| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Winlogon.exe ist FehlerhaftWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
20.12.2012, 22:03
| #1 |
 |  Winlogon.exe ist Fehlerhaft Hallo, auf facecoverz.com habe ich mir ein Titelbild für Facebook runtergeladen, folgedessen hat "winlogon.exe" mir Probleme bereitet, das war vor ca. 2-3 Monaten. Ich denke in der Winlogon.exe ist ein verschlüsselter Trojaner.. Hier OTL OTL.Txt -> OTL logfile created on: 12/20/2012 9:19:00 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Yassoie_2\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15.98 Gb Total Physical Memory | 13.68 Gb Available Physical Memory | 85.62% Memory free 31.96 Gb Paging File | 29.80 Gb Available in Paging File | 93.23% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 98.98 Gb Total Space | 14.67 Gb Free Space | 14.82% Space Free | Partition Type: NTFS Drive D: | 12.71 Gb Total Space | 1.56 Gb Free Space | 12.29% Space Free | Partition Type: NTFS Drive E: | 1863.02 Gb Total Space | 1464.06 Gb Free Space | 78.59% Space Free | Partition Type: NTFS Computer Name: YASSOIE-HP | User Name: Yassoie_2 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/12/20 21:18:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Yassoie_2\Desktop\OTL.exe PRC - [2012/12/20 15:55:08 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012/10/23 09:10:10 | 000,985,154 | RHS- | M] () -- C:\Users\Yassoie_2\AppData\Roaming\wuauclt.exe PRC - [2012/10/02 23:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011/06/09 14:37:00 | 000,653,128 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe PRC - [2011/06/09 14:36:34 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe PRC - [2011/05/06 01:40:52 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2011/02/24 09:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe PRC - [2011/02/01 08:41:24 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011/02/01 08:41:20 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010/11/24 05:31:24 | 002,069,504 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe PRC - [2009/09/17 17:56:00 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe PRC - [2009/09/17 17:55:00 | 000,050,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe PRC - [2009/07/08 20:14:40 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe PRC - [2009/07/08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe PRC - [2009/02/28 04:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\ModLEDKey.exe PRC - [2008/11/20 19:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe ========== Modules (No Company Name) ========== MOD - [2012/11/28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012/11/28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012/10/23 09:10:10 | 000,985,154 | RHS- | M] () -- C:\Users\Yassoie_2\AppData\Roaming\wuauclt.exe MOD - [2009/02/28 04:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\ModLEDKey.exe MOD - [2009/02/20 02:22:50 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\WMINPUT.dll ========== Services (SafeList) ========== SRV:64bit: - [2011/06/24 01:23:14 | 000,302,592 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\STacSV64.exe -- (STacSV) SRV:64bit: - [2010/11/21 04:24:51 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\snmp.exe -- (SNMP) SRV:64bit: - [2010/10/11 11:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc) SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009/07/14 02:39:47 | 000,081,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tlntsvr.exe -- (TlntSvr) SRV:64bit: - [2009/07/14 02:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp) SRV:64bit: - [2009/03/02 17:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters) SRV - [2012/12/20 15:55:08 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012/12/12 15:12:33 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/12/06 14:43:42 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/10/02 23:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2011/06/09 14:37:18 | 000,264,008 | ---- | M] (HP) [Auto | Stopped] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService) SRV - [2011/05/06 01:40:52 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2011/02/24 09:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service) SRV - [2011/02/01 08:41:24 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011/02/01 08:41:20 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010/11/21 04:25:10 | 000,047,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\snmp.exe -- (SNMP) SRV - [2010/11/21 04:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2010/11/21 04:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2010/11/21 04:24:51 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2010/03/18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/09/17 17:56:00 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus) SRV - [2009/09/17 17:37:00 | 003,197,256 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService) SRV - [2009/09/17 17:22:00 | 000,411,976 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC) SRV - [2009/08/18 18:23:16 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate) SRV - [2009/07/14 02:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp) SRV - [2009/07/08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr) SRV - [2009/07/08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/09/27 23:55:40 | 000,233,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wpshelper.sys -- (WpsHelper) DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012/07/03 16:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012/03/08 10:51:19 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/11/16 12:15:51 | 000,031,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv) DRV:64bit: - [2011/11/16 12:00:08 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/11/16 12:00:08 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/10/01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011/10/01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011/10/01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011/10/01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011/06/10 11:35:04 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2011/05/23 22:46:36 | 000,165,512 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1300000.080\ccSetx64.sys -- (ccSet_NIS) DRV:64bit: - [2011/04/26 20:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011/04/22 11:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/04/22 02:46:54 | 001,360,960 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x) DRV:64bit: - [2011/04/21 00:07:22 | 000,399,944 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci) DRV:64bit: - [2011/04/21 00:07:22 | 000,131,656 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tihub3.sys -- (tihub3) DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/10/19 12:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2009/09/17 17:37:00 | 000,052,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\WPSDRVnt.sys -- (WPS) DRV:64bit: - [2009/08/25 20:05:48 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2009/08/25 20:05:46 | 000,481,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL) DRV:64bit: - [2009/08/25 20:05:44 | 000,443,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/27 13:31:00 | 000,062,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Teefer2.sys -- (Teefer2) DRV - [2012/09/12 09:00:00 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121219.033\ex64.sys -- (NAVEX15) DRV - [2012/09/12 09:00:00 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121219.033\eng64.sys -- (NAVENG) DRV - [2012/08/09 09:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2012/08/09 09:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2009/08/25 20:05:48 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX) DRV - [2009/08/25 20:05:46 | 000,481,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL) DRV - [2009/08/25 20:05:44 | 000,443,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{2395919D-162F-461A-B093-C5A85E355E1F}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{2395919D-162F-461A-B093-C5A85E355E1F}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4 IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKCU\..\SearchScopes\{2395919D-162F-461A-B093-C5A85E355E1F}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_34: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/06 14:43:42 | 000,000,000 | ---D | M] [2012/09/09 19:17:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yassoie_2\AppData\Roaming\mozilla\Extensions [2012/12/20 20:39:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/12/20 20:39:55 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2012/12/06 14:43:42 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/02/16 12:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/08/30 15:13:49 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/02/16 12:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012/02/16 12:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012/02/16 12:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012/02/16 12:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012/11/08 17:26:00 | 000,002,227 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 virusscan.jotti.org O1 - Hosts: 127.0.0.1 virustotal.com O1 - Hosts: 127.0.0.1 virusscan.jotti.org O1 - Hosts: 127.0.0.1 virustotal.com O1 - Hosts: 127.0.0.1 virusscan.jotti.org O1 - Hosts: 127.0.0.1 virustotal.com O1 - Hosts: 127.0.0.1 virusscan.jotti.org O1 - Hosts: 127.0.0.1 virustotal.com O1 - Hosts: 127.0.0.1 virusscan.jotti.org O1 - Hosts: 127.0.0.1 virustotal.com O1 - Hosts: 127.0.0.1 virusscan.jotti.org O1 - Hosts: 127.0.0.1 virustotal.com O1 - Hosts: 127.0.0.1 virusscan.jotti.org O1 - Hosts: 127.0.0.1 virustotal.com O1 - Hosts: 127.0.0.1 virusscan.jotti.org O1 - Hosts: 127.0.0.1 virustotal.com O1 - Hosts: 127.0.0.1 virusscan.jotti.org O1 - Hosts: 127.0.0.1 virustotal.com O1 - Hosts: 127.0.0.1 virusscan.jotti.org O1 - Hosts: 127.0.0.1 virustotal.com O1 - Hosts: 127.0.0.1 virusscan.jotti.org O1 - Hosts: 127.0.0.1 virustotal.com O1 - Hosts: 127.0.0.1 virusscan.jotti.org O1 - Hosts: 127.0.0.1 virustotal.com O1 - Hosts: 127.0.0.1 virusscan.jotti.org O1 - Hosts: 21 more lines... O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\coIEPlg.dll File not found O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found. O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\coIEPlg.dll File not found O4:64bit: - HKLM..\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard ) O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe File not found O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\LaunchApp.exe (Hewlett-Packard) O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [Windows Update] C:\Users\Yassoie_2\AppData\Roaming\wuauclt.exe () O4 - HKCU..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found O4 - HKCU..\Run: [Windows Update] C:\Users\Yassoie_2\AppData\Roaming\wuauclt.exe () O4 - HKCU..\Run: [Windows Update.exe] "C:\Users\Yassoie_2\AppData\Roaming\Windows Update\Windows Update.exe" File not found O4 - Startup: C:\Users\Yassoie_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.lnk = C:\Users\Yassoie_2\AppData\Roaming\wuauclt.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Yassoie_2\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Yassoie_2\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.0.43.113 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A9C7FF6-0378-40DF-97D4-D08022BEFBE6}: DhcpNameServer = 217.0.43.113 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CAC8FDBF-9B9D-4240-8B85-A34E9E0C8E0B}: DhcpNameServer = 217.0.43.113 192.168.0.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/12/20 21:18:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Yassoie_2\Desktop\OTL.exe [2012/12/20 21:16:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2012/12/20 21:06:28 | 000,019,896 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe [2012/12/20 21:06:28 | 000,000,000 | ---D | C] -- C:\Users\Yassoie_2\AppData\Roaming\Systweak [2012/12/20 21:06:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro [2012/12/20 21:06:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegClean Pro [2012/12/20 15:54:30 | 000,000,000 | ---D | C] -- C:\Users\Yassoie_2\Documents\Battlefield 3 [2012/12/20 15:48:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins [2012/12/20 13:20:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3 [2012/12/20 12:42:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games [2012/12/13 13:27:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012/12/13 13:27:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012/12/13 13:27:22 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012/12/13 13:27:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012/12/13 13:27:22 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2012/12/13 13:27:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2012/12/11 22:04:37 | 000,060,776 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2012/12/11 22:04:37 | 000,052,584 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2012/12/11 22:04:34 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2012/12/11 22:03:28 | 000,000,000 | ---D | C] -- C:\NVIDIA [2012/12/11 04:18:52 | 000,000,000 | ---D | C] -- C:\Users\Yassoie_2\AppData\Local\Origin [2012/12/11 04:18:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin [2012/12/11 04:18:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin [2012/12/11 04:09:45 | 000,000,000 | ---D | C] -- C:\Users\Yassoie_2\Desktop\bilder [2012/12/11 04:01:01 | 000,000,000 | ---D | C] -- C:\Users\Yassoie_2\AppData\Roaming\InstallShield [2012/12/06 14:43:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012/12/02 02:03:23 | 000,000,000 | ---D | C] -- C:\Users\Yassoie_2\Desktop\musik [2012/11/29 13:56:57 | 000,000,000 | ---D | C] -- C:\Users\Yassoie_2\AppData\Roaming\TS3Client [2012/11/22 12:05:15 | 000,000,000 | ---D | C] -- C:\Users\Yassoie_2\AppData\Local\Google [2012/11/22 12:05:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2012/11/20 21:33:32 | 000,000,000 | ---D | C] -- C:\Users\Yassoie_2\AppData\Local\ESN [4 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/12/20 21:18:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Yassoie_2\Desktop\OTL.exe [2012/12/20 21:17:10 | 000,050,477 | ---- | M] () -- C:\Users\Yassoie_2\Desktop\Defogger(1).exe [2012/12/20 21:15:05 | 000,000,000 | ---- | M] () -- C:\Users\Yassoie_2\defogger_reenable [2012/12/20 21:12:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/12/20 21:06:32 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job [2012/12/20 21:06:32 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job [2012/12/20 20:50:57 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForYassoie_2.job [2012/12/20 20:48:00 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012/12/20 20:48:00 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012/12/20 20:47:53 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012/12/20 20:47:06 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/12/20 20:47:06 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/12/20 20:44:13 | 000,689,548 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/12/20 20:44:13 | 000,134,638 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/12/20 20:44:12 | 001,739,880 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/12/20 20:44:12 | 000,753,918 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012/12/20 20:44:12 | 000,164,012 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012/12/20 20:39:59 | 000,000,761 | R--- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update.lnk [2012/12/20 20:39:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/12/20 20:39:40 | 4279,484,414 | -HS- | M] () -- C:\hiberfil.sys [2012/12/20 15:55:08 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012/12/20 15:22:00 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1136588543-3382375768-1063258435-1001UA.job [2012/12/20 13:20:56 | 000,001,136 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk [2012/12/20 00:22:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1136588543-3382375768-1063258435-1001Core.job [2012/12/13 13:27:35 | 000,001,745 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/12/13 00:27:17 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/12/11 04:26:02 | 000,000,355 | ---- | M] () -- C:\Users\Yassoie_2\Desktop\Computer - Verknüpfung.lnk [2012/12/11 04:18:45 | 000,000,945 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk [2012/12/10 12:01:24 | 000,019,896 | ---- | M] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe [2012/12/10 04:45:19 | 000,007,601 | ---- | M] () -- C:\Users\Yassoie_2\AppData\Local\resmon.resmoncfg [2012/12/05 23:47:35 | 000,001,463 | ---- | M] () -- C:\Users\Yassoie_2\AppData\Local\recently-used.xbel [4 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/12/20 21:17:09 | 000,050,477 | ---- | C] () -- C:\Users\Yassoie_2\Desktop\Defogger(1).exe [2012/12/20 21:15:05 | 000,000,000 | ---- | C] () -- C:\Users\Yassoie_2\defogger_reenable [2012/12/20 21:06:32 | 000,000,292 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job [2012/12/20 21:06:32 | 000,000,284 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job [2012/12/20 13:20:56 | 000,001,136 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk [2012/12/20 13:20:37 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012/12/20 13:20:37 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012/12/20 01:19:53 | 002,211,840 | ---- | C] () -- C:\Users\Yassoie_2\Desktop\pbsetup.exe [2012/12/13 13:27:35 | 000,001,745 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/12/11 22:04:46 | 003,536,817 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin [2012/12/11 04:26:02 | 000,000,355 | ---- | C] () -- C:\Users\Yassoie_2\Desktop\Computer - Verknüpfung.lnk [2012/12/11 04:18:45 | 000,000,945 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk [2012/12/05 23:47:35 | 000,001,463 | ---- | C] () -- C:\Users\Yassoie_2\AppData\Local\recently-used.xbel [2012/11/06 22:40:51 | 000,007,601 | ---- | C] () -- C:\Users\Yassoie_2\AppData\Local\resmon.resmoncfg [2012/10/31 21:20:01 | 000,000,172 | ---- | C] () -- C:\Users\Yassoie_2\AppData\Roaming\Melt.bat [2012/10/24 03:58:03 | 000,985,154 | RHS- | C] () -- C:\Users\Yassoie_2\AppData\Roaming\wuauclt.exe [2012/10/23 09:09:01 | 001,761,289 | RHS- | C] () -- C:\Users\Yassoie_2\AppData\Roaming\winlogon.exe [2012/08/30 09:40:14 | 000,429,416 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011/11/16 12:16:24 | 000,002,792 | ---- | C] () -- C:\Program Files\HP SimplePass 2011 [2011/06/21 09:07:00 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL [2011/02/11 18:15:43 | 001,766,562 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/07/11 18:25:25 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/07/11 18:25:25 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/09/22 14:47:18 | 000,000,000 | ---D | M] -- C:\Users\Yassoie_2\AppData\Roaming\DVDVideoSoft [2012/09/22 12:36:34 | 000,000,000 | ---D | M] -- C:\Users\Yassoie_2\AppData\Roaming\DVDVideoSoftIEHelpers [2012/12/11 04:20:28 | 000,000,000 | ---D | M] -- C:\Users\Yassoie_2\AppData\Roaming\Origin [2012/12/14 15:54:13 | 000,000,000 | ---D | M] -- C:\Users\Yassoie_2\AppData\Roaming\SoftGrid Client [2012/12/20 21:10:05 | 000,000,000 | ---D | M] -- C:\Users\Yassoie_2\AppData\Roaming\Systweak [2012/12/02 16:03:31 | 000,000,000 | ---D | M] -- C:\Users\Yassoie_2\AppData\Roaming\TS3Client [2012/11/27 15:59:13 | 000,000,000 | ---D | M] -- C:\Users\Yassoie_2\AppData\Roaming\Windows Update ========== Purity Check ========== < End of report > Extras.Txt -> OTL Extras logfile created on: 12/20/2012 9:19:00 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Yassoie_2\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15.98 Gb Total Physical Memory | 13.68 Gb Available Physical Memory | 85.62% Memory free 31.96 Gb Paging File | 29.80 Gb Available in Paging File | 93.23% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 98.98 Gb Total Space | 14.67 Gb Free Space | 14.82% Space Free | Partition Type: NTFS Drive D: | 12.71 Gb Total Space | 1.56 Gb Free Space | 12.29% Space Free | Partition Type: NTFS Drive E: | 1863.02 Gb Total Space | 1464.06 Gb Free Space | 78.59% Space Free | Partition Type: NTFS Computer Name: YASSOIE-HP | User Name: Yassoie_2 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DisableUnicastResponsesToMulticastBroadcast" = 0 "DefaultOutboundAction" = 0 "DefaultInboundAction" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{07FC3E90-1072-4A82-91BD-D9F60472E1B1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{188AB54C-CF3B-436A-9D8D-87F19C326B04}" = rport=139 | protocol=6 | dir=out | app=system | "{21909CC5-9834-4290-8437-3F14B70D807B}" = lport=139 | protocol=6 | dir=in | app=system | "{27F39D94-C4A3-458D-A8FE-3306A4D6564A}" = lport=138 | protocol=17 | dir=in | app=system | "{2B1AB9E5-6A52-4496-AE69-2F26CBBD8B76}" = lport=445 | protocol=6 | dir=in | app=system | "{5400E4CE-6FF0-46CE-8232-2BD06D44B3E1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{56E0009F-D4AF-48FD-916B-36A5899B37FE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{AD773A2C-6394-4092-A34A-700946DBB754}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B8EA8B8D-7C52-4049-ACCB-BD3AA21C63A1}" = rport=137 | protocol=17 | dir=out | app=system | "{BBD01AD3-A307-427E-8D52-147678075AC5}" = lport=137 | protocol=17 | dir=in | app=system | "{D1B05BA8-C1C0-4066-BD1A-4FDE83BB0DDE}" = rport=445 | protocol=6 | dir=out | app=system | "{F5A6F06A-389D-4F16-BBCE-D3FEA3C1986D}" = rport=138 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0BA88FC3-EB37-45FB-8939-4F10A7115A1C}" = dir=in | app=c:\users\yassoie_2\appdata\local\microsoft\skydrive\skydrive.exe | "{0BF745C5-C3D7-4526-9620-251995ADCB53}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{1385C431-BCFD-4427-84E6-A7E92485FEC6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{18E7DDE7-71A2-4A6D-8AD8-ACFF0921D039}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | "{21604251-C055-47B8-B826-4A5F487E0D4F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{2B7A64E2-129A-4040-8E21-BC594C5DA79E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | "{38F80191-36C5-43D7-9B3F-0906A24E0517}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | "{442EE9EF-CF8C-4100-A189-D52F88DA11E7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{4550BEED-21E1-4C0C-8FD3-87696ED29F87}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | "{667553CC-E20D-4E64-BF52-E97D9B1A2245}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | "{74C758BF-9928-456B-93A0-0D0B8C6C0BB6}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{7E2961CD-DDD6-43C1-9354-A49ACC3D61B9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | "{81F3C37D-CA69-4C20-A194-7655E4B3F5AC}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe | "{82040704-A09F-4534-A2DE-EBFB70F336B1}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{84512580-F0F3-4108-A4F5-05CAB1D250B8}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | "{86FDFE49-55C2-435E-B269-CB8131DE6A8F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{94620448-9DE3-4DAD-9E99-4F3394243E51}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | "{A1E2F7F8-4003-4342-B6FC-2677B1F70D51}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{B103062E-1AB3-43C5-9DCE-AEDA50FB4CB3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{B4031211-2110-492D-9ED1-3403EB4C7AE7}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe | "{BE5FAF08-CE38-4564-8338-95D8E464A01B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{CBFF32D7-A44B-4461-814F-AFC451FB6ACC}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{CC728883-9398-4B42-8267-6C2C29DF1B97}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{D29A0434-CB2C-4E58-BD6C-9066CA3B720D}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe | "{D3CBE75C-FDDB-4C11-8E00-A48B89AA9FAE}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{D928A193-65BA-41FD-BE10-9B93C6D5B25B}" = dir=in | app=c:\users\yassoie\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{E93D5F53-F5D5-4EEF-B5CC-A39304572B72}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe | "{EB487852-0DD6-4038-9421-65AC538ACD81}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{EE50BE5F-C48F-4EE1-A01C-B042947B3897}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe | "{F6549183-E6B9-4FE0-9EEB-DDE0FAC10280}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe | "TCP Query User{768120F4-ECBF-4571-A0E2-28BD8DCAA4AC}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | "UDP Query User{00F5093E-AF85-4463-9943-6CFB5A2E78A9}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{22D8AE6F-3C6B-47E8-8F04-629F23DBE978}" = iTunes "{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{530992D4-DDBA-4F68-8B0D-FF50AC57531B}" = Symantec Endpoint Protection "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto "{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support "{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "GIMP-2_is1" = GIMP 2.6.12 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "TeamSpeak 3 Client" = TeamSpeak 3 Client "WinRAR archiver" = WinRAR 4.11 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00FF4EB6-6AAC-4E9D-A60A-8F388691BB27}" = HP SimplePass PE 2011 "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{1234C1F4-603F-4C34-8796-3544CF8A83F5}" = Facebook Messenger 2.1.4631.0 "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager "{4679C8B6-4A0E-416D-B7CE-86D0E3846B3B}" = BlackBeatsFM "{4D090F70-6F08-4B60-9357-A1DFD4458F09}" = Microsoft Mathematics "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0 "{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™ "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159 "{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = 802.11n Wireless LAN Card "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager "{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}" = HP Keyboard "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer "{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel(R) Identity Protection Technology 1.1.2.0 "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support "{D35B72B6-F0E4-462B-BDEB-E08032B3B681}" = HP Setup "{DB3147AB-4024-4773-8EC0-A1FE5B44933D}" = HP LinkUp "{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Battlelog Web Plugins" = Battlelog Web Plugins "ESN Sonar-0.70.4" = ESN Sonar "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918 "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation) "Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "Origin" = Origin "PDF Complete" = PDF Complete Special Edition "PunkBusterSvc" = PunkBuster Services "RegClean Pro_is1" = RegClean Pro "VIP Access SDK" = VIP Access SDK (1.0.1.4) "World of Warcraft" = World of Warcraft ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "SkyDriveSetup.exe" = Microsoft SkyDrive ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 9/24/2012 6:03:13 AM | Computer Name = Yassoie-HP | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: TrueSuiteService.exe, Version: 5.3.0.194, Zeitstempel: 0x4df09290 Name des fehlerhaften Moduls: TrueSuiteService.exe, Version: 5.3.0.194, Zeitstempel: 0x4df09290 Ausnahmecode: 0xc0000417 Fehleroffset: 0x0001280a ID des fehlerhaften Prozesses: 0x36c Startzeit der fehlerhaften Anwendung: 0x01cd9a3bc6b4780a Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe Berichtskennung: 0caf53c5-062f-11e2-b6b6-3860774c3298 Error - 9/24/2012 5:24:41 PM | Computer Name = Yassoie-HP | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: TrueSuiteService.exe, Version: 5.3.0.194, Zeitstempel: 0x4df09290 Name des fehlerhaften Moduls: TrueSuiteService.exe, Version: 5.3.0.194, Zeitstempel: 0x4df09290 Ausnahmecode: 0xc0000417 Fehleroffset: 0x0001280a ID des fehlerhaften Prozesses: 0x36c Startzeit der fehlerhaften Anwendung: 0x01cd9a9afc8d6cd4 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe Berichtskennung: 4038553a-068e-11e2-8941-3860774c3298 Error - 9/25/2012 5:35:33 AM | Computer Name = Yassoie-HP | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: TrueSuiteService.exe, Version: 5.3.0.194, Zeitstempel: 0x4df09290 Name des fehlerhaften Moduls: TrueSuiteService.exe, Version: 5.3.0.194, Zeitstempel: 0x4df09290 Ausnahmecode: 0xc0000417 Fehleroffset: 0x0001280a ID des fehlerhaften Prozesses: 0x36c Startzeit der fehlerhaften Anwendung: 0x01cd9b01149baf4b Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe Berichtskennung: 5a1f6ecb-06f4-11e2-a337-3860774c3298 Error - 9/25/2012 10:07:22 AM | Computer Name = Yassoie-HP | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Origin.exe, Version: 9.0.13.2141, Zeitstempel: 0x5058c4a8 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000374 Fehleroffset: 0x000ce6c3 ID des fehlerhaften Prozesses: 0x1884 Startzeit der fehlerhaften Anwendung: 0x01cd9b267d007653 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Origin\Origin.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 52c54139-071a-11e2-a337-3860774c3298 Error - 9/25/2012 3:25:39 PM | Computer Name = Yassoie-HP | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: TrueSuiteService.exe, Version: 5.3.0.194, Zeitstempel: 0x4df09290 Name des fehlerhaften Moduls: TrueSuiteService.exe, Version: 5.3.0.194, Zeitstempel: 0x4df09290 Ausnahmecode: 0xc0000417 Fehleroffset: 0x0001280a ID des fehlerhaften Prozesses: 0x36c Startzeit der fehlerhaften Anwendung: 0x01cd9b5383e5c38a Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe Berichtskennung: c9c8f893-0746-11e2-85e0-3860774c3298 Error - 9/26/2012 5:54:41 AM | Computer Name = Yassoie-HP | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: TrueSuiteService.exe, Version: 5.3.0.194, Zeitstempel: 0x4df09290 Name des fehlerhaften Moduls: TrueSuiteService.exe, Version: 5.3.0.194, Zeitstempel: 0x4df09290 Ausnahmecode: 0xc0000417 Fehleroffset: 0x0001280a ID des fehlerhaften Prozesses: 0x36c Startzeit der fehlerhaften Anwendung: 0x01cd9bcce935350f Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe Berichtskennung: 3066db6d-07c0-11e2-8d82-3860774c3298 Error - 9/26/2012 8:08:33 AM | Computer Name = Yassoie-HP | Source = VSS | ID = 8193 Description = Error - 9/26/2012 9:07:25 AM | Computer Name = Yassoie-HP | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: TrueSuiteService.exe, Version: 5.3.0.194, Zeitstempel: 0x4df09290 Name des fehlerhaften Moduls: TrueSuiteService.exe, Version: 5.3.0.194, Zeitstempel: 0x4df09290 Ausnahmecode: 0xc0000417 Fehleroffset: 0x0001280a ID des fehlerhaften Prozesses: 0x358 Startzeit der fehlerhaften Anwendung: 0x01cd9be7d6f3e9a8 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe Berichtskennung: 1d559d8e-07db-11e2-9f1d-3860774c3298 Error - 9/26/2012 4:28:47 PM | Computer Name = Yassoie-HP | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: TrueSuiteService.exe, Version: 5.3.0.194, Zeitstempel: 0x4df09290 Name des fehlerhaften Moduls: TrueSuiteService.exe, Version: 5.3.0.194, Zeitstempel: 0x4df09290 Ausnahmecode: 0xc0000417 Fehleroffset: 0x0001280a ID des fehlerhaften Prozesses: 0x368 Startzeit der fehlerhaften Anwendung: 0x01cd9c25849b46e0 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe Berichtskennung: c5a2b523-0818-11e2-a158-3860774c3298 Error - 9/27/2012 5:32:28 AM | Computer Name = Yassoie-HP | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: TrueSuiteService.exe, Version: 5.3.0.194, Zeitstempel: 0x4df09290 Name des fehlerhaften Moduls: TrueSuiteService.exe, Version: 5.3.0.194, Zeitstempel: 0x4df09290 Ausnahmecode: 0xc0000417 Fehleroffset: 0x0001280a ID des fehlerhaften Prozesses: 0x360 Startzeit der fehlerhaften Anwendung: 0x01cd9c92ff533e21 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe Berichtskennung: 40812fc7-0886-11e2-af73-3860774c3298 [ Hewlett-Packard Events ] Error - 9/27/2012 5:04:13 PM | Computer Name = Yassoie-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 16364 Ram Utilization: 10 TargetSite: Void UpdateAndDetect() Error - 10/4/2012 3:32:47 PM | Computer Name = Yassoie-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 16364 Ram Utilization: 20 TargetSite: Void UpdateAndDetect() Error - 10/11/2012 5:36:21 PM | Computer Name = Yassoie-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 16364 Ram Utilization: 30 TargetSite: Void UpdateAndDetect() Error - 10/18/2012 11:54:27 AM | Computer Name = Yassoie-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 16364 Ram Utilization: 10 TargetSite: Void UpdateAndDetect() Error - 10/25/2012 11:48:37 AM | Computer Name = Yassoie-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 16364 Ram Utilization: 30 TargetSite: Void UpdateAndDetect() Error - 11/1/2012 4:32:19 PM | Computer Name = Yassoie-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 16364 Ram Utilization: 10 TargetSite: Void UpdateAndDetect() Error - 11/8/2012 6:13:14 PM | Computer Name = Yassoie-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 16364 Ram Utilization: 10 TargetSite: Void UpdateAndDetect() Error - 11/15/2012 6:56:26 PM | Computer Name = Yassoie-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 16364 Ram Utilization: 10 TargetSite: Void UpdateAndDetect() Error - 11/22/2012 12:11:25 PM | Computer Name = Yassoie-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 16364 Ram Utilization: TargetSite: Void UpdateAndDetect() Error - 11/29/2012 12:06:02 PM | Computer Name = Yassoie-HP | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect() bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: de-DE RAM: 16364 Ram Utilization: 10 TargetSite: Void UpdateAndDetect() [ Media Center Events ] Error - 3/7/2012 9:21:17 PM | Computer Name = Yassoie-HP | Source = MCUpdate | ID = 0 Description = 02:21:17 - Fehler beim Herstellen der Internetverbindung. 02:21:17 - Serververbindung konnte nicht hergestellt werden.. Error - 3/8/2012 5:51:25 AM | Computer Name = Yassoie-HP | Source = MCUpdate | ID = 0 Description = 10:51:25 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die Verbindung mit dem Remoteserver kann nicht hergestellt werden.) Error - 3/8/2012 5:51:25 AM | Computer Name = Yassoie-HP | Source = MCUpdate | ID = 0 Description = 10:51:25 - MCEClientUX konnte nicht abgerufen werden (Fehler: Der Remotename konnte nicht aufgelöst werden: 'data.tvdownload.microsoft.com') Error - 3/8/2012 5:51:26 AM | Computer Name = Yassoie-HP | Source = MCUpdate | ID = 0 Description = 10:51:25 - Broadband konnte nicht abgerufen werden (Fehler: Der Remotename konnte nicht aufgelöst werden: 'data.tvdownload.microsoft.com') Error - 3/8/2012 7:10:11 AM | Computer Name = Yassoie-HP | Source = MCUpdate | ID = 0 Description = 12:10:08 - Fehler beim Herstellen der Internetverbindung. 12:10:08 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 12/19/2012 6:03:31 PM | Computer Name = Yassoie-HP | Source = Service Control Manager | ID = 7034 Description = Dienst "TrueSuiteService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 12/20/2012 7:27:48 AM | Computer Name = Yassoie-HP | Source = SNMP | ID = 16713180 Description = Beim Zugreifen auf den Registrierungsschlüssel SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration ist ein Fehler aufgetreten. Error - 12/20/2012 7:27:47 AM | Computer Name = Yassoie-HP | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Norton Internet Security" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 12/20/2012 7:27:50 AM | Computer Name = Yassoie-HP | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: ccSet_NIS Error - 12/20/2012 7:27:52 AM | Computer Name = Yassoie-HP | Source = Service Control Manager | ID = 7034 Description = Dienst "TrueSuiteService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 12/20/2012 7:44:45 AM | Computer Name = Yassoie-HP | Source = volsnap | ID = 393252 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error - 12/20/2012 3:40:00 PM | Computer Name = Yassoie-HP | Source = SNMP | ID = 16713180 Description = Beim Zugreifen auf den Registrierungsschlüssel SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration ist ein Fehler aufgetreten. Error - 12/20/2012 3:39:59 PM | Computer Name = Yassoie-HP | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Norton Internet Security" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 12/20/2012 3:40:03 PM | Computer Name = Yassoie-HP | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: ccSet_NIS Error - 12/20/2012 3:40:06 PM | Computer Name = Yassoie-HP | Source = Service Control Manager | ID = 7034 Description = Dienst "TrueSuiteService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. < End of report > Ich hab ein 64bit-system. daher kein Gmer.Txt |
|
20.12.2012, 23:44
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Winlogon.exe ist Fehlerhaft Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten! Bitte alle folgenden Logs in CODE-Tags posten
__________________ |
|
21.12.2012, 01:40
| #3 |
| | Winlogon.exe ist Fehlerhaft Hi Cosinus, sorry, ich habe leider keine weiteren Funde zu verfügung, die ich posten könnte :S
__________________ |
|
22.12.2012, 19:43
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Winlogon.exe ist Fehlerhaft Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
23.12.2012, 00:06
| #5 |
| | Winlogon.exe ist Fehlerhaft aswMBR.txt Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-22 23:49:19
-----------------------------
23:49:19.607 OS Version: Windows x64 6.1.7601 Service Pack 1
23:49:19.607 Number of processors: 4 586 0x2A07
23:49:19.607 ComputerName: YASSOIE-HP UserName: Yassoie_2
23:49:19.757 Initialize success
23:51:18.232 AVAST engine defs: 12122200
23:51:23.790 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:51:23.791 Disk 0 Vendor: INTEL_SS 4PC1 Size: 114473MB BusType: 3
23:51:23.793 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
23:51:23.794 Disk 1 Vendor: Hitachi_ MN6O Size: 1907729MB BusType: 3
23:51:23.796 Disk 0 MBR read successfully
23:51:23.798 Disk 0 MBR scan
23:51:23.800 Disk 0 Windows 7 default MBR code
23:51:23.802 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
23:51:23.805 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 101352 MB offset 206848
23:51:23.808 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13019 MB offset 207775744
23:51:23.815 Disk 0 scanning C:\Windows\system32\drivers
23:51:26.112 Service scanning
23:51:33.014 Modules scanning
23:51:33.341 Disk 0 trace - called modules:
23:51:33.345 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
23:51:33.347 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800fe5a060]
23:51:33.349 3 CLASSPNP.SYS[fffff88001db043f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800eb0e050]
23:51:33.507 AVAST engine scan C:\Windows
23:51:33.836 AVAST engine scan C:\Windows\system32
23:52:31.693 AVAST engine scan C:\Windows\system32\drivers
23:52:34.542 AVAST engine scan C:\Users\Yassoie_2
23:52:47.205 AVAST engine scan C:\ProgramData
23:53:04.870 Scan finished successfully
23:53:46.613 Disk 0 MBR has been saved successfully to "C:\Users\Yassoie_2\Desktop\MBR.dat"
23:53:46.615 The log file has been saved successfully to "C:\Users\Yassoie_2\Desktop\aswMBR.txt"
TDSS-Killer Code:
ATTFilter 00:02:30.0533 3008 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
00:02:30.0607 3008 ============================================================
00:02:30.0607 3008 Current date / time: 2012/12/23 00:02:30.0607
00:02:30.0607 3008 SystemInfo:
00:02:30.0607 3008
00:02:30.0607 3008 OS Version: 6.1.7601 ServicePack: 1.0
00:02:30.0607 3008 Product type: Workstation
00:02:30.0607 3008 ComputerName: YASSOIE-HP
00:02:30.0607 3008 UserName: Yassoie_2
00:02:30.0607 3008 Windows directory: C:\Windows
00:02:30.0607 3008 System windows directory: C:\Windows
00:02:30.0607 3008 Running under WOW64
00:02:30.0607 3008 Processor architecture: Intel x64
00:02:30.0607 3008 Number of processors: 4
00:02:30.0607 3008 Page size: 0x1000
00:02:30.0607 3008 Boot type: Normal boot
00:02:30.0607 3008 ============================================================
00:02:30.0756 3008 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:02:30.0756 3008 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:02:30.0769 3008 ============================================================
00:02:30.0769 3008 \Device\Harddisk0\DR0:
00:02:30.0770 3008 MBR partitions:
00:02:30.0770 3008 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
00:02:30.0770 3008 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC5F4000
00:02:30.0770 3008 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC626800, BlocksNum 0x196D800
00:02:30.0770 3008 \Device\Harddisk1\DR1:
00:02:30.0770 3008 GPT partitions:
00:02:30.0770 3008 \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {CBAB4C76-1483-4C93-AE79-44AA1110ACF3}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xE8E08000
00:02:30.0770 3008 MBR partitions:
00:02:30.0770 3008 ============================================================
00:02:30.0771 3008 C: <-> \Device\Harddisk0\DR0\Partition2
00:02:30.0772 3008 E: <-> \Device\Harddisk1\DR1\Partition1
00:02:30.0772 3008 D: <-> \Device\Harddisk0\DR0\Partition3
00:02:30.0772 3008 ============================================================
00:02:30.0773 3008 Initialize success
00:02:30.0773 3008 ============================================================
|
|
23.12.2012, 00:16
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Winlogon.exe ist Fehlerhaft Irgendwas muss beim TDSS-Killer falsch gelaufen sein, das Log ist viel zu kurz, bitte wiederholen.
__________________ --> Winlogon.exe ist Fehlerhaft |
|
23.12.2012, 01:19
| #7 |
| | Winlogon.exe ist FehlerhaftCode:
ATTFilter 01:18:23.0189 0844 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
01:18:23.0289 0844 ============================================================
01:18:23.0289 0844 Current date / time: 2012/12/23 01:18:23.0289
01:18:23.0289 0844 SystemInfo:
01:18:23.0289 0844
01:18:23.0289 0844 OS Version: 6.1.7601 ServicePack: 1.0
01:18:23.0289 0844 Product type: Workstation
01:18:23.0289 0844 ComputerName: YASSOIE-HP
01:18:23.0289 0844 UserName: Yassoie_2
01:18:23.0289 0844 Windows directory: C:\Windows
01:18:23.0289 0844 System windows directory: C:\Windows
01:18:23.0289 0844 Running under WOW64
01:18:23.0289 0844 Processor architecture: Intel x64
01:18:23.0289 0844 Number of processors: 4
01:18:23.0289 0844 Page size: 0x1000
01:18:23.0289 0844 Boot type: Normal boot
01:18:23.0289 0844 ============================================================
01:18:23.0439 0844 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:18:23.0459 0844 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:18:23.0469 0844 ============================================================
01:18:23.0469 0844 \Device\Harddisk0\DR0:
01:18:23.0469 0844 MBR partitions:
01:18:23.0469 0844 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
01:18:23.0469 0844 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC5F4000
01:18:23.0469 0844 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC626800, BlocksNum 0x196D800
01:18:23.0469 0844 \Device\Harddisk1\DR1:
01:18:23.0469 0844 GPT partitions:
01:18:23.0469 0844 \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {CBAB4C76-1483-4C93-AE79-44AA1110ACF3}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xE8E08000
01:18:23.0469 0844 MBR partitions:
01:18:23.0469 0844 ============================================================
01:18:23.0469 0844 C: <-> \Device\Harddisk0\DR0\Partition2
01:18:23.0489 0844 E: <-> \Device\Harddisk1\DR1\Partition1
01:18:23.0489 0844 D: <-> \Device\Harddisk0\DR0\Partition3
01:18:23.0489 0844 ============================================================
01:18:23.0489 0844 Initialize success
01:18:23.0489 0844 ============================================================
01:18:24.0729 5844 ============================================================
01:18:24.0729 5844 Scan started
01:18:24.0729 5844 Mode: Manual;
01:18:24.0729 5844 ============================================================
01:18:24.0949 5844 ================ Scan system memory ========================
01:18:24.0949 5844 System memory - ok
01:18:24.0949 5844 ================ Scan services =============================
01:18:24.0979 5844 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
01:18:24.0979 5844 1394ohci - ok
01:18:24.0989 5844 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
01:18:24.0989 5844 ACPI - ok
01:18:24.0989 5844 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
01:18:24.0989 5844 AcpiPmi - ok
01:18:25.0009 5844 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
01:18:25.0009 5844 AdobeFlashPlayerUpdateSvc - ok
01:18:25.0019 5844 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
01:18:25.0019 5844 adp94xx - ok
01:18:25.0029 5844 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
01:18:25.0029 5844 adpahci - ok
01:18:25.0039 5844 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
01:18:25.0039 5844 adpu320 - ok
01:18:25.0039 5844 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
01:18:25.0039 5844 AeLookupSvc - ok
01:18:25.0049 5844 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
01:18:25.0049 5844 AESTFilters - ok
01:18:25.0059 5844 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
01:18:25.0059 5844 AFD - ok
01:18:25.0059 5844 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
01:18:25.0059 5844 agp440 - ok
01:18:25.0059 5844 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
01:18:25.0069 5844 ALG - ok
01:18:25.0069 5844 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
01:18:25.0069 5844 aliide - ok
01:18:25.0069 5844 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
01:18:25.0069 5844 amdide - ok
01:18:25.0069 5844 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
01:18:25.0069 5844 AmdK8 - ok
01:18:25.0079 5844 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
01:18:25.0079 5844 AmdPPM - ok
01:18:25.0079 5844 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
01:18:25.0079 5844 amdsata - ok
01:18:25.0089 5844 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
01:18:25.0089 5844 amdsbs - ok
01:18:25.0089 5844 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
01:18:25.0089 5844 amdxata - ok
01:18:25.0099 5844 [ 59D01FA91962C9C1E9B4022B2D3B46DB ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll
01:18:25.0099 5844 AppHostSvc - ok
01:18:25.0099 5844 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
01:18:25.0099 5844 AppID - ok
01:18:25.0099 5844 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
01:18:25.0099 5844 AppIDSvc - ok
01:18:25.0099 5844 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
01:18:25.0099 5844 Appinfo - ok
01:18:25.0109 5844 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
01:18:25.0109 5844 Apple Mobile Device - ok
01:18:25.0119 5844 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
01:18:25.0119 5844 arc - ok
01:18:25.0119 5844 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
01:18:25.0119 5844 arcsas - ok
01:18:25.0129 5844 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
01:18:25.0129 5844 aspnet_state - ok
01:18:25.0139 5844 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
01:18:25.0139 5844 AsyncMac - ok
01:18:25.0139 5844 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
01:18:25.0139 5844 atapi - ok
01:18:25.0149 5844 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
01:18:25.0149 5844 AudioEndpointBuilder - ok
01:18:25.0159 5844 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
01:18:25.0159 5844 AudioSrv - ok
01:18:25.0169 5844 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
01:18:25.0169 5844 AxInstSV - ok
01:18:25.0179 5844 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
01:18:25.0179 5844 b06bdrv - ok
01:18:25.0189 5844 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
01:18:25.0189 5844 b57nd60a - ok
01:18:25.0189 5844 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
01:18:25.0189 5844 BDESVC - ok
01:18:25.0199 5844 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
01:18:25.0199 5844 Beep - ok
01:18:25.0209 5844 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
01:18:25.0209 5844 BFE - ok
01:18:25.0219 5844 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
01:18:25.0219 5844 BITS - ok
01:18:25.0229 5844 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
01:18:25.0229 5844 blbdrive - ok
01:18:25.0229 5844 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
01:18:25.0239 5844 Bonjour Service - ok
01:18:25.0239 5844 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
01:18:25.0239 5844 bowser - ok
01:18:25.0239 5844 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
01:18:25.0239 5844 BrFiltLo - ok
01:18:25.0239 5844 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
01:18:25.0239 5844 BrFiltUp - ok
01:18:25.0249 5844 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
01:18:25.0249 5844 Browser - ok
01:18:25.0259 5844 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
01:18:25.0259 5844 Brserid - ok
01:18:25.0259 5844 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
01:18:25.0259 5844 BrSerWdm - ok
01:18:25.0259 5844 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
01:18:25.0259 5844 BrUsbMdm - ok
01:18:25.0259 5844 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
01:18:25.0259 5844 BrUsbSer - ok
01:18:25.0269 5844 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
01:18:25.0269 5844 BTHMODEM - ok
01:18:25.0269 5844 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
01:18:25.0269 5844 bthserv - ok
01:18:25.0279 5844 [ 27D036FB3D22CA8A6662FE960D1A937D ] ccEvtMgr C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
01:18:25.0279 5844 ccEvtMgr - ok
01:18:25.0279 5844 [ 27D036FB3D22CA8A6662FE960D1A937D ] ccSetMgr C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
01:18:25.0279 5844 ccSetMgr - ok
01:18:25.0289 5844 [ 9A2A298479BE9354FED42C9A40A9C214 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1300000.080\ccSetx64.sys
01:18:25.0289 5844 ccSet_NIS - ok
01:18:25.0289 5844 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
01:18:25.0289 5844 cdfs - ok
01:18:25.0299 5844 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
01:18:25.0299 5844 cdrom - ok
01:18:25.0299 5844 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
01:18:25.0299 5844 CertPropSvc - ok
01:18:25.0299 5844 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
01:18:25.0299 5844 circlass - ok
01:18:25.0309 5844 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
01:18:25.0309 5844 CLFS - ok
01:18:25.0319 5844 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:18:25.0319 5844 clr_optimization_v2.0.50727_32 - ok
01:18:25.0319 5844 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:18:25.0319 5844 clr_optimization_v2.0.50727_64 - ok
01:18:25.0329 5844 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:18:25.0329 5844 clr_optimization_v4.0.30319_32 - ok
01:18:25.0329 5844 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:18:25.0329 5844 clr_optimization_v4.0.30319_64 - ok
01:18:25.0339 5844 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
01:18:25.0339 5844 CmBatt - ok
01:18:25.0339 5844 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
01:18:25.0339 5844 cmdide - ok
01:18:25.0349 5844 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
01:18:25.0349 5844 CNG - ok
01:18:25.0349 5844 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
01:18:25.0349 5844 Compbatt - ok
01:18:25.0349 5844 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
01:18:25.0349 5844 CompositeBus - ok
01:18:25.0359 5844 COMSysApp - ok
01:18:25.0359 5844 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
01:18:25.0359 5844 crcdisk - ok
01:18:25.0359 5844 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
01:18:25.0369 5844 CryptSvc - ok
01:18:25.0379 5844 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
01:18:25.0379 5844 cvhsvc - ok
01:18:25.0389 5844 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
01:18:25.0389 5844 DcomLaunch - ok
01:18:25.0399 5844 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
01:18:25.0399 5844 defragsvc - ok
01:18:25.0399 5844 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
01:18:25.0399 5844 DfsC - ok
01:18:25.0409 5844 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
01:18:25.0409 5844 Dhcp - ok
01:18:25.0409 5844 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
01:18:25.0409 5844 discache - ok
01:18:25.0419 5844 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
01:18:25.0419 5844 Disk - ok
01:18:25.0419 5844 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
01:18:25.0419 5844 Dnscache - ok
01:18:25.0429 5844 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
01:18:25.0429 5844 dot3svc - ok
01:18:25.0429 5844 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
01:18:25.0429 5844 DPS - ok
01:18:25.0429 5844 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
01:18:25.0429 5844 drmkaud - ok
01:18:25.0449 5844 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
01:18:25.0449 5844 DXGKrnl - ok
01:18:25.0449 5844 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
01:18:25.0449 5844 EapHost - ok
01:18:25.0489 5844 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
01:18:25.0499 5844 ebdrv - ok
01:18:25.0509 5844 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
01:18:25.0519 5844 eeCtrl - ok
01:18:25.0519 5844 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
01:18:25.0519 5844 EFS - ok
01:18:25.0529 5844 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
01:18:25.0529 5844 ehRecvr - ok
01:18:25.0539 5844 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
01:18:25.0539 5844 ehSched - ok
01:18:25.0549 5844 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
01:18:25.0549 5844 elxstor - ok
01:18:25.0549 5844 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
01:18:25.0549 5844 EraserUtilRebootDrv - ok
01:18:25.0559 5844 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
01:18:25.0559 5844 ErrDev - ok
01:18:25.0569 5844 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
01:18:25.0569 5844 EventSystem - ok
01:18:25.0569 5844 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
01:18:25.0569 5844 exfat - ok
01:18:25.0579 5844 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
01:18:25.0579 5844 fastfat - ok
01:18:25.0589 5844 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
01:18:25.0589 5844 Fax - ok
01:18:25.0589 5844 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
01:18:25.0589 5844 fdc - ok
01:18:25.0599 5844 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
01:18:25.0599 5844 fdPHost - ok
01:18:25.0599 5844 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
01:18:25.0599 5844 FDResPub - ok
01:18:25.0599 5844 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
01:18:25.0599 5844 FileInfo - ok
01:18:25.0599 5844 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
01:18:25.0599 5844 Filetrace - ok
01:18:25.0609 5844 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
01:18:25.0609 5844 flpydisk - ok
01:18:25.0609 5844 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
01:18:25.0609 5844 FltMgr - ok
01:18:25.0629 5844 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
01:18:25.0629 5844 FontCache - ok
01:18:25.0629 5844 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:18:25.0629 5844 FontCache3.0.0.0 - ok
01:18:25.0639 5844 [ 71CDC1D7F58D5EC49EBC2E2332AD3FAE ] FPLService C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
01:18:25.0639 5844 FPLService - ok
01:18:25.0639 5844 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
01:18:25.0639 5844 FsDepends - ok
01:18:25.0649 5844 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
01:18:25.0649 5844 Fs_Rec - ok
01:18:25.0649 5844 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
01:18:25.0649 5844 fvevol - ok
01:18:25.0659 5844 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
01:18:25.0659 5844 gagp30kx - ok
01:18:25.0659 5844 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
01:18:25.0659 5844 GEARAspiWDM - ok
01:18:25.0669 5844 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
01:18:25.0669 5844 gpsvc - ok
01:18:25.0679 5844 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
01:18:25.0679 5844 hcw85cir - ok
01:18:25.0679 5844 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
01:18:25.0679 5844 HdAudAddService - ok
01:18:25.0689 5844 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
01:18:25.0689 5844 HDAudBus - ok
01:18:25.0689 5844 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
01:18:25.0689 5844 HidBatt - ok
01:18:25.0689 5844 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
01:18:25.0689 5844 HidBth - ok
01:18:25.0699 5844 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
01:18:25.0699 5844 HidIr - ok
01:18:25.0699 5844 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
01:18:25.0699 5844 hidserv - ok
01:18:25.0699 5844 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
01:18:25.0699 5844 HidUsb - ok
01:18:25.0709 5844 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
01:18:25.0709 5844 hkmsvc - ok
01:18:25.0709 5844 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
01:18:25.0709 5844 HomeGroupListener - ok
01:18:25.0719 5844 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
01:18:25.0719 5844 HomeGroupProvider - ok
01:18:25.0719 5844 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
01:18:25.0719 5844 HP Support Assistant Service - ok
01:18:25.0729 5844 [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
01:18:25.0729 5844 HPClientSvc - ok
01:18:25.0729 5844 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
01:18:25.0729 5844 HPDrvMntSvc.exe - ok
01:18:25.0749 5844 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
01:18:25.0749 5844 hpqwmiex - ok
01:18:25.0749 5844 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
01:18:25.0749 5844 HpSAMD - ok
01:18:25.0759 5844 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
01:18:25.0759 5844 HTTP - ok
01:18:25.0769 5844 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
01:18:25.0769 5844 hwpolicy - ok
01:18:25.0769 5844 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
01:18:25.0769 5844 i8042prt - ok
01:18:25.0779 5844 [ 26CF4275034214ECEDD8EC17B0A18A99 ] iaStor C:\Windows\system32\drivers\iaStor.sys
01:18:25.0779 5844 iaStor - ok
01:18:25.0789 5844 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
01:18:25.0799 5844 iaStorV - ok
01:18:25.0809 5844 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:18:25.0809 5844 idsvc - ok
01:18:25.0879 5844 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
01:18:25.0899 5844 igfx - ok
01:18:25.0909 5844 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
01:18:25.0909 5844 iirsp - ok
01:18:25.0919 5844 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
01:18:25.0919 5844 IKEEXT - ok
01:18:25.0929 5844 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
01:18:25.0929 5844 intelide - ok
01:18:25.0929 5844 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
01:18:25.0929 5844 intelppm - ok
01:18:25.0939 5844 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
01:18:25.0939 5844 IPBusEnum - ok
01:18:25.0939 5844 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:18:25.0939 5844 IpFilterDriver - ok
01:18:25.0949 5844 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
01:18:25.0949 5844 iphlpsvc - ok
01:18:25.0949 5844 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
01:18:25.0949 5844 IPMIDRV - ok
01:18:25.0959 5844 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
01:18:25.0959 5844 IPNAT - ok
01:18:25.0969 5844 [ B474C756C13960793C7583B766F904C4 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
01:18:25.0969 5844 iPod Service - ok
01:18:25.0979 5844 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
01:18:25.0979 5844 IRENUM - ok
01:18:25.0979 5844 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
01:18:25.0979 5844 isapnp - ok
01:18:25.0989 5844 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
01:18:25.0989 5844 iScsiPrt - ok
01:18:25.0989 5844 [ 6C85719A21B3F62C2C76280F4BD36C7B ] jhi_service C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
01:18:25.0989 5844 jhi_service - ok
01:18:25.0999 5844 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
01:18:25.0999 5844 kbdclass - ok
01:18:25.0999 5844 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
01:18:25.0999 5844 kbdhid - ok
01:18:25.0999 5844 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
01:18:25.0999 5844 KeyIso - ok
01:18:26.0009 5844 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
01:18:26.0009 5844 KSecDD - ok
01:18:26.0009 5844 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
01:18:26.0009 5844 KSecPkg - ok
01:18:26.0009 5844 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
01:18:26.0009 5844 ksthunk - ok
01:18:26.0019 5844 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
01:18:26.0019 5844 KtmRm - ok
01:18:26.0029 5844 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
01:18:26.0029 5844 LanmanServer - ok
01:18:26.0029 5844 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
01:18:26.0029 5844 LanmanWorkstation - ok
01:18:26.0069 5844 [ E34152D03CAAAAA81DD66D803F392522 ] LiveUpdate C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
01:18:26.0089 5844 LiveUpdate - ok
01:18:26.0089 5844 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
01:18:26.0089 5844 lltdio - ok
01:18:26.0099 5844 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
01:18:26.0099 5844 lltdsvc - ok
01:18:26.0099 5844 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
01:18:26.0099 5844 lmhosts - ok
01:18:26.0109 5844 [ D75C4B4A8FE6D7FD74A7EECDBAEC729F ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
01:18:26.0109 5844 LMS - ok
01:18:26.0109 5844 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
01:18:26.0109 5844 LSI_FC - ok
01:18:26.0119 5844 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
01:18:26.0119 5844 LSI_SAS - ok
01:18:26.0119 5844 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
01:18:26.0119 5844 LSI_SAS2 - ok
01:18:26.0129 5844 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
01:18:26.0129 5844 LSI_SCSI - ok
01:18:26.0129 5844 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
01:18:26.0129 5844 luafv - ok
01:18:26.0129 5844 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
01:18:26.0139 5844 Mcx2Svc - ok
01:18:26.0139 5844 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
01:18:26.0139 5844 megasas - ok
01:18:26.0149 5844 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
01:18:26.0149 5844 MegaSR - ok
01:18:26.0149 5844 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\drivers\HECIx64.sys
01:18:26.0149 5844 MEIx64 - ok
01:18:26.0149 5844 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
01:18:26.0149 5844 MMCSS - ok
01:18:26.0159 5844 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
01:18:26.0159 5844 Modem - ok
01:18:26.0159 5844 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
01:18:26.0159 5844 monitor - ok
01:18:26.0159 5844 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
01:18:26.0159 5844 mouclass - ok
01:18:26.0159 5844 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
01:18:26.0159 5844 mouhid - ok
01:18:26.0169 5844 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
01:18:26.0169 5844 mountmgr - ok
01:18:26.0169 5844 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
01:18:26.0169 5844 MozillaMaintenance - ok
01:18:26.0179 5844 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
01:18:26.0179 5844 mpio - ok
01:18:26.0179 5844 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
01:18:26.0179 5844 mpsdrv - ok
01:18:26.0189 5844 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
01:18:26.0199 5844 MpsSvc - ok
01:18:26.0199 5844 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
01:18:26.0199 5844 MRxDAV - ok
01:18:26.0199 5844 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
01:18:26.0199 5844 mrxsmb - ok
01:18:26.0209 5844 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:18:26.0209 5844 mrxsmb10 - ok
01:18:26.0209 5844 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:18:26.0209 5844 mrxsmb20 - ok
01:18:26.0219 5844 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
01:18:26.0219 5844 msahci - ok
01:18:26.0219 5844 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
01:18:26.0219 5844 msdsm - ok
01:18:26.0229 5844 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
01:18:26.0229 5844 MSDTC - ok
01:18:26.0229 5844 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
01:18:26.0229 5844 Msfs - ok
01:18:26.0229 5844 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
01:18:26.0229 5844 mshidkmdf - ok
01:18:26.0239 5844 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
01:18:26.0239 5844 msisadrv - ok
01:18:26.0239 5844 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
01:18:26.0239 5844 MSiSCSI - ok
01:18:26.0239 5844 msiserver - ok
01:18:26.0239 5844 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
01:18:26.0239 5844 MSKSSRV - ok
01:18:26.0249 5844 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
01:18:26.0249 5844 MSPCLOCK - ok
01:18:26.0249 5844 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
01:18:26.0249 5844 MSPQM - ok
01:18:26.0249 5844 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
01:18:26.0259 5844 MsRPC - ok
01:18:26.0259 5844 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
01:18:26.0259 5844 mssmbios - ok
01:18:26.0259 5844 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
01:18:26.0259 5844 MSTEE - ok
01:18:26.0259 5844 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
01:18:26.0259 5844 MTConfig - ok
01:18:26.0269 5844 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
01:18:26.0269 5844 Mup - ok
01:18:26.0269 5844 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
01:18:26.0279 5844 napagent - ok
01:18:26.0279 5844 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
01:18:26.0279 5844 NativeWifiP - ok
01:18:26.0299 5844 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20121221.024\ENG64.SYS
01:18:26.0299 5844 NAVENG - ok
01:18:26.0339 5844 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20121221.024\EX64.SYS
01:18:26.0349 5844 NAVEX15 - ok
01:18:26.0359 5844 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
01:18:26.0359 5844 NDIS - ok
01:18:26.0369 5844 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
01:18:26.0369 5844 NdisCap - ok
01:18:26.0369 5844 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
01:18:26.0369 5844 NdisTapi - ok
01:18:26.0369 5844 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
01:18:26.0369 5844 Ndisuio - ok
01:18:26.0379 5844 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
01:18:26.0379 5844 NdisWan - ok
01:18:26.0379 5844 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
01:18:26.0379 5844 NDProxy - ok
01:18:26.0379 5844 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
01:18:26.0379 5844 NetBIOS - ok
01:18:26.0389 5844 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
01:18:26.0389 5844 NetBT - ok
01:18:26.0389 5844 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
01:18:26.0389 5844 Netlogon - ok
01:18:26.0399 5844 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
01:18:26.0399 5844 Netman - ok
01:18:26.0399 5844 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:18:26.0399 5844 NetMsmqActivator - ok
01:18:26.0409 5844 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:18:26.0409 5844 NetPipeActivator - ok
01:18:26.0409 5844 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
01:18:26.0419 5844 netprofm - ok
01:18:26.0439 5844 [ 8B5D2D7CB0EF5B1967860B8AB742A46C ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
01:18:26.0439 5844 netr28x - ok
01:18:26.0439 5844 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:18:26.0449 5844 NetTcpActivator - ok
01:18:26.0449 5844 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:18:26.0449 5844 NetTcpPortSharing - ok
01:18:26.0449 5844 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
01:18:26.0449 5844 nfrd960 - ok
01:18:26.0449 5844 NIS - ok
01:18:26.0459 5844 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
01:18:26.0459 5844 NlaSvc - ok
01:18:26.0469 5844 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
01:18:26.0469 5844 Npfs - ok
01:18:26.0469 5844 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
01:18:26.0469 5844 nsi - ok
01:18:26.0469 5844 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
01:18:26.0469 5844 nsiproxy - ok
01:18:26.0489 5844 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
01:18:26.0499 5844 Ntfs - ok
01:18:26.0499 5844 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
01:18:26.0499 5844 Null - ok
01:18:26.0499 5844 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
01:18:26.0509 5844 NVHDA - ok
01:18:26.0729 5844 [ FE2909F7DFB12B9A20AD207FE23B7E96 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
01:18:26.0779 5844 nvlddmkm - ok
01:18:26.0789 5844 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
01:18:26.0789 5844 nvraid - ok
01:18:26.0799 5844 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
01:18:26.0799 5844 nvstor - ok
01:18:26.0819 5844 [ 3341D2C91989BC87C3C0BAA97C27253B ] nvsvc C:\Windows\system32\nvvsvc.exe
01:18:26.0819 5844 nvsvc - ok
01:18:26.0849 5844 [ 551CE34DAD2DFF0A480781E68B286E4D ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
01:18:26.0849 5844 nvUpdatusService - ok
01:18:26.0859 5844 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
01:18:26.0859 5844 nv_agp - ok
01:18:26.0859 5844 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
01:18:26.0859 5844 ohci1394 - ok
01:18:26.0869 5844 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:18:26.0869 5844 ose - ok
01:18:26.0929 5844 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
01:18:26.0949 5844 osppsvc - ok
01:18:26.0949 5844 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
01:18:26.0959 5844 p2pimsvc - ok
01:18:26.0959 5844 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
01:18:26.0969 5844 p2psvc - ok
01:18:26.0969 5844 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
01:18:26.0969 5844 Parport - ok
01:18:26.0969 5844 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
01:18:26.0969 5844 partmgr - ok
01:18:26.0979 5844 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
01:18:26.0979 5844 PcaSvc - ok
01:18:26.0979 5844 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
01:18:26.0989 5844 pci - ok
01:18:26.0989 5844 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
01:18:26.0989 5844 pciide - ok
01:18:26.0989 5844 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
01:18:26.0989 5844 pcmcia - ok
01:18:26.0999 5844 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
01:18:26.0999 5844 pcw - ok
01:18:26.0999 5844 pdfcDispatcher - ok
01:18:27.0009 5844 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
01:18:27.0009 5844 PEAUTH - ok
01:18:27.0019 5844 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
01:18:27.0029 5844 PerfHost - ok
01:18:27.0039 5844 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
01:18:27.0049 5844 pla - ok
01:18:27.0059 5844 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
01:18:27.0059 5844 PlugPlay - ok
01:18:27.0059 5844 [ 0BEE791C7C7ACE453C134E73633C497D ] pmxdrv C:\Windows\system32\drivers\pmxdrv.sys
01:18:27.0059 5844 pmxdrv - ok
01:18:27.0069 5844 PnkBstrA - ok
01:18:27.0069 5844 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
01:18:27.0069 5844 PNRPAutoReg - ok
01:18:27.0069 5844 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
01:18:27.0079 5844 PNRPsvc - ok
01:18:27.0079 5844 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
01:18:27.0089 5844 PolicyAgent - ok
01:18:27.0089 5844 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
01:18:27.0089 5844 Power - ok
01:18:27.0089 5844 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
01:18:27.0099 5844 PptpMiniport - ok
01:18:27.0099 5844 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
01:18:27.0099 5844 Processor - ok
01:18:27.0099 5844 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
01:18:27.0099 5844 ProfSvc - ok
01:18:27.0109 5844 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
01:18:27.0109 5844 ProtectedStorage - ok
01:18:27.0109 5844 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
01:18:27.0109 5844 Psched - ok
01:18:27.0129 5844 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
01:18:27.0139 5844 ql2300 - ok
01:18:27.0139 5844 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
01:18:27.0139 5844 ql40xx - ok
01:18:27.0149 5844 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
01:18:27.0149 5844 QWAVE - ok
01:18:27.0149 5844 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
01:18:27.0149 5844 QWAVEdrv - ok
01:18:27.0159 5844 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
01:18:27.0159 5844 RasAcd - ok
01:18:27.0159 5844 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
01:18:27.0159 5844 RasAgileVpn - ok
01:18:27.0159 5844 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
01:18:27.0159 5844 RasAuto - ok
01:18:27.0169 5844 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
01:18:27.0169 5844 Rasl2tp - ok
01:18:27.0169 5844 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
01:18:27.0179 5844 RasMan - ok
01:18:27.0179 5844 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
01:18:27.0179 5844 RasPppoe - ok
01:18:27.0179 5844 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
01:18:27.0179 5844 RasSstp - ok
01:18:27.0189 5844 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
01:18:27.0189 5844 rdbss - ok
01:18:27.0189 5844 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
01:18:27.0189 5844 rdpbus - ok
01:18:27.0189 5844 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
01:18:27.0189 5844 RDPCDD - ok
01:18:27.0199 5844 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
01:18:27.0199 5844 RDPENCDD - ok
01:18:27.0199 5844 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
01:18:27.0199 5844 RDPREFMP - ok
01:18:27.0199 5844 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
01:18:27.0199 5844 RDPWD - ok
01:18:27.0209 5844 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
01:18:27.0209 5844 rdyboost - ok
01:18:27.0209 5844 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
01:18:27.0209 5844 RemoteAccess - ok
01:18:27.0219 5844 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
01:18:27.0219 5844 RemoteRegistry - ok
01:18:27.0219 5844 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
01:18:27.0219 5844 RpcEptMapper - ok
01:18:27.0219 5844 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
01:18:27.0219 5844 RpcLocator - ok
01:18:27.0229 5844 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
01:18:27.0229 5844 RpcSs - ok
01:18:27.0239 5844 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
01:18:27.0239 5844 rspndr - ok
01:18:27.0249 5844 [ F4C374B1C46DE294B573BB43723AC3F6 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
01:18:27.0249 5844 RTL8167 - ok
01:18:27.0249 5844 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
01:18:27.0249 5844 SamSs - ok
01:18:27.0249 5844 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
01:18:27.0259 5844 sbp2port - ok
01:18:27.0259 5844 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
01:18:27.0259 5844 SCardSvr - ok
01:18:27.0259 5844 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
01:18:27.0259 5844 scfilter - ok
01:18:27.0279 5844 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
01:18:27.0279 5844 Schedule - ok
01:18:27.0279 5844 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
01:18:27.0279 5844 SCPolicySvc - ok
01:18:27.0289 5844 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
01:18:27.0289 5844 SDRSVC - ok
01:18:27.0289 5844 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
01:18:27.0289 5844 secdrv - ok
01:18:27.0289 5844 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
01:18:27.0289 5844 seclogon - ok
01:18:27.0299 5844 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
01:18:27.0299 5844 SENS - ok
01:18:27.0299 5844 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
01:18:27.0299 5844 SensrSvc - ok
01:18:27.0299 5844 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
01:18:27.0299 5844 Serenum - ok
01:18:27.0309 5844 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
01:18:27.0309 5844 Serial - ok
01:18:27.0309 5844 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
01:18:27.0309 5844 sermouse - ok
01:18:27.0319 5844 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
01:18:27.0319 5844 SessionEnv - ok
01:18:27.0319 5844 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
01:18:27.0319 5844 sffdisk - ok
01:18:27.0319 5844 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
01:18:27.0319 5844 sffp_mmc - ok
01:18:27.0319 5844 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
01:18:27.0319 5844 sffp_sd - ok
01:18:27.0329 5844 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
01:18:27.0329 5844 sfloppy - ok
01:18:27.0339 5844 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
01:18:27.0339 5844 Sftfs - ok
01:18:27.0349 5844 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
01:18:27.0349 5844 sftlist - ok
01:18:27.0359 5844 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
01:18:27.0359 5844 Sftplay - ok
01:18:27.0359 5844 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
01:18:27.0359 5844 Sftredir - ok
01:18:27.0369 5844 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
01:18:27.0369 5844 Sftvol - ok
01:18:27.0369 5844 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
01:18:27.0369 5844 sftvsa - ok
01:18:27.0379 5844 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
01:18:27.0379 5844 SharedAccess - ok
01:18:27.0379 5844 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
01:18:27.0389 5844 ShellHWDetection - ok
01:18:27.0389 5844 [ E9E830D540EDEDED650F906628468548 ] simptcp C:\Windows\System32\tcpsvcs.exe
01:18:27.0389 5844 simptcp - ok
01:18:27.0389 5844 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
01:18:27.0389 5844 SiSRaid2 - ok
01:18:27.0389 5844 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
01:18:27.0399 5844 SiSRaid4 - ok
01:18:27.0399 5844 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
01:18:27.0399 5844 Smb - ok
01:18:27.0429 5844 [ AD97B711074CF27DA0C00F2C26E1A62C ] SmcService C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
01:18:27.0439 5844 SmcService - ok
01:18:27.0459 5844 [ 91BD8E268D93AAF5F59AAC9DE84A25BB ] SNAC C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
01:18:27.0459 5844 SNAC - ok
01:18:27.0459 5844 [ CA62AE004E98374BF7F082CD765EEA02 ] SNMP C:\Windows\System32\snmp.exe
01:18:27.0459 5844 SNMP - ok
01:18:27.0459 5844 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
01:18:27.0459 5844 SNMPTRAP - ok
01:18:27.0469 5844 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
01:18:27.0469 5844 spldr - ok
01:18:27.0469 5844 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
01:18:27.0479 5844 Spooler - ok
01:18:27.0509 5844 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
01:18:27.0529 5844 sppsvc - ok
01:18:27.0529 5844 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
01:18:27.0529 5844 sppuinotify - ok
01:18:27.0539 5844 [ 32900AC9CFDC578531279886CA16A4DF ] SRTSP C:\Windows\system32\Drivers\SRTSP64.SYS
01:18:27.0539 5844 SRTSP - ok
01:18:27.0549 5844 [ 8929566D1F14685FD78EAF25BEE3ECC7 ] SRTSPL C:\Windows\system32\Drivers\SRTSPL64.SYS
01:18:27.0549 5844 SRTSPL - ok
01:18:27.0559 5844 [ CB2FDF47EE67F8CCA5362ED9B94FE955 ] SRTSPX C:\Windows\system32\Drivers\SRTSPX64.SYS
01:18:27.0559 5844 SRTSPX - ok
01:18:27.0559 5844 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
01:18:27.0569 5844 srv - ok
01:18:27.0569 5844 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
01:18:27.0569 5844 srv2 - ok
01:18:27.0579 5844 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
01:18:27.0579 5844 srvnet - ok
01:18:27.0579 5844 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
01:18:27.0579 5844 SSDPSRV - ok
01:18:27.0589 5844 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
01:18:27.0589 5844 SstpSvc - ok
01:18:27.0599 5844 [ E942412186178B1331F8335E30FA076F ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
01:18:27.0599 5844 STacSV - ok
01:18:27.0599 5844 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
01:18:27.0599 5844 stexstor - ok
01:18:27.0609 5844 [ DCC8845692DEA3477BCF6CE9D06C711F ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
01:18:27.0609 5844 STHDA - ok
01:18:27.0619 5844 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
01:18:27.0619 5844 stisvc - ok
01:18:27.0629 5844 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
01:18:27.0629 5844 swenum - ok
01:18:27.0629 5844 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
01:18:27.0639 5844 swprv - ok
01:18:27.0669 5844 [ BA2FB8F8AB24D0279CAA98A4C118150E ] Symantec AntiVirus C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
01:18:27.0679 5844 Symantec AntiVirus - ok
01:18:27.0689 5844 [ 7E4D281982E19ABD06728C7EE9AC40A8 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
01:18:27.0689 5844 SymEvent - ok
01:18:27.0709 5844 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
01:18:27.0709 5844 SysMain - ok
01:18:27.0719 5844 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
01:18:27.0719 5844 TabletInputService - ok
01:18:27.0719 5844 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
01:18:27.0729 5844 TapiSrv - ok
01:18:27.0729 5844 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
01:18:27.0729 5844 TBS - ok
01:18:27.0749 5844 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
01:18:27.0759 5844 Tcpip - ok
01:18:27.0779 5844 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
01:18:27.0779 5844 TCPIP6 - ok
01:18:27.0789 5844 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
01:18:27.0789 5844 tcpipreg - ok
01:18:27.0789 5844 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
01:18:27.0789 5844 TDPIPE - ok
01:18:27.0789 5844 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
01:18:27.0789 5844 TDTCP - ok
01:18:27.0789 5844 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
01:18:27.0799 5844 tdx - ok
01:18:27.0799 5844 [ 13657DC475DE564247745BF4DA23207C ] Teefer2 C:\Windows\system32\DRIVERS\teefer2.sys
01:18:27.0799 5844 Teefer2 - ok
01:18:27.0799 5844 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
01:18:27.0799 5844 TermDD - ok
01:18:27.0809 5844 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
01:18:27.0809 5844 TermService - ok
01:18:27.0819 5844 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
01:18:27.0819 5844 Themes - ok
01:18:27.0819 5844 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
01:18:27.0819 5844 THREADORDER - ok
01:18:27.0829 5844 [ FF879027C552A37897D107BE6CEDF6DF ] tihub3 C:\Windows\system32\drivers\tihub3.sys
01:18:27.0829 5844 tihub3 - ok
01:18:27.0839 5844 [ 133C3B4A3E44616F8F571A0EBBEF9B74 ] tixhci C:\Windows\system32\drivers\tixhci.sys
01:18:27.0839 5844 tixhci - ok
01:18:27.0839 5844 [ 519CB7D7F697F4BA47DE05845C20F158 ] TlntSvr C:\Windows\System32\tlntsvr.exe
01:18:27.0839 5844 TlntSvr - ok
01:18:27.0839 5844 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
01:18:27.0849 5844 TrkWks - ok
01:18:27.0849 5844 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
01:18:27.0849 5844 TrustedInstaller - ok
01:18:27.0849 5844 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
01:18:27.0849 5844 tssecsrv - ok
01:18:27.0859 5844 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
01:18:27.0859 5844 TsUsbFlt - ok
01:18:27.0859 5844 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
01:18:27.0859 5844 TsUsbGD - ok
01:18:27.0859 5844 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
01:18:27.0859 5844 tunnel - ok
01:18:27.0869 5844 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
01:18:27.0869 5844 uagp35 - ok
01:18:27.0869 5844 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
01:18:27.0869 5844 udfs - ok
01:18:27.0879 5844 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
01:18:27.0879 5844 UI0Detect - ok
01:18:27.0879 5844 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
01:18:27.0879 5844 uliagpkx - ok
01:18:27.0879 5844 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
01:18:27.0879 5844 umbus - ok
01:18:27.0889 5844 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
01:18:27.0889 5844 UmPass - ok
01:18:27.0909 5844 [ 758C2CE427C343F780A205E28555C98D ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
01:18:27.0919 5844 UNS - ok
01:18:27.0929 5844 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
01:18:27.0929 5844 upnphost - ok
01:18:27.0929 5844 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
01:18:27.0929 5844 USBAAPL64 - ok
01:18:27.0940 5844 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
01:18:27.0940 5844 usbccgp - ok
01:18:27.0940 5844 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
01:18:27.0940 5844 usbcir - ok
01:18:27.0940 5844 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
01:18:27.0940 5844 usbehci - ok
01:18:27.0950 5844 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\drivers\usbhub.sys
01:18:27.0950 5844 usbhub - ok
01:18:27.0950 5844 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
01:18:27.0950 5844 usbohci - ok
01:18:27.0960 5844 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
01:18:27.0960 5844 usbprint - ok
01:18:27.0960 5844 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:18:27.0960 5844 USBSTOR - ok
01:18:27.0960 5844 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
01:18:27.0960 5844 usbuhci - ok
01:18:27.0970 5844 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
01:18:27.0970 5844 UxSms - ok
01:18:27.0970 5844 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
01:18:27.0970 5844 VaultSvc - ok
01:18:27.0970 5844 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
01:18:27.0970 5844 vdrvroot - ok
01:18:27.0980 5844 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
01:18:27.0980 5844 vds - ok
01:18:27.0990 5844 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
01:18:27.0990 5844 vga - ok
01:18:27.0990 5844 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
01:18:27.0990 5844 VgaSave - ok
01:18:28.0000 5844 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
01:18:28.0000 5844 vhdmp - ok
01:18:28.0000 5844 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
01:18:28.0000 5844 viaide - ok
01:18:28.0000 5844 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
01:18:28.0000 5844 volmgr - ok
01:18:28.0010 5844 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
01:18:28.0010 5844 volmgrx - ok
01:18:28.0020 5844 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\Windows\system32\drivers\volsnap.sys
01:18:28.0020 5844 volsnap - ok
01:18:28.0020 5844 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
01:18:28.0020 5844 vsmraid - ok
01:18:28.0040 5844 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
01:18:28.0050 5844 VSS - ok
01:18:28.0050 5844 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
01:18:28.0050 5844 vwifibus - ok
01:18:28.0050 5844 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
01:18:28.0050 5844 vwififlt - ok
01:18:28.0060 5844 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
01:18:28.0060 5844 W32Time - ok
01:18:28.0070 5844 [ B32009DB1972E7F2C227499289C4384A ] W3SVC C:\Windows\system32\inetsrv\iisw3adm.dll
01:18:28.0070 5844 W3SVC - ok
01:18:28.0070 5844 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
01:18:28.0070 5844 WacomPen - ok
01:18:28.0080 5844 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
01:18:28.0080 5844 WANARP - ok
01:18:28.0080 5844 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
01:18:28.0080 5844 Wanarpv6 - ok
01:18:28.0090 5844 [ B32009DB1972E7F2C227499289C4384A ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll
01:18:28.0090 5844 WAS - ok
01:18:28.0100 5844 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
01:18:28.0110 5844 wbengine - ok
01:18:28.0110 5844 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
01:18:28.0120 5844 WbioSrvc - ok
01:18:28.0120 5844 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
01:18:28.0120 5844 wcncsvc - ok
01:18:28.0130 5844 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
01:18:28.0130 5844 WcsPlugInService - ok
01:18:28.0130 5844 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
01:18:28.0130 5844 Wd - ok
01:18:28.0140 5844 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
01:18:28.0140 5844 Wdf01000 - ok
01:18:28.0150 5844 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
01:18:28.0150 5844 WdiServiceHost - ok
01:18:28.0150 5844 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
01:18:28.0150 5844 WdiSystemHost - ok
01:18:28.0160 5844 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
01:18:28.0160 5844 WebClient - ok
01:18:28.0160 5844 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
01:18:28.0160 5844 Wecsvc - ok
01:18:28.0170 5844 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
01:18:28.0170 5844 wercplsupport - ok
01:18:28.0170 5844 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
01:18:28.0170 5844 WerSvc - ok
01:18:28.0170 5844 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
01:18:28.0170 5844 WfpLwf - ok
01:18:28.0180 5844 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
01:18:28.0180 5844 WIMMount - ok
01:18:28.0180 5844 WinDefend - ok
01:18:28.0180 5844 WinHttpAutoProxySvc - ok
01:18:28.0190 5844 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
01:18:28.0190 5844 Winmgmt - ok
01:18:28.0210 5844 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
01:18:28.0220 5844 WinRM - ok
01:18:28.0220 5844 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
01:18:28.0220 5844 WinUsb - ok
01:18:28.0240 5844 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
01:18:28.0240 5844 Wlansvc - ok
01:18:28.0240 5844 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
01:18:28.0240 5844 WmiAcpi - ok
01:18:28.0250 5844 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
01:18:28.0250 5844 wmiApSrv - ok
01:18:28.0250 5844 WMPNetworkSvc - ok
01:18:28.0250 5844 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
01:18:28.0250 5844 WPCSvc - ok
01:18:28.0260 5844 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
01:18:28.0260 5844 WPDBusEnum - ok
01:18:28.0260 5844 [ 6CAB753B203F39B4CE05FF10013DE2EF ] WPS C:\Windows\system32\drivers\wpsdrvnt.sys
01:18:28.0260 5844 WPS - ok
01:18:28.0270 5844 [ 49B9FA407586503D27D17DBDEAEAC970 ] WpsHelper C:\Windows\system32\drivers\WpsHelper.sys
01:18:28.0270 5844 WpsHelper - ok
01:18:28.0270 5844 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
01:18:28.0270 5844 ws2ifsl - ok
01:18:28.0270 5844 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
01:18:28.0270 5844 wscsvc - ok
01:18:28.0280 5844 WSearch - ok
01:18:28.0300 5844 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
01:18:28.0310 5844 wuauserv - ok
01:18:28.0310 5844 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
01:18:28.0310 5844 WudfPf - ok
01:18:28.0320 5844 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
01:18:28.0320 5844 WUDFRd - ok
01:18:28.0320 5844 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
01:18:28.0320 5844 wudfsvc - ok
01:18:28.0330 5844 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
01:18:28.0330 5844 WwanSvc - ok
01:18:28.0330 5844 ================ Scan global ===============================
01:18:28.0330 5844 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
01:18:28.0340 5844 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
01:18:28.0340 5844 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
01:18:28.0350 5844 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
01:18:28.0350 5844 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
01:18:28.0350 5844 [Global] - ok
01:18:28.0350 5844 ================ Scan MBR ==================================
01:18:28.0360 5844 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
01:18:28.0420 5844 \Device\Harddisk0\DR0 - ok
01:18:28.0420 5844 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
01:18:28.0420 5844 \Device\Harddisk1\DR1 - ok
01:18:28.0420 5844 ================ Scan VBR ==================================
01:18:28.0420 5844 [ 8604DFE533DFA747E84DCE0818EB4A94 ] \Device\Harddisk0\DR0\Partition1
01:18:28.0420 5844 \Device\Harddisk0\DR0\Partition1 - ok
01:18:28.0420 5844 [ 8C4C44EB63738568DFD4F67611083AF7 ] \Device\Harddisk0\DR0\Partition2
01:18:28.0430 5844 \Device\Harddisk0\DR0\Partition2 - ok
01:18:28.0430 5844 [ 269E16231CE5B9F38CE1D41468C881B2 ] \Device\Harddisk0\DR0\Partition3
01:18:28.0430 5844 \Device\Harddisk0\DR0\Partition3 - ok
01:18:28.0430 5844 [ 4E5D6039ACB82D7204339843253E3C76 ] \Device\Harddisk1\DR1\Partition1
01:18:28.0430 5844 \Device\Harddisk1\DR1\Partition1 - ok
01:18:28.0430 5844 ============================================================
01:18:28.0430 5844 Scan finished
01:18:28.0430 5844 ============================================================
01:18:28.0440 5824 Detected object count: 0
01:18:28.0440 5824 Actual detected object count: 0
|
|
23.12.2012, 01:20
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Winlogon.exe ist Fehlerhaft Ok, da ist besser Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.12.2012, 01:25
| #9 |
| | Winlogon.exe ist Fehlerhaft kurz vorweg, wie starte ich Window "manuell"? Code:
ATTFilter ComboFix 12-12-22.02 - Yassoie_2 23.12.2012 1:26.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.16364.14155 [GMT 1:00]
ausgeführt von:: c:\users\Yassoie_2\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Windows Live\Messenger\msacm32.dll
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\update.lnk
c:\users\Yassoie_2\AppData\Roaming\Melt.bat
c:\users\Yassoie_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\update.lnk
c:\users\Yassoie_2\AppData\Roaming\Windows Update
c:\users\Yassoie_2\AppData\Roaming\winlogon.exe
c:\users\Yassoie_2\AppData\Roaming\wuauclt.exe
c:\windows\SysWow64\DEBUG.log
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-23 bis 2012-12-23 ))))))))))))))))))))))))))))))
.
.
2012-12-21 12:26 . 2012-12-21 12:26 -------- dc----w- c:\program files (x86)\AGEIA Technologies
2012-12-21 12:26 . 2012-12-21 12:26 -------- dc----w- c:\users\UpdatusUser.Yassoie-HP
2012-12-21 11:37 . 2012-12-23 00:22 281520 -c--a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-12-21 11:37 . 2012-12-21 11:38 76888 -c--a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-12-21 11:37 . 2011-09-09 20:35 2580552 -c--a-w- c:\windows\SysWow64\pbsvc.exe
2012-12-21 11:30 . 2012-12-21 11:30 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 11:30 . 2012-12-21 11:30 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 11:30 . 2012-12-21 11:30 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-21 11:30 . 2012-12-21 11:30 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-20 20:16 . 2012-12-20 20:16 -------- dc----w- c:\program files (x86)\Apple Software Update
2012-12-20 20:06 . 2012-12-21 11:07 -------- dc----w- c:\users\Yassoie_2\AppData\Roaming\Systweak
2012-12-20 20:06 . 2012-12-10 11:01 19896 -c--a-w- c:\windows\system32\roboot64.exe
2012-12-20 14:48 . 2012-12-20 14:48 -------- dc----w- c:\program files (x86)\Battlelog Web Plugins
2012-12-20 11:42 . 2012-12-20 11:43 -------- dc----w- c:\program files (x86)\Origin Games
2012-12-13 12:27 . 2012-08-21 12:01 33240 -c--a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-12-13 12:27 . 2012-12-13 12:27 -------- dc----w- c:\program files\iPod
2012-12-13 12:27 . 2012-12-13 12:27 -------- dc----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-13 12:27 . 2012-12-13 12:27 -------- dc----w- c:\program files\iTunes
2012-12-13 12:27 . 2012-12-13 12:27 -------- dc----w- c:\program files (x86)\iTunes
2012-12-13 12:27 . 2012-12-13 12:27 -------- dc----w- c:\program files\Common Files\Apple
2012-12-12 22:55 . 2012-12-12 23:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-12 22:55 . 2012-12-12 23:07 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-12 22:49 . 2012-12-12 23:06 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-12-12 22:43 . 2012-12-12 23:05 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-12 22:43 . 2012-12-12 23:05 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-12-11 21:04 . 2012-12-03 15:47 983936 -c--a-w- c:\windows\system32\nvumdshimx.dll
2012-12-11 21:04 . 2012-12-03 15:47 7446192 -c--a-w- c:\windows\system32\nvopencl.dll
2012-12-11 21:04 . 2012-12-03 15:47 245432 -c--a-w- c:\windows\system32\nvinitx.dll
2012-12-11 21:03 . 2012-12-11 21:03 -------- dc----w- C:\NVIDIA
2012-12-11 03:18 . 2012-12-11 15:41 -------- dc----w- c:\users\Yassoie_2\AppData\Local\Origin
2012-12-11 03:18 . 2012-12-11 03:20 -------- dc----w- c:\program files (x86)\Origin
2012-12-11 03:01 . 2012-12-11 03:01 -------- dc----w- c:\users\Yassoie_2\AppData\Roaming\InstallShield
2012-11-29 12:56 . 2012-12-21 21:14 -------- dc----w- c:\users\Yassoie_2\AppData\Roaming\TS3Client
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-23 00:22 . 2012-03-04 15:40 281520 -c--a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-12-22 23:31 . 2012-03-01 12:57 281520 -c--a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-12-12 23:06 . 2012-03-04 16:15 67413224 -c--a-w- c:\windows\system32\MRT.exe
2012-12-12 23:05 . 2012-12-12 22:50 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-12 14:12 . 2012-06-15 20:32 697272 -c--a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-12 14:12 . 2012-06-15 20:32 73656 -c--a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-03 15:47 . 2011-11-16 11:00 9271352 -c--a-w- c:\windows\system32\nvcuda.dll
2012-12-03 15:47 . 2011-11-16 11:00 7819016 -c--a-w- c:\windows\SysWow64\nvcuda.dll
2012-12-03 15:47 . 2011-11-16 11:00 2816824 -c--a-w- c:\windows\system32\nvapi64.dll
2012-12-03 15:47 . 2011-11-16 11:00 2784104 -c--a-w- c:\windows\system32\nvcuvid.dll
2012-12-03 15:47 . 2011-11-16 11:00 26811240 -c--a-w- c:\windows\system32\nvoglv64.dll
2012-12-03 15:47 . 2011-11-16 11:00 2606440 -c--a-w- c:\windows\SysWow64\nvcuvid.dll
2012-12-03 15:47 . 2011-11-16 11:00 25256296 -c--a-w- c:\windows\system32\nvcompiler.dll
2012-12-03 15:47 . 2011-11-16 11:00 2496976 -c--a-w- c:\windows\SysWow64\nvapi.dll
2012-12-03 15:47 . 2011-11-16 11:00 2226024 -c--a-w- c:\windows\system32\nvcuvenc.dll
2012-12-03 15:47 . 2011-11-16 11:00 1874280 -c--a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-12-03 15:47 . 2011-11-16 11:00 18045968 -c--a-w- c:\windows\system32\nvd3dumx.dll
2012-12-03 15:47 . 2011-11-16 11:00 17559912 -c--a-w- c:\windows\SysWow64\nvcompiler.dll
2012-12-03 15:47 . 2011-11-16 11:00 15016256 -c--a-w- c:\windows\system32\nvwgf2umx.dll
2012-12-03 15:47 . 2011-11-16 11:00 11532648 -c--a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-11-28 15:07 . 2012-11-28 13:32 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-11-28 15:07 . 2012-11-28 13:32 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-11-28 15:07 . 2012-11-28 13:32 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-11-16 01:10 . 2012-11-15 22:51 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-16 01:10 . 2012-11-15 22:51 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-11-16 01:10 . 2012-11-15 22:51 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-11-16 01:10 . 2012-11-15 22:51 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-11-16 01:08 . 2012-11-16 01:08 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-16 01:08 . 2012-11-16 01:08 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-16 01:08 . 2012-11-16 01:08 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-16 01:08 . 2012-11-15 22:51 192000 ----a-w- c:\windows\system32\iisRtl.dll
2012-11-16 01:08 . 2012-11-15 22:51 8192 ----a-w- c:\windows\SysWow64\iisrstap.dll
2012-11-16 01:08 . 2012-11-15 22:51 60928 ----a-w- c:\windows\system32\ahadmin.dll
2012-11-16 01:08 . 2012-11-15 22:51 55296 ----a-w- c:\windows\system32\admwprox.dll
2012-11-16 01:08 . 2012-11-15 22:51 50688 ----a-w- c:\windows\SysWow64\admwprox.dll
2012-11-16 01:08 . 2012-11-15 22:51 26624 ----a-w- c:\windows\SysWow64\ahadmin.dll
2012-11-16 01:08 . 2012-11-15 22:51 16896 ----a-w- c:\windows\system32\iisreset.exe
2012-11-16 01:08 . 2012-11-15 22:51 154624 ----a-w- c:\windows\SysWow64\iisRtl.dll
2012-11-16 01:08 . 2012-11-15 22:51 15360 ----a-w- c:\windows\SysWow64\iisreset.exe
2012-11-16 01:08 . 2012-11-15 22:51 14848 ----a-w- c:\windows\system32\wamregps.dll
2012-11-16 01:08 . 2012-11-15 22:51 11264 ----a-w- c:\windows\system32\iisrstap.dll
2012-11-16 01:08 . 2012-11-15 22:51 10752 ----a-w- c:\windows\SysWow64\wamregps.dll
2012-11-16 01:08 . 2012-11-15 22:51 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-16 01:08 . 2012-11-15 22:51 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-16 01:08 . 2012-11-15 22:51 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2012-11-16 01:08 . 2012-11-15 22:51 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-16 01:08 . 2012-11-15 22:51 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-16 01:08 . 2012-11-15 22:51 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-16 01:08 . 2012-11-15 22:51 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-11-16 01:08 . 2012-11-15 22:51 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-16 01:08 . 2012-11-15 22:51 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-11-16 01:08 . 2012-11-15 22:51 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-16 01:08 . 2012-11-15 22:51 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-11-16 01:08 . 2012-11-15 22:51 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-11-16 01:05 . 2012-11-16 01:05 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-16 01:05 . 2012-11-16 01:05 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-16 01:05 . 2012-11-16 01:05 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-16 01:05 . 2012-11-16 01:05 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-16 01:05 . 2012-11-16 01:05 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-16 01:05 . 2012-11-16 01:05 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-16 01:05 . 2012-11-16 01:05 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-16 01:05 . 2012-11-15 22:50 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-16 01:05 . 2012-11-15 22:50 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-14 15:27 . 2012-03-08 09:51 233120 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2012-11-07 21:41 . 2012-10-31 22:19 229 -c--a-w- c:\windows\DXM.REG
2012-10-10 10:31 . 2012-10-10 10:05 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-10 10:30 . 2012-10-10 10:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-10 10:30 . 2012-10-10 10:05 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-10 10:30 . 2012-10-10 10:05 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-10 10:30 . 2012-10-10 10:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 10:30 . 2012-10-10 10:05 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-10 10:30 . 2012-10-10 10:04 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 10:30 . 2012-10-10 10:04 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-10 10:30 . 2012-10-10 10:04 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 10:30 . 2012-10-10 10:04 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 10:30 . 2012-10-10 10:04 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 10:30 . 2012-10-10 10:04 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 10:30 . 2012-10-10 10:04 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 10:30 . 2012-10-10 10:04 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-09-28 09:32 . 2012-09-28 09:32 5989776 -c--a-w- c:\windows\system32\usbaaplrc.dll
2012-09-28 09:32 . 2012-09-28 09:32 53760 -c--a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-09-26 12:08 . 2012-09-26 09:58 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-12-11 03:29 222712 -c--a-w- c:\users\Yassoie_2\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-12-11 03:29 222712 -c--a-w- c:\users\Yassoie_2\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-12-11 03:29 222712 -c--a-w- c:\users\Yassoie_2\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP Keyboard\LaunchApp.exe" [2009-04-04 385024]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-05-06 658424]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2009-07-08 115560]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-11-28 151952]
.
c:\users\Yassoie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\Yassoie_2\AppData\Local\Facebook\Messenger\2.1.4631.0\FacebookMessenger.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1300000.080\ccSetx64.sys [2011-05-23 165512]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-06-09 264008]
R2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe [x]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2011-04-22 1360960]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2011-11-16 31152]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-02 89600]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-05-06 1128952]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-04-22 471144]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 tihub3;TI USB3 Hub Service;c:\windows\system32\drivers\tihub3.sys [2011-04-20 131656]
S3 tixhci;TI XHCI Service;c:\windows\system32\drivers\tixhci.sys [2011-04-20 399944]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 19662328
*NewlyCreated* - 44613113
*NewlyCreated* - 89508991
*NewlyCreated* - 99481471
*NewlyCreated* - ASWMBR
*Deregistered* - 19662328
*Deregistered* - 44613113
*Deregistered* - 89508991
*Deregistered* - 99481471
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-15 14:12]
.
2012-12-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1136588543-3382375768-1063258435-1001Core.job
- c:\users\Yassoie\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-24 22:17]
.
2012-12-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1136588543-3382375768-1063258435-1001UA.job
- c:\users\Yassoie\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-24 22:17]
.
2012-12-21 c:\windows\Tasks\HPCeeScheduleForYassoie_2.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-12-11 03:29 261624 -c--a-w- c:\users\Yassoie_2\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-12-11 03:29 261624 -c--a-w- c:\users\Yassoie_2\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-12-11 03:29 261624 -c--a-w- c:\users\Yassoie_2\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BeatsOSDApp"="c:\program files\IDT\WDM\beats64.exe" [2010-10-21 37888]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-06-24 1128448]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\Yassoie_2\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 217.0.43.113 192.168.0.1
FF - ProfilePath - c:\users\Yassoie_2\AppData\Roaming\Mozilla\Firefox\Profiles\pfqeribm.default-1352988437989\
FF - ExtSQL: 2012-11-15 14:22; websitelogon@truesuite.com; c:\program files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-Windows Update.exe - c:\users\Yassoie_2\AppData\Roaming\Windows Update\Windows Update.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-BATINDICATOR - c:\program files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
Wow6432Node-HKLM-Run-Windows Update - c:\users\Yassoie_2\AppData\Roaming\wuauclt.exe
SafeBoot-Symantec Antvirus
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-WildTangentGameProvider-hp-genres - c:\program files (x86)\HP Games\Game Explorer Categories - genres\Uninstall.exe
AddRemove-WildTangentGDF-hp-clubpenguin - c:\program files (x86)\HP Games\Web Link - Club Penguin\Uninstall.exe
AddRemove-WildTangentGDF-hp-darkorbit - c:\program files (x86)\HP Games\Web Link - Dark Orbit\Uninstall.exe
AddRemove-WildTangentGDF-hp-gunbros - c:\program files (x86)\HP Games\Web Link - Gun Bros\Uninstall.exe
AddRemove-WildTangentGDF-hp-seafight - c:\program files (x86)\HP Games\Web Link - Seafight\Uninstall.exe
AddRemove-WildTangentGDF-hp-shaiya - c:\program files (x86)\HP Games\Web Link - Shaiya\Uninstall.exe
AddRemove-WildTangentGDF-hp-worldofwarcraft - c:\program files (x86)\HP Games\Web Link - World of Warcraft\Uninstall.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.0.0.128\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1136588543-3382375768-1063258435-1010\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1136588543-3382375768-1063258435-1010\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1136588543-3382375768-1063258435-1010\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*°*×*W%\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-23 01:30:55
ComboFix-quarantined-files.txt 2012-12-23 00:30
.
Vor Suchlauf: 11 Verzeichnis(se), 14.029.414.400 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 15.291.736.064 Bytes frei
.
- - End Of File - - BCB7282F28C77C3BC07C3FB2DC6EB8A7
|
|
23.12.2012, 01:45
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Winlogon.exe ist FehlerhaftZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.12.2012, 02:21
| #11 |
| | Winlogon.exe ist Fehlerhaft aso |
|
23.12.2012, 02:28
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Winlogon.exe ist Fehlerhaft Downloade dir bitte Farbar's Service Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.12.2012, 02:39
| #13 |
| | Winlogon.exe ist FehlerhaftCode:
ATTFilter Farbar Service Scanner Version: 10-12-2012
Ran by Yassoie_2 (administrator) on 23-12-2012 at 02:38:34
Running from "C:\Users\Yassoie_2\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
|
|
23.12.2012, 02:50
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Winlogon.exe ist Fehlerhaft Sieht gut aus adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.12.2012, 02:53
| #15 |
| | Winlogon.exe ist FehlerhaftCode:
ATTFilter # AdwCleaner v2.101 - Datei am 23/12/2012 um 02:52:31 erstellt
# Aktualisiert am 16/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Yassoie_2 - YASSOIE-HP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Yassoie_2\Downloads\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\Users\Yassoie\AppData\Roaming\Iminent
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gefunden : HKLM\Software\Iminent
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v17.0.1 (de)
Profilname : default
Datei : C:\Users\Yassoie\AppData\Roaming\Mozilla\Firefox\Profiles\ueke2wct.default\prefs.js
[OK] Die Datei ist sauber.
Profilname : default-1352988437989 [Profil par défaut]
Datei : C:\Users\Yassoie_2\AppData\Roaming\Mozilla\Firefox\Profiles\pfqeribm.default-1352988437989\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [10477 octets] - [23/12/2012 02:52:31]
########## EOF - C:\AdwCleaner[R1].txt - [10538 octets] ##########
|
|
| Themen zu Winlogon.exe ist Fehlerhaft |
| antivirus, autorun, battle.net, bho, bonjour, converter, error, firefox, flash player, format, home, index, install.exe, launch, logfile, microsoft office starter 2010, mozilla, mp3, ntdll.dll, nvidia update, origin, plug-in, realtek, regclean, registry, rundll, scan, security, services.exe, software, svchost.exe, symantec, systweak, teamspeak, udp, virustotal.com, windows |
Linear-Darstellung
