Trojaner-Board - System Care Antivirus und SpyHunter 4. wie entfernen?

OTL Logfile:

Code:

OTL logfile created on: 09.06.2013 11:31:58 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\userle\Desktop

 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,50 Gb Total Physical Memory | 3,09 Gb Available Physical Memory | 88,35% Memory free

6,99 Gb Paging File | 6,58 Gb Available in Paging File | 94,04% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 465,66 Gb Total Space | 203,27 Gb Free Space | 43,65% Space Free | Partition Type: NTFS

 

Computer Name: USERLE-PC | User Name: userle | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2013.06.09 11:28:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\userle\Desktop\OTL.exe

PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2010.01.30 03:41:12 | 004,254,560 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

 

 
 ========== Services (SafeList) ==========

 

SRV - [2013.05.29 12:21:55 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013.05.16 14:40:40 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013.05.07 16:18:42 | 000,770,432 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Stopped] -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)

SRV - [2013.03.25 17:20:49 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2013.03.25 17:20:35 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2013.02.28 19:25:34 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012.12.29 12:26:54 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2012.12.29 03:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011.06.12 12:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)

SRV - [2010.03.05 00:38:00 | 000,071,096 | ---- | M] () [Auto | Stopped] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)

SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)

SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)

SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

SRV - [2007.05.10 11:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Stopped] -- C:\Programme\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe -- (STacSV)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2013.06.08 21:28:06 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon)

DRV - [2013.03.25 17:20:53 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2013.03.25 17:20:53 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2013.03.25 17:20:53 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2013.02.17 21:59:56 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV - [2013.02.17 21:34:30 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2012.12.29 12:26:54 | 008,904,632 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2012.07.03 11:43:00 | 000,027,776 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetmodem.sys -- (ANDNetModem)

DRV - [2012.07.03 11:43:00 | 000,023,040 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetdiag.sys -- (AndNetDiag)

DRV - [2012.06.22 12:01:32 | 000,019,984 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\EsgScanner.sys -- (EsgScanner)

DRV - [2012.03.02 16:03:00 | 000,025,216 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)

DRV - [2012.03.02 16:03:00 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)

DRV - [2012.03.02 16:03:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)

DRV - [2011.05.06 16:57:10 | 000,013,904 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)

DRV - [2009.11.12 15:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)

DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)

DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)

DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)

DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)

DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)

DRV - [2007.10.11 02:01:00 | 000,234,720 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM04Vid.sys -- (OEM04Vid)

DRV - [2007.05.10 11:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sthda.sys -- (STHDA)

DRV - [2007.03.05 19:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM04Vfx.sys -- (OEM04Vfx)

DRV - [2006.11.15 01:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2006.11.14 20:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2006.11.14 18:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 74 99 FC 33 98 64 CE 01  [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "https://www.google.de/"

FF - prefs.js..extensions.enabledAddons: %7Bf13b157f-b174-47e7-a34d-4815ddfdfeb8%7D:0.9.89

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\userle\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2013.02.20 20:09:52 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.05.16 14:17:12 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

 

[2013.02.17 19:41:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\userle\AppData\Roaming\mozilla\Extensions

[2013.04.02 16:21:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\userle\AppData\Roaming\mozilla\Firefox\Profiles\volklsg0.default\extensions

[2013.04.02 16:21:54 | 000,210,138 | ---- | M] () (No name found) -- C:\Users\userle\AppData\Roaming\mozilla\firefox\profiles\volklsg0.default\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi

[2013.05.29 12:21:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions

[2013.05.29 12:21:56 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

 

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)

O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)

O4 - HKLM..\Run: [OEM04Mon.exe] C:\Windows\OEM04Mon.exe (Creative Technology Ltd.)

O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)

O4 - HKCU..\Run: [Facebook Update] C:\Users\userle\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.)

O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)

O4 - HKCU..\Run: [Spotify] C:\Users\userle\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)

O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\userle\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)

O4 - HKCU..\RunOnce: [D62395553691AD1D0000D622BF38B359] C:\ProgramData\D62395553691AD1D0000D622BF38B359\D62395553691AD1D0000D622BF38B359.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1

O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O8 - Extra context menu item: Free YouTube Download - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()

O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)

O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7F9F026-08A5-4C67-AC9F-FE6597FE36BF}: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{e0b65b7d-9e11-11e2-8a9a-001fe2df87bb}\Shell - "" = AutoRun

O33 - MountPoints2\{e0b65b7d-9e11-11e2-8a9a-001fe2df87bb}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

 

CREATERESTOREPOINT

Unable to start System Restore Service. Error code 1084

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.06.09 11:28:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\userle\Desktop\OTL.exe

[2013.06.09 00:39:41 | 000,000,000 | ---D | C] -- C:\Users\userle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter

[2013.06.09 00:39:40 | 000,000,000 | ---D | C] -- C:\sh4ldr

[2013.06.09 00:39:40 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group

[2013.06.09 00:38:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2013.06.09 00:35:59 | 000,726,464 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Users\userle\Desktop\SpyHunter-Installer.exe

[2013.06.08 21:28:23 | 000,000,000 | ---D | C] -- C:\Users\userle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus

[2013.06.08 16:35:25 | 000,000,000 | ---D | C] -- C:\ProgramData\D62395553691AD1D0000D622BF38B359

[2013.06.08 16:33:55 | 000,000,000 | ---D | C] -- C:\Windows\Sun

[2013.06.02 23:19:26 | 000,000,000 | ---D | C] -- C:\Program Files\avisplit

[2013.06.02 23:19:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVI Splitter

[2013.06.01 14:10:01 | 000,397,312 | ---- | C] (Koyote Soft) -- C:\Windows\System32\TubeFinder.exe

[2013.06.01 14:10:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free FLV Converter

[2013.06.01 14:10:00 | 000,000,000 | ---D | C] -- C:\Users\userle\AppData\Roaming\FreeFLVConverter

[2013.06.01 14:09:32 | 000,000,000 | ---D | C] -- C:\Program Files\Free FLV Converter

[2013.05.29 12:21:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2013.05.17 13:41:11 | 000,000,000 | ---D | C] -- C:\Users\userle\Documents\StreamTransport

[2013.05.17 13:40:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StreamTransport

[2013.05.17 13:40:03 | 000,000,000 | ---D | C] -- C:\Program Files\StreamTransport

[2013.05.16 14:17:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.06.09 11:31:44 | 000,657,438 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2013.06.09 11:31:44 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2013.06.09 11:31:44 | 000,130,810 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2013.06.09 11:31:44 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2013.06.09 11:28:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\userle\Desktop\OTL.exe

[2013.06.09 11:26:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013.06.09 11:26:08 | 2817,032,192 | -HS- | M] () -- C:\hiberfil.sys

[2013.06.09 04:40:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013.06.09 04:27:27 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013.06.09 04:27:14 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3788470504-4243836522-2258722930-1000UA.job

[2013.06.09 00:39:42 | 000,002,248 | ---- | M] () -- C:\Users\userle\Desktop\SpyHunter.lnk

[2013.06.09 00:36:00 | 000,726,464 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Users\userle\Desktop\SpyHunter-Installer.exe

[2013.06.08 21:28:24 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013.06.08 21:28:24 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013.06.08 21:28:24 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job

[2013.06.08 21:28:23 | 000,002,048 | ---- | M] () -- C:\Users\userle\Desktop\System Care Antivirus.lnk

[2013.06.08 21:28:06 | 000,013,464 | ---- | M] () -- C:\Windows\System32\drivers\SWDUMon.sys

[2013.06.08 21:27:53 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013.06.08 15:23:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3788470504-4243836522-2258722930-1000Core.job

[2013.06.01 14:11:05 | 001,203,951 | ---- | M] () -- C:\Users\userle\Desktop\3satonlineMediathekFragenanJohnHattie.flv

[2013.06.01 14:11:05 | 000,001,638 | ---- | M] () -- C:\Users\userle\Desktop\3satonlineMediathekFragenanJohnHattie.html

[2013.06.01 14:10:01 | 000,001,079 | ---- | M] () -- C:\Users\userle\Desktop\Free FLV Converter.lnk

[2013.05.17 13:51:58 | 103,767,332 | ---- | M] () -- C:\Users\userle\Documents\3sat.online - Mediathek Fragen an John Hattie.flv

[2013.05.17 13:48:57 | 079,182,497 | ---- | M] () -- C:\Users\userle\Documents\3sat.online - Mediathek Lernen sichtbar machen.flv

[2013.05.17 13:42:16 | 000,000,013 | ---- | M] () -- C:\Users\userle\Documents\3sat.online - Mediathek Lernen sichtbar machen_0.flv

[2013.05.17 13:40:04 | 000,000,987 | ---- | M] () -- C:\Users\Public\Desktop\ StreamTransport.lnk

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2013.06.09 00:39:42 | 000,002,248 | ---- | C] () -- C:\Users\userle\Desktop\SpyHunter.lnk

[2013.06.08 21:28:23 | 000,002,048 | ---- | C] () -- C:\Users\userle\Desktop\System Care Antivirus.lnk

[2013.06.01 14:11:05 | 000,001,638 | ---- | C] () -- C:\Users\userle\Desktop\3satonlineMediathekFragenanJohnHattie.html

[2013.06.01 14:10:58 | 001,203,951 | ---- | C] () -- C:\Users\userle\Desktop\3satonlineMediathekFragenanJohnHattie.flv

[2013.06.01 14:10:08 | 000,001,145 | ---- | C] () -- C:\Users\userle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free FLV Converter.lnk

[2013.06.01 14:10:01 | 000,001,079 | ---- | C] () -- C:\Users\userle\Desktop\Free FLV Converter.lnk

[2013.06.01 14:10:00 | 000,364,544 | ---- | C] () -- C:\Windows\System32\PropertyGrid.ocx

[2013.06.01 14:10:00 | 000,208,500 | ---- | C] () -- C:\Windows\System32\ReyXpBasics.tlb

[2013.06.01 14:10:00 | 000,024,576 | ---- | C] () -- C:\Windows\System32\ControlSubX.ocx

[2013.05.17 13:43:20 | 103,767,332 | ---- | C] () -- C:\Users\userle\Documents\3sat.online - Mediathek Fragen an John Hattie.flv

[2013.05.17 13:42:16 | 000,000,013 | ---- | C] () -- C:\Users\userle\Documents\3sat.online - Mediathek Lernen sichtbar machen_0.flv

[2013.05.17 13:41:30 | 079,182,497 | ---- | C] () -- C:\Users\userle\Documents\3sat.online - Mediathek Lernen sichtbar machen.flv

[2013.05.17 13:40:04 | 000,000,987 | ---- | C] () -- C:\Users\Public\Desktop\ StreamTransport.lnk

[2013.04.20 22:56:15 | 000,000,786 | ---- | C] () -- C:\Windows\FWDN_V7_CFG.ini

[2013.04.07 20:01:30 | 000,017,408 | ---- | C] () -- C:\Users\userle\AppData\Local\WebpageIcons.db

[2013.04.07 18:01:48 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll

[2013.04.07 18:01:48 | 000,002,411 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini

[2013.02.21 23:41:26 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys

[2013.02.18 00:25:31 | 000,013,464 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys

[2013.02.17 19:45:29 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

[2013.02.17 18:47:49 | 000,007,598 | ---- | C] () -- C:\Users\userle\AppData\Local\Resmon.ResmonCfg

[2012.06.22 12:01:32 | 000,019,984 | ---- | C] () -- C:\Windows\System32\ESGScanner.sys

[2012.06.22 12:01:32 | 000,019,984 | ---- | C] () -- C:\Windows\System32\drivers\EsgScanner.sys

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 
 ========== LOP Check ==========

 

[2013.02.21 23:41:35 | 000,000,000 | ---D | M] -- C:\Users\userle\AppData\Roaming\Canneverbe Limited

[2013.02.24 18:13:28 | 000,000,000 | ---D | M] -- C:\Users\userle\AppData\Roaming\Canon

[2013.02.17 22:04:00 | 000,000,000 | ---D | M] -- C:\Users\userle\AppData\Roaming\DAEMON Tools Lite

[2013.02.20 20:10:15 | 000,000,000 | ---D | M] -- C:\Users\userle\AppData\Roaming\DVDVideoSoft

[2013.02.20 20:09:58 | 000,000,000 | ---D | M] -- C:\Users\userle\AppData\Roaming\DVDVideoSoftIEHelpers

[2013.06.01 14:10:09 | 000,000,000 | ---D | M] -- C:\Users\userle\AppData\Roaming\FreeFLVConverter

[2013.06.08 14:36:50 | 000,000,000 | ---D | M] -- C:\Users\userle\AppData\Roaming\ICQ

[2013.04.07 18:30:33 | 000,000,000 | ---D | M] -- C:\Users\userle\AppData\Roaming\LG Electronics

[2013.03.09 18:35:15 | 000,000,000 | ---D | M] -- C:\Users\userle\AppData\Roaming\ManyCam

[2013.02.21 23:41:17 | 000,000,000 | ---D | M] -- C:\Users\userle\AppData\Roaming\OpenCandy

[2013.06.08 21:28:17 | 000,000,000 | ---D | M] -- C:\Users\userle\AppData\Roaming\Spotify

[2013.02.17 21:24:13 | 000,000,000 | ---D | M] -- C:\Users\userle\AppData\Roaming\Thunderbird

[2013.06.05 19:46:40 | 000,000,000 | ---D | M] -- C:\Users\userle\AppData\Roaming\uTorrent

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %SYSTEMDRIVE%\*. >

[2013.02.17 18:16:48 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin

[2013.05.31 20:42:30 | 000,000,000 | ---D | M] -- C:\Bilder

[2013.02.18 00:55:44 | 000,000,000 | ---D | M] -- C:\Dell

[2013.02.17 18:13:16 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen

[2013.04.03 20:56:58 | 000,000,000 | ---D | M] -- C:\Filme

[2013.04.07 18:33:53 | 000,000,000 | ---D | M] -- C:\LGMobileUpgrade

[2013.04.07 18:11:41 | 000,000,000 | ---D | M] -- C:\LGP880

[2013.03.28 23:31:16 | 000,000,000 | ---D | M] -- C:\Musik

[2013.04.03 12:36:47 | 000,000,000 | ---D | M] -- C:\Privat

[2013.06.09 00:39:40 | 000,000,000 | R--D | M] -- C:\Program Files

[2013.06.08 16:35:25 | 000,000,000 | -H-D | M] -- C:\ProgramData

[2013.02.17 18:13:17 | 000,000,000 | -HSD | M] -- C:\Programme

[2013.02.17 18:13:17 | 000,000,000 | -HSD | M] -- C:\Recovery

[2013.06.09 00:40:11 | 000,000,000 | ---D | M] -- C:\sh4ldr

[2013.06.09 01:50:15 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2013.05.12 15:11:44 | 000,000,000 | ---D | M] -- C:\Uni

[2013.02.17 21:25:22 | 000,000,000 | R--D | M] -- C:\Users

[2013.06.09 11:26:08 | 000,000,000 | ---D | M] -- C:\Windows

 
 < %PROGRAMFILES%\*.exe >

 
 < %LOCALAPPDATA%\*.exe >

 
 < %systemroot%\*. /mp /s >

 
 < C:\Windows\system32\*.tsp >

[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp

[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp

[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp

[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp

[2009.07.14 03:14:11 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp

[2009.07.14 06:53:46 | 000,032,630 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2009.07.14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT

[2013.02.18 00:25:36 | 000,000,388 | ---- | C] () -- C:\Windows\Tasks\SlimDrivers Startup.job

[2013.03.26 21:49:22 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

[2013.03.31 14:29:55 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

[2013.03.31 14:29:56 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

[2013.04.24 15:18:20 | 000,000,910 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3788470504-4243836522-2258722930-1000Core.job

[2013.04.24 15:18:21 | 000,000,932 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3788470504-4243836522-2258722930-1000UA.job

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\userle\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20130217T222744686637\internal_ide_channel\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\userle\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20130217T222744686637\pci\cc_010601\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\userle\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20130217T222744686637\pci\ven_8086&dev_2850\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

 
 < MD5 for: EXPLORER.EXE  >

[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe

[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe

[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe

[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe

[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe

[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe

[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe

[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe

[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

 
 < MD5 for: IASTORV.SYS  >

[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys

[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys

[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys

[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys

[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys

[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys

[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll

[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys

[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys

[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys

[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys

[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys

[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys

[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys

[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll

[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll

[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe

[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe

[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe

[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe

[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 < %USERPROFILE%\*.* >

[2013.06.09 11:41:01 | 001,572,864 | -HS- | M] () -- C:\Users\userle\NTUSER.DAT

[2013.06.09 11:41:01 | 000,262,144 | -HS- | M] () -- C:\Users\userle\ntuser.dat.LOG1

[2013.02.17 18:16:29 | 000,000,000 | -HS- | M] () -- C:\Users\userle\ntuser.dat.LOG2

[2013.02.17 18:16:29 | 000,065,536 | -HS- | M] () -- C:\Users\userle\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf

[2013.02.17 18:16:29 | 000,524,288 | -HS- | M] () -- C:\Users\userle\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms

[2013.02.17 18:16:29 | 000,524,288 | -HS- | M] () -- C:\Users\userle\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms

[2013.02.17 18:16:29 | 000,000,020 | -HS- | M] () -- C:\Users\userle\ntuser.ini

 
 < %USERPROFILE%\Local Settings\Temp\*.exe >

 
 < %USERPROFILE%\Local Settings\Temp\*.dll >

 
 < %USERPROFILE%\Application Data\*.exe >

 
 < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

 
 <           >

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 60 bytes -> C:\Users\Public\Documents\.DS_Store:AFP_AfpInfo
 

< End of report >

--- --- ---

OTL EXTRAS Logfile:

Code:

OTL Extras logfile created on: 09.06.2013 11:31:58 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\userle\Desktop

 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,50 Gb Total Physical Memory | 3,09 Gb Available Physical Memory | 88,35% Memory free

6,99 Gb Paging File | 6,58 Gb Available in Paging File | 94,04% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 465,66 Gb Total Space | 203,27 Gb Free Space | 43,65% Space Free | Partition Type: NTFS

 

Computer Name: USERLE-PC | User Name: userle | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htafile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

"AntiVirusDisableNotify" = 1

"AntiVirusOverride" = 1

"FirewallDisableNotify" = 1

"FirewallOverride" = 1

"UpdatesDisableNotify" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0C57BBE1-FFEA-4C97-A71D-335C66F24BCD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{0FE133CD-B13E-404C-8280-763C031E6B2F}" = lport=139 | protocol=6 | dir=in | app=system | 

"{1E8C4E26-BAF8-4AED-BF98-477211B26D01}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{38EC1A9F-F8BD-48D9-AF98-24D986A529B5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{488B4167-6AA4-471E-AE66-A56594C47299}" = lport=138 | protocol=17 | dir=in | app=system | 

"{5441954A-4A8A-475A-91C6-C91F32489768}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{5D92FB1E-571E-4724-B351-D60187C7F87E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{6691E6DF-9E87-4678-8741-B20D05A99AFE}" = lport=445 | protocol=6 | dir=in | app=system | 

"{74FE90DA-4245-4584-BEB8-0E8ABCD5579D}" = rport=445 | protocol=6 | dir=out | app=system | 

"{7B48221E-94FC-42CA-80F6-A1BF910C8E33}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{81D01602-4221-4935-80A8-E74FFA180783}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 

"{86B7327C-3929-448E-BFCC-3E9A832E3DCC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{8AC9AFEC-7DD9-4188-9718-440000A367A4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{8C717F28-0C59-41AD-9446-888C37FE45FB}" = rport=139 | protocol=6 | dir=out | app=system | 

"{9004FE43-2622-4E93-856C-A42F072CC871}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{A81E3D5B-B26D-4751-B951-6DE53FCD258A}" = rport=137 | protocol=17 | dir=out | app=system | 

"{AB4BE23D-DA34-4976-AA78-28D0CAE6EB07}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{C0F7F35C-0207-498B-AC63-D57ABFBA34FC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{CAF82307-47E6-4FD1-81E8-FF38259130F4}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{CD08212D-280B-4CE8-BA70-31C73B0E4446}" = rport=138 | protocol=17 | dir=out | app=system | 

"{D076A6A4-3235-4217-A445-7E781C0E09DF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{D2E50543-BB5D-4B70-B8BF-8FF912165208}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{E835CAE4-8149-4C5D-9D11-EC4C109C0C9B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{F740CB8D-A3DF-4456-A4BB-BE4D2EB569E2}" = lport=137 | protocol=17 | dir=in | app=system | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{016E6892-5C1C-45D5-B667-CA3F67409AFC}" = protocol=6 | dir=in | app=c:\users\userle\appdata\roaming\spotify\spotify.exe | 

"{0E379AC4-F89B-45A6-90FC-DC2BD6D4BD24}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{13904566-7B9C-41CD-B00B-6AA20C49643D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{14A246A4-E235-4386-9263-DB6C19CB0B6D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 

"{1967BCCA-D703-49F1-B7BD-5547A0A3A4FA}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe | 

"{25A29EE0-2BA2-4F7B-AD4C-BD7D5518C5D5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 

"{33D8A9C9-5A1A-4A2E-9497-7083FEC7434A}" = dir=in | app=c:\users\userle\appdata\local\facebook\video\skype\facebookvideocalling.exe | 

"{42A7C406-986F-43EF-B799-EA90D9242C6E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 

"{44E4A6E3-18EE-4519-AB83-112373538A03}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{46D2ADAD-FE25-4FD1-B488-F4D75491F346}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{472DB4B4-93A5-4F0F-94F2-E2A9A41B1A84}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{488BCE4D-7FCE-446D-8232-8812B292DB8E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{5016FE3C-5BF6-4D9A-AF6D-5ABEBB48A936}" = dir=in | app=c:\program files\itunes\itunes.exe | 

"{55101CD4-8266-486D-88CF-B8BB62B6911C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{5E763E8D-B63E-4E1B-AC99-A4651B9A2FEE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{6252FB75-54AB-4481-9969-DCBDBF8535C2}" = protocol=17 | dir=in | app=c:\users\userle\appdata\roaming\spotify\spotify.exe | 

"{6CEF9417-767E-4692-AC4B-2B37ACEDA265}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{723406F7-3DD6-4264-B724-D9924BCC0C66}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{79A25013-6405-4131-AD29-2409334CD26D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{7BB1A49E-055B-4F56-B735-FD2AF200BC82}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe | 

"{88DA1809-53A5-452E-B095-CCBBBB5D4513}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{8DB44B1B-09CD-49BC-B025-7CC7B7E1431C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 

"{9837E709-1AA8-45F2-959D-C8E4AC0EDBC5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{9BB01477-F696-494C-810C-C2F5277329C5}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 

"{9C813D11-6FE3-45BF-B509-11691FFB9F9C}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe | 

"{9FB3C2E2-C4AB-42C3-8CD8-72BDD5E7AB75}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{A2C51D6B-5644-4E2A-9FB7-A9D186F43E54}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{B3D8EF61-651D-40FA-AE2B-4EE32BFE96BE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{C11BBFF1-7795-41D0-AC31-71D086B55E63}" = protocol=6 | dir=in | app=c:\users\userle\appdata\roaming\spotify\spotify.exe | 

"{C79A0FE5-3D6A-4102-92EB-832F4E38A062}" = protocol=6 | dir=out | app=system | 

"{C7EA98DC-C06E-4AF7-B5D0-FBE423B0C603}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe | 

"{E0E9F962-E777-477F-9442-DEDAA4F6F0CB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{E1B54B12-67B5-4070-AE4A-D3130754E7F0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{EFA65143-5F77-4B61-9DC6-F3F6097841ED}" = protocol=17 | dir=in | app=c:\users\userle\appdata\roaming\spotify\spotify.exe | 

"TCP Query User{36E55486-5FA0-4FA4-B7D1-2C6605B3B1BB}C:\users\userle\appdata\local\temp\rarsfx0\bie_kms.exe" = protocol=6 | dir=in | app=c:\users\userle\appdata\local\temp\rarsfx0\bie_kms.exe | 

"TCP Query User{8B560051-C8F6-44E6-975C-D792162DEF4B}C:\users\userle\appdata\local\temp\rarsfx1\bie_kms.exe" = protocol=6 | dir=in | app=c:\users\userle\appdata\local\temp\rarsfx1\bie_kms.exe | 

"TCP Query User{AB451CD4-21A9-4E59-AFCB-77469E0CFE00}C:\program files\icq7.7\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe | 

"UDP Query User{0B5A1D1A-8126-4A08-95A6-F19243E2088B}C:\program files\icq7.7\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe | 

"UDP Query User{31BE56E9-16D0-4F6D-8B1E-D526E23AF578}C:\users\userle\appdata\local\temp\rarsfx1\bie_kms.exe" = protocol=17 | dir=in | app=c:\users\userle\appdata\local\temp\rarsfx1\bie_kms.exe | 

"UDP Query User{CC134129-402C-4CCB-92B6-1FBF732E4341}C:\users\userle\appdata\local\temp\rarsfx0\bie_kms.exe" = protocol=17 | dir=in | app=c:\users\userle\appdata\local\temp\rarsfx0\bie_kms.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series" = Canon MG5300 series MP Drivers

"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17

"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver

"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP

"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX

"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010

"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010

"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010

"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010

"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010

"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010

"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010

"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010

"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010

"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010

"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010

"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch

"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.90

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.90

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.90

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287

"{C0508079-0000-4F68-A4DF-29C7ED7182C6}" = SlimDrivers

"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"{E89498D8-1430-4A2B-A76A-4A71326981E9}" = SpyHunter

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"AVI Splitter_is1" = AVI Splitter

"Avira AntiVir Desktop" = Avira Free Antivirus

"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX

"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool

"COWON D3 Plenue Android Upgrade" = COWON D3 Plenue Android Upgrade

"Creative OEM004" = Laptop Integrated Webcam Driver (1.03.01.1011)  

"DAEMON Tools Lite" = DAEMON Tools Lite

"EB80D11E8D7946E220412AE1F2F19A1C5CD5FF7D" = Windows-Treiberpaket - Telechips Inc (vtcdrv) USB  (05/07/2010 5.0.0.1)

"Free FLV Converter_is1" = Free FLV Converter V 7.5.0

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128

"LG PC Suite" = LG PC Suite

"ManyCam" = ManyCam 2.6.30 (remove only)

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Moo0 VoiceRecorder" = Moo0 VoiceRecorder 1.32

"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)

"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"Office14.PROPLUS" = Microsoft Office Professional Plus 2010

"VLC media player" = VLC media player 2.0.5

"WinRAR archiver" = WinRAR 4.20 (32-Bit)

"Zattoo4" = Zattoo4 4.0.5

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater

"9204f5692a8faf3b" = Dell System Detect

"Spotify" = Spotify

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 02.06.2013 07:38:50 | Computer Name = userle-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 7316

 

Error - 02.06.2013 07:38:50 | Computer Name = userle-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 7316

 

Error - 02.06.2013 15:03:58 | Computer Name = userle-PC | Source = STacSV | ID = 268435455

Description = 

 

Error - 03.06.2013 01:58:46 | Computer Name = userle-PC | Source = STacSV | ID = 268435455

Description = 

 

Error - 03.06.2013 02:21:36 | Computer Name = userle-PC | Source = STacSV | ID = 268435455

Description = 

 

Error - 03.06.2013 03:00:21 | Computer Name = userle-PC | Source = STacSV | ID = 268435455

Description = 

 

Error - 03.06.2013 03:23:05 | Computer Name = userle-PC | Source = Google Update | ID = 20

Description = 

 

Error - 03.06.2013 16:10:55 | Computer Name = userle-PC | Source = STacSV | ID = 268435455

Description = 

 

Error - 04.06.2013 07:19:45 | Computer Name = userle-PC | Source = STacSV | ID = 268435455

Description = 

 

Error - 05.06.2013 04:44:49 | Computer Name = userle-PC | Source = STacSV | ID = 268435455

Description = 

 

[ System Events ]

Error - 20.04.2013 16:25:46 | Computer Name = userle-PC | Source = Disk | ID = 262155

Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

 

Error - 20.04.2013 16:25:48 | Computer Name = userle-PC | Source = Disk | ID = 262155

Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

 

Error - 20.04.2013 16:25:48 | Computer Name = userle-PC | Source = Disk | ID = 262155

Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

 

Error - 27.04.2013 16:51:06 | Computer Name = userle-PC | Source = EventLog | ID = 6008

Description = Das System wurde zuvor am ?27.?04.?2013 um 22:45:53 unerwartet heruntergefahren.

 

Error - 09.05.2013 17:09:02 | Computer Name = userle-PC | Source = Tcpip | ID = 4199

Description = Das System hat einen Adressenkonflikt der IP-Adresse 10.0.1.2 mit 

dem Computer mit der  Netzwerkhardwareadresse 94-44-44-07-DA-4F ermittelt. Netzwerkvorgänge

 könnten daher auf diesem  System unterbrochen werden.

 

Error - 03.06.2013 02:00:29 | Computer Name = userle-PC | Source = Service Control Manager | ID = 7009

Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst

 Bluetooth-Unterstützungsdienst erreicht.

 

Error - 03.06.2013 02:00:29 | Computer Name = userle-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "Bluetooth-Unterstützungsdienst" wurde aufgrund folgenden

 Fehlers nicht gestartet:   %%1053

 

Error - 03.06.2013 03:02:15 | Computer Name = userle-PC | Source = Service Control Manager | ID = 7009

Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst

 Windows Search erreicht.

 

Error - 03.06.2013 03:02:18 | Computer Name = userle-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht

 gestartet:   %%1053

 

Error - 03.06.2013 03:02:18 | Computer Name = userle-PC | Source = DCOM | ID = 10005

Description = 

 

 

< End of report >

--- --- ---

12:31:46.0396 5784 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:31:46.0543 5784 ============================================================
12:31:46.0543 5784 Current date / time: 2013/06/09 12:31:46.0543
12:31:46.0543 5784 SystemInfo:
12:31:46.0543 5784
12:31:46.0543 5784 OS Version: 6.1.7600 ServicePack: 0.0
12:31:46.0543 5784 Product type: Workstation
12:31:46.0543 5784 ComputerName: USERLE-PC
12:31:46.0543 5784 UserName: userle
12:31:46.0543 5784 Windows directory: C:\Windows
12:31:46.0543 5784 System windows directory: C:\Windows
12:31:46.0544 5784 Processor architecture: Intel x86
12:31:46.0544 5784 Number of processors: 2
12:31:46.0544 5784 Page size: 0x1000
12:31:46.0544 5784 Boot type: Normal boot
12:31:46.0544 5784 ============================================================
12:31:49.0825 5784 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:31:49.0826 5784 ============================================================
12:31:49.0826 5784 \Device\Harddisk0\DR0:
12:31:49.0827 5784 MBR partitions:
12:31:49.0827 5784 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:31:49.0827 5784 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
12:31:49.0827 5784 ============================================================
12:31:49.0840 5784 C: <-> \Device\Harddisk0\DR0\Partition2
12:31:49.0841 5784 ============================================================
12:31:49.0841 5784 Initialize success
12:31:49.0841 5784 ============================================================
12:32:42.0881 4812 ============================================================
12:32:42.0881 4812 Scan started
12:32:42.0881 4812 Mode: Manual; SigCheck; TDLFS;
12:32:42.0881 4812 ============================================================
12:32:54.0722 4812 ================ Scan system memory ========================
12:32:54.0722 4812 System memory - ok
12:32:54.0722 4812 ================ Scan services =============================
12:32:55.0493 4812 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:32:55.0904 4812 1394ohci - ok
12:32:55.0993 4812 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:32:56.0015 4812 ACPI - ok
12:32:56.0069 4812 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:32:56.0242 4812 AcpiPmi - ok
12:32:56.0434 4812 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:32:56.0447 4812 AdobeARMservice - ok
12:32:56.0531 4812 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:32:56.0547 4812 AdobeFlashPlayerUpdateSvc - ok
12:32:56.0652 4812 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
12:32:56.0674 4812 adp94xx - ok
12:32:56.0816 4812 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
12:32:56.0839 4812 adpahci - ok
12:32:57.0080 4812 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
12:32:57.0095 4812 adpu320 - ok
12:32:57.0303 4812 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:32:57.0389 4812 AeLookupSvc - ok
12:32:57.0526 4812 [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD C:\Windows\system32\drivers\afd.sys
12:32:57.0580 4812 AFD - ok
12:32:57.0634 4812 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
12:32:57.0648 4812 agp440 - ok
12:32:58.0123 4812 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
12:32:58.0191 4812 aic78xx - ok
12:32:58.0356 4812 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
12:32:58.0432 4812 ALG - ok
12:32:58.0552 4812 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
12:32:58.0567 4812 aliide - ok
12:32:58.0642 4812 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
12:32:58.0655 4812 amdagp - ok
12:32:58.0669 4812 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
12:32:58.0681 4812 amdide - ok
12:32:58.0724 4812 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
12:32:58.0750 4812 AmdK8 - ok
12:32:58.0754 4812 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
12:32:58.0805 4812 AmdPPM - ok
12:32:58.0939 4812 [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:32:58.0952 4812 amdsata - ok
12:32:59.0047 4812 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
12:32:59.0061 4812 amdsbs - ok
12:32:59.0151 4812 [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:32:59.0163 4812 amdxata - ok
12:32:59.0232 4812 [ 39E58CE46F87D039994F20B4295887CC ] AndNetDiag C:\Windows\system32\DRIVERS\lgandnetdiag.sys
12:32:59.0292 4812 AndNetDiag - ok
12:32:59.0311 4812 [ 2D9231585B67DC7432D135F1EA305655 ] ANDNetModem C:\Windows\system32\DRIVERS\lgandnetmodem.sys
12:32:59.0424 4812 ANDNetModem - ok
12:32:59.0630 4812 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
12:32:59.0670 4812 AntiVirSchedulerService - ok
12:32:59.0776 4812 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
12:32:59.0786 4812 AntiVirService - ok
12:32:59.0987 4812 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys
12:33:00.0090 4812 AppID - ok
12:33:00.0179 4812 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:33:00.0427 4812 AppIDSvc - ok
12:33:00.0612 4812 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll
12:33:00.0722 4812 Appinfo - ok
12:33:00.0879 4812 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:33:00.0889 4812 Apple Mobile Device - ok
12:33:00.0948 4812 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
12:33:01.0045 4812 AppMgmt - ok
12:33:01.0211 4812 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
12:33:01.0224 4812 arc - ok
12:33:01.0246 4812 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
12:33:01.0262 4812 arcsas - ok
12:33:01.0342 4812 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:33:01.0375 4812 AsyncMac - ok
12:33:01.0401 4812 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
12:33:01.0414 4812 atapi - ok
12:33:01.0531 4812 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:33:01.0618 4812 AudioEndpointBuilder - ok
12:33:01.0653 4812 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll
12:33:01.0693 4812 Audiosrv - ok
12:33:01.0735 4812 [ 87425709A251386064C99B684BF96F72 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
12:33:01.0788 4812 avgntflt - ok
12:33:01.0868 4812 [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
12:33:01.0883 4812 avipbb - ok
12:33:01.0924 4812 [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
12:33:01.0935 4812 avkmgr - ok
12:33:02.0050 4812 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:33:02.0159 4812 AxInstSV - ok
12:33:02.0220 4812 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
12:33:02.0354 4812 b06bdrv - ok
12:33:02.0416 4812 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
12:33:02.0443 4812 b57nd60x - ok
12:33:02.0556 4812 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
12:33:02.0670 4812 BDESVC - ok
12:33:02.0842 4812 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
12:33:02.0888 4812 Beep - ok
12:33:02.0998 4812 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\Windows\System32\bfe.dll
12:33:03.0077 4812 BFE - ok
12:33:03.0145 4812 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\Windows\System32\qmgr.dll
12:33:03.0276 4812 BITS - ok
12:33:03.0295 4812 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:33:03.0340 4812 blbdrive - ok
12:33:03.0477 4812 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:33:03.0492 4812 Bonjour Service - ok
12:33:03.0556 4812 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:33:03.0617 4812 bowser - ok
12:33:03.0651 4812 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:33:03.0729 4812 BrFiltLo - ok
12:33:03.0734 4812 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:33:03.0810 4812 BrFiltUp - ok
12:33:03.0907 4812 [ A0E691DC6589D4D2CBE373171D1A49E5 ] Browser C:\Windows\System32\browser.dll
12:33:04.0107 4812 Browser - ok
12:33:04.0237 4812 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:33:04.0380 4812 Brserid - ok
12:33:04.0417 4812 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:33:04.0518 4812 BrSerWdm - ok
12:33:04.0538 4812 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:33:04.0563 4812 BrUsbMdm - ok
12:33:04.0578 4812 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:33:04.0616 4812 BrUsbSer - ok
12:33:04.0735 4812 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
12:33:04.0762 4812 BthEnum - ok
12:33:04.0808 4812 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
12:33:04.0835 4812 BTHMODEM - ok
12:33:04.0890 4812 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
12:33:04.0952 4812 BthPan - ok
12:33:05.0011 4812 [ 4A34888E13224678DD062466AFEC4240 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
12:33:05.0052 4812 BTHPORT - ok
12:33:05.0102 4812 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
12:33:05.0134 4812 bthserv - ok
12:33:05.0172 4812 [ FA04C63916FA221DBB91FCE153D07A55 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
12:33:05.0254 4812 BTHUSB - ok
12:33:05.0320 4812 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:33:05.0356 4812 cdfs - ok
12:33:05.0424 4812 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:33:05.0483 4812 cdrom - ok
12:33:05.0628 4812 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll
12:33:05.0799 4812 CertPropSvc - ok
12:33:05.0946 4812 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
12:33:05.0985 4812 circlass - ok
12:33:06.0013 4812 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
12:33:06.0029 4812 CLFS - ok
12:33:06.0254 4812 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:33:06.0265 4812 clr_optimization_v2.0.50727_32 - ok
12:33:06.0466 4812 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:33:06.0477 4812 clr_optimization_v4.0.30319_32 - ok
12:33:06.0513 4812 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:33:06.0577 4812 CmBatt - ok
12:33:06.0623 4812 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:33:06.0636 4812 cmdide - ok
12:33:06.0664 4812 [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG C:\Windows\system32\Drivers\cng.sys
12:33:06.0703 4812 CNG - ok
12:33:06.0800 4812 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:33:06.0812 4812 Compbatt - ok
12:33:06.0905 4812 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
12:33:06.0919 4812 CompositeBus - ok
12:33:06.0937 4812 COMSysApp - ok
12:33:06.0949 4812 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
12:33:06.0960 4812 crcdisk - ok
12:33:07.0046 4812 [ F2FDE6C8DBAAD44CC58D1E07E4AF4EED ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:33:07.0227 4812 CryptSvc - ok
12:33:07.0276 4812 [ 27C9490BDD0AE48911AB8CF1932591ED ] CSC C:\Windows\system32\drivers\csc.sys
12:33:07.0350 4812 CSC - ok
12:33:07.0450 4812 [ 56FB5F222EA30D3D3FC459879772CB73 ] CscService C:\Windows\System32\cscsvc.dll
12:33:07.0489 4812 CscService - ok
12:33:07.0580 4812 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll
12:33:07.0635 4812 DcomLaunch - ok
12:33:07.0686 4812 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
12:33:07.0808 4812 defragsvc - ok
12:33:07.0919 4812 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:33:07.0957 4812 DfsC - ok
12:33:08.0078 4812 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll
12:33:08.0213 4812 Dhcp - ok
12:33:08.0247 4812 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
12:33:08.0290 4812 discache - ok
12:33:08.0338 4812 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
12:33:08.0349 4812 Disk - ok
12:33:08.0450 4812 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:33:08.0563 4812 Dnscache - ok
12:33:08.0604 4812 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll
12:33:08.0645 4812 dot3svc - ok
12:33:08.0658 4812 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll
12:33:08.0728 4812 DPS - ok
12:33:08.0829 4812 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:33:08.0895 4812 drmkaud - ok
12:33:08.0929 4812 [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
12:33:08.0942 4812 dtsoftbus01 - ok
12:33:09.0026 4812 [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:33:09.0087 4812 DXGKrnl - ok
12:33:09.0185 4812 [ 22EF8965101685ADD128F03A2B03CE16 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
12:33:09.0203 4812 E1G60 - ok
12:33:09.0363 4812 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
12:33:09.0528 4812 EapHost - ok
12:33:09.0655 4812 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
12:33:09.0794 4812 ebdrv - ok
12:33:10.0013 4812 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS C:\Windows\System32\lsass.exe
12:33:10.0104 4812 EFS - ok
12:33:10.0218 4812 [ 1697C39978CD69F6FBC15302EDCECE1F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:33:10.0324 4812 ehRecvr - ok
12:33:10.0443 4812 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
12:33:10.0504 4812 ehSched - ok
12:33:10.0549 4812 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
12:33:10.0568 4812 elxstor - ok
12:33:10.0582 4812 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:33:10.0624 4812 ErrDev - ok
12:33:10.0858 4812 [ 2407B8164E966755BC6A4242FC9DE31E ] esgiguard C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
12:33:10.0867 4812 esgiguard - ok
12:33:11.0127 4812 [ 01CE484FF6D70A39479BC6D619DE7ED6 ] EsgScanner C:\Windows\system32\DRIVERS\EsgScanner.sys
12:33:11.0147 4812 EsgScanner - ok
12:33:11.0257 4812 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
12:33:11.0287 4812 EventSystem - ok
12:33:11.0316 4812 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
12:33:11.0401 4812 exfat - ok
12:33:11.0487 4812 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:33:11.0524 4812 fastfat - ok
12:33:11.0582 4812 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe
12:33:11.0705 4812 Fax - ok
12:33:11.0723 4812 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:33:11.0748 4812 fdc - ok
12:33:11.0752 4812 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
12:33:11.0788 4812 fdPHost - ok
12:33:11.0797 4812 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
12:33:11.0842 4812 FDResPub - ok
12:33:11.0881 4812 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:33:11.0893 4812 FileInfo - ok
12:33:11.0922 4812 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:33:11.0962 4812 Filetrace - ok
12:33:12.0036 4812 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:33:12.0110 4812 flpydisk - ok
12:33:12.0150 4812 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:33:12.0164 4812 FltMgr - ok
12:33:12.0216 4812 [ 7FE4995528A7529A761875151EE3D512 ] FontCache C:\Windows\system32\FntCache.dll
12:33:12.0304 4812 FontCache - ok
12:33:12.0470 4812 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:33:12.0480 4812 FontCache3.0.0.0 - ok
12:33:12.0504 4812 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:33:12.0516 4812 FsDepends - ok
12:33:12.0547 4812 [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:33:12.0559 4812 Fs_Rec - ok
12:33:12.0598 4812 [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:33:12.0614 4812 fvevol - ok
12:33:12.0654 4812 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
12:33:12.0666 4812 gagp30kx - ok
12:33:12.0702 4812 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:33:12.0710 4812 GEARAspiWDM - ok
12:33:12.0749 4812 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll
12:33:12.0812 4812 gpsvc - ok
12:33:12.0956 4812 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
12:33:12.0965 4812 gupdate - ok
12:33:12.0970 4812 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
12:33:12.0981 4812 gupdatem - ok
12:33:13.0074 4812 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:33:13.0125 4812 hcw85cir - ok
12:33:13.0234 4812 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:33:13.0267 4812 HdAudAddService - ok
12:33:13.0349 4812 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
12:33:13.0383 4812 HDAudBus - ok
12:33:13.0411 4812 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
12:33:13.0431 4812 HidBatt - ok
12:33:13.0437 4812 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
12:33:13.0493 4812 HidBth - ok
12:33:13.0527 4812 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
12:33:13.0554 4812 HidIr - ok
12:33:13.0580 4812 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
12:33:13.0619 4812 hidserv - ok
12:33:13.0643 4812 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:33:13.0669 4812 HidUsb - ok
12:33:13.0731 4812 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:33:13.0771 4812 hkmsvc - ok
12:33:13.0789 4812 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:33:13.0833 4812 HomeGroupListener - ok
12:33:13.0906 4812 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:33:13.0950 4812 HomeGroupProvider - ok
12:33:14.0002 4812 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:33:14.0014 4812 HpSAMD - ok
12:33:14.0059 4812 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:33:14.0145 4812 HTTP - ok
12:33:14.0157 4812 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:33:14.0169 4812 hwpolicy - ok
12:33:14.0227 4812 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
12:33:14.0294 4812 i8042prt - ok
12:33:14.0358 4812 [ 71F1A494FEDF4B33C02C4A6A28D6D9E9 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:33:14.0375 4812 iaStorV - ok
12:33:14.0504 4812 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:33:14.0543 4812 idsvc - ok
12:33:14.0599 4812 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
12:33:14.0611 4812 iirsp - ok
12:33:14.0739 4812 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll
12:33:14.0897 4812 IKEEXT - ok
12:33:14.0970 4812 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
12:33:14.0982 4812 intelide - ok
12:33:15.0079 4812 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:33:15.0092 4812 intelppm - ok
12:33:15.0140 4812 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:33:15.0179 4812 IPBusEnum - ok
12:33:15.0207 4812 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:33:15.0264 4812 IpFilterDriver - ok
12:33:15.0413 4812 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:33:15.0568 4812 iphlpsvc - ok
12:33:15.0646 4812 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:33:15.0658 4812 IPMIDRV - ok
12:33:15.0699 4812 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:33:15.0740 4812 IPNAT - ok
12:33:15.0805 4812 [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
12:33:15.0823 4812 iPod Service - ok
12:33:15.0894 4812 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:33:15.0910 4812 IRENUM - ok
12:33:15.0996 4812 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:33:16.0008 4812 isapnp - ok
12:33:16.0048 4812 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:33:16.0062 4812 iScsiPrt - ok
12:33:16.0156 4812 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
12:33:16.0168 4812 kbdclass - ok
12:33:16.0548 4812 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
12:33:16.0636 4812 kbdhid - ok
12:33:16.0657 4812 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso C:\Windows\system32\lsass.exe
12:33:16.0670 4812 KeyIso - ok
12:33:16.0864 4812 [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:33:16.0877 4812 KSecDD - ok
12:33:17.0025 4812 [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:33:17.0056 4812 KSecPkg - ok
12:33:17.0122 4812 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
12:33:17.0189 4812 KtmRm - ok
12:33:17.0307 4812 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\Windows\system32\srvsvc.dll
12:33:17.0432 4812 LanmanServer - ok
12:33:17.0471 4812 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:33:17.0503 4812 LanmanWorkstation - ok
12:33:17.0584 4812 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:33:17.0610 4812 lltdio - ok
12:33:17.0702 4812 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:33:17.0770 4812 lltdsvc - ok
12:33:17.0831 4812 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
12:33:17.0872 4812 lmhosts - ok
12:33:18.0062 4812 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
12:33:18.0075 4812 LSI_FC - ok
12:33:18.0276 4812 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
12:33:18.0289 4812 LSI_SAS - ok
12:33:18.0307 4812 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:33:18.0319 4812 LSI_SAS2 - ok
12:33:18.0325 4812 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:33:18.0338 4812 LSI_SCSI - ok
12:33:18.0377 4812 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
12:33:18.0426 4812 luafv - ok
12:33:18.0499 4812 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:33:18.0544 4812 Mcx2Svc - ok
12:33:18.0634 4812 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
12:33:18.0645 4812 megasas - ok
12:33:18.0981 4812 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
12:33:18.0996 4812 MegaSR - ok
12:33:19.0070 4812 Microsoft SharePoint Workspace Audit Service - ok
12:33:19.0270 4812 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
12:33:19.0297 4812 MMCSS - ok
12:33:19.0361 4812 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
12:33:19.0405 4812 Modem - ok
12:33:19.0450 4812 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:33:19.0599 4812 monitor - ok
12:33:19.0661 4812 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:33:19.0675 4812 mouclass - ok
12:33:19.0749 4812 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:33:19.0769 4812 mouhid - ok
12:33:20.0107 4812 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:33:20.0122 4812 mountmgr - ok
12:33:20.0406 4812 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:33:20.0418 4812 MozillaMaintenance - ok
12:33:20.0633 4812 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\drivers\mpio.sys
12:33:20.0660 4812 mpio - ok
12:33:20.0792 4812 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:33:20.0848 4812 mpsdrv - ok
12:33:21.0024 4812 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\Windows\system32\mpssvc.dll
12:33:21.0354 4812 MpsSvc - ok
12:33:21.0380 4812 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:33:21.0404 4812 MRxDAV - ok
12:33:21.0463 4812 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:33:21.0492 4812 mrxsmb - ok
12:33:21.0752 4812 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:33:21.0766 4812 mrxsmb10 - ok
12:33:21.0815 4812 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:33:21.0828 4812 mrxsmb20 - ok
12:33:21.0983 4812 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\drivers\msahci.sys
12:33:21.0996 4812 msahci - ok
12:33:22.0034 4812 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:33:22.0067 4812 msdsm - ok
12:33:22.0217 4812 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
12:33:22.0277 4812 MSDTC - ok
12:33:22.0337 4812 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:33:22.0363 4812 Msfs - ok
12:33:22.0458 4812 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:33:22.0628 4812 mshidkmdf - ok
12:33:22.0846 4812 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:33:22.0857 4812 msisadrv - ok
12:33:23.0129 4812 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:33:23.0172 4812 MSiSCSI - ok
12:33:23.0181 4812 msiserver - ok
12:33:23.0328 4812 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:33:24.0153 4812 MSKSSRV - ok
12:33:24.0168 4812 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:33:24.0214 4812 MSPCLOCK - ok
12:33:24.0349 4812 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:33:24.0400 4812 MSPQM - ok
12:33:24.0499 4812 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:33:24.0515 4812 MsRPC - ok
12:33:24.0613 4812 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
12:33:24.0625 4812 mssmbios - ok
12:33:24.0694 4812 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:33:24.0719 4812 MSTEE - ok
12:33:24.0746 4812 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
12:33:24.0772 4812 MTConfig - ok
12:33:24.0816 4812 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
12:33:24.0828 4812 Mup - ok
12:33:24.0874 4812 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll
12:33:25.0052 4812 napagent - ok
12:33:25.0499 4812 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:33:25.0523 4812 NativeWifiP - ok
12:33:25.0644 4812 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:33:25.0668 4812 NDIS - ok
12:33:25.0717 4812 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:33:25.0808 4812 NdisCap - ok
12:33:25.0851 4812 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:33:25.0885 4812 NdisTapi - ok
12:33:25.0956 4812 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:33:25.0984 4812 Ndisuio - ok
12:33:26.0097 4812 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:33:26.0130 4812 NdisWan - ok
12:33:26.0238 4812 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:33:26.0270 4812 NDProxy - ok
12:33:26.0407 4812 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:33:26.0446 4812 NetBIOS - ok
12:33:26.0669 4812 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:33:26.0757 4812 NetBT - ok
12:33:26.0980 4812 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon C:\Windows\system32\lsass.exe
12:33:26.0993 4812 Netlogon - ok
12:33:27.0496 4812 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
12:33:27.0612 4812 Netman - ok
12:33:27.0746 4812 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
12:33:27.0806 4812 netprofm - ok
12:33:27.0873 4812 [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:33:27.0883 4812 NetTcpPortSharing - ok
12:33:27.0979 4812 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
12:33:28.0249 4812 netw5v32 - ok
12:33:28.0635 4812 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
12:33:28.0649 4812 nfrd960 - ok
12:33:28.0936 4812 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll
12:33:29.0044 4812 NlaSvc - ok
12:33:29.0139 4812 [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess C:\Program Files\CDBurnerXP\NMSAccessU.exe
12:33:29.0210 4812 NMSAccess - ok
12:33:29.0321 4812 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:33:29.0362 4812 Npfs - ok
12:33:29.0467 4812 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
12:33:29.0495 4812 nsi - ok
12:33:29.0623 4812 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:33:29.0690 4812 nsiproxy - ok
12:33:29.0827 4812 [ 5126C5402C730C2A953275D8497A4715 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:33:29.0884 4812 Ntfs - ok
12:33:29.0962 4812 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
12:33:30.0033 4812 Null - ok
12:33:30.0603 4812 [ 2FA5434344AF84D73F66BA402FF78690 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:33:30.0906 4812 nvlddmkm - ok
12:33:31.0004 4812 [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:33:31.0017 4812 nvraid - ok
12:33:31.0219 4812 [ 4520B63899E867F354EE012D34E11536 ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:33:31.0236 4812 nvstor - ok
12:33:31.0463 4812 [ B785320CBCF5021DE9945C803696C511 ] nvsvc C:\Windows\system32\nvvsvc.exe
12:33:31.0500 4812 nvsvc - ok
12:33:31.0652 4812 [ D2B064796C369F82E96397F721C4A29D ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
12:33:31.0695 4812 nvUpdatusService - ok
12:33:31.0814 4812 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:33:31.0827 4812 nv_agp - ok
12:33:31.0889 4812 [ 86326062A90494BDD79CE383511D7D69 ] OEM04Vfx C:\Windows\system32\DRIVERS\OEM04Vfx.sys
12:33:31.0908 4812 OEM04Vfx - ok
12:33:32.0099 4812 [ 40E9BFD9F64DFB32C1EAFBAA0576C55D ] OEM04Vid C:\Windows\system32\DRIVERS\OEM04Vid.sys
12:33:32.0121 4812 OEM04Vid - ok
12:33:32.0299 4812 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:33:32.0336 4812 ohci1394 - ok
12:33:32.0688 4812 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:33:32.0699 4812 ose - ok
12:33:33.0040 4812 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:33:33.0197 4812 osppsvc - ok
12:33:33.0282 4812 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:33:33.0392 4812 p2pimsvc - ok
12:33:33.0413 4812 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
12:33:33.0431 4812 p2psvc - ok
12:33:33.0471 4812 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
12:33:33.0492 4812 Parport - ok
12:33:33.0600 4812 [ 66D3415C159741ADE7038A277EFFF99F ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:33:33.0612 4812 partmgr - ok
12:33:33.0782 4812 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
12:33:33.0810 4812 Parvdm - ok
12:33:34.0109 4812 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:33:34.0141 4812 PcaSvc - ok
12:33:34.0193 4812 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\drivers\pci.sys
12:33:34.0206 4812 pci - ok
12:33:34.0418 4812 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
12:33:34.0430 4812 pciide - ok
12:33:34.0703 4812 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
12:33:34.0723 4812 pcmcia - ok
12:33:34.0893 4812 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
12:33:34.0906 4812 pcw - ok
12:33:35.0019 4812 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:33:35.0112 4812 PEAUTH - ok
12:33:35.0312 4812 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
12:33:35.0403 4812 PeerDistSvc - ok
12:33:35.0546 4812 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll
12:33:35.0675 4812 pla - ok
12:33:35.0738 4812 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:33:35.0809 4812 PlugPlay - ok
12:33:35.0844 4812 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:33:35.0869 4812 PNRPAutoReg - ok
12:33:35.0904 4812 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:33:35.0919 4812 PNRPsvc - ok
12:33:35.0953 4812 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:33:36.0238 4812 PolicyAgent - ok
12:33:36.0397 4812 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll
12:33:36.0425 4812 Power - ok
12:33:36.0666 4812 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:33:36.0766 4812 PptpMiniport - ok
12:33:36.0912 4812 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
12:33:36.0941 4812 Processor - ok
12:33:37.0271 4812 [ AEA3BDBDBA667AA6F678CB38907E4F5E ] ProfSvc C:\Windows\system32\profsvc.dll
12:33:37.0356 4812 ProfSvc - ok
12:33:37.0457 4812 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:33:37.0481 4812 ProtectedStorage - ok
12:33:37.0755 4812 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:33:37.0790 4812 Psched - ok
12:33:37.0933 4812 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
12:33:38.0005 4812 ql2300 - ok
12:33:38.0084 4812 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
12:33:38.0096 4812 ql40xx - ok
12:33:38.0141 4812 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
12:33:38.0312 4812 QWAVE - ok
12:33:38.0355 4812 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:33:38.0369 4812 QWAVEdrv - ok
12:33:38.0505 4812 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:33:38.0538 4812 RasAcd - ok
12:33:38.0986 4812 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:33:39.0033 4812 RasAgileVpn - ok
12:33:39.0542 4812 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
12:33:39.0575 4812 RasAuto - ok
12:33:39.0955 4812 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:33:40.0014 4812 Rasl2tp - ok
12:33:40.0327 4812 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll
12:33:40.0362 4812 RasMan - ok
12:33:40.0527 4812 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:33:40.0564 4812 RasPppoe - ok
12:33:40.0662 4812 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:33:40.0688 4812 RasSstp - ok
12:33:41.0221 4812 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:33:41.0311 4812 rdbss - ok
12:33:41.0483 4812 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
12:33:41.0514 4812 rdpbus - ok
12:33:41.0531 4812 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:33:41.0556 4812 RDPCDD - ok
12:33:41.0588 4812 [ C5FF95883FFEF704D50C40D21CFB3AB5 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
12:33:41.0631 4812 RDPDR - ok
12:33:41.0748 4812 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:33:41.0785 4812 RDPENCDD - ok
12:33:41.0957 4812 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:33:41.0986 4812 RDPREFMP - ok
12:33:42.0177 4812 [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:33:42.0225 4812 RDPWD - ok
12:33:42.0330 4812 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:33:42.0344 4812 rdyboost - ok
12:33:42.0521 4812 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
12:33:42.0556 4812 RemoteAccess - ok
12:33:42.0587 4812 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:33:42.0619 4812 RemoteRegistry - ok
12:33:42.0723 4812 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
12:33:43.0093 4812 RFCOMM - ok
12:33:43.0157 4812 [ D85E3FA9F5B1F29BB4ED185C450D1470 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
12:33:43.0302 4812 rimmptsk - ok
12:33:43.0466 4812 [ DB8EB01C58C9FADA00C70B1775278AE0 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
12:33:43.0506 4812 rimsptsk - ok
12:33:43.0511 4812 [ 6C1F93C0760C9F79A1869D07233DF39D ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
12:33:43.0948 4812 rismxdp - ok
12:33:44.0020 4812 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:33:44.0059 4812 RpcEptMapper - ok
12:33:44.0296 4812 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
12:33:44.0317 4812 RpcLocator - ok
12:33:44.0681 4812 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll
12:33:44.0712 4812 RpcSs - ok
12:33:45.0413 4812 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:33:45.0451 4812 rspndr - ok
12:33:45.0608 4812 [ 5423D8437051E89DD34749F242C98648 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
12:33:45.0640 4812 s3cap - ok
12:33:45.0757 4812 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs C:\Windows\system32\lsass.exe
12:33:45.0770 4812 SamSs - ok
12:33:45.0859 4812 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:33:45.0871 4812 sbp2port - ok
12:33:45.0950 4812 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:33:45.0990 4812 SCardSvr - ok
12:33:46.0178 4812 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:33:46.0212 4812 scfilter - ok
12:33:46.0294 4812 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\Windows\system32\schedsvc.dll
12:33:46.0560 4812 Schedule - ok
12:33:46.0640 4812 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll
12:33:46.0669 4812 SCPolicySvc - ok
12:33:46.0706 4812 [ AA826E35F6D28A8E5D1EFEB337F24BA2 ] sdbus C:\Windows\system32\drivers\sdbus.sys
12:33:46.0731 4812 sdbus - ok
12:33:47.0120 4812 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:33:47.0211 4812 SDRSVC - ok
12:33:47.0265 4812 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:33:47.0304 4812 secdrv - ok
12:33:47.0457 4812 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
12:33:47.0671 4812 seclogon - ok
12:33:47.0754 4812 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
12:33:47.0836 4812 SENS - ok
12:33:48.0080 4812 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:33:48.0118 4812 SensrSvc - ok
12:33:48.0194 4812 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:33:48.0207 4812 Serenum - ok
12:33:48.0255 4812 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:33:48.0269 4812 Serial - ok
12:33:48.0666 4812 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
12:33:48.0687 4812 sermouse - ok
12:33:49.0140 4812 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll
12:33:49.0179 4812 SessionEnv - ok
12:33:49.0408 4812 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
12:33:49.0655 4812 sffdisk - ok
12:33:49.0722 4812 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:33:49.0749 4812 sffp_mmc - ok
12:33:50.0023 4812 [ A0708BBD07D245C06FF9DE549CA47185 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
12:33:50.0442 4812 sffp_sd - ok
12:33:50.0461 4812 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
12:33:50.0503 4812 sfloppy - ok
12:33:50.0537 4812 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:33:50.0566 4812 SharedAccess - ok
12:33:51.0459 4812 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:33:51.0537 4812 ShellHWDetection - ok
12:33:51.0720 4812 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
12:33:51.0733 4812 sisagp - ok
12:33:52.0173 4812 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:33:52.0185 4812 SiSRaid2 - ok
12:33:52.0220 4812 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
12:33:52.0236 4812 SiSRaid4 - ok
12:33:52.0639 4812 [ 2F5AF9D91D51E832773D4A9EAF65CB33 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
12:33:52.0650 4812 SkypeUpdate - ok
12:33:52.0795 4812 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:33:52.0846 4812 Smb - ok
12:33:53.0037 4812 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:33:53.0099 4812 SNMPTRAP - ok
12:33:53.0337 4812 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
12:33:53.0418 4812 spldr - ok
12:33:53.0651 4812 [ E17323B0AA9FB3FF9945731D736EDA2F ] Spooler C:\Windows\System32\spoolsv.exe
12:33:53.0709 4812 Spooler - ok
12:33:53.0832 4812 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe
12:33:53.0932 4812 sppsvc - ok
12:33:54.0016 4812 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:33:54.0054 4812 sppuinotify - ok
12:33:54.0195 4812 [ 85CD5B92052C3D285CC91244C593A1AC ] SpyHunter 4 Service C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
12:33:54.0229 4812 SpyHunter 4 Service - ok
12:33:54.0263 4812 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv C:\Windows\system32\DRIVERS\srv.sys
12:33:54.0323 4812 srv - ok
12:33:54.0414 4812 [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:33:54.0456 4812 srv2 - ok
12:33:54.0516 4812 [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:33:54.0541 4812 srvnet - ok
12:33:54.0613 4812 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:33:54.0921 4812 SSDPSRV - ok
12:33:54.0959 4812 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
12:33:54.0968 4812 ssmdrv - ok
12:33:55.0094 4812 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:33:55.0122 4812 SstpSvc - ok
12:33:55.0464 4812 [ 6F855B5625A47F3AC731A262FDC379A6 ] STacSV C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe
12:33:55.0492 4812 STacSV - ok
12:33:55.0613 4812 [ F92254B0BCFCD10CAAC7BCCC7CB7F467 ] StarOpen C:\Windows\system32\drivers\StarOpen.sys
12:33:55.0631 4812 StarOpen ( UnsignedFile.Multi.Generic ) - warning
12:33:55.0631 4812 StarOpen - detected UnsignedFile.Multi.Generic (1)
12:33:55.0675 4812 [ 00FCEC4DA4198F5F2B9BBD9225842568 ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
12:33:55.0691 4812 Stereo Service - ok
12:33:55.0718 4812 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
12:33:55.0730 4812 stexstor - ok
12:33:55.0792 4812 [ 951801DFB54D86F611F0AF47825476F9 ] STHDA C:\Windows\system32\drivers\sthda.sys
12:33:56.0139 4812 STHDA - ok
12:33:56.0413 4812 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll
12:33:56.0473 4812 StiSvc - ok
12:33:56.0496 4812 [ 957E346CA948668F2496A6CCF6FF82CC ] storflt C:\Windows\system32\drivers\vmstorfl.sys
12:33:56.0508 4812 storflt - ok
12:33:56.0548 4812 [ D5751969DC3E4B88BF482AC8EC9FE019 ] storvsc C:\Windows\system32\drivers\storvsc.sys
12:33:56.0561 4812 storvsc - ok
12:33:56.0710 4812 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
12:33:56.0722 4812 swenum - ok
12:33:56.0924 4812 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
12:33:56.0986 4812 swprv - ok
12:33:57.0178 4812 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll
12:33:57.0229 4812 SysMain - ok
12:33:57.0368 4812 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:33:57.0462 4812 TabletInputService - ok
12:33:57.0519 4812 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll
12:33:57.0556 4812 TapiSrv - ok
12:33:57.0709 4812 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
12:33:57.0755 4812 TBS - ok
12:33:57.0846 4812 [ BBCEAEFF1FD72A026F827CBB2F4AA8AD ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:33:57.0901 4812 Tcpip - ok
12:33:58.0080 4812 [ BBCEAEFF1FD72A026F827CBB2F4AA8AD ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:33:58.0109 4812 TCPIP6 - ok
12:33:58.0142 4812 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:33:58.0219 4812 tcpipreg - ok
12:33:58.0284 4812 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:33:58.0331 4812 TDPIPE - ok
12:33:58.0528 4812 [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:33:58.0576 4812 TDTCP - ok
12:33:58.0636 4812 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:33:58.0662 4812 tdx - ok
12:33:58.0734 4812 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\drivers\termdd.sys
12:33:58.0746 4812 TermDD - ok
12:33:58.0785 4812 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll
12:33:58.0934 4812 TermService - ok
12:33:59.0147 4812 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
12:33:59.0163 4812 Themes - ok
12:33:59.0181 4812 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
12:33:59.0208 4812 THREADORDER - ok
12:33:59.0527 4812 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
12:33:59.0696 4812 TrkWks - ok
12:33:59.0760 4812 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:33:59.0776 4812 TrustedInstaller - ok
12:33:59.0811 4812 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:33:59.0837 4812 tssecsrv - ok
12:34:00.0018 4812 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:34:00.0044 4812 tunnel - ok
12:34:00.0151 4812 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
12:34:00.0164 4812 uagp35 - ok
12:34:00.0179 4812 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:34:00.0221 4812 udfs - ok
12:34:00.0367 4812 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:34:00.0396 4812 UI0Detect - ok
12:34:00.0686 4812 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:34:00.0698 4812 uliagpkx - ok
12:34:00.0756 4812 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\drivers\umbus.sys
12:34:00.0781 4812 umbus - ok
12:34:00.0991 4812 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
12:34:01.0025 4812 UmPass - ok
12:34:01.0356 4812 [ 8ECACA5454844F66386F7BE4AE0D7CD1 ] UmRdpService C:\Windows\System32\umrdp.dll
12:34:01.0423 4812 UmRdpService - ok
12:34:01.0623 4812 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
12:34:01.0667 4812 upnphost - ok
12:34:01.0885 4812 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
12:34:01.0910 4812 USBAAPL - ok
12:34:02.0269 4812 [ AF9388E736AF0C325067F05EDC350010 ] usbbus C:\Windows\system32\DRIVERS\lgusbbus.sys
12:34:02.0308 4812 usbbus - ok
12:34:02.0437 4812 [ 8455C4ED038EFD09E99327F9D2D48FFA ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:34:02.0451 4812 usbccgp - ok
12:34:02.0726 4812 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:34:02.0740 4812 usbcir - ok
12:34:02.0965 4812 [ AE30EA96E60E823C7B525DA356283AE8 ] UsbDiag C:\Windows\system32\DRIVERS\lgusbdiag.sys
12:34:02.0985 4812 UsbDiag - ok
12:34:03.0134 4812 [ 1C333BFD60F2FED2C7AD5DAF533CB742 ] usbehci C:\Windows\system32\drivers\usbehci.sys
12:34:03.0171 4812 usbehci - ok
12:34:03.0358 4812 [ EE6EF93CCFA94FAE8C6AB298273D8AE2 ] usbhub C:\Windows\system32\drivers\usbhub.sys
12:34:03.0968 4812 usbhub - ok
12:34:04.0128 4812 [ 46AC66DF3D6EFE81F69BEA823A53AAB5 ] USBModem C:\Windows\system32\DRIVERS\lgusbmodem.sys
12:34:04.0152 4812 USBModem - ok
12:34:04.0186 4812 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:34:04.0214 4812 usbohci - ok
12:34:04.0523 4812 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:34:04.0616 4812 usbprint - ok
12:34:04.0809 4812 [ 1C4287739A93594E57E2A9E6A3ED7353 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:34:04.0859 4812 USBSTOR - ok
12:34:05.0046 4812 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
12:34:05.0084 4812 usbuhci - ok
12:34:05.0225 4812 [ B5F6A992D996282B7FAE7048E50AF83A ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
12:34:05.0262 4812 usbvideo - ok
12:34:05.0440 4812 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
12:34:05.0476 4812 UxSms - ok
12:34:05.0634 4812 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc C:\Windows\system32\lsass.exe
12:34:05.0792 4812 VaultSvc - ok
12:34:05.0989 4812 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:34:06.0002 4812 vdrvroot - ok
12:34:06.0792 4812 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe
12:34:07.0024 4812 vds - ok
12:34:07.0174 4812 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:34:07.0326 4812 vga - ok
12:34:07.0574 4812 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
12:34:07.0601 4812 VgaSave - ok
12:34:07.0959 4812 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:34:07.0973 4812 vhdmp - ok
12:34:08.0013 4812 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
12:34:08.0025 4812 viaagp - ok
12:34:08.0502 4812 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
12:34:08.0732 4812 ViaC7 - ok
12:34:08.0757 4812 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
12:34:08.0769 4812 viaide - ok
12:34:08.0948 4812 [ 379B349F65F453D2A6E75EA6B7448E49 ] vmbus C:\Windows\system32\drivers\vmbus.sys
12:34:08.0962 4812 vmbus - ok
12:34:08.0990 4812 [ EC2BBAB4B84D0738C6C83D2234DC36FE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
12:34:09.0017 4812 VMBusHID - ok
12:34:09.0276 4812 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:34:09.0294 4812 volmgr - ok
12:34:09.0440 4812 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:34:09.0457 4812 volmgrx - ok
12:34:09.0812 4812 [ 59F06B4968E58BC83DFC56CA4517960E ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:34:09.0827 4812 volsnap - ok
12:34:09.0874 4812 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
12:34:09.0888 4812 vsmraid - ok
12:34:10.0059 4812 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe
12:34:10.0254 4812 VSS - ok
12:34:10.0264 4812 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
12:34:10.0291 4812 vwifibus - ok
12:34:10.0715 4812 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
12:34:10.0781 4812 W32Time - ok
12:34:11.0146 4812 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
12:34:11.0159 4812 WacomPen - ok
12:34:11.0194 4812 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:34:11.0220 4812 WANARP - ok
12:34:11.0229 4812 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:34:11.0264 4812 Wanarpv6 - ok
12:34:11.0371 4812 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe
12:34:11.0452 4812 wbengine - ok
12:34:11.0487 4812 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:34:11.0516 4812 WbioSrvc - ok
12:34:11.0541 4812 [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:34:11.0588 4812 wcncsvc - ok
12:34:11.0631 4812 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:34:11.0666 4812 WcsPlugInService - ok
12:34:11.0789 4812 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
12:34:11.0804 4812 Wd - ok
12:34:11.0916 4812 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:34:11.0939 4812 Wdf01000 - ok
12:34:12.0124 4812 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:34:12.0157 4812 WdiServiceHost - ok
12:34:12.0160 4812 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:34:12.0177 4812 WdiSystemHost - ok
12:34:12.0437 4812 [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient C:\Windows\System32\webclnt.dll
12:34:12.0499 4812 WebClient - ok
12:34:12.0727 4812 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:34:12.0755 4812 Wecsvc - ok
12:34:12.0836 4812 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:34:12.0881 4812 wercplsupport - ok
12:34:12.0943 4812 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
12:34:12.0976 4812 WerSvc - ok
12:34:13.0281 4812 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:34:13.0308 4812 WfpLwf - ok
12:34:13.0473 4812 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:34:13.0485 4812 WIMMount - ok
12:34:13.0559 4812 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
12:34:13.0585 4812 WinDefend - ok
12:34:13.0594 4812 WinHttpAutoProxySvc - ok
12:34:13.0954 4812 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:34:13.0996 4812 Winmgmt - ok
12:34:14.0277 4812 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll
12:34:14.0345 4812 WinRM - ok
12:34:14.0711 4812 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
12:34:14.0725 4812 WinUsb - ok
12:34:15.0130 4812 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
12:34:15.0294 4812 Wlansvc - ok
12:34:15.0379 4812 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:34:15.0402 4812 WmiAcpi - ok
12:34:15.0646 4812 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:34:15.0675 4812 wmiApSrv - ok
12:34:15.0942 4812 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
12:34:16.0528 4812 WMPNetworkSvc - ok
12:34:16.0613 4812 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:34:16.0768 4812 WPCSvc - ok
12:34:16.0821 4812 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:34:16.0859 4812 WPDBusEnum - ok
12:34:17.0062 4812 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:34:17.0229 4812 ws2ifsl - ok
12:34:17.0561 4812 [ A661A76333057B383A06E65F0073222F ] wscsvc C:\Windows\System32\wscsvc.dll
12:34:17.0575 4812 wscsvc - ok
12:34:17.0579 4812 WSearch - ok
12:34:17.0824 4812 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
12:34:17.0897 4812 wuauserv - ok
12:34:18.0056 4812 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:34:18.0082 4812 WudfPf - ok
12:34:18.0238 4812 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:34:18.0252 4812 WUDFRd - ok
12:34:18.0917 4812 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:34:18.0939 4812 wudfsvc - ok
12:34:19.0159 4812 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
12:34:19.0194 4812 WwanSvc - ok
12:34:19.0399 4812 ================ Scan global ===============================
12:34:19.0436 4812 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
12:34:19.0486 4812 [ 8531AAF69394EFB93BC653916C46D245 ] C:\Windows\system32\winsrv.dll
12:34:19.0494 4812 [ 8531AAF69394EFB93BC653916C46D245 ] C:\Windows\system32\winsrv.dll
12:34:19.0676 4812 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
12:34:19.0712 4812 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
12:34:19.0716 4812 [Global] - ok
12:34:19.0716 4812 ================ Scan MBR ==================================
12:34:20.0157 4812 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:34:21.0099 4812 \Device\Harddisk0\DR0 - ok
12:34:21.0099 4812 ================ Scan VBR ==================================
12:34:21.0603 4812 [ C18BB8C9C6DFBAAC45D655A0CB759562 ] \Device\Harddisk0\DR0\Partition1
12:34:21.0604 4812 \Device\Harddisk0\DR0\Partition1 - ok
12:34:21.0622 4812 [ B7F5022BCF5251BFF9146270A71377B4 ] \Device\Harddisk0\DR0\Partition2
12:34:21.0626 4812 \Device\Harddisk0\DR0\Partition2 - ok
12:34:21.0626 4812 ============================================================
12:34:21.0627 4812 Scan finished
12:34:21.0627 4812 ============================================================
12:34:21.0640 5272 Detected object count: 1
12:34:21.0640 5272 Actual detected object count: 1
12:34:33.0392 5272 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
12:34:33.0392 5272 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip