:05.0303 1792  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
18:39:05.0318 1792  arcsas - ok
18:39:05.0350 1792  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:39:05.0443 1792  AsyncMac - ok
18:39:05.0474 1792  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
18:39:05.0490 1792  atapi - ok
18:39:05.0506 1792  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:39:05.0584 1792  AudioEndpointBuilder - ok
18:39:05.0599 1792  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
18:39:05.0630 1792  AudioSrv - ok
18:39:05.0677 1792  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
18:39:05.0708 1792  avgntflt - ok
18:39:05.0724 1792  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
18:39:05.0740 1792  avipbb - ok
18:39:05.0755 1792  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
18:39:05.0771 1792  avkmgr - ok
18:39:05.0786 1792  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
18:39:05.0880 1792  AxInstSV - ok
18:39:05.0911 1792  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
18:39:05.0974 1792  b06bdrv - ok
18:39:06.0005 1792  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
18:39:06.0036 1792  b57nd60a - ok
18:39:06.0083 1792  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
18:39:06.0145 1792  BDESVC - ok
18:39:06.0161 1792  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:39:06.0208 1792  Beep - ok
18:39:06.0254 1792  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
18:39:06.0332 1792  BFE - ok
18:39:06.0379 1792  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
18:39:06.0442 1792  BITS - ok
18:39:06.0473 1792  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
18:39:06.0504 1792  blbdrive - ok
18:39:06.0613 1792  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:39:06.0629 1792  Bonjour Service - ok
18:39:06.0660 1792  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:39:06.0722 1792  bowser - ok
18:39:06.0738 1792  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
18:39:06.0785 1792  BrFiltLo - ok
18:39:06.0800 1792  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
18:39:06.0832 1792  BrFiltUp - ok
18:39:06.0878 1792  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
18:39:06.0925 1792  BridgeMP - ok
18:39:06.0956 1792  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
18:39:06.0988 1792  Browser - ok
18:39:07.0003 1792  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
18:39:07.0081 1792  Brserid - ok
18:39:07.0097 1792  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
18:39:07.0128 1792  BrSerWdm - ok
18:39:07.0159 1792  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
18:39:07.0190 1792  BrUsbMdm - ok
18:39:07.0206 1792  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
18:39:07.0253 1792  BrUsbSer - ok
18:39:07.0268 1792  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
18:39:07.0300 1792  BTHMODEM - ok
18:39:07.0346 1792  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
18:39:07.0393 1792  bthserv - ok
18:39:07.0424 1792  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:39:07.0487 1792  cdfs - ok
18:39:07.0534 1792  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
18:39:07.0580 1792  cdrom - ok
18:39:07.0612 1792  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
18:39:07.0674 1792  CertPropSvc - ok
18:39:07.0690 1792  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
18:39:07.0721 1792  circlass - ok
18:39:07.0752 1792  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
18:39:07.0783 1792  CLFS - ok
18:39:07.0814 1792  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:39:07.0846 1792  clr_optimization_v2.0.50727_32 - ok
18:39:07.0908 1792  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:39:07.0924 1792  clr_optimization_v2.0.50727_64 - ok
18:39:07.0986 1792  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:39:08.0017 1792  clr_optimization_v4.0.30319_32 - ok
18:39:08.0048 1792  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:39:08.0064 1792  clr_optimization_v4.0.30319_64 - ok
18:39:08.0080 1792  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
18:39:08.0111 1792  CmBatt - ok
18:39:08.0126 1792  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:39:08.0158 1792  cmdide - ok
18:39:08.0189 1792  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
18:39:08.0251 1792  CNG - ok
18:39:08.0267 1792  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
18:39:08.0282 1792  Compbatt - ok
18:39:08.0314 1792  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
18:39:08.0360 1792  CompositeBus - ok
18:39:08.0376 1792  COMSysApp - ok
18:39:08.0392 1792  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
18:39:08.0407 1792  crcdisk - ok
18:39:08.0454 1792  [ 4F5414602E2544A4554D95517948B705 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:39:08.0548 1792  CryptSvc - ok
18:39:08.0579 1792  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:39:08.0641 1792  DcomLaunch - ok
18:39:08.0688 1792  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
18:39:08.0750 1792  defragsvc - ok
18:39:08.0766 1792  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:39:08.0813 1792  DfsC - ok
18:39:08.0844 1792  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
18:39:08.0922 1792  Dhcp - ok
18:39:08.0938 1792  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
18:39:09.0000 1792  discache - ok
18:39:09.0031 1792  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
18:39:09.0047 1792  Disk - ok
18:39:09.0078 1792  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:39:09.0140 1792  Dnscache - ok
18:39:09.0172 1792  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:39:09.0234 1792  dot3svc - ok
18:39:09.0265 1792  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
18:39:09.0328 1792  DPS - ok
18:39:09.0374 1792  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:39:09.0421 1792  drmkaud - ok
18:39:09.0452 1792  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:39:09.0515 1792  DXGKrnl - ok
18:39:09.0530 1792  EagleX64 - ok
18:39:09.0530 1792  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
18:39:09.0624 1792  EapHost - ok
18:39:09.0702 1792  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
18:39:09.0827 1792  ebdrv - ok
18:39:09.0858 1792  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
18:39:09.0920 1792  EFS - ok
18:39:09.0967 1792  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:39:10.0030 1792  ehRecvr - ok
18:39:10.0061 1792  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
18:39:10.0092 1792  ehSched - ok
18:39:10.0123 1792  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
18:39:10.0154 1792  elxstor - ok
18:39:10.0201 1792  [ 7C5BFAAC8DCE7292B0C04EBF892E71F9 ] EPSON_EB_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
18:39:10.0248 1792  EPSON_EB_RPCV4_04 - ok
18:39:10.0264 1792  [ D4615670CD49A1679E6067F155C47C68 ] EPSON_PM_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
18:39:10.0295 1792  EPSON_PM_RPCV4_04 - ok
18:39:10.0310 1792  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
18:39:10.0342 1792  ErrDev - ok
18:39:10.0388 1792  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
18:39:10.0451 1792  EventSystem - ok
18:39:10.0482 1792  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
18:39:10.0513 1792  exfat - ok
18:39:10.0529 1792  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:39:10.0607 1792  fastfat - ok
18:39:10.0669 1792  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
18:39:10.0732 1792  Fax - ok
18:39:10.0747 1792  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
18:39:10.0794 1792  fdc - ok
18:39:10.0810 1792  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
18:39:10.0872 1792  fdPHost - ok
18:39:10.0903 1792  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:39:10.0966 1792  FDResPub - ok
18:39:10.0997 1792  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:39:11.0012 1792  FileInfo - ok
18:39:11.0028 1792  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:39:11.0090 1792  Filetrace - ok
18:39:11.0122 1792  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
18:39:11.0137 1792  flpydisk - ok
18:39:11.0168 1792  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:39:11.0200 1792  FltMgr - ok
18:39:11.0262 1792  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
18:39:11.0340 1792  FontCache - ok
18:39:11.0387 1792  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:39:11.0418 1792  FontCache3.0.0.0 - ok
18:39:11.0434 1792  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
18:39:11.0449 1792  FsDepends - ok
18:39:11.0480 1792  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:39:11.0496 1792  Fs_Rec - ok
18:39:11.0543 1792  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
18:39:11.0574 1792  fvevol - ok
18:39:11.0605 1792  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
18:39:11.0621 1792  gagp30kx - ok
18:39:11.0668 1792  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:39:11.0683 1792  GEARAspiWDM - ok
18:39:11.0746 1792  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
18:39:11.0792 1792  gpsvc - ok
18:39:11.0839 1792  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:39:11.0855 1792  gupdate - ok
18:39:11.0855 1792  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:39:11.0870 1792  gupdatem - ok
18:39:11.0870 1792  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
18:39:11.0933 1792  hcw85cir - ok
18:39:11.0980 1792  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:39:12.0026 1792  HdAudAddService - ok
18:39:12.0073 1792  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
18:39:12.0104 1792  HDAudBus - ok
18:39:12.0120 1792  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
18:39:12.0151 1792  HidBatt - ok
18:39:12.0151 1792  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
18:39:12.0198 1792  HidBth - ok
18:39:12.0214 1792  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
18:39:12.0245 1792  HidIr - ok
18:39:12.0260 1792  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
18:39:12.0323 1792  hidserv - ok
18:39:12.0354 1792  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
18:39:12.0385 1792  HidUsb - ok
18:39:12.0401 1792  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:39:12.0463 1792  hkmsvc - ok
18:39:12.0479 1792  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:39:12.0526 1792  HomeGroupListener - ok
18:39:12.0557 1792  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:39:12.0619 1792  HomeGroupProvider - ok
18:39:12.0635 1792  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
18:39:12.0650 1792  HpSAMD - ok
18:39:12.0697 1792  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:39:12.0775 1792  HTTP - ok
18:39:12.0806 1792  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
18:39:12.0822 1792  hwpolicy - ok
18:39:12.0838 1792  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
18:39:12.0853 1792  i8042prt - ok
18:39:12.0900 1792  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
18:39:12.0931 1792  iaStorV - ok
18:39:12.0994 1792  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:39:13.0025 1792  IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:39:13.0025 1792  IDriverT - detected UnsignedFile.Multi.Generic (1)
18:39:13.0072 1792  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:39:13.0118 1792  idsvc - ok
18:39:13.0134 1792  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
18:39:13.0150 1792  iirsp - ok
18:39:13.0196 1792  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
18:39:13.0290 1792  IKEEXT - ok
18:39:13.0306 1792  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
18:39:13.0321 1792  intelide - ok
18:39:13.0352 1792  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:39:13.0399 1792  intelppm - ok
18:39:13.0415 1792  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:39:13.0477 1792  IPBusEnum - ok
18:39:13.0493 1792  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:39:13.0540 1792  IpFilterDriver - ok
18:39:13.0555 1792  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:39:13.0602 1792  iphlpsvc - ok
18:39:13.0633 1792  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
18:39:13.0680 1792  IPMIDRV - ok
18:39:13.0696 1792  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
18:39:13.0758 1792  IPNAT - ok
18:39:13.0805 1792  [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
18:39:13.0836 1792  iPod Service - ok
18:39:13.0852 1792  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:39:13.0883 1792  IRENUM - ok
18:39:13.0898 1792  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:39:13.0914 1792  isapnp - ok
18:39:13.0945 1792  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
18:39:13.0976 1792  iScsiPrt - ok
18:39:14.0023 1792  [ BD5BF20EC242E003A2F570B8754A56D1 ] ivusb           C:\Windows\system32\DRIVERS\ivusb.sys
18:39:14.0023 1792  ivusb - ok
18:39:14.0054 1792  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
18:39:14.0070 1792  kbdclass - ok
18:39:14.0086 1792  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
18:39:14.0117 1792  kbdhid - ok
18:39:14.0132 1792  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
18:39:14.0148 1792  KeyIso - ok
18:39:14.0179 1792  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:39:14.0210 1792  KSecDD - ok
18:39:14.0242 1792  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
18:39:14.0257 1792  KSecPkg - ok
18:39:14.0273 1792  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
18:39:14.0351 1792  ksthunk - ok
18:39:14.0413 1792  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:39:14.0491 1792  KtmRm - ok
18:39:14.0522 1792  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
18:39:14.0585 1792  LanmanServer - ok
18:39:14.0616 1792  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:39:14.0678 1792  LanmanWorkstation - ok
18:39:14.0741 1792  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:39:14.0803 1792  lltdio - ok
18:39:14.0850 1792  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:39:14.0912 1792  lltdsvc - ok
18:39:14.0944 1792  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:39:15.0022 1792  lmhosts - ok
18:39:15.0068 1792  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
18:39:15.0100 1792  LSI_FC - ok
18:39:15.0100 1792  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
18:39:15.0131 1792  LSI_SAS - ok
18:39:15.0146 1792  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
18:39:15.0162 1792  LSI_SAS2 - ok
18:39:15.0178 1792  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
18:39:15.0193 1792  LSI_SCSI - ok
18:39:15.0224 1792  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
18:39:15.0287 1792  luafv - ok
18:39:15.0318 1792  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:39:15.0365 1792  Mcx2Svc - ok
18:39:15.0396 1792  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
18:39:15.0412 1792  megasas - ok
18:39:15.0443 1792  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
18:39:15.0474 1792  MegaSR - ok
18:39:15.0474 1792  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
18:39:15.0552 1792  MMCSS - ok
18:39:15.0583 1792  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
18:39:15.0646 1792  Modem - ok
18:39:15.0677 1792  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:39:15.0724 1792  monitor - ok
18:39:15.0739 1792  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
18:39:15.0755 1792  mouclass - ok
18:39:15.0786 1792  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:39:15.0802 1792  mouhid - ok
18:39:15.0817 1792  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
18:39:15.0833 1792  mountmgr - ok
18:39:15.0895 1792  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:39:15.0911 1792  MozillaMaintenance - ok
18:39:15.0911 1792  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:39:15.0942 1792  mpio - ok
18:39:15.0973 1792  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:39:16.0020 1792  mpsdrv - ok
18:39:16.0051 1792  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:39:16.0114 1792  MpsSvc - ok
18:39:16.0129 1792  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:39:16.0176 1792  MRxDAV - ok
18:39:16.0207 1792  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:39:16.0285 1792  mrxsmb - ok
18:39:16.0316 1792  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:39:16.0363 1792  mrxsmb10 - ok
18:39:16.0379 1792  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:39:16.0410 1792  mrxsmb20 - ok
18:39:16.0410 1792  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
18:39:16.0426 1792  msahci - ok
18:39:16.0441 1792  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:39:16.0457 1792  msdsm - ok
18:39:16.0472 1792  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
18:39:16.0519 1792  MSDTC - ok
18:39:16.0535 1792  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:39:16.0613 1792  Msfs - ok
18:39:16.0628 1792  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
18:39:16.0706 1792  mshidkmdf - ok
18:39:16.0722 1792  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:39:16.0738 1792  msisadrv - ok
18:39:16.0769 1792  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:39:16.0831 1792  MSiSCSI - ok
18:39:16.0847 1792  msiserver - ok
18:39:16.0862 1792  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:39:16.0925 1792  MSKSSRV - ok
18:39:16.0925 1792  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:39:16.0972 1792  MSPCLOCK - ok
18:39:16.0987 1792  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:39:17.0065 1792  MSPQM - ok
18:39:17.0096 1792  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:39:17.0128 1792  MsRPC - ok
18:39:17.0128 1792  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
18:39:17.0143 1792  mssmbios - ok
18:39:17.0174 1792  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:39:17.0221 1792  MSTEE - ok
18:39:17.0237 1792  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
18:39:17.0268 1792  MTConfig - ok
18:39:17.0284 1792  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
18:39:17.0315 1792  Mup - ok
18:39:17.0346 1792  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
18:39:17.0408 1792  napagent - ok
18:39:17.0455 1792  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:39:17.0502 1792  NativeWifiP - ok
18:39:17.0596 1792  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:39:17.0642 1792  NDIS - ok
18:39:17.0674 1792  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
18:39:17.0720 1792  NdisCap - ok
18:39:17.0736 1792  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:39:17.0783 1792  NdisTapi - ok
18:39:17.0814 1792  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:39:17.0892 1792  Ndisuio - ok
18:39:17.0908 1792  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:39:17.0986 1792  NdisWan - ok
18:39:18.0001 1792  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:39:18.0079 1792  NDProxy - ok
18:39:18.0110 1792  [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl         C:\Windows\system32\DRIVERS\netaapl64.sys
18:39:18.0157 1792  Netaapl - ok
18:39:18.0173 1792  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:39:18.0235 1792  NetBIOS - ok
18:39:18.0266 1792  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
18:39:18.0313 1792  NetBT - ok
18:39:18.0329 1792  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
18:39:18.0344 1792  Netlogon - ok
18:39:18.0376 1792  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
18:39:18.0454 1792  Netman - ok
18:39:18.0485 1792  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
18:39:18.0563 1792  netprofm - ok
18:39:18.0594 1792  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:39:18.0610 1792  NetTcpPortSharing - ok
18:39:18.0641 1792  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
18:39:18.0656 1792  nfrd960 - ok
18:39:18.0688 1792  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:39:18.0734 1792  NlaSvc - ok
18:39:18.0750 1792  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:39:18.0781 1792  Npfs - ok
18:39:18.0781 1792  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
18:39:18.0828 1792  nsi - ok
18:39:18.0844 1792  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:39:18.0890 1792  nsiproxy - ok
18:39:18.0953 1792  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:39:19.0015 1792  Ntfs - ok
18:39:19.0031 1792  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
18:39:19.0078 1792  Null - ok
18:39:19.0140 1792  [ F2662FDC20518EE8A8EED4F61BA42349 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
18:39:19.0171 1792  NVHDA - ok
18:39:19.0468 1792  [ 9C1996DD3C0469BC8933321F15709F5A ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:39:19.0842 1792  nvlddmkm - ok
18:39:19.0889 1792  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:39:19.0904 1792  nvraid - ok
18:39:19.0951 1792  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:39:19.0967 1792  nvstor - ok
18:39:20.0029 1792  [ E5AFBE55415828EE6230F148425A30E4 ] NVSvc           C:\Windows\system32\nvvsvc.exe
18:39:20.0076 1792  NVSvc - ok
18:39:20.0092 1792  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:39:20.0107 1792  nv_agp - ok
18:39:20.0123 1792  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
18:39:20.0170 1792  ohci1394 - ok
18:39:20.0216 1792  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
18:39:20.0263 1792  p2pimsvc - ok
18:39:20.0294 1792  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
18:39:20.0326 1792  p2psvc - ok
18:39:20.0341 1792  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
18:39:20.0372 1792  Parport - ok
18:39:20.0388 1792  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:39:20.0419 1792  partmgr - ok
18:39:20.0450 1792  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:39:20.0497 1792  PcaSvc - ok
18:39:20.0513 1792  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
18:39:20.0544 1792  pci - ok
18:39:20.0560 1792  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
18:39:20.0575 1792  pciide - ok
18:39:20.0591 1792  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
18:39:20.0622 1792  pcmcia - ok
18:39:20.0638 1792  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
18:39:20.0653 1792  pcw - ok
18:39:20.0669 1792  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:39:20.0762 1792  PEAUTH - ok
18:39:20.0840 1792  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
18:39:20.0856 1792  PerfHost - ok
18:39:20.0918 1792  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
18:39:21.0012 1792  pla - ok
18:39:21.0059 1792  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:39:21.0137 1792  PlugPlay - ok
18:39:21.0152 1792  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
18:39:21.0184 1792  PNRPAutoReg - ok
18:39:21.0215 1792  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
18:39:21.0246 1792  PNRPsvc - ok
18:39:21.0293 1792  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:39:21.0386 1792  PolicyAgent - ok
18:39:21.0418 1792  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
18:39:21.0480 1792  Power - ok
18:39:21.0511 1792  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:39:21.0589 1792  PptpMiniport - ok
18:39:21.0620 1792  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
18:39:21.0652 1792  Processor - ok
18:39:21.0698 1792  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
18:39:21.0761 1792  ProfSvc - ok
18:39:21.0776 1792  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:39:21.0792 1792  ProtectedStorage - ok
18:39:21.0823 1792  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
18:39:21.0870 1792  Psched - ok
18:39:21.0917 1792  [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI             C:\Windows\system32\DRIVERS\psi_mf.sys
18:39:21.0917 1792  PSI - ok
18:39:21.0964 1792  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
18:39:22.0010 1792  ql2300 - ok
18:39:22.0026 1792  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
18:39:22.0042 1792  ql40xx - ok
18:39:22.0073 1792  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
18:39:22.0088 1792  QWAVE - ok
18:39:22.0104 1792  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:39:22.0120 1792  QWAVEdrv - ok
18:39:22.0135 1792  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:39:22.0166 1792  RasAcd - ok
18:39:22.0198 1792  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
18:39:22.0244 1792  RasAgileVpn - ok
18:39:22.0260 1792  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
18:39:22.0307 1792  RasAuto - ok
18:39:22.0338 1792  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:39:22.0400 1792  Rasl2tp - ok
18:39:22.0432 1792  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
18:39:22.0494 1792  RasMan - ok
18:39:22.0510 1792  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:39:22.0572 1792  RasPppoe - ok
18:39:22.0588 1792  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:39:22.0666 1792  RasSstp - ok
18:39:22.0681 1792  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:39:22.0728 1792  rdbss - ok
18:39:22.0744 1792  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
18:39:22.0775 1792  rdpbus - ok
18:39:22.0790 1792  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:39:22.0837 1792  RDPCDD - ok
18:39:22.0853 1792  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:39:22.0915 1792  RDPENCDD - ok
18:39:22.0931 1792  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
18:39:22.0962 1792  RDPREFMP - ok
18:39:22.0993 1792  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:39:23.0056 1792  RDPWD - ok
18:39:23.0071 1792  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
18:39:23.0102 1792  rdyboost - ok
18:39:23.0118 1792  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:39:23.0165 1792  RemoteAccess - ok
18:39:23.0196 1792  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:39:23.0258 1792  RemoteRegistry - ok
18:39:23.0290 1792  [ 7B04C9843921AB1F695FB395422C5360 ] RimUsb          C:\Windows\system32\Drivers\RimUsb_AMD64.sys
18:39:23.0352 1792  RimUsb - ok
18:39:23.0368 1792  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
18:39:23.0430 1792  RpcEptMapper - ok
18:39:23.0446 1792  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
18:39:23.0477 1792  RpcLocator - ok
18:39:23.0508 1792  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
18:39:23.0539 1792  RpcSs - ok
18:39:23.0555 1792  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:39:23.0617 1792  rspndr - ok
18:39:23.0664 1792  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
18:39:23.0695 1792  RTL8167 - ok
18:39:23.0726 1792  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
18:39:23.0742 1792  SamSs - ok
18:39:23.0742 1792  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:39:23.0773 1792  sbp2port - ok
18:39:23.0804 1792  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:39:23.0851 1792  SCardSvr - ok
18:39:23.0867 1792  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
18:39:23.0929 1792  scfilter - ok
18:39:23.0960 1792  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
18:39:24.0038 1792  Schedule - ok
18:39:24.0054 1792  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:39:24.0101 1792  SCPolicySvc - ok
18:39:24.0116 1792  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:39:24.0194 1792  SDRSVC - ok
18:39:24.0210 1792  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:39:24.0272 1792  secdrv - ok
18:39:24.0288 1792  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
18:39:24.0335 1792  seclogon - ok
18:39:24.0366 1792  [ 9044795E9D1A912D5F1B8DF6211850FD ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
18:39:24.0413 1792  Secunia PSI Agent - ok
18:39:24.0475 1792  [ 8B1A72E4FB63A9C068B08E1F9B70482A ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
18:39:24.0522 1792  Secunia Update Agent - ok
18:39:24.0538 1792  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
18:39:24.0600 1792  SENS - ok
18:39:24.0631 1792  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
18:39:24.0678 1792  SensrSvc - ok
18:39:24.0709 1792  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
18:39:24.0740 1792  Serenum - ok
18:39:24.0772 1792  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
18:39:24.0803 1792  Serial - ok
18:39:24.0834 1792  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
18:39:24.0865 1792  sermouse - ok
18:39:24.0896 1792  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
18:39:24.0959 1792  SessionEnv - ok
18:39:24.0990 1792  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
18:39:25.0006 1792  sffdisk - ok
18:39:25.0006 1792  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:39:25.0037 1792  sffp_mmc - ok
18:39:25.0052 1792  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
18:39:25.0099 1792  sffp_sd - ok
18:39:25.0115 1792  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
18:39:25.0146 1792  sfloppy - ok
18:39:25.0193 1792  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:39:25.0255 1792  SharedAccess - ok
18:39:25.0286 1792  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:39:25.0333 1792  ShellHWDetection - ok
18:39:25.0349 1792  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
18:39:25.0364 1792  SiSRaid2 - ok
18:39:25.0364 1792  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
18:39:25.0396 1792  SiSRaid4 - ok
18:39:25.0411 1792  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:39:25.0458 1792  Smb - ok
18:39:25.0505 1792  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:39:25.0536 1792  SNMPTRAP - ok
18:39:25.0552 1792  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
18:39:25.0567 1792  spldr - ok
18:39:25.0614 1792  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
18:39:25.0645 1792  Spooler - ok
18:39:25.0708 1792  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
18:39:25.0832 1792  sppsvc - ok
18:39:25.0864 1792  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
18:39:25.0895 1792  sppuinotify - ok
18:39:25.0926 1792  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:39:26.0004 1792  srv - ok
18:39:26.0035 1792  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:39:26.0082 1792  srv2 - ok
18:39:26.0113 1792  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:39:26.0129 1792  srvnet - ok
18:39:26.0144 1792  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:39:26.0176 1792  SSDPSRV - ok
18:39:26.0207 1792  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:39:26.0238 1792  SstpSvc - ok
18:39:26.0254 1792  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
18:39:26.0269 1792  stexstor - ok
18:39:26.0300 1792  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
18:39:26.0363 1792  stisvc - ok
18:39:26.0378 1792  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
18:39:26.0394 1792  swenum - ok
18:39:26.0410 1792  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
18:39:26.0472 1792  swprv - ok
18:39:26.0534 1792  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
18:39:26.0612 1792  SysMain - ok
18:39:26.0628 1792  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:39:26.0675 1792  TabletInputService - ok
18:39:26.0722 1792  [ F33FDC72298DF4BF9813A55D21F4EB31 ] taphss          C:\Windows\system32\DRIVERS\taphss.sys
18:39:26.0737 1792  taphss - ok
18:39:26.0753 1792  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:39:26.0815 1792  TapiSrv - ok
18:39:26.0846 1792  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
18:39:26.0878 1792  TBS - ok
18:39:26.0956 1792  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:39:27.0018 1792  Tcpip - ok
18:39:27.0049 1792  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
18:39:27.0096 1792  TCPIP6 - ok
18:39:27.0112 1792  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:39:27.0174 1792  tcpipreg - ok
18:39:27.0190 1792  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:39:27.0236 1792  TDPIPE - ok
18:39:27.0268 1792  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:39:27.0299 1792  TDTCP - ok
18:39:27.0330 1792  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:39:27.0408 1792  tdx - ok
18:39:27.0439 1792  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
18:39:27.0455 1792  TermDD - ok
18:39:27.0486 1792  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
18:39:27.0564 1792  TermService - ok
18:39:27.0595 1792  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
18:39:27.0626 1792  Themes - ok
18:39:27.0642 1792  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
18:39:27.0689 1792  THREADORDER - ok
18:39:27.0704 1792  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
18:39:27.0782 1792  TrkWks - ok
18:39:27.0814 1792  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:39:27.0876 1792  TrustedInstaller - ok
18:39:27.0892 1792  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:39:27.0970 1792  tssecsrv - ok
18:39:28.0001 1792  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
18:39:28.0032 1792  TsUsbFlt - ok
18:39:28.0048 1792  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
18:39:28.0094 1792  TsUsbGD - ok
18:39:28.0110 1792  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:39:28.0188 1792  tunnel - ok
18:39:28.0204 1792  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
18:39:28.0235 1792  uagp35 - ok
18:39:28.0250 1792  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:39:28.0313 1792  udfs - ok
18:39:28.0344 1792  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:39:28.0391 1792  UI0Detect - ok
18:39:28.0406 1792  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:39:28.0422 1792  uliagpkx - ok
18:39:28.0453 1792  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
18:39:28.0484 1792  umbus - ok
18:39:28.0500 1792  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
18:39:28.0547 1792  UmPass - ok
18:39:28.0578 1792  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
18:39:28.0656 1792  upnphost - ok
18:39:28.0703 1792  [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
18:39:28.0703 1792  USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
18:39:28.0703 1792  USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
18:39:28.0750 1792  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:39:28.0781 1792  usbccgp - ok
18:39:28.0796 1792  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:39:28.0828 1792  usbcir - ok
18:39:28.0859 1792  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
18:39:28.0890 1792  usbehci - ok
18:39:28.0921 1792  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:39:28.0968 1792  usbhub - ok
18:39:28.0984 1792  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
18:39:29.0030 1792  usbohci - ok
18:39:29.0062 1792  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
18:39:29.0124 1792  usbprint - ok
18:39:29.0155 1792  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
18:39:29.0186 1792  usbscan - ok
18:39:29.0202 1792  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:39:29.0249 1792  USBSTOR - ok
18:39:29.0280 1792  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
18:39:29.0311 1792  usbuhci - ok
18:39:29.0342 1792  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
18:39:29.0420 1792  UxSms - ok
18:39:29.0436 1792  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
18:39:29.0452 1792  VaultSvc - ok
18:39:29.0483 1792  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
18:39:29.0498 1792  vdrvroot - ok
18:39:29.0530 1792  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
18:39:29.0608 1792  vds - ok
18:39:29.0639 1792  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:39:29.0654 1792  vga - ok
18:39:29.0670 1792  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:39:29.0748 1792  VgaSave - ok
18:39:29.0764 1792  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
18:39:29.0795 1792  vhdmp - ok
18:39:29.0810 1792  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
18:39:29.0826 1792  viaide - ok
18:39:29.0842 1792  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:39:29.0857 1792  volmgr - ok
18:39:29.0873 1792  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:39:29.0904 1792  volmgrx - ok
18:39:29.0920 1792  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:39:29.0951 1792  volsnap - ok
18:39:29.0966 1792  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
18:39:29.0982 1792  vsmraid - ok
18:39:30.0029 1792  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
18:39:30.0138 1792  VSS - ok
18:39:30.0154 1792  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
18:39:30.0200 1792  vwifibus - ok
18:39:30.0232 1792  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
18:39:30.0278 1792  W32Time - ok
18:39:30.0294 1792  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
18:39:30.0341 1792  WacomPen - ok
18:39:30.0372 1792  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
18:39:30.0450 1792  WANARP - ok
18:39:30.0450 1792  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:39:30.0497 1792  Wanarpv6 - ok
18:39:30.0559 1792  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
18:39:30.0637 1792  WatAdminSvc - ok
18:39:30.0684 1792  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
18:39:30.0762 1792  wbengine - ok
18:39:30.0778 1792  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
18:39:30.0809 1792  WbioSrvc - ok
18:39:30.0824 1792  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:39:30.0871 1792  wcncsvc - ok
18:39:30.0902 1792  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:39:30.0965 1792  WcsPlugInService - ok
18:39:30.0980 1792  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
18:39:30.0996 1792  Wd - ok
18:39:31.0012 1792  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:39:31.0058 1792  Wdf01000 - ok
18:39:31.0074 1792  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:39:31.0168 1792  WdiServiceHost - ok
18:39:31.0168 1792  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:39:31.0199 1792  WdiSystemHost - ok
18:39:31.0230 1792  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
18:39:31.0277 1792  WebClient - ok
18:39:31.0308 1792  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:39:31.0370 1792  Wecsvc - ok
18:39:31.0402 1792  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:39:31.0448 1792  wercplsupport - ok
18:39:31.0480 1792  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:39:31.0526 1792  WerSvc - ok
18:39:31.0558 1792  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
18:39:31.0604 1792  WfpLwf - ok
18:39:31.0604 1792  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
18:39:31.0636 1792  WIMMount - ok
18:39:31.0636 1792  WinDefend - ok
18:39:31.0651 1792  WinHttpAutoProxySvc - ok
18:39:31.0729 1792  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:39:31.0792 1792  Winmgmt - ok
18:39:31.0838 1792  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
18:39:31.0948 1792  WinRM - ok
18:39:31.0994 1792  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
18:39:32.0026 1792  WinUsb - ok
18:39:32.0072 1792  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:39:32.0135 1792  Wlansvc - ok
18:39:32.0260 1792  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:39:32.0322 1792  wlidsvc - ok
18:39:32.0338 1792  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
18:39:32.0353 1792  WmiAcpi - ok
18:39:32.0369 1792  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:39:32.0416 1792  wmiApSrv - ok
18:39:32.0431 1792  WMPNetworkSvc - ok
18:39:32.0447 1792  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:39:32.0478 1792  WPCSvc - ok
18:39:32.0494 1792  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:39:32.0540 1792  WPDBusEnum - ok
18:39:32.0556 1792  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:39:32.0603 1792  ws2ifsl - ok
18:39:32.0618 1792  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
18:39:32.0665 1792  wscsvc - ok
18:39:32.0665 1792  WSearch - ok
18:39:32.0774 1792  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
18:39:32.0837 1792  wuauserv - ok
18:39:32.0868 1792  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:39:32.0930 1792  WudfPf - ok
18:39:32.0962 1792  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:39:33.0040 1792  WUDFRd - ok
18:39:33.0071 1792  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:39:33.0118 1792  wudfsvc - ok
18:39:33.0149 1792  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
18:39:33.0211 1792  WwanSvc - ok
18:39:33.0242 1792  ================ Scan global ===============================
18:39:33.0274 1792  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:39:33.0305 1792  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
18:39:33.0320 1792  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
18:39:33.0352 1792  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:39:33.0398 1792  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:39:33.0398 1792  [Global] - ok
18:39:33.0398 1792  ================ Scan MBR ==================================
18:39:33.0414 1792  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:39:33.0679 1792  \Device\Harddisk0\DR0 - ok
18:39:33.0695 1792  [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk1\DR1
18:39:33.0804 1792  \Device\Harddisk1\DR1 - ok
18:39:33.0804 1792  ================ Scan VBR ==================================
18:39:33.0882 1792  [ 89C5B85896933841B03CACDA6A95C370 ] \Device\Harddisk0\DR0\Partition1
18:39:33.0882 1792  \Device\Harddisk0\DR0\Partition1 - ok
18:39:33.0882 1792  [ 9FD8870643FD5483ED30709ABC30CEEB ] \Device\Harddisk1\DR1\Partition1
18:39:33.0882 1792  \Device\Harddisk1\DR1\Partition1 - ok
18:39:33.0882 1792  ============================================================
18:39:33.0882 1792  Scan finished
18:39:33.0882 1792  ============================================================
18:39:33.0898 4728  Detected object count: 2
18:39:33.0898 4728  Actual detected object count: 2
18:39:53.0772 4728  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:53.0772 4728  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:39:53.0772 4728  USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
18:39:53.0772 4728  USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

achja es waren 2 Funde

hi
sind keine "funde" in dem sinne, die dateien waren nur nicht signiert und tdss killer hat das als warnung angezeigt, ist aber alles io.
lade den CCleaner standard:
CCleaner Download - CCleaner 3.22.1800
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Hoffe es ist übersichtlich genug!

Code: Alles auswählenAufklappen

ATTFilter

Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	21.09.2012	6,00MB	11.4.402.278 notwendig
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	21.09.2012	6,00MB	11.4.402.278 notwendig
Adobe Reader X (10.1.4) - Deutsch	Adobe Systems Incorporated	18.08.2012	121MB	10.1.4 notwendig
Apple Application Support	Apple Inc.	22.09.2012	65,0MB	2.2.2 unbekannt
Apple Mobile Device Support	Apple Inc.	22.09.2012	23,7MB	6.0.0.59 unbekannt
Apple Software Update	Apple Inc.	22.09.2012	2,38MB	2.1.3.127 unbekannt
Avira Free Antivirus	Avira	12.09.2012	104MB	12.0.0.1199 weiß nicht ob notwendig
Benutzerhandbuch - Grundlagen EPSON SX230 Series		04.06.2012 notwendig
Benutzerhandbuch EPSON SX230 Series		04.06.2012		notwendig
Bonjour	Apple Inc.	11.12.2011	2,00MB	3.0.0.10 unbekannt
CCleaner	Piriform	22.08.2012		3.22 unnötig?
Diablo III	Blizzard Entertainment	30.08.2012		1.0.4.11327 notwendig
ElsterFormular	Landesfinanzdirektion Thüringen	05.06.2012	279MB	13.2.0.8623k notwendig
Epson Easy Photo Print 2	SEIKO EPSON CORPORATION	04.06.2012		2.2.4.0 notwendig
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)	SEIKO EPSON CORPORATION	04.06.2012		1.00.0000 notwendig
Epson Event Manager	SEIKO EPSON CORPORATION	04.06.2012	40,5MB	2.50.0000 unbekannt
EPSON Scan	Seiko Epson Corporation	04.06.2012		unbekannt
EPSON SX230 Series Printer Uninstall	SEIKO EPSON Corporation	04.06.2012	notwendig	
FileHippo.com Update Checker		22.09.2012		notwendig
Free PDF to Word Doc Converter v1.1	www.hellopdf.com	06.02.2012		1.1 notwendig
Free YouTube to MP3 Converter version 3.10.11.923	DVDVideoSoft Ltd.	24.09.2011	42,3MB	notwendig
FXCM Trading Station		06.08.2012		011212 unnötig
GamersFirst LIVE!	GamersFirst	17.12.2011		unnötig
Google Chrome	Google Inc.	25.09.2012		21.0.1180.89 unnötig
Google Earth	Google	11.01.2012	92,7MB	6.1.0.5001 unnötig
GPL Ghostscript	Artifex Software Inc.	04.07.2011		9.02 unbekannt
iTunes	Apple Inc.	22.09.2012	182MB	10.7.0.21 notwendig
Java 7 Update 7	Oracle	22.09.2012	128MB	7.0.70 unbekannt
JavaFX 2.1.1	Oracle Corporation	31.07.2012	20,8MB	2.1.1 unbekannt
KaloMa 4.93	Frank Böpple	11.04.2012	5,08MB	unnötig
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	23.06.2011	38,8MB	4.0.30319 unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	23.06.2011	2,93MB	4.0.30319 unbekannt
Microsoft Silverlight	Microsoft Corporation	06.08.2012	40,3MB	4.1.10329.0 unbekannt
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	05.08.2012	298KB	8.0.61001 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	25.06.2011	788KB	9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	05.08.2012	788KB	9.0.30729.6161 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	15.05.2012	240KB	9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	22.06.2011	596KB	9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	05.08.2012	600KB	9.0.30729.6161 unbekannt
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	05.08.2012	12,2MB	10.0.40219 unbekannt
Mozilla Firefox 15.0 (x86 de)	Mozilla	31.08.2012	38,4MB	15.0 notwendig
Mozilla Firefox 15.0.1 (x86 de)	Mozilla	08.09.2012	38,4MB	15.0.1 notwendig
Mozilla Maintenance Service	Mozilla	08.09.2012	327KB	15.0.1 unbekannt
NVIDIA 3D Vision Controller Driver 267.85	NVIDIA Corporation	15.05.2012		267.85 notwendig
NVIDIA Grafiktreiber 267.85	NVIDIA Corporation	15.05.2012		267.85 notwendig
NVIDIA HD-Audiotreiber 1.2.22.1	NVIDIA Corporation	15.05.2012		1.2.22.1 notwendig
NVIDIA PhysX-Systemsoftware 9.10.0514	NVIDIA Corporation	15.05.2012		9.10.0514 notwendig
OpenOffice.org 3.3	OpenOffice.org	25.06.2011	414MB	3.3.9567 notwendig
Pando Media Booster	Pando Networks Inc.	17.12.2011	5,46MB	2.3.5.6 unbekannt
PDF Blender		04.07.2011		notwendig
PDFCreator	Frank Heindörfer, Philip Chinery	06.02.2012		1.2.3 unnötig
PokerStars.eu	PokerStars.eu	23.09.2012		notwendig
QuickTime	Apple Inc.	22.09.2012	73,2MB	7.72.80.56 unbekannt
Secunia PSI (3.0.0.3001)	Secunia	22.09.2012	5,77MB	3.0.0.3001 notwendig
StarCraft II	Blizzard Entertainment	23.09.2012		1.5.3.23260 notwendig
Unity Web Player	Unity Technologies ApS	17.12.2011	12,0MB	 unbekannt
VLC media player 2.0.2	VideoLAN	22.09.2012		2.0.2 notwendig
Windows Live Essentials	Microsoft Corporation	05.08.2012		15.4.3555.0308 unbekannt
WinRAR 4.20 (32-bit)	win.rar GmbH	21.09.2012		4.20.0 unnötig
         

Um ehrlich zu sein bin ich mir bei manchen Dingen nicht so sicher ob ich die wirklich brauche!