Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Winlogon.exe ist Fehlerhaft

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 20.12.2012, 22:03   #1
Rex1234
 
Winlogon.exe ist Fehlerhaft - Standard

Winlogon.exe ist Fehlerhaft



Hallo,
auf facecoverz.com habe ich mir ein Titelbild für Facebook runtergeladen, folgedessen hat "winlogon.exe" mir Probleme bereitet, das war vor ca. 2-3 Monaten.

Ich denke in der Winlogon.exe ist ein verschlüsselter Trojaner..

Hier OTL

OTL.Txt ->

OTL logfile created on: 12/20/2012 9:19:00 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Yassoie_2\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

15.98 Gb Total Physical Memory | 13.68 Gb Available Physical Memory | 85.62% Memory free
31.96 Gb Paging File | 29.80 Gb Available in Paging File | 93.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 98.98 Gb Total Space | 14.67 Gb Free Space | 14.82% Space Free | Partition Type: NTFS
Drive D: | 12.71 Gb Total Space | 1.56 Gb Free Space | 12.29% Space Free | Partition Type: NTFS
Drive E: | 1863.02 Gb Total Space | 1464.06 Gb Free Space | 78.59% Space Free | Partition Type: NTFS

Computer Name: YASSOIE-HP | User Name: Yassoie_2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/20 21:18:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Yassoie_2\Desktop\OTL.exe
PRC - [2012/12/20 15:55:08 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/10/23 09:10:10 | 000,985,154 | RHS- | M] () -- C:\Users\Yassoie_2\AppData\Roaming\wuauclt.exe
PRC - [2012/10/02 23:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/06/09 14:37:00 | 000,653,128 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
PRC - [2011/06/09 14:36:34 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
PRC - [2011/05/06 01:40:52 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/02/24 09:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2011/02/01 08:41:24 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 08:41:20 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/11/24 05:31:24 | 002,069,504 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe
PRC - [2009/09/17 17:56:00 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/09/17 17:55:00 | 000,050,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
PRC - [2009/07/08 20:14:40 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/07/08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/02/28 04:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\ModLEDKey.exe
PRC - [2008/11/20 19:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/11/28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/10/23 09:10:10 | 000,985,154 | RHS- | M] () -- C:\Users\Yassoie_2\AppData\Roaming\wuauclt.exe
MOD - [2009/02/28 04:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\ModLEDKey.exe
MOD - [2009/02/20 02:22:50 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\WMINPUT.dll


========== Services (SafeList) ==========

SRV:64bit: - [2011/06/24 01:23:14 | 000,302,592 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\STacSV64.exe -- (STacSV)
SRV:64bit: - [2010/11/21 04:24:51 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\snmp.exe -- (SNMP)
SRV:64bit: - [2010/10/11 11:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:39:47 | 000,081,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tlntsvr.exe -- (TlntSvr)
SRV:64bit: - [2009/07/14 02:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp)
SRV:64bit: - [2009/03/02 17:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2012/12/20 15:55:08 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/12/12 15:12:33 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/06 14:43:42 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/02 23:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/06/09 14:37:18 | 000,264,008 | ---- | M] (HP) [Auto | Stopped] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)
SRV - [2011/05/06 01:40:52 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/02/24 09:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2011/02/01 08:41:24 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 08:41:20 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/21 04:25:10 | 000,047,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\snmp.exe -- (SNMP)
SRV - [2010/11/21 04:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/21 04:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/21 04:24:51 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/03/18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/17 17:56:00 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/09/17 17:37:00 | 003,197,256 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/09/17 17:22:00 | 000,411,976 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
SRV - [2009/08/18 18:23:16 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/07/14 02:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp)
SRV - [2009/07/08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/07/08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/27 23:55:40 | 000,233,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wpshelper.sys -- (WpsHelper)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/03 16:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/03/08 10:51:19 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/16 12:15:51 | 000,031,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv)
DRV:64bit: - [2011/11/16 12:00:08 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/11/16 12:00:08 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/10/01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/06/10 11:35:04 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/05/23 22:46:36 | 000,165,512 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1300000.080\ccSetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2011/04/26 20:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/04/22 11:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/22 02:46:54 | 001,360,960 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2011/04/21 00:07:22 | 000,399,944 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci)
DRV:64bit: - [2011/04/21 00:07:22 | 000,131,656 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tihub3.sys -- (tihub3)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 12:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2009/09/17 17:37:00 | 000,052,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\WPSDRVnt.sys -- (WPS)
DRV:64bit: - [2009/08/25 20:05:48 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2009/08/25 20:05:46 | 000,481,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
DRV:64bit: - [2009/08/25 20:05:44 | 000,443,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/27 13:31:00 | 000,062,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Teefer2.sys -- (Teefer2)
DRV - [2012/09/12 09:00:00 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121219.033\ex64.sys -- (NAVEX15)
DRV - [2012/09/12 09:00:00 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121219.033\eng64.sys -- (NAVENG)
DRV - [2012/08/09 09:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/09 09:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/08/25 20:05:48 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2009/08/25 20:05:46 | 000,481,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2009/08/25 20:05:44 | 000,443,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2395919D-162F-461A-B093-C5A85E355E1F}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2395919D-162F-461A-B093-C5A85E355E1F}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{2395919D-162F-461A-B093-C5A85E355E1F}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_34: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/06 14:43:42 | 000,000,000 | ---D | M]

[2012/09/09 19:17:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yassoie_2\AppData\Roaming\mozilla\Extensions
[2012/12/20 20:39:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/12/20 20:39:55 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com
[2012/12/06 14:43:42 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/16 12:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/08/30 15:13:49 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/16 12:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/02/16 12:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/02/16 12:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/02/16 12:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2012/11/08 17:26:00 | 000,002,227 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 virusscan.jotti.org
O1 - Hosts: 127.0.0.1 virustotal.com
O1 - Hosts: 127.0.0.1 virusscan.jotti.org
O1 - Hosts: 127.0.0.1 virustotal.com
O1 - Hosts: 127.0.0.1 virusscan.jotti.org
O1 - Hosts: 127.0.0.1 virustotal.com
O1 - Hosts: 127.0.0.1 virusscan.jotti.org
O1 - Hosts: 127.0.0.1 virustotal.com
O1 - Hosts: 127.0.0.1 virusscan.jotti.org
O1 - Hosts: 127.0.0.1 virustotal.com
O1 - Hosts: 127.0.0.1 virusscan.jotti.org
O1 - Hosts: 127.0.0.1 virustotal.com
O1 - Hosts: 127.0.0.1 virusscan.jotti.org
O1 - Hosts: 127.0.0.1 virustotal.com
O1 - Hosts: 127.0.0.1 virusscan.jotti.org
O1 - Hosts: 127.0.0.1 virustotal.com
O1 - Hosts: 127.0.0.1 virusscan.jotti.org
O1 - Hosts: 127.0.0.1 virustotal.com
O1 - Hosts: 127.0.0.1 virusscan.jotti.org
O1 - Hosts: 127.0.0.1 virustotal.com
O1 - Hosts: 127.0.0.1 virusscan.jotti.org
O1 - Hosts: 127.0.0.1 virustotal.com
O1 - Hosts: 127.0.0.1 virusscan.jotti.org
O1 - Hosts: 127.0.0.1 virustotal.com
O1 - Hosts: 127.0.0.1 virusscan.jotti.org
O1 - Hosts: 21 more lines...
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\coIEPlg.dll File not found
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\coIEPlg.dll File not found
O4:64bit: - HKLM..\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe File not found
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\LaunchApp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [Windows Update] C:\Users\Yassoie_2\AppData\Roaming\wuauclt.exe ()
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKCU..\Run: [Windows Update] C:\Users\Yassoie_2\AppData\Roaming\wuauclt.exe ()
O4 - HKCU..\Run: [Windows Update.exe] "C:\Users\Yassoie_2\AppData\Roaming\Windows Update\Windows Update.exe" File not found
O4 - Startup: C:\Users\Yassoie_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.lnk = C:\Users\Yassoie_2\AppData\Roaming\wuauclt.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Yassoie_2\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Yassoie_2\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.0.43.113 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A9C7FF6-0378-40DF-97D4-D08022BEFBE6}: DhcpNameServer = 217.0.43.113 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CAC8FDBF-9B9D-4240-8B85-A34E9E0C8E0B}: DhcpNameServer = 217.0.43.113 192.168.0.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/20 21:18:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Yassoie_2\Desktop\OTL.exe
[2012/12/20 21:16:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/12/20 21:06:28 | 000,019,896 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2012/12/20 21:06:28 | 000,000,000 | ---D | C] -- C:\Users\Yassoie_2\AppData\Roaming\Systweak
[2012/12/20 21:06:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
[2012/12/20 21:06:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegClean Pro
[2012/12/20 15:54:30 | 000,000,000 | ---D | C] -- C:\Users\Yassoie_2\Documents\Battlefield 3
[2012/12/20 15:48:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins
[2012/12/20 13:20:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
[2012/12/20 12:42:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2012/12/13 13:27:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/12/13 13:27:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/12/13 13:27:22 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/12/13 13:27:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/12/13 13:27:22 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/12/13 13:27:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/12/11 22:04:37 | 000,060,776 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012/12/11 22:04:37 | 000,052,584 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012/12/11 22:04:34 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/12/11 22:03:28 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012/12/11 04:18:52 | 000,000,000 | ---D | C] -- C:\Users\Yassoie_2\AppData\Local\Origin
[2012/12/11 04:18:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2012/12/11 04:18:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2012/12/11 04:09:45 | 000,000,000 | ---D | C] -- C:\Users\Yassoie_2\Desktop\bilder
[2012/12/11 04:01:01 | 000,000,000 | ---D | C] -- C:\Users\Yassoie_2\AppData\Roaming\InstallShield
[2012/12/06 14:43:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/12/02 02:03:23 | 000,000,000 | ---D | C] -- C:\Users\Yassoie_2\Desktop\musik
[2012/11/29 13:56:57 | 000,000,000 | ---D | C] -- C:\Users\Yassoie_2\AppData\Roaming\TS3Client
[2012/11/22 12:05:15 | 000,000,000 | ---D | C] -- C:\Users\Yassoie_2\AppData\Local\Google
[2012/11/22 12:05:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/11/20 21:33:32 | 000,000,000 | ---D | C] -- C:\Users\Yassoie_2\AppData\Local\ESN
[4 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/20 21:18:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Yassoie_2\Desktop\OTL.exe
[2012/12/20 21:17:10 | 000,050,477 | ---- | M] () -- C:\Users\Yassoie_2\Desktop\Defogger(1).exe
[2012/12/20 21:15:05 | 000,000,000 | ---- | M] () -- C:\Users\Yassoie_2\defogger_reenable
[2012/12/20 21:12:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/20 21:06:32 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2012/12/20 21:06:32 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2012/12/20 20:50:57 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForYassoie_2.job
[2012/12/20 20:48:00 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/12/20 20:48:00 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/12/20 20:47:53 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/12/20 20:47:06 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/20 20:47:06 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/20 20:44:13 | 000,689,548 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/20 20:44:13 | 000,134,638 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/20 20:44:12 | 001,739,880 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/20 20:44:12 | 000,753,918 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/12/20 20:44:12 | 000,164,012 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/12/20 20:39:59 | 000,000,761 | R--- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update.lnk
[2012/12/20 20:39:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/20 20:39:40 | 4279,484,414 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/20 15:55:08 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/12/20 15:22:00 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1136588543-3382375768-1063258435-1001UA.job
[2012/12/20 13:20:56 | 000,001,136 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2012/12/20 00:22:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1136588543-3382375768-1063258435-1001Core.job
[2012/12/13 13:27:35 | 000,001,745 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/12/13 00:27:17 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/11 04:26:02 | 000,000,355 | ---- | M] () -- C:\Users\Yassoie_2\Desktop\Computer - Verknüpfung.lnk
[2012/12/11 04:18:45 | 000,000,945 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2012/12/10 12:01:24 | 000,019,896 | ---- | M] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2012/12/10 04:45:19 | 000,007,601 | ---- | M] () -- C:\Users\Yassoie_2\AppData\Local\resmon.resmoncfg
[2012/12/05 23:47:35 | 000,001,463 | ---- | M] () -- C:\Users\Yassoie_2\AppData\Local\recently-used.xbel
[4 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/20 21:17:09 | 000,050,477 | ---- | C] () -- C:\Users\Yassoie_2\Desktop\Defogger(1).exe
[2012/12/20 21:15:05 | 000,000,000 | ---- | C] () -- C:\Users\Yassoie_2\defogger_reenable
[2012/12/20 21:06:32 | 000,000,292 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2012/12/20 21:06:32 | 000,000,284 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2012/12/20 13:20:56 | 000,001,136 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2012/12/20 13:20:37 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/12/20 13:20:37 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/12/20 01:19:53 | 002,211,840 | ---- | C] () -- C:\Users\Yassoie_2\Desktop\pbsetup.exe
[2012/12/13 13:27:35 | 000,001,745 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/12/11 22:04:46 | 003,536,817 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2012/12/11 04:26:02 | 000,000,355 | ---- | C] () -- C:\Users\Yassoie_2\Desktop\Computer - Verknüpfung.lnk
[2012/12/11 04:18:45 | 000,000,945 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2012/12/05 23:47:35 | 000,001,463 | ---- | C] () -- C:\Users\Yassoie_2\AppData\Local\recently-used.xbel
[2012/11/06 22:40:51 | 000,007,601 | ---- | C] () -- C:\Users\Yassoie_2\AppData\Local\resmon.resmoncfg
[2012/10/31 21:20:01 | 000,000,172 | ---- | C] () -- C:\Users\Yassoie_2\AppData\Roaming\Melt.bat
[2012/10/24 03:58:03 | 000,985,154 | RHS- | C] () -- C:\Users\Yassoie_2\AppData\Roaming\wuauclt.exe
[2012/10/23 09:09:01 | 001,761,289 | RHS- | C] () -- C:\Users\Yassoie_2\AppData\Roaming\winlogon.exe
[2012/08/30 09:40:14 | 000,429,416 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/11/16 12:16:24 | 000,002,792 | ---- | C] () -- C:\Program Files\HP SimplePass 2011
[2011/06/21 09:07:00 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/02/11 18:15:43 | 001,766,562 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/07/11 18:25:25 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/07/11 18:25:25 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/09/22 14:47:18 | 000,000,000 | ---D | M] -- C:\Users\Yassoie_2\AppData\Roaming\DVDVideoSoft
[2012/09/22 12:36:34 | 000,000,000 | ---D | M] -- C:\Users\Yassoie_2\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/12/11 04:20:28 | 000,000,000 | ---D | M] -- C:\Users\Yassoie_2\AppData\Roaming\Origin
[2012/12/14 15:54:13 | 000,000,000 | ---D | M] -- C:\Users\Yassoie_2\AppData\Roaming\SoftGrid Client
[2012/12/20 21:10:05 | 000,000,000 | ---D | M] -- C:\Users\Yassoie_2\AppData\Roaming\Systweak
[2012/12/02 16:03:31 | 000,000,000 | ---D | M] -- C:\Users\Yassoie_2\AppData\Roaming\TS3Client
[2012/11/27 15:59:13 | 000,000,000 | ---D | M] -- C:\Users\Yassoie_2\AppData\Roaming\Windows Update

========== Purity Check ==========



< End of report >





Extras.Txt ->

OTL Extras logfile created on: 12/20/2012 9:19:00 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Yassoie_2\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

15.98 Gb Total Physical Memory | 13.68 Gb Available Physical Memory | 85.62% Memory free
31.96 Gb Paging File | 29.80 Gb Available in Paging File | 93.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 98.98 Gb Total Space | 14.67 Gb Free Space | 14.82% Space Free | Partition Type: NTFS
Drive D: | 12.71 Gb Total Space | 1.56 Gb Free Space | 12.29% Space Free | Partition Type: NTFS
Drive E: | 1863.02 Gb Total Space | 1464.06 Gb Free Space | 78.59% Space Free | Partition Type: NTFS

Computer Name: YASSOIE-HP | User Name: Yassoie_2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07FC3E90-1072-4A82-91BD-D9F60472E1B1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{188AB54C-CF3B-436A-9D8D-87F19C326B04}" = rport=139 | protocol=6 | dir=out | app=system |
"{21909CC5-9834-4290-8437-3F14B70D807B}" = lport=139 | protocol=6 | dir=in | app=system |
"{27F39D94-C4A3-458D-A8FE-3306A4D6564A}" = lport=138 | protocol=17 | dir=in | app=system |
"{2B1AB9E5-6A52-4496-AE69-2F26CBBD8B76}" = lport=445 | protocol=6 | dir=in | app=system |
"{5400E4CE-6FF0-46CE-8232-2BD06D44B3E1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{56E0009F-D4AF-48FD-916B-36A5899B37FE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{AD773A2C-6394-4092-A34A-700946DBB754}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B8EA8B8D-7C52-4049-ACCB-BD3AA21C63A1}" = rport=137 | protocol=17 | dir=out | app=system |
"{BBD01AD3-A307-427E-8D52-147678075AC5}" = lport=137 | protocol=17 | dir=in | app=system |
"{D1B05BA8-C1C0-4066-BD1A-4FDE83BB0DDE}" = rport=445 | protocol=6 | dir=out | app=system |
"{F5A6F06A-389D-4F16-BBCE-D3FEA3C1986D}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BA88FC3-EB37-45FB-8939-4F10A7115A1C}" = dir=in | app=c:\users\yassoie_2\appdata\local\microsoft\skydrive\skydrive.exe |
"{0BF745C5-C3D7-4526-9620-251995ADCB53}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{1385C431-BCFD-4427-84E6-A7E92485FEC6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{18E7DDE7-71A2-4A6D-8AD8-ACFF0921D039}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{21604251-C055-47B8-B826-4A5F487E0D4F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{2B7A64E2-129A-4040-8E21-BC594C5DA79E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{38F80191-36C5-43D7-9B3F-0906A24E0517}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{442EE9EF-CF8C-4100-A189-D52F88DA11E7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4550BEED-21E1-4C0C-8FD3-87696ED29F87}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{667553CC-E20D-4E64-BF52-E97D9B1A2245}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{74C758BF-9928-456B-93A0-0D0B8C6C0BB6}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{7E2961CD-DDD6-43C1-9354-A49ACC3D61B9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{81F3C37D-CA69-4C20-A194-7655E4B3F5AC}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
"{82040704-A09F-4534-A2DE-EBFB70F336B1}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{84512580-F0F3-4108-A4F5-05CAB1D250B8}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{86FDFE49-55C2-435E-B269-CB8131DE6A8F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{94620448-9DE3-4DAD-9E99-4F3394243E51}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{A1E2F7F8-4003-4342-B6FC-2677B1F70D51}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B103062E-1AB3-43C5-9DCE-AEDA50FB4CB3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B4031211-2110-492D-9ED1-3403EB4C7AE7}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
"{BE5FAF08-CE38-4564-8338-95D8E464A01B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{CBFF32D7-A44B-4461-814F-AFC451FB6ACC}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{CC728883-9398-4B42-8267-6C2C29DF1B97}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D29A0434-CB2C-4E58-BD6C-9066CA3B720D}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
"{D3CBE75C-FDDB-4C11-8E00-A48B89AA9FAE}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D928A193-65BA-41FD-BE10-9B93C6D5B25B}" = dir=in | app=c:\users\yassoie\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{E93D5F53-F5D5-4EEF-B5CC-A39304572B72}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
"{EB487852-0DD6-4038-9421-65AC538ACD81}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{EE50BE5F-C48F-4EE1-A01C-B042947B3897}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
"{F6549183-E6B9-4FE0-9EEB-DDE0FAC10280}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
"TCP Query User{768120F4-ECBF-4571-A0E2-28BD8DCAA4AC}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"UDP Query User{00F5093E-AF85-4463-9943-6CFB5A2E78A9}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{22D8AE6F-3C6B-47E8-8F04-629F23DBE978}" = iTunes
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{530992D4-DDBA-4F68-8B0D-FF50AC57531B}" = Symantec Endpoint Protection
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"GIMP-2_is1" = GIMP 2.6.12
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.11 (64-Bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00FF4EB6-6AAC-4E9D-A60A-8F388691BB27}" = HP SimplePass PE 2011
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{1234C1F4-603F-4C34-8796-3544CF8A83F5}" = Facebook Messenger 2.1.4631.0
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4679C8B6-4A0E-416D-B7CE-86D0E3846B3B}" = BlackBeatsFM
"{4D090F70-6F08-4B60-9357-A1DFD4458F09}" = Microsoft Mathematics
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = 802.11n Wireless LAN Card
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}" = HP Keyboard
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel(R) Identity Protection Technology 1.1.2.0
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D35B72B6-F0E4-462B-BDEB-E08032B3B681}" = HP Setup
"{DB3147AB-4024-4773-8EC0-A1FE5B44933D}" = HP LinkUp
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Battlelog Web Plugins" = Battlelog Web Plugins
"ESN Sonar-0.70.4" = ESN Sonar
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Origin" = Origin
"PDF Complete" = PDF Complete Special Edition
"PunkBusterSvc" = PunkBuster Services
"RegClean Pro_is1" = RegClean Pro
"VIP Access SDK" = VIP Access SDK (1.0.1.4)
"World of Warcraft" = World of Warcraft

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/24/2012 6:03:13 AM | Computer Name = Yassoie-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TrueSuiteService.exe, Version: 5.3.0.194,
Zeitstempel: 0x4df09290 Name des fehlerhaften Moduls: TrueSuiteService.exe, Version:
5.3.0.194, Zeitstempel: 0x4df09290 Ausnahmecode: 0xc0000417 Fehleroffset: 0x0001280a
ID
des fehlerhaften Prozesses: 0x36c Startzeit der fehlerhaften Anwendung: 0x01cd9a3bc6b4780a
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
Berichtskennung:
0caf53c5-062f-11e2-b6b6-3860774c3298

Error - 9/24/2012 5:24:41 PM | Computer Name = Yassoie-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TrueSuiteService.exe, Version: 5.3.0.194,
Zeitstempel: 0x4df09290 Name des fehlerhaften Moduls: TrueSuiteService.exe, Version:
5.3.0.194, Zeitstempel: 0x4df09290 Ausnahmecode: 0xc0000417 Fehleroffset: 0x0001280a
ID
des fehlerhaften Prozesses: 0x36c Startzeit der fehlerhaften Anwendung: 0x01cd9a9afc8d6cd4
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
Berichtskennung:
4038553a-068e-11e2-8941-3860774c3298

Error - 9/25/2012 5:35:33 AM | Computer Name = Yassoie-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TrueSuiteService.exe, Version: 5.3.0.194,
Zeitstempel: 0x4df09290 Name des fehlerhaften Moduls: TrueSuiteService.exe, Version:
5.3.0.194, Zeitstempel: 0x4df09290 Ausnahmecode: 0xc0000417 Fehleroffset: 0x0001280a
ID
des fehlerhaften Prozesses: 0x36c Startzeit der fehlerhaften Anwendung: 0x01cd9b01149baf4b
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
Berichtskennung:
5a1f6ecb-06f4-11e2-a337-3860774c3298

Error - 9/25/2012 10:07:22 AM | Computer Name = Yassoie-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Origin.exe, Version: 9.0.13.2141,
Zeitstempel: 0x5058c4a8 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000374 Fehleroffset: 0x000ce6c3 ID des fehlerhaften
Prozesses: 0x1884 Startzeit der fehlerhaften Anwendung: 0x01cd9b267d007653 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Origin\Origin.exe Pfad des fehlerhaften
Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 52c54139-071a-11e2-a337-3860774c3298

Error - 9/25/2012 3:25:39 PM | Computer Name = Yassoie-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TrueSuiteService.exe, Version: 5.3.0.194,
Zeitstempel: 0x4df09290 Name des fehlerhaften Moduls: TrueSuiteService.exe, Version:
5.3.0.194, Zeitstempel: 0x4df09290 Ausnahmecode: 0xc0000417 Fehleroffset: 0x0001280a
ID
des fehlerhaften Prozesses: 0x36c Startzeit der fehlerhaften Anwendung: 0x01cd9b5383e5c38a
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
Berichtskennung:
c9c8f893-0746-11e2-85e0-3860774c3298

Error - 9/26/2012 5:54:41 AM | Computer Name = Yassoie-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TrueSuiteService.exe, Version: 5.3.0.194,
Zeitstempel: 0x4df09290 Name des fehlerhaften Moduls: TrueSuiteService.exe, Version:
5.3.0.194, Zeitstempel: 0x4df09290 Ausnahmecode: 0xc0000417 Fehleroffset: 0x0001280a
ID
des fehlerhaften Prozesses: 0x36c Startzeit der fehlerhaften Anwendung: 0x01cd9bcce935350f
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
Berichtskennung:
3066db6d-07c0-11e2-8d82-3860774c3298

Error - 9/26/2012 8:08:33 AM | Computer Name = Yassoie-HP | Source = VSS | ID = 8193
Description =

Error - 9/26/2012 9:07:25 AM | Computer Name = Yassoie-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TrueSuiteService.exe, Version: 5.3.0.194,
Zeitstempel: 0x4df09290 Name des fehlerhaften Moduls: TrueSuiteService.exe, Version:
5.3.0.194, Zeitstempel: 0x4df09290 Ausnahmecode: 0xc0000417 Fehleroffset: 0x0001280a
ID
des fehlerhaften Prozesses: 0x358 Startzeit der fehlerhaften Anwendung: 0x01cd9be7d6f3e9a8
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
Berichtskennung:
1d559d8e-07db-11e2-9f1d-3860774c3298

Error - 9/26/2012 4:28:47 PM | Computer Name = Yassoie-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TrueSuiteService.exe, Version: 5.3.0.194,
Zeitstempel: 0x4df09290 Name des fehlerhaften Moduls: TrueSuiteService.exe, Version:
5.3.0.194, Zeitstempel: 0x4df09290 Ausnahmecode: 0xc0000417 Fehleroffset: 0x0001280a
ID
des fehlerhaften Prozesses: 0x368 Startzeit der fehlerhaften Anwendung: 0x01cd9c25849b46e0
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
Berichtskennung:
c5a2b523-0818-11e2-a158-3860774c3298

Error - 9/27/2012 5:32:28 AM | Computer Name = Yassoie-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TrueSuiteService.exe, Version: 5.3.0.194,
Zeitstempel: 0x4df09290 Name des fehlerhaften Moduls: TrueSuiteService.exe, Version:
5.3.0.194, Zeitstempel: 0x4df09290 Ausnahmecode: 0xc0000417 Fehleroffset: 0x0001280a
ID
des fehlerhaften Prozesses: 0x360 Startzeit der fehlerhaften Anwendung: 0x01cd9c92ff533e21
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
Berichtskennung:
40812fc7-0886-11e2-af73-3860774c3298

[ Hewlett-Packard Events ]
Error - 9/27/2012 5:04:13 PM | Computer Name = Yassoie-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 16364 Ram Utilization: 10 TargetSite: Void UpdateAndDetect()

Error - 10/4/2012 3:32:47 PM | Computer Name = Yassoie-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 16364 Ram Utilization: 20 TargetSite: Void UpdateAndDetect()

Error - 10/11/2012 5:36:21 PM | Computer Name = Yassoie-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 16364 Ram Utilization: 30 TargetSite: Void UpdateAndDetect()

Error - 10/18/2012 11:54:27 AM | Computer Name = Yassoie-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 16364 Ram Utilization: 10 TargetSite: Void UpdateAndDetect()

Error - 10/25/2012 11:48:37 AM | Computer Name = Yassoie-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 16364 Ram Utilization: 30 TargetSite: Void UpdateAndDetect()

Error - 11/1/2012 4:32:19 PM | Computer Name = Yassoie-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 16364 Ram Utilization: 10 TargetSite: Void UpdateAndDetect()

Error - 11/8/2012 6:13:14 PM | Computer Name = Yassoie-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 16364 Ram Utilization: 10 TargetSite: Void UpdateAndDetect()

Error - 11/15/2012 6:56:26 PM | Computer Name = Yassoie-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 16364 Ram Utilization: 10 TargetSite: Void UpdateAndDetect()

Error - 11/22/2012 12:11:25 PM | Computer Name = Yassoie-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 16364 Ram Utilization: TargetSite: Void UpdateAndDetect()

Error - 11/29/2012 12:06:02 PM | Computer Name = Yassoie-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
de-DE RAM: 16364 Ram Utilization: 10 TargetSite: Void UpdateAndDetect()

[ Media Center Events ]
Error - 3/7/2012 9:21:17 PM | Computer Name = Yassoie-HP | Source = MCUpdate | ID = 0
Description = 02:21:17 - Fehler beim Herstellen der Internetverbindung. 02:21:17
- Serververbindung konnte nicht hergestellt werden..

Error - 3/8/2012 5:51:25 AM | Computer Name = Yassoie-HP | Source = MCUpdate | ID = 0
Description = 10:51:25 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die
Verbindung mit dem Remoteserver kann nicht hergestellt werden.)

Error - 3/8/2012 5:51:25 AM | Computer Name = Yassoie-HP | Source = MCUpdate | ID = 0
Description = 10:51:25 - MCEClientUX konnte nicht abgerufen werden (Fehler: Der
Remotename konnte nicht aufgelöst werden: 'data.tvdownload.microsoft.com')

Error - 3/8/2012 5:51:26 AM | Computer Name = Yassoie-HP | Source = MCUpdate | ID = 0
Description = 10:51:25 - Broadband konnte nicht abgerufen werden (Fehler: Der Remotename
konnte nicht aufgelöst werden: 'data.tvdownload.microsoft.com')

Error - 3/8/2012 7:10:11 AM | Computer Name = Yassoie-HP | Source = MCUpdate | ID = 0
Description = 12:10:08 - Fehler beim Herstellen der Internetverbindung. 12:10:08
- Serververbindung konnte nicht hergestellt werden..

[ System Events ]
Error - 12/19/2012 6:03:31 PM | Computer Name = Yassoie-HP | Source = Service Control Manager | ID = 7034
Description = Dienst "TrueSuiteService" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.

Error - 12/20/2012 7:27:48 AM | Computer Name = Yassoie-HP | Source = SNMP | ID = 16713180
Description = Beim Zugreifen auf den Registrierungsschlüssel SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration
ist ein Fehler aufgetreten.

Error - 12/20/2012 7:27:47 AM | Computer Name = Yassoie-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Norton Internet Security" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2

Error - 12/20/2012 7:27:50 AM | Computer Name = Yassoie-HP | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ccSet_NIS

Error - 12/20/2012 7:27:52 AM | Computer Name = Yassoie-HP | Source = Service Control Manager | ID = 7034
Description = Dienst "TrueSuiteService" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.

Error - 12/20/2012 7:44:45 AM | Computer Name = Yassoie-HP | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error - 12/20/2012 3:40:00 PM | Computer Name = Yassoie-HP | Source = SNMP | ID = 16713180
Description = Beim Zugreifen auf den Registrierungsschlüssel SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration
ist ein Fehler aufgetreten.

Error - 12/20/2012 3:39:59 PM | Computer Name = Yassoie-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Norton Internet Security" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2

Error - 12/20/2012 3:40:03 PM | Computer Name = Yassoie-HP | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ccSet_NIS

Error - 12/20/2012 3:40:06 PM | Computer Name = Yassoie-HP | Source = Service Control Manager | ID = 7034
Description = Dienst "TrueSuiteService" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.


< End of report >



Ich hab ein 64bit-system. daher kein Gmer.Txt

Alt 20.12.2012, 23:44   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Winlogon.exe ist Fehlerhaft - Standard

Winlogon.exe ist Fehlerhaft



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
Bitte alle folgenden Logs in CODE-Tags posten
Zitat:
Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 21.12.2012, 01:40   #3
Rex1234
 
Winlogon.exe ist Fehlerhaft - Standard

Winlogon.exe ist Fehlerhaft



Hi Cosinus, sorry, ich habe leider keine weiteren Funde zu verfügung, die ich posten könnte :S
__________________

Alt 22.12.2012, 19:43   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Winlogon.exe ist Fehlerhaft - Standard

Winlogon.exe ist Fehlerhaft



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 23.12.2012, 00:06   #5
Rex1234
 
Winlogon.exe ist Fehlerhaft - Standard

Winlogon.exe ist Fehlerhaft



aswMBR.txt

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-22 23:49:19
-----------------------------
23:49:19.607    OS Version: Windows x64 6.1.7601 Service Pack 1
23:49:19.607    Number of processors: 4 586 0x2A07
23:49:19.607    ComputerName: YASSOIE-HP  UserName: Yassoie_2
23:49:19.757    Initialize success
23:51:18.232    AVAST engine defs: 12122200
23:51:23.790    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:51:23.791    Disk 0 Vendor: INTEL_SS 4PC1 Size: 114473MB BusType: 3
23:51:23.793    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
23:51:23.794    Disk 1 Vendor: Hitachi_ MN6O Size: 1907729MB BusType: 3
23:51:23.796    Disk 0 MBR read successfully
23:51:23.798    Disk 0 MBR scan
23:51:23.800    Disk 0 Windows 7 default MBR code
23:51:23.802    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
23:51:23.805    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       101352 MB offset 206848
23:51:23.808    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        13019 MB offset 207775744
23:51:23.815    Disk 0 scanning C:\Windows\system32\drivers
23:51:26.112    Service scanning
23:51:33.014    Modules scanning
23:51:33.341    Disk 0 trace - called modules:
23:51:33.345    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
23:51:33.347    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800fe5a060]
23:51:33.349    3 CLASSPNP.SYS[fffff88001db043f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800eb0e050]
23:51:33.507    AVAST engine scan C:\Windows
23:51:33.836    AVAST engine scan C:\Windows\system32
23:52:31.693    AVAST engine scan C:\Windows\system32\drivers
23:52:34.542    AVAST engine scan C:\Users\Yassoie_2
23:52:47.205    AVAST engine scan C:\ProgramData
23:53:04.870    Scan finished successfully
23:53:46.613    Disk 0 MBR has been saved successfully to "C:\Users\Yassoie_2\Desktop\MBR.dat"
23:53:46.615    The log file has been saved successfully to "C:\Users\Yassoie_2\Desktop\aswMBR.txt"
         




TDSS-Killer

Code:
ATTFilter
00:02:30.0533 3008  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
00:02:30.0607 3008  ============================================================
00:02:30.0607 3008  Current date / time: 2012/12/23 00:02:30.0607
00:02:30.0607 3008  SystemInfo:
00:02:30.0607 3008  
00:02:30.0607 3008  OS Version: 6.1.7601 ServicePack: 1.0
00:02:30.0607 3008  Product type: Workstation
00:02:30.0607 3008  ComputerName: YASSOIE-HP
00:02:30.0607 3008  UserName: Yassoie_2
00:02:30.0607 3008  Windows directory: C:\Windows
00:02:30.0607 3008  System windows directory: C:\Windows
00:02:30.0607 3008  Running under WOW64
00:02:30.0607 3008  Processor architecture: Intel x64
00:02:30.0607 3008  Number of processors: 4
00:02:30.0607 3008  Page size: 0x1000
00:02:30.0607 3008  Boot type: Normal boot
00:02:30.0607 3008  ============================================================
00:02:30.0756 3008  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:02:30.0756 3008  Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:02:30.0769 3008  ============================================================
00:02:30.0769 3008  \Device\Harddisk0\DR0:
00:02:30.0770 3008  MBR partitions:
00:02:30.0770 3008  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
00:02:30.0770 3008  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC5F4000
00:02:30.0770 3008  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC626800, BlocksNum 0x196D800
00:02:30.0770 3008  \Device\Harddisk1\DR1:
00:02:30.0770 3008  GPT partitions:
00:02:30.0770 3008  \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {CBAB4C76-1483-4C93-AE79-44AA1110ACF3}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xE8E08000
00:02:30.0770 3008  MBR partitions:
00:02:30.0770 3008  ============================================================
00:02:30.0771 3008  C: <-> \Device\Harddisk0\DR0\Partition2
00:02:30.0772 3008  E: <-> \Device\Harddisk1\DR1\Partition1
00:02:30.0772 3008  D: <-> \Device\Harddisk0\DR0\Partition3
00:02:30.0772 3008  ============================================================
00:02:30.0773 3008  Initialize success
00:02:30.0773 3008  ============================================================
         


Alt 23.12.2012, 00:16   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Winlogon.exe ist Fehlerhaft - Standard

Winlogon.exe ist Fehlerhaft



Irgendwas muss beim TDSS-Killer falsch gelaufen sein, das Log ist viel zu kurz, bitte wiederholen.
__________________
--> Winlogon.exe ist Fehlerhaft

Alt 23.12.2012, 01:19   #7
Rex1234
 
Winlogon.exe ist Fehlerhaft - Standard

Winlogon.exe ist Fehlerhaft



Code:
ATTFilter
01:18:23.0189 0844  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
01:18:23.0289 0844  ============================================================
01:18:23.0289 0844  Current date / time: 2012/12/23 01:18:23.0289
01:18:23.0289 0844  SystemInfo:
01:18:23.0289 0844  
01:18:23.0289 0844  OS Version: 6.1.7601 ServicePack: 1.0
01:18:23.0289 0844  Product type: Workstation
01:18:23.0289 0844  ComputerName: YASSOIE-HP
01:18:23.0289 0844  UserName: Yassoie_2
01:18:23.0289 0844  Windows directory: C:\Windows
01:18:23.0289 0844  System windows directory: C:\Windows
01:18:23.0289 0844  Running under WOW64
01:18:23.0289 0844  Processor architecture: Intel x64
01:18:23.0289 0844  Number of processors: 4
01:18:23.0289 0844  Page size: 0x1000
01:18:23.0289 0844  Boot type: Normal boot
01:18:23.0289 0844  ============================================================
01:18:23.0439 0844  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:18:23.0459 0844  Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:18:23.0469 0844  ============================================================
01:18:23.0469 0844  \Device\Harddisk0\DR0:
01:18:23.0469 0844  MBR partitions:
01:18:23.0469 0844  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
01:18:23.0469 0844  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC5F4000
01:18:23.0469 0844  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC626800, BlocksNum 0x196D800
01:18:23.0469 0844  \Device\Harddisk1\DR1:
01:18:23.0469 0844  GPT partitions:
01:18:23.0469 0844  \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {CBAB4C76-1483-4C93-AE79-44AA1110ACF3}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xE8E08000
01:18:23.0469 0844  MBR partitions:
01:18:23.0469 0844  ============================================================
01:18:23.0469 0844  C: <-> \Device\Harddisk0\DR0\Partition2
01:18:23.0489 0844  E: <-> \Device\Harddisk1\DR1\Partition1
01:18:23.0489 0844  D: <-> \Device\Harddisk0\DR0\Partition3
01:18:23.0489 0844  ============================================================
01:18:23.0489 0844  Initialize success
01:18:23.0489 0844  ============================================================
01:18:24.0729 5844  ============================================================
01:18:24.0729 5844  Scan started
01:18:24.0729 5844  Mode: Manual; 
01:18:24.0729 5844  ============================================================
01:18:24.0949 5844  ================ Scan system memory ========================
01:18:24.0949 5844  System memory - ok
01:18:24.0949 5844  ================ Scan services =============================
01:18:24.0979 5844  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
01:18:24.0979 5844  1394ohci - ok
01:18:24.0989 5844  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
01:18:24.0989 5844  ACPI - ok
01:18:24.0989 5844  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
01:18:24.0989 5844  AcpiPmi - ok
01:18:25.0009 5844  [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
01:18:25.0009 5844  AdobeFlashPlayerUpdateSvc - ok
01:18:25.0019 5844  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
01:18:25.0019 5844  adp94xx - ok
01:18:25.0029 5844  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
01:18:25.0029 5844  adpahci - ok
01:18:25.0039 5844  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
01:18:25.0039 5844  adpu320 - ok
01:18:25.0039 5844  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
01:18:25.0039 5844  AeLookupSvc - ok
01:18:25.0049 5844  [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters     C:\Program Files\IDT\WDM\AESTSr64.exe
01:18:25.0049 5844  AESTFilters - ok
01:18:25.0059 5844  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
01:18:25.0059 5844  AFD - ok
01:18:25.0059 5844  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
01:18:25.0059 5844  agp440 - ok
01:18:25.0059 5844  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
01:18:25.0069 5844  ALG - ok
01:18:25.0069 5844  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
01:18:25.0069 5844  aliide - ok
01:18:25.0069 5844  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
01:18:25.0069 5844  amdide - ok
01:18:25.0069 5844  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
01:18:25.0069 5844  AmdK8 - ok
01:18:25.0079 5844  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
01:18:25.0079 5844  AmdPPM - ok
01:18:25.0079 5844  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
01:18:25.0079 5844  amdsata - ok
01:18:25.0089 5844  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
01:18:25.0089 5844  amdsbs - ok
01:18:25.0089 5844  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
01:18:25.0089 5844  amdxata - ok
01:18:25.0099 5844  [ 59D01FA91962C9C1E9B4022B2D3B46DB ] AppHostSvc      C:\Windows\system32\inetsrv\apphostsvc.dll
01:18:25.0099 5844  AppHostSvc - ok
01:18:25.0099 5844  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
01:18:25.0099 5844  AppID - ok
01:18:25.0099 5844  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
01:18:25.0099 5844  AppIDSvc - ok
01:18:25.0099 5844  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
01:18:25.0099 5844  Appinfo - ok
01:18:25.0109 5844  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
01:18:25.0109 5844  Apple Mobile Device - ok
01:18:25.0119 5844  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
01:18:25.0119 5844  arc - ok
01:18:25.0119 5844  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
01:18:25.0119 5844  arcsas - ok
01:18:25.0129 5844  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
01:18:25.0129 5844  aspnet_state - ok
01:18:25.0139 5844  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
01:18:25.0139 5844  AsyncMac - ok
01:18:25.0139 5844  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
01:18:25.0139 5844  atapi - ok
01:18:25.0149 5844  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
01:18:25.0149 5844  AudioEndpointBuilder - ok
01:18:25.0159 5844  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
01:18:25.0159 5844  AudioSrv - ok
01:18:25.0169 5844  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
01:18:25.0169 5844  AxInstSV - ok
01:18:25.0179 5844  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
01:18:25.0179 5844  b06bdrv - ok
01:18:25.0189 5844  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
01:18:25.0189 5844  b57nd60a - ok
01:18:25.0189 5844  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
01:18:25.0189 5844  BDESVC - ok
01:18:25.0199 5844  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
01:18:25.0199 5844  Beep - ok
01:18:25.0209 5844  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
01:18:25.0209 5844  BFE - ok
01:18:25.0219 5844  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
01:18:25.0219 5844  BITS - ok
01:18:25.0229 5844  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
01:18:25.0229 5844  blbdrive - ok
01:18:25.0229 5844  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
01:18:25.0239 5844  Bonjour Service - ok
01:18:25.0239 5844  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
01:18:25.0239 5844  bowser - ok
01:18:25.0239 5844  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
01:18:25.0239 5844  BrFiltLo - ok
01:18:25.0239 5844  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
01:18:25.0239 5844  BrFiltUp - ok
01:18:25.0249 5844  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
01:18:25.0249 5844  Browser - ok
01:18:25.0259 5844  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
01:18:25.0259 5844  Brserid - ok
01:18:25.0259 5844  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
01:18:25.0259 5844  BrSerWdm - ok
01:18:25.0259 5844  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
01:18:25.0259 5844  BrUsbMdm - ok
01:18:25.0259 5844  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
01:18:25.0259 5844  BrUsbSer - ok
01:18:25.0269 5844  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
01:18:25.0269 5844  BTHMODEM - ok
01:18:25.0269 5844  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
01:18:25.0269 5844  bthserv - ok
01:18:25.0279 5844  [ 27D036FB3D22CA8A6662FE960D1A937D ] ccEvtMgr        C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
01:18:25.0279 5844  ccEvtMgr - ok
01:18:25.0279 5844  [ 27D036FB3D22CA8A6662FE960D1A937D ] ccSetMgr        C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
01:18:25.0279 5844  ccSetMgr - ok
01:18:25.0289 5844  [ 9A2A298479BE9354FED42C9A40A9C214 ] ccSet_NIS       C:\Windows\system32\drivers\NISx64\1300000.080\ccSetx64.sys
01:18:25.0289 5844  ccSet_NIS - ok
01:18:25.0289 5844  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
01:18:25.0289 5844  cdfs - ok
01:18:25.0299 5844  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
01:18:25.0299 5844  cdrom - ok
01:18:25.0299 5844  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
01:18:25.0299 5844  CertPropSvc - ok
01:18:25.0299 5844  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
01:18:25.0299 5844  circlass - ok
01:18:25.0309 5844  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
01:18:25.0309 5844  CLFS - ok
01:18:25.0319 5844  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:18:25.0319 5844  clr_optimization_v2.0.50727_32 - ok
01:18:25.0319 5844  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:18:25.0319 5844  clr_optimization_v2.0.50727_64 - ok
01:18:25.0329 5844  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:18:25.0329 5844  clr_optimization_v4.0.30319_32 - ok
01:18:25.0329 5844  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:18:25.0329 5844  clr_optimization_v4.0.30319_64 - ok
01:18:25.0339 5844  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
01:18:25.0339 5844  CmBatt - ok
01:18:25.0339 5844  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
01:18:25.0339 5844  cmdide - ok
01:18:25.0349 5844  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
01:18:25.0349 5844  CNG - ok
01:18:25.0349 5844  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
01:18:25.0349 5844  Compbatt - ok
01:18:25.0349 5844  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
01:18:25.0349 5844  CompositeBus - ok
01:18:25.0359 5844  COMSysApp - ok
01:18:25.0359 5844  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
01:18:25.0359 5844  crcdisk - ok
01:18:25.0359 5844  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
01:18:25.0369 5844  CryptSvc - ok
01:18:25.0379 5844  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
01:18:25.0379 5844  cvhsvc - ok
01:18:25.0389 5844  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
01:18:25.0389 5844  DcomLaunch - ok
01:18:25.0399 5844  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
01:18:25.0399 5844  defragsvc - ok
01:18:25.0399 5844  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
01:18:25.0399 5844  DfsC - ok
01:18:25.0409 5844  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
01:18:25.0409 5844  Dhcp - ok
01:18:25.0409 5844  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
01:18:25.0409 5844  discache - ok
01:18:25.0419 5844  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
01:18:25.0419 5844  Disk - ok
01:18:25.0419 5844  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
01:18:25.0419 5844  Dnscache - ok
01:18:25.0429 5844  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
01:18:25.0429 5844  dot3svc - ok
01:18:25.0429 5844  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
01:18:25.0429 5844  DPS - ok
01:18:25.0429 5844  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
01:18:25.0429 5844  drmkaud - ok
01:18:25.0449 5844  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
01:18:25.0449 5844  DXGKrnl - ok
01:18:25.0449 5844  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
01:18:25.0449 5844  EapHost - ok
01:18:25.0489 5844  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
01:18:25.0499 5844  ebdrv - ok
01:18:25.0509 5844  [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
01:18:25.0519 5844  eeCtrl - ok
01:18:25.0519 5844  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
01:18:25.0519 5844  EFS - ok
01:18:25.0529 5844  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
01:18:25.0529 5844  ehRecvr - ok
01:18:25.0539 5844  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
01:18:25.0539 5844  ehSched - ok
01:18:25.0549 5844  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
01:18:25.0549 5844  elxstor - ok
01:18:25.0549 5844  [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
01:18:25.0549 5844  EraserUtilRebootDrv - ok
01:18:25.0559 5844  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
01:18:25.0559 5844  ErrDev - ok
01:18:25.0569 5844  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
01:18:25.0569 5844  EventSystem - ok
01:18:25.0569 5844  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
01:18:25.0569 5844  exfat - ok
01:18:25.0579 5844  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
01:18:25.0579 5844  fastfat - ok
01:18:25.0589 5844  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
01:18:25.0589 5844  Fax - ok
01:18:25.0589 5844  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
01:18:25.0589 5844  fdc - ok
01:18:25.0599 5844  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
01:18:25.0599 5844  fdPHost - ok
01:18:25.0599 5844  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
01:18:25.0599 5844  FDResPub - ok
01:18:25.0599 5844  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
01:18:25.0599 5844  FileInfo - ok
01:18:25.0599 5844  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
01:18:25.0599 5844  Filetrace - ok
01:18:25.0609 5844  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
01:18:25.0609 5844  flpydisk - ok
01:18:25.0609 5844  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
01:18:25.0609 5844  FltMgr - ok
01:18:25.0629 5844  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
01:18:25.0629 5844  FontCache - ok
01:18:25.0629 5844  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:18:25.0629 5844  FontCache3.0.0.0 - ok
01:18:25.0639 5844  [ 71CDC1D7F58D5EC49EBC2E2332AD3FAE ] FPLService      C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
01:18:25.0639 5844  FPLService - ok
01:18:25.0639 5844  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
01:18:25.0639 5844  FsDepends - ok
01:18:25.0649 5844  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
01:18:25.0649 5844  Fs_Rec - ok
01:18:25.0649 5844  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
01:18:25.0649 5844  fvevol - ok
01:18:25.0659 5844  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
01:18:25.0659 5844  gagp30kx - ok
01:18:25.0659 5844  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
01:18:25.0659 5844  GEARAspiWDM - ok
01:18:25.0669 5844  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
01:18:25.0669 5844  gpsvc - ok
01:18:25.0679 5844  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
01:18:25.0679 5844  hcw85cir - ok
01:18:25.0679 5844  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
01:18:25.0679 5844  HdAudAddService - ok
01:18:25.0689 5844  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
01:18:25.0689 5844  HDAudBus - ok
01:18:25.0689 5844  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
01:18:25.0689 5844  HidBatt - ok
01:18:25.0689 5844  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
01:18:25.0689 5844  HidBth - ok
01:18:25.0699 5844  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
01:18:25.0699 5844  HidIr - ok
01:18:25.0699 5844  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
01:18:25.0699 5844  hidserv - ok
01:18:25.0699 5844  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
01:18:25.0699 5844  HidUsb - ok
01:18:25.0709 5844  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
01:18:25.0709 5844  hkmsvc - ok
01:18:25.0709 5844  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
01:18:25.0709 5844  HomeGroupListener - ok
01:18:25.0719 5844  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
01:18:25.0719 5844  HomeGroupProvider - ok
01:18:25.0719 5844  [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
01:18:25.0719 5844  HP Support Assistant Service - ok
01:18:25.0729 5844  [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc     C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
01:18:25.0729 5844  HPClientSvc - ok
01:18:25.0729 5844  [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
01:18:25.0729 5844  HPDrvMntSvc.exe - ok
01:18:25.0749 5844  [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
01:18:25.0749 5844  hpqwmiex - ok
01:18:25.0749 5844  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
01:18:25.0749 5844  HpSAMD - ok
01:18:25.0759 5844  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
01:18:25.0759 5844  HTTP - ok
01:18:25.0769 5844  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
01:18:25.0769 5844  hwpolicy - ok
01:18:25.0769 5844  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
01:18:25.0769 5844  i8042prt - ok
01:18:25.0779 5844  [ 26CF4275034214ECEDD8EC17B0A18A99 ] iaStor          C:\Windows\system32\drivers\iaStor.sys
01:18:25.0779 5844  iaStor - ok
01:18:25.0789 5844  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
01:18:25.0799 5844  iaStorV - ok
01:18:25.0809 5844  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:18:25.0809 5844  idsvc - ok
01:18:25.0879 5844  [ A87261EF1546325B559374F5689CF5BC ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
01:18:25.0899 5844  igfx - ok
01:18:25.0909 5844  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
01:18:25.0909 5844  iirsp - ok
01:18:25.0919 5844  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
01:18:25.0919 5844  IKEEXT - ok
01:18:25.0929 5844  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
01:18:25.0929 5844  intelide - ok
01:18:25.0929 5844  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
01:18:25.0929 5844  intelppm - ok
01:18:25.0939 5844  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
01:18:25.0939 5844  IPBusEnum - ok
01:18:25.0939 5844  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:18:25.0939 5844  IpFilterDriver - ok
01:18:25.0949 5844  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
01:18:25.0949 5844  iphlpsvc - ok
01:18:25.0949 5844  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
01:18:25.0949 5844  IPMIDRV - ok
01:18:25.0959 5844  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
01:18:25.0959 5844  IPNAT - ok
01:18:25.0969 5844  [ B474C756C13960793C7583B766F904C4 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
01:18:25.0969 5844  iPod Service - ok
01:18:25.0979 5844  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
01:18:25.0979 5844  IRENUM - ok
01:18:25.0979 5844  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
01:18:25.0979 5844  isapnp - ok
01:18:25.0989 5844  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
01:18:25.0989 5844  iScsiPrt - ok
01:18:25.0989 5844  [ 6C85719A21B3F62C2C76280F4BD36C7B ] jhi_service     C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
01:18:25.0989 5844  jhi_service - ok
01:18:25.0999 5844  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
01:18:25.0999 5844  kbdclass - ok
01:18:25.0999 5844  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
01:18:25.0999 5844  kbdhid - ok
01:18:25.0999 5844  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
01:18:25.0999 5844  KeyIso - ok
01:18:26.0009 5844  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
01:18:26.0009 5844  KSecDD - ok
01:18:26.0009 5844  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
01:18:26.0009 5844  KSecPkg - ok
01:18:26.0009 5844  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
01:18:26.0009 5844  ksthunk - ok
01:18:26.0019 5844  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
01:18:26.0019 5844  KtmRm - ok
01:18:26.0029 5844  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
01:18:26.0029 5844  LanmanServer - ok
01:18:26.0029 5844  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
01:18:26.0029 5844  LanmanWorkstation - ok
01:18:26.0069 5844  [ E34152D03CAAAAA81DD66D803F392522 ] LiveUpdate      C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
01:18:26.0089 5844  LiveUpdate - ok
01:18:26.0089 5844  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
01:18:26.0089 5844  lltdio - ok
01:18:26.0099 5844  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
01:18:26.0099 5844  lltdsvc - ok
01:18:26.0099 5844  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
01:18:26.0099 5844  lmhosts - ok
01:18:26.0109 5844  [ D75C4B4A8FE6D7FD74A7EECDBAEC729F ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
01:18:26.0109 5844  LMS - ok
01:18:26.0109 5844  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
01:18:26.0109 5844  LSI_FC - ok
01:18:26.0119 5844  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
01:18:26.0119 5844  LSI_SAS - ok
01:18:26.0119 5844  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
01:18:26.0119 5844  LSI_SAS2 - ok
01:18:26.0129 5844  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
01:18:26.0129 5844  LSI_SCSI - ok
01:18:26.0129 5844  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
01:18:26.0129 5844  luafv - ok
01:18:26.0129 5844  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
01:18:26.0139 5844  Mcx2Svc - ok
01:18:26.0139 5844  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
01:18:26.0139 5844  megasas - ok
01:18:26.0149 5844  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
01:18:26.0149 5844  MegaSR - ok
01:18:26.0149 5844  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\drivers\HECIx64.sys
01:18:26.0149 5844  MEIx64 - ok
01:18:26.0149 5844  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
01:18:26.0149 5844  MMCSS - ok
01:18:26.0159 5844  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
01:18:26.0159 5844  Modem - ok
01:18:26.0159 5844  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
01:18:26.0159 5844  monitor - ok
01:18:26.0159 5844  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
01:18:26.0159 5844  mouclass - ok
01:18:26.0159 5844  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
01:18:26.0159 5844  mouhid - ok
01:18:26.0169 5844  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
01:18:26.0169 5844  mountmgr - ok
01:18:26.0169 5844  [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
01:18:26.0169 5844  MozillaMaintenance - ok
01:18:26.0179 5844  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
01:18:26.0179 5844  mpio - ok
01:18:26.0179 5844  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
01:18:26.0179 5844  mpsdrv - ok
01:18:26.0189 5844  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
01:18:26.0199 5844  MpsSvc - ok
01:18:26.0199 5844  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
01:18:26.0199 5844  MRxDAV - ok
01:18:26.0199 5844  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
01:18:26.0199 5844  mrxsmb - ok
01:18:26.0209 5844  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:18:26.0209 5844  mrxsmb10 - ok
01:18:26.0209 5844  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:18:26.0209 5844  mrxsmb20 - ok
01:18:26.0219 5844  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
01:18:26.0219 5844  msahci - ok
01:18:26.0219 5844  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
01:18:26.0219 5844  msdsm - ok
01:18:26.0229 5844  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
01:18:26.0229 5844  MSDTC - ok
01:18:26.0229 5844  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
01:18:26.0229 5844  Msfs - ok
01:18:26.0229 5844  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
01:18:26.0229 5844  mshidkmdf - ok
01:18:26.0239 5844  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
01:18:26.0239 5844  msisadrv - ok
01:18:26.0239 5844  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
01:18:26.0239 5844  MSiSCSI - ok
01:18:26.0239 5844  msiserver - ok
01:18:26.0239 5844  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
01:18:26.0239 5844  MSKSSRV - ok
01:18:26.0249 5844  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
01:18:26.0249 5844  MSPCLOCK - ok
01:18:26.0249 5844  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
01:18:26.0249 5844  MSPQM - ok
01:18:26.0249 5844  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
01:18:26.0259 5844  MsRPC - ok
01:18:26.0259 5844  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
01:18:26.0259 5844  mssmbios - ok
01:18:26.0259 5844  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
01:18:26.0259 5844  MSTEE - ok
01:18:26.0259 5844  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
01:18:26.0259 5844  MTConfig - ok
01:18:26.0269 5844  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
01:18:26.0269 5844  Mup - ok
01:18:26.0269 5844  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
01:18:26.0279 5844  napagent - ok
01:18:26.0279 5844  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
01:18:26.0279 5844  NativeWifiP - ok
01:18:26.0299 5844  [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG          C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20121221.024\ENG64.SYS
01:18:26.0299 5844  NAVENG - ok
01:18:26.0339 5844  [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15         C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20121221.024\EX64.SYS
01:18:26.0349 5844  NAVEX15 - ok
01:18:26.0359 5844  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
01:18:26.0359 5844  NDIS - ok
01:18:26.0369 5844  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
01:18:26.0369 5844  NdisCap - ok
01:18:26.0369 5844  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
01:18:26.0369 5844  NdisTapi - ok
01:18:26.0369 5844  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
01:18:26.0369 5844  Ndisuio - ok
01:18:26.0379 5844  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
01:18:26.0379 5844  NdisWan - ok
01:18:26.0379 5844  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
01:18:26.0379 5844  NDProxy - ok
01:18:26.0379 5844  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
01:18:26.0379 5844  NetBIOS - ok
01:18:26.0389 5844  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
01:18:26.0389 5844  NetBT - ok
01:18:26.0389 5844  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
01:18:26.0389 5844  Netlogon - ok
01:18:26.0399 5844  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
01:18:26.0399 5844  Netman - ok
01:18:26.0399 5844  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:18:26.0399 5844  NetMsmqActivator - ok
01:18:26.0409 5844  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:18:26.0409 5844  NetPipeActivator - ok
01:18:26.0409 5844  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
01:18:26.0419 5844  netprofm - ok
01:18:26.0439 5844  [ 8B5D2D7CB0EF5B1967860B8AB742A46C ] netr28x         C:\Windows\system32\DRIVERS\netr28x.sys
01:18:26.0439 5844  netr28x - ok
01:18:26.0439 5844  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:18:26.0449 5844  NetTcpActivator - ok
01:18:26.0449 5844  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:18:26.0449 5844  NetTcpPortSharing - ok
01:18:26.0449 5844  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
01:18:26.0449 5844  nfrd960 - ok
01:18:26.0449 5844  NIS - ok
01:18:26.0459 5844  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
01:18:26.0459 5844  NlaSvc - ok
01:18:26.0469 5844  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
01:18:26.0469 5844  Npfs - ok
01:18:26.0469 5844  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
01:18:26.0469 5844  nsi - ok
01:18:26.0469 5844  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
01:18:26.0469 5844  nsiproxy - ok
01:18:26.0489 5844  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
01:18:26.0499 5844  Ntfs - ok
01:18:26.0499 5844  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
01:18:26.0499 5844  Null - ok
01:18:26.0499 5844  [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
01:18:26.0509 5844  NVHDA - ok
01:18:26.0729 5844  [ FE2909F7DFB12B9A20AD207FE23B7E96 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
01:18:26.0779 5844  nvlddmkm - ok
01:18:26.0789 5844  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
01:18:26.0789 5844  nvraid - ok
01:18:26.0799 5844  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
01:18:26.0799 5844  nvstor - ok
01:18:26.0819 5844  [ 3341D2C91989BC87C3C0BAA97C27253B ] nvsvc           C:\Windows\system32\nvvsvc.exe
01:18:26.0819 5844  nvsvc - ok
01:18:26.0849 5844  [ 551CE34DAD2DFF0A480781E68B286E4D ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
01:18:26.0849 5844  nvUpdatusService - ok
01:18:26.0859 5844  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
01:18:26.0859 5844  nv_agp - ok
01:18:26.0859 5844  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
01:18:26.0859 5844  ohci1394 - ok
01:18:26.0869 5844  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:18:26.0869 5844  ose - ok
01:18:26.0929 5844  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
01:18:26.0949 5844  osppsvc - ok
01:18:26.0949 5844  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
01:18:26.0959 5844  p2pimsvc - ok
01:18:26.0959 5844  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
01:18:26.0969 5844  p2psvc - ok
01:18:26.0969 5844  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
01:18:26.0969 5844  Parport - ok
01:18:26.0969 5844  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
01:18:26.0969 5844  partmgr - ok
01:18:26.0979 5844  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
01:18:26.0979 5844  PcaSvc - ok
01:18:26.0979 5844  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
01:18:26.0989 5844  pci - ok
01:18:26.0989 5844  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
01:18:26.0989 5844  pciide - ok
01:18:26.0989 5844  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
01:18:26.0989 5844  pcmcia - ok
01:18:26.0999 5844  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
01:18:26.0999 5844  pcw - ok
01:18:26.0999 5844  pdfcDispatcher - ok
01:18:27.0009 5844  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
01:18:27.0009 5844  PEAUTH - ok
01:18:27.0019 5844  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
01:18:27.0029 5844  PerfHost - ok
01:18:27.0039 5844  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
01:18:27.0049 5844  pla - ok
01:18:27.0059 5844  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
01:18:27.0059 5844  PlugPlay - ok
01:18:27.0059 5844  [ 0BEE791C7C7ACE453C134E73633C497D ] pmxdrv          C:\Windows\system32\drivers\pmxdrv.sys
01:18:27.0059 5844  pmxdrv - ok
01:18:27.0069 5844  PnkBstrA - ok
01:18:27.0069 5844  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
01:18:27.0069 5844  PNRPAutoReg - ok
01:18:27.0069 5844  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
01:18:27.0079 5844  PNRPsvc - ok
01:18:27.0079 5844  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
01:18:27.0089 5844  PolicyAgent - ok
01:18:27.0089 5844  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
01:18:27.0089 5844  Power - ok
01:18:27.0089 5844  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
01:18:27.0099 5844  PptpMiniport - ok
01:18:27.0099 5844  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
01:18:27.0099 5844  Processor - ok
01:18:27.0099 5844  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
01:18:27.0099 5844  ProfSvc - ok
01:18:27.0109 5844  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
01:18:27.0109 5844  ProtectedStorage - ok
01:18:27.0109 5844  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
01:18:27.0109 5844  Psched - ok
01:18:27.0129 5844  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
01:18:27.0139 5844  ql2300 - ok
01:18:27.0139 5844  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
01:18:27.0139 5844  ql40xx - ok
01:18:27.0149 5844  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
01:18:27.0149 5844  QWAVE - ok
01:18:27.0149 5844  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
01:18:27.0149 5844  QWAVEdrv - ok
01:18:27.0159 5844  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
01:18:27.0159 5844  RasAcd - ok
01:18:27.0159 5844  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
01:18:27.0159 5844  RasAgileVpn - ok
01:18:27.0159 5844  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
01:18:27.0159 5844  RasAuto - ok
01:18:27.0169 5844  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
01:18:27.0169 5844  Rasl2tp - ok
01:18:27.0169 5844  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
01:18:27.0179 5844  RasMan - ok
01:18:27.0179 5844  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
01:18:27.0179 5844  RasPppoe - ok
01:18:27.0179 5844  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
01:18:27.0179 5844  RasSstp - ok
01:18:27.0189 5844  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
01:18:27.0189 5844  rdbss - ok
01:18:27.0189 5844  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
01:18:27.0189 5844  rdpbus - ok
01:18:27.0189 5844  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
01:18:27.0189 5844  RDPCDD - ok
01:18:27.0199 5844  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
01:18:27.0199 5844  RDPENCDD - ok
01:18:27.0199 5844  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
01:18:27.0199 5844  RDPREFMP - ok
01:18:27.0199 5844  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
01:18:27.0199 5844  RDPWD - ok
01:18:27.0209 5844  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
01:18:27.0209 5844  rdyboost - ok
01:18:27.0209 5844  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
01:18:27.0209 5844  RemoteAccess - ok
01:18:27.0219 5844  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
01:18:27.0219 5844  RemoteRegistry - ok
01:18:27.0219 5844  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
01:18:27.0219 5844  RpcEptMapper - ok
01:18:27.0219 5844  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
01:18:27.0219 5844  RpcLocator - ok
01:18:27.0229 5844  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
01:18:27.0229 5844  RpcSs - ok
01:18:27.0239 5844  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
01:18:27.0239 5844  rspndr - ok
01:18:27.0249 5844  [ F4C374B1C46DE294B573BB43723AC3F6 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
01:18:27.0249 5844  RTL8167 - ok
01:18:27.0249 5844  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
01:18:27.0249 5844  SamSs - ok
01:18:27.0249 5844  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
01:18:27.0259 5844  sbp2port - ok
01:18:27.0259 5844  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
01:18:27.0259 5844  SCardSvr - ok
01:18:27.0259 5844  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
01:18:27.0259 5844  scfilter - ok
01:18:27.0279 5844  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
01:18:27.0279 5844  Schedule - ok
01:18:27.0279 5844  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
01:18:27.0279 5844  SCPolicySvc - ok
01:18:27.0289 5844  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
01:18:27.0289 5844  SDRSVC - ok
01:18:27.0289 5844  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
01:18:27.0289 5844  secdrv - ok
01:18:27.0289 5844  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
01:18:27.0289 5844  seclogon - ok
01:18:27.0299 5844  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
01:18:27.0299 5844  SENS - ok
01:18:27.0299 5844  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
01:18:27.0299 5844  SensrSvc - ok
01:18:27.0299 5844  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
01:18:27.0299 5844  Serenum - ok
01:18:27.0309 5844  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
01:18:27.0309 5844  Serial - ok
01:18:27.0309 5844  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
01:18:27.0309 5844  sermouse - ok
01:18:27.0319 5844  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
01:18:27.0319 5844  SessionEnv - ok
01:18:27.0319 5844  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
01:18:27.0319 5844  sffdisk - ok
01:18:27.0319 5844  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
01:18:27.0319 5844  sffp_mmc - ok
01:18:27.0319 5844  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
01:18:27.0319 5844  sffp_sd - ok
01:18:27.0329 5844  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
01:18:27.0329 5844  sfloppy - ok
01:18:27.0339 5844  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
01:18:27.0339 5844  Sftfs - ok
01:18:27.0349 5844  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
01:18:27.0349 5844  sftlist - ok
01:18:27.0359 5844  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
01:18:27.0359 5844  Sftplay - ok
01:18:27.0359 5844  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
01:18:27.0359 5844  Sftredir - ok
01:18:27.0369 5844  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
01:18:27.0369 5844  Sftvol - ok
01:18:27.0369 5844  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
01:18:27.0369 5844  sftvsa - ok
01:18:27.0379 5844  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
01:18:27.0379 5844  SharedAccess - ok
01:18:27.0379 5844  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
01:18:27.0389 5844  ShellHWDetection - ok
01:18:27.0389 5844  [ E9E830D540EDEDED650F906628468548 ] simptcp         C:\Windows\System32\tcpsvcs.exe
01:18:27.0389 5844  simptcp - ok
01:18:27.0389 5844  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
01:18:27.0389 5844  SiSRaid2 - ok
01:18:27.0389 5844  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
01:18:27.0399 5844  SiSRaid4 - ok
01:18:27.0399 5844  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
01:18:27.0399 5844  Smb - ok
01:18:27.0429 5844  [ AD97B711074CF27DA0C00F2C26E1A62C ] SmcService      C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
01:18:27.0439 5844  SmcService - ok
01:18:27.0459 5844  [ 91BD8E268D93AAF5F59AAC9DE84A25BB ] SNAC            C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
01:18:27.0459 5844  SNAC - ok
01:18:27.0459 5844  [ CA62AE004E98374BF7F082CD765EEA02 ] SNMP            C:\Windows\System32\snmp.exe
01:18:27.0459 5844  SNMP - ok
01:18:27.0459 5844  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
01:18:27.0459 5844  SNMPTRAP - ok
01:18:27.0469 5844  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
01:18:27.0469 5844  spldr - ok
01:18:27.0469 5844  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
01:18:27.0479 5844  Spooler - ok
01:18:27.0509 5844  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
01:18:27.0529 5844  sppsvc - ok
01:18:27.0529 5844  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
01:18:27.0529 5844  sppuinotify - ok
01:18:27.0539 5844  [ 32900AC9CFDC578531279886CA16A4DF ] SRTSP           C:\Windows\system32\Drivers\SRTSP64.SYS
01:18:27.0539 5844  SRTSP - ok
01:18:27.0549 5844  [ 8929566D1F14685FD78EAF25BEE3ECC7 ] SRTSPL          C:\Windows\system32\Drivers\SRTSPL64.SYS
01:18:27.0549 5844  SRTSPL - ok
01:18:27.0559 5844  [ CB2FDF47EE67F8CCA5362ED9B94FE955 ] SRTSPX          C:\Windows\system32\Drivers\SRTSPX64.SYS
01:18:27.0559 5844  SRTSPX - ok
01:18:27.0559 5844  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
01:18:27.0569 5844  srv - ok
01:18:27.0569 5844  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
01:18:27.0569 5844  srv2 - ok
01:18:27.0579 5844  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
01:18:27.0579 5844  srvnet - ok
01:18:27.0579 5844  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
01:18:27.0579 5844  SSDPSRV - ok
01:18:27.0589 5844  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
01:18:27.0589 5844  SstpSvc - ok
01:18:27.0599 5844  [ E942412186178B1331F8335E30FA076F ] STacSV          C:\Program Files\IDT\WDM\STacSV64.exe
01:18:27.0599 5844  STacSV - ok
01:18:27.0599 5844  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
01:18:27.0599 5844  stexstor - ok
01:18:27.0609 5844  [ DCC8845692DEA3477BCF6CE9D06C711F ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
01:18:27.0609 5844  STHDA - ok
01:18:27.0619 5844  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
01:18:27.0619 5844  stisvc - ok
01:18:27.0629 5844  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
01:18:27.0629 5844  swenum - ok
01:18:27.0629 5844  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
01:18:27.0639 5844  swprv - ok
01:18:27.0669 5844  [ BA2FB8F8AB24D0279CAA98A4C118150E ] Symantec AntiVirus C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
01:18:27.0679 5844  Symantec AntiVirus - ok
01:18:27.0689 5844  [ 7E4D281982E19ABD06728C7EE9AC40A8 ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
01:18:27.0689 5844  SymEvent - ok
01:18:27.0709 5844  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
01:18:27.0709 5844  SysMain - ok
01:18:27.0719 5844  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
01:18:27.0719 5844  TabletInputService - ok
01:18:27.0719 5844  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
01:18:27.0729 5844  TapiSrv - ok
01:18:27.0729 5844  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
01:18:27.0729 5844  TBS - ok
01:18:27.0749 5844  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
01:18:27.0759 5844  Tcpip - ok
01:18:27.0779 5844  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
01:18:27.0779 5844  TCPIP6 - ok
01:18:27.0789 5844  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
01:18:27.0789 5844  tcpipreg - ok
01:18:27.0789 5844  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
01:18:27.0789 5844  TDPIPE - ok
01:18:27.0789 5844  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
01:18:27.0789 5844  TDTCP - ok
01:18:27.0789 5844  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
01:18:27.0799 5844  tdx - ok
01:18:27.0799 5844  [ 13657DC475DE564247745BF4DA23207C ] Teefer2         C:\Windows\system32\DRIVERS\teefer2.sys
01:18:27.0799 5844  Teefer2 - ok
01:18:27.0799 5844  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
01:18:27.0799 5844  TermDD - ok
01:18:27.0809 5844  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
01:18:27.0809 5844  TermService - ok
01:18:27.0819 5844  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
01:18:27.0819 5844  Themes - ok
01:18:27.0819 5844  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
01:18:27.0819 5844  THREADORDER - ok
01:18:27.0829 5844  [ FF879027C552A37897D107BE6CEDF6DF ] tihub3          C:\Windows\system32\drivers\tihub3.sys
01:18:27.0829 5844  tihub3 - ok
01:18:27.0839 5844  [ 133C3B4A3E44616F8F571A0EBBEF9B74 ] tixhci          C:\Windows\system32\drivers\tixhci.sys
01:18:27.0839 5844  tixhci - ok
01:18:27.0839 5844  [ 519CB7D7F697F4BA47DE05845C20F158 ] TlntSvr         C:\Windows\System32\tlntsvr.exe
01:18:27.0839 5844  TlntSvr - ok
01:18:27.0839 5844  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
01:18:27.0849 5844  TrkWks - ok
01:18:27.0849 5844  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
01:18:27.0849 5844  TrustedInstaller - ok
01:18:27.0849 5844  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
01:18:27.0849 5844  tssecsrv - ok
01:18:27.0859 5844  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
01:18:27.0859 5844  TsUsbFlt - ok
01:18:27.0859 5844  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
01:18:27.0859 5844  TsUsbGD - ok
01:18:27.0859 5844  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
01:18:27.0859 5844  tunnel - ok
01:18:27.0869 5844  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
01:18:27.0869 5844  uagp35 - ok
01:18:27.0869 5844  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
01:18:27.0869 5844  udfs - ok
01:18:27.0879 5844  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
01:18:27.0879 5844  UI0Detect - ok
01:18:27.0879 5844  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
01:18:27.0879 5844  uliagpkx - ok
01:18:27.0879 5844  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
01:18:27.0879 5844  umbus - ok
01:18:27.0889 5844  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
01:18:27.0889 5844  UmPass - ok
01:18:27.0909 5844  [ 758C2CE427C343F780A205E28555C98D ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
01:18:27.0919 5844  UNS - ok
01:18:27.0929 5844  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
01:18:27.0929 5844  upnphost - ok
01:18:27.0929 5844  [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
01:18:27.0929 5844  USBAAPL64 - ok
01:18:27.0940 5844  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
01:18:27.0940 5844  usbccgp - ok
01:18:27.0940 5844  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
01:18:27.0940 5844  usbcir - ok
01:18:27.0940 5844  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
01:18:27.0940 5844  usbehci - ok
01:18:27.0950 5844  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\drivers\usbhub.sys
01:18:27.0950 5844  usbhub - ok
01:18:27.0950 5844  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
01:18:27.0950 5844  usbohci - ok
01:18:27.0960 5844  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
01:18:27.0960 5844  usbprint - ok
01:18:27.0960 5844  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:18:27.0960 5844  USBSTOR - ok
01:18:27.0960 5844  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
01:18:27.0960 5844  usbuhci - ok
01:18:27.0970 5844  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
01:18:27.0970 5844  UxSms - ok
01:18:27.0970 5844  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
01:18:27.0970 5844  VaultSvc - ok
01:18:27.0970 5844  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
01:18:27.0970 5844  vdrvroot - ok
01:18:27.0980 5844  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
01:18:27.0980 5844  vds - ok
01:18:27.0990 5844  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
01:18:27.0990 5844  vga - ok
01:18:27.0990 5844  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
01:18:27.0990 5844  VgaSave - ok
01:18:28.0000 5844  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
01:18:28.0000 5844  vhdmp - ok
01:18:28.0000 5844  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
01:18:28.0000 5844  viaide - ok
01:18:28.0000 5844  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
01:18:28.0000 5844  volmgr - ok
01:18:28.0010 5844  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
01:18:28.0010 5844  volmgrx - ok
01:18:28.0020 5844  [ DF8126BD41180351A093A3AD2FC8903B ] volsnap         C:\Windows\system32\drivers\volsnap.sys
01:18:28.0020 5844  volsnap - ok
01:18:28.0020 5844  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
01:18:28.0020 5844  vsmraid - ok
01:18:28.0040 5844  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
01:18:28.0050 5844  VSS - ok
01:18:28.0050 5844  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
01:18:28.0050 5844  vwifibus - ok
01:18:28.0050 5844  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
01:18:28.0050 5844  vwififlt - ok
01:18:28.0060 5844  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
01:18:28.0060 5844  W32Time - ok
01:18:28.0070 5844  [ B32009DB1972E7F2C227499289C4384A ] W3SVC           C:\Windows\system32\inetsrv\iisw3adm.dll
01:18:28.0070 5844  W3SVC - ok
01:18:28.0070 5844  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
01:18:28.0070 5844  WacomPen - ok
01:18:28.0080 5844  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
01:18:28.0080 5844  WANARP - ok
01:18:28.0080 5844  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
01:18:28.0080 5844  Wanarpv6 - ok
01:18:28.0090 5844  [ B32009DB1972E7F2C227499289C4384A ] WAS             C:\Windows\system32\inetsrv\iisw3adm.dll
01:18:28.0090 5844  WAS - ok
01:18:28.0100 5844  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
01:18:28.0110 5844  wbengine - ok
01:18:28.0110 5844  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
01:18:28.0120 5844  WbioSrvc - ok
01:18:28.0120 5844  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
01:18:28.0120 5844  wcncsvc - ok
01:18:28.0130 5844  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
01:18:28.0130 5844  WcsPlugInService - ok
01:18:28.0130 5844  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
01:18:28.0130 5844  Wd - ok
01:18:28.0140 5844  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
01:18:28.0140 5844  Wdf01000 - ok
01:18:28.0150 5844  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
01:18:28.0150 5844  WdiServiceHost - ok
01:18:28.0150 5844  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
01:18:28.0150 5844  WdiSystemHost - ok
01:18:28.0160 5844  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
01:18:28.0160 5844  WebClient - ok
01:18:28.0160 5844  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
01:18:28.0160 5844  Wecsvc - ok
01:18:28.0170 5844  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
01:18:28.0170 5844  wercplsupport - ok
01:18:28.0170 5844  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
01:18:28.0170 5844  WerSvc - ok
01:18:28.0170 5844  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
01:18:28.0170 5844  WfpLwf - ok
01:18:28.0180 5844  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
01:18:28.0180 5844  WIMMount - ok
01:18:28.0180 5844  WinDefend - ok
01:18:28.0180 5844  WinHttpAutoProxySvc - ok
01:18:28.0190 5844  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
01:18:28.0190 5844  Winmgmt - ok
01:18:28.0210 5844  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
01:18:28.0220 5844  WinRM - ok
01:18:28.0220 5844  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
01:18:28.0220 5844  WinUsb - ok
01:18:28.0240 5844  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
01:18:28.0240 5844  Wlansvc - ok
01:18:28.0240 5844  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
01:18:28.0240 5844  WmiAcpi - ok
01:18:28.0250 5844  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
01:18:28.0250 5844  wmiApSrv - ok
01:18:28.0250 5844  WMPNetworkSvc - ok
01:18:28.0250 5844  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
01:18:28.0250 5844  WPCSvc - ok
01:18:28.0260 5844  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
01:18:28.0260 5844  WPDBusEnum - ok
01:18:28.0260 5844  [ 6CAB753B203F39B4CE05FF10013DE2EF ] WPS             C:\Windows\system32\drivers\wpsdrvnt.sys
01:18:28.0260 5844  WPS - ok
01:18:28.0270 5844  [ 49B9FA407586503D27D17DBDEAEAC970 ] WpsHelper       C:\Windows\system32\drivers\WpsHelper.sys
01:18:28.0270 5844  WpsHelper - ok
01:18:28.0270 5844  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
01:18:28.0270 5844  ws2ifsl - ok
01:18:28.0270 5844  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
01:18:28.0270 5844  wscsvc - ok
01:18:28.0280 5844  WSearch - ok
01:18:28.0300 5844  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
01:18:28.0310 5844  wuauserv - ok
01:18:28.0310 5844  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
01:18:28.0310 5844  WudfPf - ok
01:18:28.0320 5844  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
01:18:28.0320 5844  WUDFRd - ok
01:18:28.0320 5844  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
01:18:28.0320 5844  wudfsvc - ok
01:18:28.0330 5844  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
01:18:28.0330 5844  WwanSvc - ok
01:18:28.0330 5844  ================ Scan global ===============================
01:18:28.0330 5844  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
01:18:28.0340 5844  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
01:18:28.0340 5844  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
01:18:28.0350 5844  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
01:18:28.0350 5844  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
01:18:28.0350 5844  [Global] - ok
01:18:28.0350 5844  ================ Scan MBR ==================================
01:18:28.0360 5844  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
01:18:28.0420 5844  \Device\Harddisk0\DR0 - ok
01:18:28.0420 5844  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
01:18:28.0420 5844  \Device\Harddisk1\DR1 - ok
01:18:28.0420 5844  ================ Scan VBR ==================================
01:18:28.0420 5844  [ 8604DFE533DFA747E84DCE0818EB4A94 ] \Device\Harddisk0\DR0\Partition1
01:18:28.0420 5844  \Device\Harddisk0\DR0\Partition1 - ok
01:18:28.0420 5844  [ 8C4C44EB63738568DFD4F67611083AF7 ] \Device\Harddisk0\DR0\Partition2
01:18:28.0430 5844  \Device\Harddisk0\DR0\Partition2 - ok
01:18:28.0430 5844  [ 269E16231CE5B9F38CE1D41468C881B2 ] \Device\Harddisk0\DR0\Partition3
01:18:28.0430 5844  \Device\Harddisk0\DR0\Partition3 - ok
01:18:28.0430 5844  [ 4E5D6039ACB82D7204339843253E3C76 ] \Device\Harddisk1\DR1\Partition1
01:18:28.0430 5844  \Device\Harddisk1\DR1\Partition1 - ok
01:18:28.0430 5844  ============================================================
01:18:28.0430 5844  Scan finished
01:18:28.0430 5844  ============================================================
01:18:28.0440 5824  Detected object count: 0
01:18:28.0440 5824  Actual detected object count: 0
         

Alt 23.12.2012, 01:20   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Winlogon.exe ist Fehlerhaft - Standard

Winlogon.exe ist Fehlerhaft



Ok, da ist besser

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 23.12.2012, 01:25   #9
Rex1234
 
Winlogon.exe ist Fehlerhaft - Standard

Winlogon.exe ist Fehlerhaft



kurz vorweg, wie starte ich Window "manuell"?

Code:
ATTFilter
ComboFix 12-12-22.02 - Yassoie_2 23.12.2012   1:26.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.16364.14155 [GMT 1:00]
ausgeführt von:: c:\users\Yassoie_2\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Windows Live\Messenger\msacm32.dll
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\update.lnk
c:\users\Yassoie_2\AppData\Roaming\Melt.bat
c:\users\Yassoie_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.lnk
c:\users\Yassoie_2\AppData\Roaming\Windows Update
c:\users\Yassoie_2\AppData\Roaming\winlogon.exe
c:\users\Yassoie_2\AppData\Roaming\wuauclt.exe
c:\windows\SysWow64\DEBUG.log
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-11-23 bis 2012-12-23  ))))))))))))))))))))))))))))))
.
.
2012-12-21 12:26 . 2012-12-21 12:26	--------	dc----w-	c:\program files (x86)\AGEIA Technologies
2012-12-21 12:26 . 2012-12-21 12:26	--------	dc----w-	c:\users\UpdatusUser.Yassoie-HP
2012-12-21 11:37 . 2012-12-23 00:22	281520	-c--a-w-	c:\windows\SysWow64\PnkBstrB.exe
2012-12-21 11:37 . 2012-12-21 11:38	76888	-c--a-w-	c:\windows\SysWow64\PnkBstrA.exe
2012-12-21 11:37 . 2011-09-09 20:35	2580552	-c--a-w-	c:\windows\SysWow64\pbsvc.exe
2012-12-21 11:30 . 2012-12-21 11:30	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-21 11:30 . 2012-12-21 11:30	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-21 11:30 . 2012-12-21 11:30	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-21 11:30 . 2012-12-21 11:30	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-20 20:16 . 2012-12-20 20:16	--------	dc----w-	c:\program files (x86)\Apple Software Update
2012-12-20 20:06 . 2012-12-21 11:07	--------	dc----w-	c:\users\Yassoie_2\AppData\Roaming\Systweak
2012-12-20 20:06 . 2012-12-10 11:01	19896	-c--a-w-	c:\windows\system32\roboot64.exe
2012-12-20 14:48 . 2012-12-20 14:48	--------	dc----w-	c:\program files (x86)\Battlelog Web Plugins
2012-12-20 11:42 . 2012-12-20 11:43	--------	dc----w-	c:\program files (x86)\Origin Games
2012-12-13 12:27 . 2012-08-21 12:01	33240	-c--a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2012-12-13 12:27 . 2012-12-13 12:27	--------	dc----w-	c:\program files\iPod
2012-12-13 12:27 . 2012-12-13 12:27	--------	dc----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-13 12:27 . 2012-12-13 12:27	--------	dc----w-	c:\program files\iTunes
2012-12-13 12:27 . 2012-12-13 12:27	--------	dc----w-	c:\program files (x86)\iTunes
2012-12-13 12:27 . 2012-12-13 12:27	--------	dc----w-	c:\program files\Common Files\Apple
2012-12-12 22:55 . 2012-12-12 23:07	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-12-12 22:55 . 2012-12-12 23:07	2048	----a-w-	c:\windows\system32\tzres.dll
2012-12-12 22:49 . 2012-12-12 23:06	3149824	----a-w-	c:\windows\system32\win32k.sys
2012-12-12 22:43 . 2012-12-12 23:05	478208	----a-w-	c:\windows\system32\dpnet.dll
2012-12-12 22:43 . 2012-12-12 23:05	376832	----a-w-	c:\windows\SysWow64\dpnet.dll
2012-12-11 21:04 . 2012-12-03 15:47	983936	-c--a-w-	c:\windows\system32\nvumdshimx.dll
2012-12-11 21:04 . 2012-12-03 15:47	7446192	-c--a-w-	c:\windows\system32\nvopencl.dll
2012-12-11 21:04 . 2012-12-03 15:47	245432	-c--a-w-	c:\windows\system32\nvinitx.dll
2012-12-11 21:03 . 2012-12-11 21:03	--------	dc----w-	C:\NVIDIA
2012-12-11 03:18 . 2012-12-11 15:41	--------	dc----w-	c:\users\Yassoie_2\AppData\Local\Origin
2012-12-11 03:18 . 2012-12-11 03:20	--------	dc----w-	c:\program files (x86)\Origin
2012-12-11 03:01 . 2012-12-11 03:01	--------	dc----w-	c:\users\Yassoie_2\AppData\Roaming\InstallShield
2012-11-29 12:56 . 2012-12-21 21:14	--------	dc----w-	c:\users\Yassoie_2\AppData\Roaming\TS3Client
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-23 00:22 . 2012-03-04 15:40	281520	-c--a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2012-12-22 23:31 . 2012-03-01 12:57	281520	-c--a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2012-12-12 23:06 . 2012-03-04 16:15	67413224	-c--a-w-	c:\windows\system32\MRT.exe
2012-12-12 23:05 . 2012-12-12 22:50	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-12-12 14:12 . 2012-06-15 20:32	697272	-c--a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-12 14:12 . 2012-06-15 20:32	73656	-c--a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-03 15:47 . 2011-11-16 11:00	9271352	-c--a-w-	c:\windows\system32\nvcuda.dll
2012-12-03 15:47 . 2011-11-16 11:00	7819016	-c--a-w-	c:\windows\SysWow64\nvcuda.dll
2012-12-03 15:47 . 2011-11-16 11:00	2816824	-c--a-w-	c:\windows\system32\nvapi64.dll
2012-12-03 15:47 . 2011-11-16 11:00	2784104	-c--a-w-	c:\windows\system32\nvcuvid.dll
2012-12-03 15:47 . 2011-11-16 11:00	26811240	-c--a-w-	c:\windows\system32\nvoglv64.dll
2012-12-03 15:47 . 2011-11-16 11:00	2606440	-c--a-w-	c:\windows\SysWow64\nvcuvid.dll
2012-12-03 15:47 . 2011-11-16 11:00	25256296	-c--a-w-	c:\windows\system32\nvcompiler.dll
2012-12-03 15:47 . 2011-11-16 11:00	2496976	-c--a-w-	c:\windows\SysWow64\nvapi.dll
2012-12-03 15:47 . 2011-11-16 11:00	2226024	-c--a-w-	c:\windows\system32\nvcuvenc.dll
2012-12-03 15:47 . 2011-11-16 11:00	1874280	-c--a-w-	c:\windows\SysWow64\nvcuvenc.dll
2012-12-03 15:47 . 2011-11-16 11:00	18045968	-c--a-w-	c:\windows\system32\nvd3dumx.dll
2012-12-03 15:47 . 2011-11-16 11:00	17559912	-c--a-w-	c:\windows\SysWow64\nvcompiler.dll
2012-12-03 15:47 . 2011-11-16 11:00	15016256	-c--a-w-	c:\windows\system32\nvwgf2umx.dll
2012-12-03 15:47 . 2011-11-16 11:00	11532648	-c--a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2012-11-28 15:07 . 2012-11-28 13:32	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-11-28 15:07 . 2012-11-28 13:32	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-11-28 15:07 . 2012-11-28 13:32	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-11-16 01:10 . 2012-11-15 22:51	55296	----a-w-	c:\windows\system32\dhcpcsvc6.dll
2012-11-16 01:10 . 2012-11-15 22:51	44032	----a-w-	c:\windows\SysWow64\dhcpcsvc6.dll
2012-11-16 01:10 . 2012-11-15 22:51	226816	----a-w-	c:\windows\system32\dhcpcore6.dll
2012-11-16 01:10 . 2012-11-15 22:51	193536	----a-w-	c:\windows\SysWow64\dhcpcore6.dll
2012-11-16 01:08 . 2012-11-16 01:08	9728	----a-w-	c:\windows\system32\Wdfres.dll
2012-11-16 01:08 . 2012-11-16 01:08	785512	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2012-11-16 01:08 . 2012-11-16 01:08	54376	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2012-11-16 01:08 . 2012-11-15 22:51	192000	----a-w-	c:\windows\system32\iisRtl.dll
2012-11-16 01:08 . 2012-11-15 22:51	8192	----a-w-	c:\windows\SysWow64\iisrstap.dll
2012-11-16 01:08 . 2012-11-15 22:51	60928	----a-w-	c:\windows\system32\ahadmin.dll
2012-11-16 01:08 . 2012-11-15 22:51	55296	----a-w-	c:\windows\system32\admwprox.dll
2012-11-16 01:08 . 2012-11-15 22:51	50688	----a-w-	c:\windows\SysWow64\admwprox.dll
2012-11-16 01:08 . 2012-11-15 22:51	26624	----a-w-	c:\windows\SysWow64\ahadmin.dll
2012-11-16 01:08 . 2012-11-15 22:51	16896	----a-w-	c:\windows\system32\iisreset.exe
2012-11-16 01:08 . 2012-11-15 22:51	154624	----a-w-	c:\windows\SysWow64\iisRtl.dll
2012-11-16 01:08 . 2012-11-15 22:51	15360	----a-w-	c:\windows\SysWow64\iisreset.exe
2012-11-16 01:08 . 2012-11-15 22:51	14848	----a-w-	c:\windows\system32\wamregps.dll
2012-11-16 01:08 . 2012-11-15 22:51	11264	----a-w-	c:\windows\system32\iisrstap.dll
2012-11-16 01:08 . 2012-11-15 22:51	10752	----a-w-	c:\windows\SysWow64\wamregps.dll
2012-11-16 01:08 . 2012-11-15 22:51	70656	----a-w-	c:\windows\system32\nlaapi.dll
2012-11-16 01:08 . 2012-11-15 22:51	569344	----a-w-	c:\windows\system32\iphlpsvc.dll
2012-11-16 01:08 . 2012-11-15 22:51	52224	----a-w-	c:\windows\SysWow64\nlaapi.dll
2012-11-16 01:08 . 2012-11-15 22:51	45568	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
2012-11-16 01:08 . 2012-11-15 22:51	303104	----a-w-	c:\windows\system32\nlasvc.dll
2012-11-16 01:08 . 2012-11-15 22:51	246272	----a-w-	c:\windows\system32\netcorehc.dll
2012-11-16 01:08 . 2012-11-15 22:51	216576	----a-w-	c:\windows\system32\ncsi.dll
2012-11-16 01:08 . 2012-11-15 22:51	1914248	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-11-16 01:08 . 2012-11-15 22:51	18944	----a-w-	c:\windows\SysWow64\netevent.dll
2012-11-16 01:08 . 2012-11-15 22:51	18944	----a-w-	c:\windows\system32\netevent.dll
2012-11-16 01:08 . 2012-11-15 22:51	175104	----a-w-	c:\windows\SysWow64\netcorehc.dll
2012-11-16 01:08 . 2012-11-15 22:51	156672	----a-w-	c:\windows\SysWow64\ncsi.dll
2012-11-16 01:05 . 2012-11-16 01:05	744448	----a-w-	c:\windows\system32\WUDFx.dll
2012-11-16 01:05 . 2012-11-16 01:05	45056	----a-w-	c:\windows\system32\WUDFCoinstaller.dll
2012-11-16 01:05 . 2012-11-16 01:05	229888	----a-w-	c:\windows\system32\WUDFHost.exe
2012-11-16 01:05 . 2012-11-16 01:05	87040	----a-w-	c:\windows\system32\drivers\WUDFPf.sys
2012-11-16 01:05 . 2012-11-16 01:05	84992	----a-w-	c:\windows\system32\WUDFSvc.dll
2012-11-16 01:05 . 2012-11-16 01:05	198656	----a-w-	c:\windows\system32\drivers\WUDFRd.sys
2012-11-16 01:05 . 2012-11-16 01:05	194048	----a-w-	c:\windows\system32\WUDFPlatform.dll
2012-11-16 01:05 . 2012-11-15 22:50	95744	----a-w-	c:\windows\system32\synceng.dll
2012-11-16 01:05 . 2012-11-15 22:50	78336	----a-w-	c:\windows\SysWow64\synceng.dll
2012-11-14 15:27 . 2012-03-08 09:51	233120	----a-w-	c:\windows\system32\drivers\wpshelper.sys
2012-11-07 21:41 . 2012-10-31 22:19	229	-c--a-w-	c:\windows\DXM.REG
2012-10-10 10:31 . 2012-10-10 10:05	1659760	----a-w-	c:\windows\system32\drivers\ntfs.sys
2012-10-10 10:30 . 2012-10-10 10:05	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-10-10 10:30 . 2012-10-10 10:05	3968880	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-10-10 10:30 . 2012-10-10 10:05	3914096	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-10-10 10:30 . 2012-10-10 10:05	220160	----a-w-	c:\windows\system32\wintrust.dll
2012-10-10 10:30 . 2012-10-10 10:05	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
2012-10-10 10:30 . 2012-10-10 10:04	715776	----a-w-	c:\windows\system32\kerberos.dll
2012-10-10 10:30 . 2012-10-10 10:04	542208	----a-w-	c:\windows\SysWow64\kerberos.dll
2012-10-10 10:30 . 2012-10-10 10:04	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2012-10-10 10:30 . 2012-10-10 10:04	1464320	----a-w-	c:\windows\system32\crypt32.dll
2012-10-10 10:30 . 2012-10-10 10:04	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2012-10-10 10:30 . 2012-10-10 10:04	140288	----a-w-	c:\windows\system32\cryptnet.dll
2012-10-10 10:30 . 2012-10-10 10:04	1159680	----a-w-	c:\windows\SysWow64\crypt32.dll
2012-10-10 10:30 . 2012-10-10 10:04	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2012-09-28 09:32 . 2012-09-28 09:32	5989776	-c--a-w-	c:\windows\system32\usbaaplrc.dll
2012-09-28 09:32 . 2012-09-28 09:32	53760	-c--a-w-	c:\windows\system32\drivers\usbaapl64.sys
2012-09-26 12:08 . 2012-09-26 09:58	245760	----a-w-	c:\windows\system32\OxpsConverter.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-12-11 03:29	222712	-c--a-w-	c:\users\Yassoie_2\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-12-11 03:29	222712	-c--a-w-	c:\users\Yassoie_2\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-12-11 03:29	222712	-c--a-w-	c:\users\Yassoie_2\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP Keyboard\LaunchApp.exe" [2009-04-04 385024]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-05-06 658424]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2009-07-08 115560]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-11-28 151952]
.
c:\users\Yassoie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\Yassoie_2\AppData\Local\Facebook\Messenger\2.1.4631.0\FacebookMessenger.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1300000.080\ccSetx64.sys [2011-05-23 165512]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-06-09 264008]
R2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe [x]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2011-04-22 1360960]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2011-11-16 31152]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-02 89600]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-05-06 1128952]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-04-22 471144]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 tihub3;TI USB3 Hub Service;c:\windows\system32\drivers\tihub3.sys [2011-04-20 131656]
S3 tixhci;TI XHCI Service;c:\windows\system32\drivers\tixhci.sys [2011-04-20 399944]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 19662328
*NewlyCreated* - 44613113
*NewlyCreated* - 89508991
*NewlyCreated* - 99481471
*NewlyCreated* - ASWMBR
*Deregistered* - 19662328
*Deregistered* - 44613113
*Deregistered* - 89508991
*Deregistered* - 99481471
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs	REG_MULTI_SZ   	w3svc was
apphost	REG_MULTI_SZ   	apphostsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-15 14:12]
.
2012-12-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1136588543-3382375768-1063258435-1001Core.job
- c:\users\Yassoie\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-24 22:17]
.
2012-12-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1136588543-3382375768-1063258435-1001UA.job
- c:\users\Yassoie\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-24 22:17]
.
2012-12-21 c:\windows\Tasks\HPCeeScheduleForYassoie_2.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-12-11 03:29	261624	-c--a-w-	c:\users\Yassoie_2\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-12-11 03:29	261624	-c--a-w-	c:\users\Yassoie_2\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-12-11 03:29	261624	-c--a-w-	c:\users\Yassoie_2\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BeatsOSDApp"="c:\program files\IDT\WDM\beats64.exe" [2010-10-21 37888]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-06-24 1128448]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\Yassoie_2\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 217.0.43.113 192.168.0.1
FF - ProfilePath - c:\users\Yassoie_2\AppData\Roaming\Mozilla\Firefox\Profiles\pfqeribm.default-1352988437989\
FF - ExtSQL: 2012-11-15 14:22; websitelogon@truesuite.com; c:\program files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-Windows Update.exe - c:\users\Yassoie_2\AppData\Roaming\Windows Update\Windows Update.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-BATINDICATOR - c:\program files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
Wow6432Node-HKLM-Run-Windows Update - c:\users\Yassoie_2\AppData\Roaming\wuauclt.exe
SafeBoot-Symantec Antvirus
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-WildTangentGameProvider-hp-genres - c:\program files (x86)\HP Games\Game Explorer Categories - genres\Uninstall.exe
AddRemove-WildTangentGDF-hp-clubpenguin - c:\program files (x86)\HP Games\Web Link - Club Penguin\Uninstall.exe
AddRemove-WildTangentGDF-hp-darkorbit - c:\program files (x86)\HP Games\Web Link - Dark Orbit\Uninstall.exe
AddRemove-WildTangentGDF-hp-gunbros - c:\program files (x86)\HP Games\Web Link - Gun Bros\Uninstall.exe
AddRemove-WildTangentGDF-hp-seafight - c:\program files (x86)\HP Games\Web Link - Seafight\Uninstall.exe
AddRemove-WildTangentGDF-hp-shaiya - c:\program files (x86)\HP Games\Web Link - Shaiya\Uninstall.exe
AddRemove-WildTangentGDF-hp-worldofwarcraft - c:\program files (x86)\HP Games\Web Link - World of Warcraft\Uninstall.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.0.0.128\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1136588543-3382375768-1063258435-1010\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1136588543-3382375768-1063258435-1010\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1136588543-3382375768-1063258435-1010\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*°*×*W%\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-23  01:30:55
ComboFix-quarantined-files.txt  2012-12-23 00:30
.
Vor Suchlauf: 11 Verzeichnis(se), 14.029.414.400 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 15.291.736.064 Bytes frei
.
- - End Of File - - BCB7282F28C77C3BC07C3FB2DC6EB8A7
         

Alt 23.12.2012, 01:45   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Winlogon.exe ist Fehlerhaft - Standard

Winlogon.exe ist Fehlerhaft



Zitat:
kurz vorweg, wie starte ich Window "manuell"?
Einfach Windows neu starten ist damit gemeint
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 23.12.2012, 02:21   #11
Rex1234
 
Winlogon.exe ist Fehlerhaft - Standard

Winlogon.exe ist Fehlerhaft



aso

Alt 23.12.2012, 02:28   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Winlogon.exe ist Fehlerhaft - Standard

Winlogon.exe ist Fehlerhaft



Downloade dir bitte Farbar's Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • SecurityCenter / ActionCenter
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.
Poste bitte den Inhalt hier.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 23.12.2012, 02:39   #13
Rex1234
 
Winlogon.exe ist Fehlerhaft - Standard

Winlogon.exe ist Fehlerhaft



Code:
ATTFilter
Farbar Service Scanner Version: 10-12-2012
Ran by Yassoie_2 (administrator) on 23-12-2012 at 02:38:34
Running from "C:\Users\Yassoie_2\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
         

Alt 23.12.2012, 02:50   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Winlogon.exe ist Fehlerhaft - Standard

Winlogon.exe ist Fehlerhaft



Sieht gut aus

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 23.12.2012, 02:53   #15
Rex1234
 
Winlogon.exe ist Fehlerhaft - Standard

Winlogon.exe ist Fehlerhaft



Code:
ATTFilter
# AdwCleaner v2.101 - Datei am 23/12/2012 um 02:52:31 erstellt
# Aktualisiert am 16/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Yassoie_2 - YASSOIE-HP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Yassoie_2\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Users\Yassoie\AppData\Roaming\Iminent

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gefunden : HKLM\Software\Iminent
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0.1 (de)

Profilname : default 
Datei : C:\Users\Yassoie\AppData\Roaming\Mozilla\Firefox\Profiles\ueke2wct.default\prefs.js

[OK] Die Datei ist sauber.

Profilname : default-1352988437989 [Profil par défaut]
Datei : C:\Users\Yassoie_2\AppData\Roaming\Mozilla\Firefox\Profiles\pfqeribm.default-1352988437989\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [10477 octets] - [23/12/2012 02:52:31]

########## EOF - C:\AdwCleaner[R1].txt - [10538 octets] ##########
         

Antwort

Themen zu Winlogon.exe ist Fehlerhaft
antivirus, autorun, battle.net, bho, bonjour, converter, error, firefox, flash player, format, home, index, install.exe, launch, logfile, microsoft office starter 2010, mozilla, mp3, ntdll.dll, nvidia update, origin, plug-in, realtek, regclean, registry, rundll, scan, security, services.exe, software, svchost.exe, symantec, systweak, teamspeak, udp, virustotal.com, windows




Ähnliche Themen: Winlogon.exe ist Fehlerhaft


  1. Ubuntu bootet fehlerhaft
    Alles rund um Mac OSX & Linux - 12.10.2015 (1)
  2. Windowstaskleiste fehlerhaft
    Alles rund um Windows - 21.06.2015 (2)
  3. Grafiktreiber fehlerhaft
    Alles rund um Windows - 07.08.2013 (3)
  4. OTL scan fehlerhaft
    Log-Analyse und Auswertung - 04.08.2013 (17)
  5. Netzwerkadapter fehlerhaft
    Plagegeister aller Art und deren Bekämpfung - 12.12.2012 (7)
  6. Netzwerklistendienst fehlerhaft?
    Plagegeister aller Art und deren Bekämpfung - 30.07.2012 (3)
  7. Homepage Fehlerhaft?
    Log-Analyse und Auswertung - 26.10.2011 (0)
  8. Suchmaschinen fehlerhaft
    Log-Analyse und Auswertung - 09.10.2011 (6)
  9. Windows Aktivierung fehlerhaft
    Alles rund um Windows - 10.07.2011 (28)
  10. Explorer.exe fehlerhaft
    Log-Analyse und Auswertung - 16.10.2010 (1)
  11. Abbild fehlerhaft - zig mal
    Plagegeister aller Art und deren Bekämpfung - 08.09.2010 (9)
  12. vcomp.dll fehlerhaft
    Alles rund um Windows - 03.10.2009 (2)
  13. Abbild fehlerhaft
    Plagegeister aller Art und deren Bekämpfung - 15.09.2009 (14)
  14. Soundtreiber fehlerhaft
    Netzwerk und Hardware - 27.06.2009 (1)
  15. Stand by und Ruhezustand fehlerhaft
    Alles rund um Windows - 01.06.2009 (2)
  16. Google Suche fehlerhaft
    Log-Analyse und Auswertung - 20.01.2009 (6)
  17. Win XP Installation fehlerhaft?
    Alles rund um Windows - 18.06.2008 (3)

Zum Thema Winlogon.exe ist Fehlerhaft - Hallo, auf facecoverz.com habe ich mir ein Titelbild für Facebook runtergeladen, folgedessen hat "winlogon.exe" mir Probleme bereitet, das war vor ca. 2-3 Monaten. Ich denke in der Winlogon.exe ist ein - Winlogon.exe ist Fehlerhaft...
Archiv
Du betrachtest: Winlogon.exe ist Fehlerhaft auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.