AntiVir meldete TR/Crypt.ZPACK.Gen

daemlack · 28.12.2012, 15:50

Liebes Trojaner-Board-Team,

ihr habt mir bereits einmal sehr gut und freundlich geholfen und ich bitte Euch nun erneut um Eure Hilfe.

Als ich vor ca. einer Woche meinen PC nach längerer Abwesenheit startete, updateten sich meine Virenprogramme, sowie Zone Alarm. Noch während des Updates von Zone Alarm meldete AntiVir den Fund von TR/Crypt.ZPACK.Gen oder so ähnlich (vielleicht auch TR 2?) in einem Pfad vom Zone Alarm - Ordner. Leider konnte den Pfad nicht vollständig lesen.
Ich habe dann nichts angeklickt und später einen Vollscan von AntiVir durchführen lassen - ohne erneuten Fund.

Ist das Ding noch drauf oder war das eine Falschmeldung? Bitte helft mir.

Anbei findet ihr meine Scan-Ergebnisse:

defrogger:

Zitat:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:27 on 28/12/2012 (Stephan)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU

AEMON Tools Lite -> Removed

Checking for services/drivers...

-=E.O.F=-

OTL.txt:

Zitat:

OTL logfile created on: 28.12.2012 15:29:00 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Stephan\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,84 Gb Available Physical Memory | 71,02% Memory free
7,99 Gb Paging File | 6,60 Gb Available in Paging File | 82,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 247,82 Gb Total Space | 190,95 Gb Free Space | 77,05% Space Free | Partition Type: NTFS
Drive E: | 683,59 Gb Total Space | 550,67 Gb Free Space | 80,56% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 215,98 Gb Free Space | 23,19% Space Free | Partition Type: NTFS
Drive G: | 5,12 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: STEPHAN-PC | User Name: Stephan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.12.28 15:27:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stephan\Desktop\OTL.exe
PRC - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.09.07 19:26:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.09.07 19:25:55 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.09.07 19:25:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.02.03 16:17:18 | 005,756,544 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe

========== Modules (No Company Name) ==========

MOD - [2012.02.20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.02.20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009.09.30 04:33:08 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2009.03.25 16:53:14 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
MOD - [2009.03.19 22:35:52 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\AiNap.dll
MOD - [2009.03.19 22:35:50 | 000,008,704 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\vvc.dll
MOD - [2009.01.15 14:55:10 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll

========== Services (SafeList) ==========

SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.12.14 17:56:24 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.04 21:00:31 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.07 19:54:24 | 002,447,440 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2012.11.02 19:19:36 | 000,827,560 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV - [2012.10.24 17:00:57 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.09.07 19:26:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.09.07 19:25:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.11.22 15:41:09 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.11.01 15:31:48 | 000,450,136 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.09.07 19:26:05 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.09.07 19:26:05 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.09.07 19:26:05 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.09 18:59:32 | 000,485,680 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012.01.09 18:59:30 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2012.01.09 18:59:30 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.05.10 10:41:27 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.05.20 08:30:58 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009.07.17 04:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012.11.02 19:20:00 | 000,033,712 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startfenster.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E8 26 99 55 8B 03 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Stephan\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Stephan\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012.11.20 18:53:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012.11.20 18:53:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.04 21:00:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.27 16:54:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2012.03.16 16:46:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stephan\AppData\Roaming\mozilla\Extensions
[2012.12.27 15:01:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stephan\AppData\Roaming\mozilla\Firefox\Profiles\m0tlaejt.default\extensions
[2012.12.27 15:01:57 | 000,533,036 | ---- | M] () (No name found) -- C:\Users\Stephan\AppData\Roaming\mozilla\firefox\profiles\m0tlaejt.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.12.14 17:20:55 | 000,036,139 | ---- | M] () (No name found) -- C:\Users\Stephan\AppData\Roaming\mozilla\firefox\profiles\m0tlaejt.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.11.23 17:15:26 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Stephan\AppData\Roaming\mozilla\firefox\profiles\m0tlaejt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.12.04 21:00:31 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.12 01:45:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.12 01:45:00 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.12 01:45:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.12 01:45:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.12 01:45:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.12 01:45:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}{google:searchFieldtrialParameter}sou rceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Stephan\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Stephan\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Stephan\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Stephan\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Stephan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: AdBlock = C:\Users\Stephan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.47_0\

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [ISW] File not found
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Stephan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Stephan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58260C2D-4293-4F53-BF9C-70A9D4AB65AB}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.11.10 14:42:24 | 000,000,046 | R--- | M] () - G:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{07110a05-34a7-11e2-b530-14dae9ec9ffd}\Shell - "" = AutoRun
O33 - MountPoints2\{07110a05-34a7-11e2-b530-14dae9ec9ffd}\Shell\AutoRun\command - "" = G:\install.exe -- [2011.06.10 22:14:22 | 000,378,880 | R--- | M] (Install.exe)
O33 - MountPoints2\{d12b5430-7bdd-11e1-ae62-14dae9ec9ffd}\Shell - "" = AutoRun
O33 - MountPoints2\{d12b5430-7bdd-11e1-ae62-14dae9ec9ffd}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.12.28 15:27:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Stephan\Desktop\OTL.exe
[2012.12.27 16:54:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2012.12.27 13:58:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.12.27 13:58:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.12.27 13:58:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.12.27 13:58:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.12.27 13:58:03 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012.12.27 13:54:58 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.12.05 10:53:34 | 000,000,000 | ---D | C] -- C:\Users\Stephan\Documents\Nexus Mod Manager
[2012.12.05 10:53:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
[2012.12.05 10:53:31 | 000,000,000 | ---D | C] -- C:\Program Files\Nexus Mod Manager
[2012.12.04 21:00:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2012.12.28 15:27:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stephan\Desktop\OTL.exe
[2012.12.28 15:27:09 | 000,000,336 | ---- | M] () -- C:\Users\Stephan\defogger_reenable
[2012.12.28 15:27:04 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-361042114-3924355993-4040247513-1000UA.job
[2012.12.28 15:26:27 | 000,050,477 | ---- | M] () -- C:\Users\Stephan\Desktop\Defogger.exe
[2012.12.28 15:00:07 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.28 15:00:07 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.28 14:58:00 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.28 14:58:00 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.28 14:58:00 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.28 14:58:00 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.28 14:58:00 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.28 14:56:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.28 14:52:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.28 14:52:08 | 3219,742,720 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.23 23:27:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-361042114-3924355993-4040247513-1000Core.job
[2012.12.21 13:22:19 | 000,417,080 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.05 10:53:32 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk

========== Files Created - No Company Name ==========

[2012.12.28 15:26:27 | 000,050,477 | ---- | C] () -- C:\Users\Stephan\Desktop\Defogger.exe
[2012.12.05 10:53:32 | 000,000,890 | ---- | C] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2012.08.29 20:49:37 | 000,000,336 | ---- | C] () -- C:\Users\Stephan\defogger_reenable
[2012.08.20 23:24:43 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll
[2012.08.20 23:24:43 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2012.03.16 16:14:11 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2012.03.16 16:14:11 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012.03.16 16:14:08 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012.03.16 16:14:08 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2012.03.16 16:08:50 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.03.16 16:08:43 | 000,036,877 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.08.11 03:06:32 | 000,007,764 | ---- | C] () -- C:\Windows\cadx2.ini

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012.07.29 11:22:23 | 000,000,000 | ---D | M] -- C:\Users\Stephan\AppData\Roaming\CheckPoint
[2012.11.25 21:52:49 | 000,000,000 | ---D | M] -- C:\Users\Stephan\AppData\Roaming\DAEMON Tools Lite
[2012.08.13 18:33:45 | 000,000,000 | ---D | M] -- C:\Users\Stephan\AppData\Roaming\Dropbox
[2012.07.15 14:48:20 | 000,000,000 | ---D | M] -- C:\Users\Stephan\AppData\Roaming\DVDVideoSoft
[2012.04.14 19:38:28 | 000,000,000 | ---D | M] -- C:\Users\Stephan\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.16 18:41:07 | 000,000,000 | ---D | M] -- C:\Users\Stephan\AppData\Roaming\Thunderbird
[2012.03.22 23:56:33 | 000,000,000 | ---D | M] -- C:\Users\Stephan\AppData\Roaming\Trine2

========== Purity Check ==========

< End of report >

extras.txt:

Zitat:

OTL Extras logfile created on: 28.12.2012 15:29:00 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Stephan\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,84 Gb Available Physical Memory | 71,02% Memory free
7,99 Gb Paging File | 6,60 Gb Available in Paging File | 82,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 247,82 Gb Total Space | 190,95 Gb Free Space | 77,05% Space Free | Partition Type: NTFS
Drive E: | 683,59 Gb Total Space | 550,67 Gb Free Space | 80,56% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 215,98 Gb Free Space | 23,19% Space Free | Partition Type: NTFS
Drive G: | 5,12 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: STEPHAN-PC | User Name: Stephan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{066CFD6E-525B-4885-BDA1-E9449088891B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{07CCE182-C312-4AC1-8895-0BF72D62D453}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0EB954A4-3F87-4B54-A1A0-D2AEC1796889}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{409E522F-41F9-4467-A2EA-47A02762FD50}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4B0ED431-0F43-41C2-965C-8BA074392EDB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4BDE3D93-2144-4FC4-98AB-1CC68300468D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{52F93337-068F-4C1A-8B11-CDAEDDDC927B}" = lport=445 | protocol=6 | dir=in | app=system |
"{534B64B5-0C10-40F0-B0A9-C77DC675BCBC}" = rport=445 | protocol=6 | dir=out | app=system |
"{57DB39DF-C1C6-473A-87C9-6FB60FADA218}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6E968D32-3089-4F65-81F8-12032C481228}" = rport=139 | protocol=6 | dir=out | app=system |
"{700129AC-FF8A-4C7C-88FB-FE213EE3BB02}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7FC07EA4-9959-4000-96A6-AEE53C3AD020}" = lport=10243 | protocol=6 | dir=in | app=system |
"{92094677-E6EE-4293-B0C3-CD3C1CE09B13}" = lport=138 | protocol=17 | dir=in | app=system |
"{A5DC71A0-4FB6-416A-B84F-5558D031B629}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A7978EE4-94E3-4CCE-BBA0-2F7282E204F9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ADA36439-16FB-4532-980C-B78B7B0D72D8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B4F47E6C-A85A-4F53-B68A-B5E44E35E656}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C52AD57D-51FB-4FB2-9FE6-8CF4C29C3498}" = lport=137 | protocol=17 | dir=in | app=system |
"{C88045A4-5E6D-4A5A-A897-B8947BA8E1D7}" = rport=137 | protocol=17 | dir=out | app=system |
"{D4A31903-F20D-4504-B2E5-188C034D7513}" = rport=138 | protocol=17 | dir=out | app=system |
"{DC92E9C1-5C6B-48EA-84AB-261FE4013BBB}" = lport=139 | protocol=6 | dir=in | app=system |
"{FE402191-2E17-4C26-9E92-2E45112BEAF3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0109CA14-BAA0-4383-9F52-3CA64DF6EE13}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0B61EEE9-CB39-484D-A168-EAEFB2CFDD31}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{0DD2351E-C58D-4625-AFFA-0924B7DBE204}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{16A42B5E-13D2-491E-81D5-517D7EF56A68}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{16E96E51-6626-4396-A3FE-B52A0C3BD562}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1898C4E5-B734-4F73-8E7E-48F7C7C646F5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{19BCF464-F240-4C65-9CE8-B2587037C13A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1C307CEA-2CB3-4386-BC23-757525EFBBDE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{20BC42B5-E29F-46BC-AE80-B01534FBD907}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{21670B3A-1C68-4329-B9AF-D934A47C7CDF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{284429E5-D0ED-4B89-92C0-19307EF398E6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2CA0BC30-EEC1-4BFD-9567-CBD0278C1D01}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{3D4060C8-B64E-4D25-9A4A-F037D493A0DC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4280EF84-E739-4478-AB53-AB0072AA0AF4}" = protocol=17 | dir=in | app=e:\eigene dateien\steam\steam.exe |
"{42F277F3-0117-41D5-B683-C492CE2517A8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4AB3F71C-AC8D-401A-A3B6-7897590E91CF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4F1FDE6E-FABA-4C91-94EA-B2DF88792580}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5274CB09-501F-4073-9D7E-B93F62FBBC60}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{63B19FFC-A2C0-4D1E-9F52-858016C3E794}" = protocol=17 | dir=in | app=c:\users\stephan\appdata\roaming\dropbox\bin\dropbox.exe |
"{6D9ACB9B-73B9-4185-85C9-F536B472A73E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{79F942B0-24EF-4A3C-AF0C-DFB820ABE157}" = protocol=6 | dir=in | app=e:\eigene dateien\steam\steam.exe |
"{83328A22-786D-423B-83EC-A309F4ADE117}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8AE806C5-2267-4B16-A0E1-411D31ABBC74}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{8BE98A8F-0168-4C70-B240-4BD91FB28926}" = protocol=17 | dir=in | app=e:\eigene dateien\steam\steamapps\daemlack\counter-strike source\hl2.exe |
"{9778B0DF-CFED-4DE6-9DEC-B93EDDBEAB1C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{97837005-902B-4363-9580-78CB67A056AB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9CCCB9E4-CD54-4244-8F87-5C911C61FAEB}" = protocol=58 | dir=in | app=system |
"{9E063836-17C5-400F-B188-F78D87317EA2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9E1D3551-80CE-4536-A8CC-110BC00C4A8A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9F33BD19-4421-4486-9F50-A42BF96D229E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{A0ADA514-AD21-4D16-ADAD-ABBEF9DBD52A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A282C117-E86B-4254-85CC-E2779E327F6D}" = protocol=6 | dir=in | app=c:\users\stephan\appdata\roaming\dropbox\bin\dropbox.exe |
"{A540AD9A-6D4A-4524-8A8B-8031DFBC31AD}" = protocol=17 | dir=in | app=e:\eigene dateien\steam\steamapps\daemlack\day of defeat source\hl2.exe |
"{AC02DDCF-4D48-419E-9BA1-7E650CB6E367}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{B3ADF845-F4A0-436A-A639-42ED879605CC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C46CFC7B-5D3E-4BAA-8983-854434DDB5F3}" = protocol=6 | dir=out | app=system |
"{C9C9CEB3-5ACE-4210-BEB1-F1B7C6FF1ACF}" = protocol=6 | dir=in | app=e:\eigene dateien\steam\steamapps\daemlack\counter-strike source\hl2.exe |
"{E48AED39-9A6E-44C7-91CC-9765A0C62288}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{EDF71D03-C3FB-48ED-835C-DAAD5A6FF605}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F49F0125-0D07-4D6C-9C33-917A157778F7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F836B61B-86D5-4C16-AF5E-17A28EC37110}" = protocol=6 | dir=in | app=e:\eigene dateien\steam\steamapps\daemlack\day of defeat source\hl2.exe |
"{FCE5F41F-6E09-4C39-8C28-FA7070D2C649}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FEEAEE8F-2560-48BD-BE02-D2F1E7194128}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FEEDAFF5-1833-45B8-A0C8-039AAD9545C7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{77C60915-C564-497F-9E53-B2D9E5B30F08}F:\starcraft ii\versions\base22612\sc2.exe" = protocol=6 | dir=in | app=f:\starcraft ii\versions\base22612\sc2.exe |
"TCP Query User{BFAC1694-C486-4786-968B-EF7EB52A9E07}F:\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=f:\starcraft ii\versions\base23260\sc2.exe |
"UDP Query User{0CFD9C52-C860-4729-B875-4AAA87A334F8}F:\starcraft ii\versions\base22612\sc2.exe" = protocol=17 | dir=in | app=f:\starcraft ii\versions\base22612\sc2.exe |
"UDP Query User{1B6430AA-2C1C-4A2A-BE75-DA9095D25E7E}F:\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=f:\starcraft ii\versions\base23260\sc2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{62140B07-129A-2BD0-81D2-2A1A7408ADC8}" = ATI Catalyst Install Manager
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 280.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53228309-6B6C-4777-BBAF-C1FFDCED34CD}" = ZoneAlarm Antivirus
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{AC76BA86-1033-F400-7760-000000000001}" = Adobe Acrobat 6.0 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AD32654E-90CF-42F2-8CB3-88DA6F1AA11A}" = ZoneAlarm Security
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{E25ED28D-3F3F-4707-8DFA-66CA75FB9329}" = ZoneAlarm Firewall
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"Mozilla Firefox 16.0.1 (x86 de)" = Mozilla Firefox 16.0.1 (x86 de)
"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"StarCraft II" = StarCraft II
"Steam App 218" = Source SDK Base 2007
"Steam App 300" = Day of Defeat: Source
"Trine 2_is1" = Trine 2
"VLC media player" = VLC media player 2.0.1
"ZoneAlarm Free Antivirus + Firewall" = ZoneAlarm Free Antivirus + Firewall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 23.12.2012 07:32:45 | Computer Name = Stephan-PC | Source = WinMgmt | ID = 10
Description =

Error - 23.12.2012 07:58:52 | Computer Name = Stephan-PC | Source = WinMgmt | ID = 10
Description =

Error - 23.12.2012 14:27:49 | Computer Name = Stephan-PC | Source = Application Hang | ID = 1002
Description = Programm TESV.exe, Version 1.1.21.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1060 Startzeit:
01cde13afc311dea Endzeit: 61 Anwendungspfad: F:\Skyrim\The Elder Scrolls V Skyrim\TESV.exe

Berichts-ID:

Error - 23.12.2012 14:31:14 | Computer Name = Stephan-PC | Source = WinMgmt | ID = 10
Description =

Error - 24.12.2012 06:05:28 | Computer Name = Stephan-PC | Source = WinMgmt | ID = 10
Description =

Error - 25.12.2012 09:36:38 | Computer Name = Stephan-PC | Source = WinMgmt | ID = 10
Description =

Error - 26.12.2012 10:44:24 | Computer Name = Stephan-PC | Source = WinMgmt | ID = 10
Description =

Error - 27.12.2012 08:44:24 | Computer Name = Stephan-PC | Source = WinMgmt | ID = 10
Description =

Error - 27.12.2012 09:34:23 | Computer Name = Stephan-PC | Source = WinMgmt | ID = 10
Description =

Error - 28.12.2012 09:53:56 | Computer Name = Stephan-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 18.09.2012 13:10:44 | Computer Name = Stephan-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 18.09.2012 13:10:44 | Computer Name = Stephan-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 18.09.2012 13:10:44 | Computer Name = Stephan-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 18.09.2012 13:10:44 | Computer Name = Stephan-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 18.09.2012 13:10:44 | Computer Name = Stephan-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 18.09.2012 13:10:54 | Computer Name = Stephan-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 23.09.2012 12:30:49 | Computer Name = Stephan-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.

Error - 23.09.2012 12:30:49 | Computer Name = Stephan-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053

Error - 26.09.2012 08:47:30 | Computer Name = Stephan-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.

Error - 26.09.2012 08:47:30 | Computer Name = Stephan-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053

< End of report >

Vielen herzlichen Dank schon mal im Voraus!

Beste Grüße,
daemlack.

markusg · 28.12.2012, 15:51

Hi,
Zonealarm kann erst mal runter, unter Win7 gibts bereits ne integrierte Firewall, die gut genug ist.
Öffne bitte Avira, Verwaltung, Quarantäne, poste alle Fundmeldungen mit Pfadangabe

daemlack · 28.12.2012, 18:51

Hi Markus,

Danke, dass Du Dich meiner annimst

Also Zone Alarm ist deinstalliert.

In der Quarantäne befindet sich aktuell nichts... hängt vielleicht auch damit zusammen, dass ich nach dem vermeintlichen Fund nichts angeklickt habe?

Es grüßt
der daemlack.

markusg · 28.12.2012, 19:10

Dann Avira, Ereignisse, bzw Avira, Berichte, und dort Fundmeldungen raussuchen.

daemlack · 28.12.2012, 19:45

Servus,

ok, also dann hier zwei Einträge bei Ereignisse:

Erster Eintrag in der Liste (von oben):

Zitat:

Typ: Fund
Modul: Echtzeit Scanner
Aktion: Malware gefunden
Datum/Uhrzeit: 14.12.2012, 17:10

In der Datei 'C:\ProgramData\CheckPoint\ZoneAlarm\Data\avsys\temp\temporaryFolder\bases\sw2\klavasyswatch.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.EPACK.Gen2' [trojan] gefunden.
Ausgeführte Aktion: Übergeben an Scanner

Zweiter Eintrag in der Liste (von oben):

Zitat:

Typ: Fund
Modul: Echtzeit Scanner
Aktion: Malware gefunden
Datum/Uhrzeit: 14.12.2012, 17:10

In der Datei 'C:\ProgramData\CheckPoint\ZoneAlarm\Data\avsys\temp\temporaryFolder\bases\sw2\klavasyswatch.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.EPACK.Gen2' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

mh :/
Danke soweit erstmal wieder!

markusg · 02.01.2013, 21:49

Deinstaliere bitte zonealarm, ist nicht nötig dies extra zu haben.
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten

daemlack · 05.01.2013, 14:44

Hi Markus,

Zone Alarm ist deinstalliert.

Habe den TDSS-Killer durchlaufen lassen, keine Funde sagt er.

Hier der Report:

Zitat:

14:40:17.0512 4328 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
14:40:17.0856 4328 ============================================================
14:40:17.0856 4328 Current date / time: 2013/01/05 14:40:17.0856
14:40:17.0856 4328 SystemInfo:
14:40:17.0856 4328
14:40:17.0856 4328 OS Version: 6.1.7601 ServicePack: 1.0
14:40:17.0856 4328 Product type: Workstation
14:40:17.0856 4328 ComputerName: STEPHAN-PC
14:40:17.0856 4328 UserName: Stephan
14:40:17.0856 4328 Windows directory: C:\Windows
14:40:17.0856 4328 System windows directory: C:\Windows
14:40:17.0856 4328 Running under WOW64
14:40:17.0856 4328 Processor architecture: Intel x64
14:40:17.0856 4328 Number of processors: 4
14:40:17.0856 4328 Page size: 0x1000
14:40:17.0856 4328 Boot type: Normal boot
14:40:17.0856 4328 ============================================================
14:40:18.0963 4328 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:40:19.0447 4328 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:40:19.0463 4328 ============================================================
14:40:19.0463 4328 \Device\Harddisk0\DR0:
14:40:19.0463 4328 MBR partitions:
14:40:19.0463 4328 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:40:19.0463 4328 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1EFA4000
14:40:19.0463 4328 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1EFD6800, BlocksNum 0x5572F000
14:40:19.0463 4328 \Device\Harddisk1\DR1:
14:40:19.0463 4328 MBR partitions:
14:40:19.0463 4328 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
14:40:19.0463 4328 ============================================================
14:40:19.0509 4328 C: <-> \Device\Harddisk0\DR0\Partition2
14:40:19.0541 4328 E: <-> \Device\Harddisk0\DR0\Partition3
14:40:19.0556 4328 F: <-> \Device\Harddisk1\DR1\Partition1
14:40:19.0556 4328 ============================================================
14:40:19.0556 4328 Initialize success
14:40:19.0556 4328 ============================================================
14:40:48.0806 1684 ============================================================
14:40:48.0822 1684 Scan started
14:40:48.0822 1684 Mode: Manual; SigCheck; TDLFS;
14:40:48.0822 1684 ============================================================
14:40:50.0709 1684 ================ Scan system memory ========================
14:40:50.0709 1684 System memory - ok
14:40:50.0709 1684 ================ Scan services =============================
14:40:50.0803 1684 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
14:40:50.0897 1684 1394ohci - ok
14:40:50.0912 1684 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:40:50.0943 1684 ACPI - ok
14:40:50.0959 1684 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:40:50.0990 1684 AcpiPmi - ok
14:40:51.0084 1684 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:40:51.0115 1684 AdobeARMservice - ok
14:40:51.0193 1684 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:40:51.0209 1684 AdobeFlashPlayerUpdateSvc - ok
14:40:51.0224 1684 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
14:40:51.0240 1684 adp94xx - ok
14:40:51.0255 1684 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
14:40:51.0287 1684 adpahci - ok
14:40:51.0287 1684 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
14:40:51.0302 1684 adpu320 - ok
14:40:51.0333 1684 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:40:51.0411 1684 AeLookupSvc - ok
14:40:51.0458 1684 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
14:40:51.0505 1684 AFD - ok
14:40:51.0521 1684 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:40:51.0536 1684 agp440 - ok
14:40:51.0567 1684 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
14:40:51.0614 1684 ALG - ok
14:40:51.0645 1684 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
14:40:51.0677 1684 aliide - ok
14:40:51.0677 1684 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
14:40:51.0692 1684 amdide - ok
14:40:51.0708 1684 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
14:40:51.0739 1684 AmdK8 - ok
14:40:51.0755 1684 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
14:40:51.0786 1684 AmdPPM - ok
14:40:51.0801 1684 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:40:51.0817 1684 amdsata - ok
14:40:51.0833 1684 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
14:40:51.0848 1684 amdsbs - ok
14:40:51.0864 1684 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:40:51.0879 1684 amdxata - ok
14:40:51.0942 1684 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
14:40:51.0973 1684 AntiVirSchedulerService - ok
14:40:52.0004 1684 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
14:40:52.0020 1684 AntiVirService - ok
14:40:52.0035 1684 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
14:40:52.0098 1684 AppID - ok
14:40:52.0113 1684 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:40:52.0191 1684 AppIDSvc - ok
14:40:52.0207 1684 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
14:40:52.0254 1684 Appinfo - ok
14:40:52.0301 1684 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:40:52.0316 1684 Apple Mobile Device - ok
14:40:52.0347 1684 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
14:40:52.0410 1684 AppMgmt - ok
14:40:52.0425 1684 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
14:40:52.0457 1684 arc - ok
14:40:52.0472 1684 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
14:40:52.0503 1684 arcsas - ok
14:40:52.0519 1684 [ A82C01606DC27D05D9D3BFB6BB807E32 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
14:40:52.0550 1684 AsIO - ok
14:40:52.0566 1684 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:40:52.0644 1684 AsyncMac - ok
14:40:52.0644 1684 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
14:40:52.0659 1684 atapi - ok
14:40:52.0675 1684 [ C07A040D6B5A42DD41EE386CF90974C8 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
14:40:52.0691 1684 AtiPcie - ok
14:40:52.0722 1684 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:40:52.0769 1684 AudioEndpointBuilder - ok
14:40:52.0784 1684 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:40:52.0800 1684 AudioSrv - ok
14:40:52.0831 1684 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
14:40:52.0847 1684 avgntflt - ok
14:40:52.0862 1684 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
14:40:52.0878 1684 avipbb - ok
14:40:52.0893 1684 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
14:40:52.0909 1684 avkmgr - ok
14:40:52.0925 1684 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:40:52.0987 1684 AxInstSV - ok
14:40:53.0018 1684 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
14:40:53.0065 1684 b06bdrv - ok
14:40:53.0081 1684 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
14:40:53.0127 1684 b57nd60a - ok
14:40:53.0143 1684 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
14:40:53.0190 1684 BDESVC - ok
14:40:53.0205 1684 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
14:40:53.0237 1684 Beep - ok
14:40:53.0283 1684 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
14:40:53.0330 1684 BFE - ok
14:40:53.0361 1684 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
14:40:53.0455 1684 BITS - ok
14:40:53.0486 1684 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:40:53.0517 1684 blbdrive - ok
14:40:53.0580 1684 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:40:53.0595 1684 Bonjour Service - ok
14:40:53.0627 1684 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:40:53.0658 1684 bowser - ok
14:40:53.0689 1684 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
14:40:53.0705 1684 BrFiltLo - ok
14:40:53.0720 1684 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
14:40:53.0751 1684 BrFiltUp - ok
14:40:53.0767 1684 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
14:40:53.0798 1684 Browser - ok
14:40:53.0798 1684 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:40:53.0861 1684 Brserid - ok
14:40:53.0876 1684 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:40:53.0907 1684 BrSerWdm - ok
14:40:53.0923 1684 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:40:53.0954 1684 BrUsbMdm - ok
14:40:53.0970 1684 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:40:53.0985 1684 BrUsbSer - ok
14:40:54.0001 1684 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
14:40:54.0032 1684 BTHMODEM - ok
14:40:54.0048 1684 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
14:40:54.0079 1684 bthserv - ok
14:40:54.0095 1684 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:40:54.0141 1684 cdfs - ok
14:40:54.0157 1684 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:40:54.0173 1684 cdrom - ok
14:40:54.0188 1684 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
14:40:54.0235 1684 CertPropSvc - ok
14:40:54.0251 1684 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
14:40:54.0266 1684 circlass - ok
14:40:54.0282 1684 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
14:40:54.0282 1684 CLFS - ok
14:40:54.0344 1684 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:40:54.0407 1684 clr_optimization_v2.0.50727_32 - ok
14:40:54.0438 1684 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:40:54.0485 1684 clr_optimization_v2.0.50727_64 - ok
14:40:54.0531 1684 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:40:54.0625 1684 clr_optimization_v4.0.30319_32 - ok
14:40:54.0656 1684 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:40:54.0656 1684 clr_optimization_v4.0.30319_64 - ok
14:40:54.0672 1684 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
14:40:54.0703 1684 CmBatt - ok
14:40:54.0719 1684 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:40:54.0734 1684 cmdide - ok
14:40:54.0765 1684 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
14:40:54.0812 1684 CNG - ok
14:40:54.0843 1684 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
14:40:54.0875 1684 Compbatt - ok
14:40:54.0890 1684 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
14:40:54.0937 1684 CompositeBus - ok
14:40:54.0953 1684 COMSysApp - ok
14:40:54.0953 1684 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
14:40:54.0984 1684 crcdisk - ok
14:40:55.0015 1684 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:40:55.0046 1684 CryptSvc - ok
14:40:55.0077 1684 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
14:40:55.0124 1684 CSC - ok
14:40:55.0155 1684 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
14:40:55.0187 1684 CscService - ok
14:40:55.0265 1684 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:40:55.0343 1684 DcomLaunch - ok
14:40:55.0374 1684 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
14:40:55.0452 1684 defragsvc - ok
14:40:55.0452 1684 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:40:55.0499 1684 DfsC - ok
14:40:55.0530 1684 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
14:40:55.0592 1684 Dhcp - ok
14:40:55.0608 1684 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
14:40:55.0655 1684 discache - ok
14:40:55.0701 1684 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
14:40:55.0717 1684 Disk - ok
14:40:55.0733 1684 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
14:40:55.0779 1684 dmvsc - ok
14:40:55.0795 1684 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:40:55.0842 1684 Dnscache - ok
14:40:55.0873 1684 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
14:40:55.0904 1684 dot3svc - ok
14:40:55.0920 1684 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
14:40:55.0967 1684 DPS - ok
14:40:55.0998 1684 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:40:56.0013 1684 drmkaud - ok
14:40:56.0045 1684 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
14:40:56.0060 1684 dtsoftbus01 - ok
14:40:56.0076 1684 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:40:56.0107 1684 DXGKrnl - ok
14:40:56.0123 1684 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
14:40:56.0154 1684 EapHost - ok
14:40:56.0216 1684 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
14:40:56.0294 1684 ebdrv - ok
14:40:56.0325 1684 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
14:40:56.0372 1684 EFS - ok
14:40:56.0435 1684 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:40:56.0497 1684 ehRecvr - ok
14:40:56.0513 1684 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
14:40:56.0559 1684 ehSched - ok
14:40:56.0591 1684 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
14:40:56.0622 1684 elxstor - ok
14:40:56.0637 1684 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:40:56.0669 1684 ErrDev - ok
14:40:56.0700 1684 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
14:40:56.0778 1684 EventSystem - ok
14:40:56.0793 1684 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
14:40:56.0825 1684 exfat - ok
14:40:56.0840 1684 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:40:56.0871 1684 fastfat - ok
14:40:56.0903 1684 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
14:40:56.0949 1684 Fax - ok
14:40:56.0949 1684 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
14:40:56.0981 1684 fdc - ok
14:40:56.0996 1684 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
14:40:57.0027 1684 fdPHost - ok
14:40:57.0043 1684 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
14:40:57.0121 1684 FDResPub - ok
14:40:57.0121 1684 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:40:57.0137 1684 FileInfo - ok
14:40:57.0152 1684 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:40:57.0199 1684 Filetrace - ok
14:40:57.0215 1684 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
14:40:57.0215 1684 flpydisk - ok
14:40:57.0246 1684 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:40:57.0261 1684 FltMgr - ok
14:40:57.0308 1684 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
14:40:57.0339 1684 FontCache - ok
14:40:57.0386 1684 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:40:57.0402 1684 FontCache3.0.0.0 - ok
14:40:57.0402 1684 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:40:57.0417 1684 FsDepends - ok
14:40:57.0449 1684 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:40:57.0449 1684 Fs_Rec - ok
14:40:57.0464 1684 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:40:57.0480 1684 fvevol - ok
14:40:57.0495 1684 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
14:40:57.0511 1684 gagp30kx - ok
14:40:57.0542 1684 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:40:57.0558 1684 GEARAspiWDM - ok
14:40:57.0573 1684 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
14:40:57.0605 1684 gpsvc - ok
14:40:57.0620 1684 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:40:57.0667 1684 hcw85cir - ok
14:40:57.0698 1684 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:40:57.0776 1684 HdAudAddService - ok
14:40:57.0807 1684 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
14:40:57.0823 1684 HDAudBus - ok
14:40:57.0839 1684 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
14:40:57.0854 1684 HidBatt - ok
14:40:57.0870 1684 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
14:40:57.0901 1684 HidBth - ok
14:40:57.0917 1684 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
14:40:57.0932 1684 HidIr - ok
14:40:57.0963 1684 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
14:40:58.0010 1684 hidserv - ok
14:40:58.0026 1684 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:40:58.0041 1684 HidUsb - ok
14:40:58.0057 1684 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:40:58.0135 1684 hkmsvc - ok
14:40:58.0151 1684 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:40:58.0182 1684 HomeGroupListener - ok
14:40:58.0213 1684 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:40:58.0229 1684 HomeGroupProvider - ok
14:40:58.0260 1684 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:40:58.0275 1684 HpSAMD - ok
14:40:58.0291 1684 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:40:58.0338 1684 HTTP - ok
14:40:58.0353 1684 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:40:58.0369 1684 hwpolicy - ok
14:40:58.0369 1684 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
14:40:58.0385 1684 i8042prt - ok
14:40:58.0416 1684 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:40:58.0431 1684 iaStorV - ok
14:40:58.0463 1684 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:40:58.0525 1684 idsvc - ok
14:40:58.0541 1684 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
14:40:58.0556 1684 iirsp - ok
14:40:58.0587 1684 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
14:40:58.0634 1684 IKEEXT - ok
14:40:58.0712 1684 [ EB5FA493A4B6EA290200AE39EBA2FBC6 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:40:58.0806 1684 IntcAzAudAddService - ok
14:40:58.0821 1684 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
14:40:58.0837 1684 intelide - ok
14:40:58.0853 1684 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
14:40:58.0884 1684 intelppm - ok
14:40:58.0899 1684 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:40:58.0977 1684 IPBusEnum - ok
14:40:58.0993 1684 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:40:59.0024 1684 IpFilterDriver - ok
14:40:59.0040 1684 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:40:59.0071 1684 iphlpsvc - ok
14:40:59.0087 1684 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:40:59.0118 1684 IPMIDRV - ok
14:40:59.0133 1684 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:40:59.0180 1684 IPNAT - ok
14:40:59.0258 1684 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:40:59.0289 1684 iPod Service - ok
14:40:59.0305 1684 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:40:59.0352 1684 IRENUM - ok
14:40:59.0367 1684 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:40:59.0383 1684 isapnp - ok
14:40:59.0414 1684 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:40:59.0445 1684 iScsiPrt - ok
14:40:59.0461 1684 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:40:59.0477 1684 kbdclass - ok
14:40:59.0508 1684 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:40:59.0523 1684 kbdhid - ok
14:40:59.0539 1684 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
14:40:59.0555 1684 KeyIso - ok
14:40:59.0586 1684 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:40:59.0601 1684 KSecDD - ok
14:40:59.0633 1684 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:40:59.0648 1684 KSecPkg - ok
14:40:59.0664 1684 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:40:59.0726 1684 ksthunk - ok
14:40:59.0742 1684 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
14:40:59.0789 1684 KtmRm - ok
14:40:59.0820 1684 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
14:40:59.0867 1684 LanmanServer - ok
14:40:59.0882 1684 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:40:59.0913 1684 LanmanWorkstation - ok
14:40:59.0945 1684 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:40:59.0976 1684 lltdio - ok
14:41:00.0007 1684 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:41:00.0054 1684 lltdsvc - ok
14:41:00.0069 1684 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:41:00.0132 1684 lmhosts - ok
14:41:00.0163 1684 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
14:41:00.0179 1684 LSI_FC - ok
14:41:00.0194 1684 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
14:41:00.0210 1684 LSI_SAS - ok
14:41:00.0225 1684 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
14:41:00.0241 1684 LSI_SAS2 - ok
14:41:00.0257 1684 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
14:41:00.0272 1684 LSI_SCSI - ok
14:41:00.0288 1684 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
14:41:00.0459 1684 luafv - ok
14:41:00.0491 1684 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:41:00.0506 1684 Mcx2Svc - ok
14:41:00.0506 1684 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
14:41:00.0522 1684 megasas - ok
14:41:00.0537 1684 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
14:41:00.0553 1684 MegaSR - ok
14:41:00.0631 1684 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
14:41:00.0678 1684 Microsoft Office Groove Audit Service - ok
14:41:00.0693 1684 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
14:41:00.0740 1684 MMCSS - ok
14:41:00.0756 1684 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
14:41:00.0787 1684 Modem - ok
14:41:00.0803 1684 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:41:00.0834 1684 monitor - ok
14:41:00.0834 1684 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:41:00.0849 1684 mouclass - ok
14:41:00.0865 1684 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:41:00.0881 1684 mouhid - ok
14:41:00.0912 1684 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:41:00.0912 1684 mountmgr - ok
14:41:00.0990 1684 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:41:01.0037 1684 MozillaMaintenance - ok
14:41:01.0052 1684 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
14:41:01.0068 1684 mpio - ok
14:41:01.0083 1684 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:41:01.0115 1684 mpsdrv - ok
14:41:01.0130 1684 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
14:41:01.0177 1684 MpsSvc - ok
14:41:01.0193 1684 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:41:01.0224 1684 MRxDAV - ok
14:41:01.0239 1684 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:41:01.0286 1684 mrxsmb - ok
14:41:01.0302 1684 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:41:01.0333 1684 mrxsmb10 - ok
14:41:01.0349 1684 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:41:01.0364 1684 mrxsmb20 - ok
14:41:01.0380 1684 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
14:41:01.0395 1684 msahci - ok
14:41:01.0427 1684 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:41:01.0442 1684 msdsm - ok
14:41:01.0458 1684 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
14:41:01.0505 1684 MSDTC - ok
14:41:01.0505 1684 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:41:01.0567 1684 Msfs - ok
14:41:01.0583 1684 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:41:01.0598 1684 mshidkmdf - ok
14:41:01.0614 1684 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:41:01.0629 1684 msisadrv - ok
14:41:01.0645 1684 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:41:01.0676 1684 MSiSCSI - ok
14:41:01.0676 1684 msiserver - ok
14:41:01.0707 1684 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:41:01.0770 1684 MSKSSRV - ok
14:41:01.0785 1684 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:41:01.0817 1684 MSPCLOCK - ok
14:41:01.0848 1684 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:41:01.0879 1684 MSPQM - ok
14:41:01.0910 1684 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:41:01.0957 1684 MsRPC - ok
14:41:01.0973 1684 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
14:41:01.0988 1684 mssmbios - ok
14:41:02.0004 1684 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:41:02.0019 1684 MSTEE - ok
14:41:02.0035 1684 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
14:41:02.0066 1684 MTConfig - ok
14:41:02.0082 1684 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
14:41:02.0097 1684 MTsensor - ok
14:41:02.0113 1684 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
14:41:02.0129 1684 Mup - ok
14:41:02.0144 1684 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
14:41:02.0175 1684 napagent - ok
14:41:02.0207 1684 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:41:02.0238 1684 NativeWifiP - ok
14:41:02.0269 1684 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:41:02.0316 1684 NDIS - ok
14:41:02.0347 1684 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:41:02.0378 1684 NdisCap - ok
14:41:02.0394 1684 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:41:02.0425 1684 NdisTapi - ok
14:41:02.0441 1684 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:41:02.0487 1684 Ndisuio - ok
14:41:02.0503 1684 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:41:02.0550 1684 NdisWan - ok
14:41:02.0550 1684 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:41:02.0581 1684 NDProxy - ok
14:41:02.0597 1684 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:41:02.0659 1684 NetBIOS - ok
14:41:02.0675 1684 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:41:02.0706 1684 NetBT - ok
14:41:02.0706 1684 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
14:41:02.0721 1684 Netlogon - ok
14:41:02.0753 1684 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
14:41:02.0784 1684 Netman - ok
14:41:02.0799 1684 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
14:41:02.0846 1684 netprofm - ok
14:41:02.0862 1684 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:41:02.0893 1684 NetTcpPortSharing - ok
14:41:02.0909 1684 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
14:41:02.0924 1684 nfrd960 - ok
14:41:02.0940 1684 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:41:02.0955 1684 NlaSvc - ok
14:41:02.0971 1684 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:41:02.0987 1684 Npfs - ok
14:41:03.0002 1684 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
14:41:03.0033 1684 nsi - ok
14:41:03.0049 1684 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:41:03.0080 1684 nsiproxy - ok
14:41:03.0143 1684 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:41:03.0205 1684 Ntfs - ok
14:41:03.0221 1684 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
14:41:03.0252 1684 Null - ok
14:41:03.0299 1684 [ 960E39A54E525DF58CB29193147DFFA1 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
14:41:03.0314 1684 NVHDA - ok
14:41:03.0533 1684 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:41:03.0782 1684 nvlddmkm - ok
14:41:03.0798 1684 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:41:03.0860 1684 nvraid - ok
14:41:03.0891 1684 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:41:03.0907 1684 nvstor - ok
14:41:03.0938 1684 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
14:41:03.0969 1684 nvsvc - ok
14:41:04.0047 1684 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
14:41:04.0079 1684 nvUpdatusService - ok
14:41:04.0094 1684 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:41:04.0110 1684 nv_agp - ok
14:41:04.0188 1684 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:41:04.0235 1684 odserv - ok
14:41:04.0266 1684 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:41:04.0297 1684 ohci1394 - ok
14:41:04.0344 1684 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:41:04.0406 1684 ose - ok
14:41:04.0437 1684 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:41:04.0500 1684 p2pimsvc - ok
14:41:04.0531 1684 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
14:41:04.0562 1684 p2psvc - ok
14:41:04.0562 1684 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
14:41:04.0609 1684 Parport - ok
14:41:04.0640 1684 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:41:04.0656 1684 partmgr - ok
14:41:04.0671 1684 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:41:04.0718 1684 PcaSvc - ok
14:41:04.0734 1684 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
14:41:04.0749 1684 pci - ok
14:41:04.0765 1684 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
14:41:04.0781 1684 pciide - ok
14:41:04.0796 1684 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
14:41:04.0812 1684 pcmcia - ok
14:41:04.0827 1684 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
14:41:04.0827 1684 pcw - ok
14:41:04.0859 1684 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:41:04.0905 1684 PEAUTH - ok
14:41:04.0952 1684 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
14:41:04.0999 1684 PeerDistSvc - ok
14:41:05.0061 1684 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:41:05.0108 1684 PerfHost - ok
14:41:05.0171 1684 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
14:41:05.0249 1684 pla - ok
14:41:05.0295 1684 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:41:05.0327 1684 PlugPlay - ok
14:41:05.0342 1684 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:41:05.0373 1684 PNRPAutoReg - ok
14:41:05.0373 1684 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:41:05.0405 1684 PNRPsvc - ok
14:41:05.0436 1684 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:41:05.0654 1684 PolicyAgent - ok
14:41:05.0685 1684 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
14:41:05.0732 1684 Power - ok
14:41:05.0779 1684 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:41:05.0810 1684 PptpMiniport - ok
14:41:05.0826 1684 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
14:41:05.0857 1684 Processor - ok
14:41:05.0888 1684 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
14:41:05.0951 1684 ProfSvc - ok
14:41:05.0966 1684 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:41:05.0997 1684 ProtectedStorage - ok
14:41:06.0029 1684 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:41:06.0075 1684 Psched - ok
14:41:06.0107 1684 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
14:41:06.0153 1684 ql2300 - ok
14:41:06.0169 1684 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
14:41:06.0185 1684 ql40xx - ok
14:41:06.0216 1684 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
14:41:06.0231 1684 QWAVE - ok
14:41:06.0247 1684 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:41:06.0263 1684 QWAVEdrv - ok
14:41:06.0278 1684 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:41:06.0294 1684 RasAcd - ok
14:41:06.0325 1684 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:41:06.0341 1684 RasAgileVpn - ok
14:41:06.0356 1684 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
14:41:06.0387 1684 RasAuto - ok
14:41:06.0403 1684 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:41:06.0450 1684 Rasl2tp - ok
14:41:06.0481 1684 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
14:41:06.0512 1684 RasMan - ok
14:41:06.0528 1684 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:41:06.0575 1684 RasPppoe - ok
14:41:06.0590 1684 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:41:06.0621 1684 RasSstp - ok
14:41:06.0637 1684 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:41:06.0668 1684 rdbss - ok
14:41:06.0684 1684 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
14:41:06.0699 1684 rdpbus - ok
14:41:06.0715 1684 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:41:06.0746 1684 RDPCDD - ok
14:41:06.0762 1684 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
14:41:06.0777 1684 RDPDR - ok
14:41:06.0809 1684 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:41:06.0840 1684 RDPENCDD - ok
14:41:06.0855 1684 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:41:06.0887 1684 RDPREFMP - ok
14:41:06.0918 1684 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
14:41:06.0949 1684 RdpVideoMiniport - ok
14:41:06.0980 1684 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:41:07.0027 1684 RDPWD - ok
14:41:07.0058 1684 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:41:07.0074 1684 rdyboost - ok
14:41:07.0089 1684 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:41:07.0121 1684 RemoteAccess - ok
14:41:07.0121 1684 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:41:07.0167 1684 RemoteRegistry - ok
14:41:07.0199 1684 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:41:07.0230 1684 RpcEptMapper - ok
14:41:07.0230 1684 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
14:41:07.0261 1684 RpcLocator - ok
14:41:07.0292 1684 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
14:41:07.0308 1684 RpcSs - ok
14:41:07.0323 1684 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:41:07.0355 1684 rspndr - ok
14:41:07.0386 1684 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
14:41:07.0417 1684 RTL8167 - ok
14:41:07.0433 1684 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
14:41:07.0448 1684 s3cap - ok
14:41:07.0464 1684 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
14:41:07.0479 1684 SamSs - ok
14:41:07.0495 1684 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:41:07.0511 1684 sbp2port - ok
14:41:07.0511 1684 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:41:07.0542 1684 SCardSvr - ok
14:41:07.0557 1684 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:41:07.0604 1684 scfilter - ok
14:41:07.0635 1684 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
14:41:07.0698 1684 Schedule - ok
14:41:07.0729 1684 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
14:41:07.0745 1684 SCPolicySvc - ok
14:41:07.0776 1684 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:41:07.0807 1684 SDRSVC - ok
14:41:07.0823 1684 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:41:07.0869 1684 secdrv - ok
14:41:07.0885 1684 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
14:41:07.0916 1684 seclogon - ok
14:41:07.0916 1684 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
14:41:07.0947 1684 SENS - ok
14:41:07.0947 1684 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:41:07.0979 1684 SensrSvc - ok
14:41:07.0994 1684 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:41:08.0025 1684 Serenum - ok
14:41:08.0041 1684 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:41:08.0072 1684 Serial - ok
14:41:08.0072 1684 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
14:41:08.0103 1684 sermouse - ok
14:41:08.0119 1684 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
14:41:08.0166 1684 SessionEnv - ok
14:41:08.0181 1684 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:41:08.0197 1684 sffdisk - ok
14:41:08.0213 1684 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:41:08.0228 1684 sffp_mmc - ok
14:41:08.0244 1684 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:41:08.0275 1684 sffp_sd - ok
14:41:08.0291 1684 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
14:41:08.0306 1684 sfloppy - ok
14:41:08.0337 1684 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:41:08.0447 1684 SharedAccess - ok
14:41:08.0478 1684 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:41:08.0509 1684 ShellHWDetection - ok
14:41:08.0525 1684 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
14:41:08.0540 1684 SiSRaid2 - ok
14:41:08.0556 1684 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
14:41:08.0571 1684 SiSRaid4 - ok
14:41:08.0587 1684 [ 6128E98EAAED364ED1A32708D2FD22CB ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
14:41:08.0649 1684 SkypeUpdate - ok
14:41:08.0665 1684 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:41:08.0712 1684 Smb - ok
14:41:08.0727 1684 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:41:08.0759 1684 SNMPTRAP - ok
14:41:08.0759 1684 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
14:41:08.0774 1684 spldr - ok
14:41:08.0805 1684 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
14:41:08.0821 1684 Spooler - ok
14:41:08.0883 1684 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
14:41:08.0961 1684 sppsvc - ok
14:41:08.0961 1684 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:41:08.0993 1684 sppuinotify - ok
14:41:09.0024 1684 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
14:41:09.0039 1684 srv - ok
14:41:09.0055 1684 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:41:09.0102 1684 srv2 - ok
14:41:09.0117 1684 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:41:09.0133 1684 srvnet - ok
14:41:09.0164 1684 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:41:09.0195 1684 SSDPSRV - ok
14:41:09.0211 1684 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:41:09.0242 1684 SstpSvc - ok
14:41:09.0258 1684 Steam Client Service - ok
14:41:09.0320 1684 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
14:41:09.0367 1684 Stereo Service - ok
14:41:09.0383 1684 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
14:41:09.0398 1684 stexstor - ok
14:41:09.0445 1684 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
14:41:09.0476 1684 stisvc - ok
14:41:09.0507 1684 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
14:41:09.0554 1684 storflt - ok
14:41:09.0570 1684 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
14:41:09.0601 1684 StorSvc - ok
14:41:09.0617 1684 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
14:41:09.0648 1684 storvsc - ok
14:41:09.0648 1684 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
14:41:09.0663 1684 swenum - ok
14:41:09.0695 1684 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
14:41:09.0757 1684 swprv - ok
14:41:09.0788 1684 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
14:41:09.0835 1684 SysMain - ok
14:41:09.0851 1684 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:41:09.0882 1684 TabletInputService - ok
14:41:09.0897 1684 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:41:09.0960 1684 TapiSrv - ok
14:41:09.0960 1684 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
14:41:09.0991 1684 TBS - ok
14:41:10.0038 1684 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:41:10.0194 1684 Tcpip - ok
14:41:10.0209 1684 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:41:10.0241 1684 TCPIP6 - ok
14:41:10.0256 1684 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:41:10.0272 1684 tcpipreg - ok
14:41:10.0287 1684 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:41:10.0319 1684 TDPIPE - ok
14:41:10.0350 1684 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:41:10.0381 1684 TDTCP - ok
14:41:10.0412 1684 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:41:10.0443 1684 tdx - ok
14:41:10.0459 1684 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
14:41:10.0475 1684 TermDD - ok
14:41:10.0490 1684 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
14:41:10.0521 1684 TermService - ok
14:41:10.0537 1684 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
14:41:10.0553 1684 Themes - ok
14:41:10.0568 1684 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
14:41:10.0584 1684 THREADORDER - ok
14:41:10.0615 1684 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
14:41:10.0662 1684 TrkWks - ok
14:41:10.0693 1684 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:41:10.0740 1684 TrustedInstaller - ok
14:41:10.0755 1684 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:41:10.0802 1684 tssecsrv - ok
14:41:10.0833 1684 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:41:10.0896 1684 TsUsbFlt - ok
14:41:10.0927 1684 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
14:41:10.0974 1684 TsUsbGD - ok
14:41:11.0005 1684 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:41:11.0067 1684 tunnel - ok
14:41:11.0067 1684 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
14:41:11.0083 1684 uagp35 - ok
14:41:11.0099 1684 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:41:11.0145 1684 udfs - ok
14:41:11.0177 1684 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:41:11.0208 1684 UI0Detect - ok
14:41:11.0208 1684 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:41:11.0223 1684 uliagpkx - ok
14:41:11.0255 1684 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:41:11.0270 1684 umbus - ok
14:41:11.0286 1684 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
14:41:11.0317 1684 UmPass - ok
14:41:11.0348 1684 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
14:41:11.0395 1684 UmRdpService - ok
14:41:11.0426 1684 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
14:41:11.0489 1684 upnphost - ok
14:41:11.0504 1684 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
14:41:11.0535 1684 USBAAPL64 - ok
14:41:11.0551 1684 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
14:41:11.0582 1684 usbaudio - ok
14:41:11.0613 1684 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:41:11.0645 1684 usbccgp - ok
14:41:11.0676 1684 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:41:11.0707 1684 usbcir - ok
14:41:11.0707 1684 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:41:11.0738 1684 usbehci - ok
14:41:11.0769 1684 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:41:11.0816 1684 usbhub - ok
14:41:11.0832 1684 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
14:41:11.0847 1684 usbohci - ok
14:41:11.0863 1684 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
14:41:11.0894 1684 usbprint - ok
14:41:11.0925 1684 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:41:11.0972 1684 USBSTOR - ok
14:41:11.0988 1684 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
14:41:12.0019 1684 usbuhci - ok
14:41:12.0050 1684 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
14:41:12.0113 1684 usbvideo - ok
14:41:12.0144 1684 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
14:41:12.0191 1684 UxSms - ok
14:41:12.0191 1684 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
14:41:12.0206 1684 VaultSvc - ok
14:41:12.0206 1684 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:41:12.0222 1684 vdrvroot - ok
14:41:12.0237 1684 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
14:41:12.0300 1684 vds - ok
14:41:12.0300 1684 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:41:12.0315 1684 vga - ok
14:41:12.0331 1684 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
14:41:12.0362 1684 VgaSave - ok
14:41:12.0378 1684 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:41:12.0393 1684 vhdmp - ok
14:41:12.0409 1684 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
14:41:12.0425 1684 viaide - ok
14:41:12.0456 1684 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
14:41:12.0471 1684 vmbus - ok
14:41:12.0487 1684 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
14:41:12.0487 1684 VMBusHID - ok
14:41:12.0503 1684 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:41:12.0518 1684 volmgr - ok
14:41:12.0534 1684 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:41:12.0534 1684 volmgrx - ok
14:41:12.0549 1684 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:41:12.0581 1684 volsnap - ok
14:41:12.0596 1684 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
14:41:12.0612 1684 vsmraid - ok
14:41:12.0643 1684 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
14:41:12.0705 1684 VSS - ok
14:41:12.0721 1684 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
14:41:12.0752 1684 vwifibus - ok
14:41:12.0768 1684 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
14:41:12.0799 1684 W32Time - ok
14:41:12.0815 1684 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
14:41:12.0846 1684 WacomPen - ok
14:41:12.0861 1684 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:41:12.0908 1684 WANARP - ok
14:41:12.0908 1684 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:41:12.0939 1684 Wanarpv6 - ok
14:41:12.0971 1684 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
14:41:13.0017 1684 wbengine - ok
14:41:13.0033 1684 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:41:13.0049 1684 WbioSrvc - ok
14:41:13.0064 1684 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:41:13.0111 1684 wcncsvc - ok
14:41:13.0127 1684 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:41:13.0173 1684 WcsPlugInService - ok
14:41:13.0205 1684 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
14:41:13.0236 1684 Wd - ok
14:41:13.0267 1684 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:41:13.0314 1684 Wdf01000 - ok
14:41:13.0329 1684 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:41:13.0392 1684 WdiServiceHost - ok
14:41:13.0392 1684 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:41:13.0407 1684 WdiSystemHost - ok
14:41:13.0423 1684 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
14:41:13.0454 1684 WebClient - ok
14:41:13.0470 1684 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:41:13.0517 1684 Wecsvc - ok
14:41:13.0532 1684 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:41:13.0563 1684 wercplsupport - ok
14:41:13.0579 1684 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
14:41:13.0610 1684 WerSvc - ok
14:41:13.0610 1684 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:41:13.0641 1684 WfpLwf - ok
14:41:13.0657 1684 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:41:13.0657 1684 WIMMount - ok
14:41:13.0673 1684 WinDefend - ok
14:41:13.0673 1684 WinHttpAutoProxySvc - ok
14:41:13.0719 1684 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:41:13.0766 1684 Winmgmt - ok
14:41:13.0797 1684 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
14:41:13.0860 1684 WinRM - ok
14:41:13.0891 1684 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
14:41:13.0938 1684 WinUsb - ok
14:41:13.0953 1684 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
14:41:14.0016 1684 Wlansvc - ok
14:41:14.0031 1684 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
14:41:14.0047 1684 WmiAcpi - ok
14:41:14.0063 1684 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:41:14.0094 1684 wmiApSrv - ok
14:41:14.0109 1684 WMPNetworkSvc - ok
14:41:14.0109 1684 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:41:14.0141 1684 WPCSvc - ok
14:41:14.0156 1684 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:41:14.0187 1684 WPDBusEnum - ok
14:41:14.0203 1684 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:41:14.0234 1684 ws2ifsl - ok
14:41:14.0250 1684 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
14:41:14.0281 1684 wscsvc - ok
14:41:14.0281 1684 WSearch - ok
14:41:14.0343 1684 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
14:41:14.0375 1684 wuauserv - ok
14:41:14.0406 1684 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:41:14.0421 1684 WudfPf - ok
14:41:14.0453 1684 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:41:14.0484 1684 WUDFRd - ok
14:41:14.0515 1684 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:41:14.0531 1684 wudfsvc - ok
14:41:14.0546 1684 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
14:41:14.0562 1684 WwanSvc - ok
14:41:14.0577 1684 ================ Scan global ===============================
14:41:14.0593 1684 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:41:14.0624 1684 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
14:41:14.0640 1684 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
14:41:14.0655 1684 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:41:14.0687 1684 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:41:14.0687 1684 [Global] - ok
14:41:14.0687 1684 ================ Scan MBR ==================================
14:41:14.0702 1684 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:41:14.0874 1684 \Device\Harddisk0\DR0 - ok
14:41:14.0874 1684 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
14:41:15.0420 1684 \Device\Harddisk1\DR1 - ok
14:41:15.0420 1684 ================ Scan VBR ==================================
14:41:15.0420 1684 [ EB192F7355F91FE69295C47306521602 ] \Device\Harddisk0\DR0\Partition1
14:41:15.0420 1684 \Device\Harddisk0\DR0\Partition1 - ok
14:41:15.0435 1684 [ 670A64AA12C6D5999C4DF33C0E128095 ] \Device\Harddisk0\DR0\Partition2
14:41:15.0435 1684 \Device\Harddisk0\DR0\Partition2 - ok
14:41:15.0467 1684 [ 9B6EDADA5F69C2C328F676C6FB83AC61 ] \Device\Harddisk0\DR0\Partition3
14:41:15.0467 1684 \Device\Harddisk0\DR0\Partition3 - ok
14:41:15.0467 1684 [ 6C843F6F9D16D7314FEB481E9E2CE6B9 ] \Device\Harddisk1\DR1\Partition1
14:41:15.0467 1684 \Device\Harddisk1\DR1\Partition1 - ok
14:41:15.0467 1684 ============================================================
14:41:15.0467 1684 Scan finished
14:41:15.0467 1684 ============================================================
14:41:15.0482 4904 Detected object count: 0
14:41:15.0482 4904 Actual detected object count: 0

Ich erwarte ergebenst weitere Anweisungen

markusg · 05.01.2013, 15:21

Hi
malwarebytes:
Downloade Dir bitte Malwarebytes

Installiere
das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche
nach Aktualisierung
Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet
ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste
das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

daemlack · 07.01.2013, 18:58

Hi Markus,

hier das Logfile:

Zitat:

Malwarebytes Anti-Malware 1.70.0.1100
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2013.01.07.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Stephan :: STEPHAN-PC [Administrator]

07.01.2013 17:45:36
mbam-log-2013-01-07 (17-45-36).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 472593
Laufzeit: 1 Stunde(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

So weit, so gut?
Danke und viele Grüße,
daemlack.

markusg · 07.01.2013, 19:30

Hi

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

daemlack · 07.01.2013, 21:13

Moin,

hier:

Zitat:

7-Zip 9.20 23.09.2012 - notwendig
Adobe Acrobat 6.0 Professional - English, Français, Deutsch Adobe Systems 25.03.2012 382MB 006.000.000 - notwendig
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 14.12.2012 6,00MB 11.5.502.135 - notwendig
Adobe Photoshop 7.0 Adobe Systems, Inc. 20.09.2012 - notwendig 7.0
Adobe Reader X (10.1.4) - Deutsch Adobe Systems Incorporated 17.09.2012 121MB 10.1.4 - notwendig
Apple Application Support Apple Inc. 27.12.2012 65,0MB 2.3.2 - unbekannt
Apple Mobile Device Support Apple Inc. 27.12.2012 25,1MB 6.0.1.3 - unbekannt
Apple Software Update Apple Inc. 14.04.2012 2,38MB 2.1.3.127 - unbekannt
ATI Catalyst Install Manager ATI Technologies, Inc. 16.03.2012 22,1MB 3.0.762.0 - unbekannt
Avira Free Antivirus Avira 14.11.2012 115MB 12.1.9.1236 - notwendig
Bonjour Apple Inc. 14.04.2012 2,00MB 3.0.0.10 - unbekannt
CCleaner Piriform 19.12.2012 3.26 - notwendig
DAEMON Tools Lite DT Soft Ltd 22.11.2012 4.46.1.0327 - notwendig
Day of Defeat: Source Valve 20.09.2012 - notwendig
Dropbox Dropbox, Inc. 15.07.2012 1.4.7 - notwendig
EPU-4 Engine 20.09.2012 1.02.01 - unbekannt
Fallout 3 Bethesda Softworks 22.11.2012 1.00.0000 - notwendig
Free YouTube to MP3 Converter version 3.11.37.1212 DVDVideoSoft Ltd. 28.12.2012 72,8MB 3.11.37.1212 - notwendig
Google Chrome Google Inc. 29.03.2012 23.0.1271.97 - unnötig
iTunes Apple Inc. 27.12.2012 191MB 11.0.1.12 - notwendig
Java 7 Update 10 Oracle 17.09.2012 128MB 7.0.100 - notwendig
JDownloader 0.9 AppWork GmbH 20.09.2012 0.9 - notwendig
Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 07.01.2013 18,4MB 1.70.0.1100 - notwendig
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 18.03.2012 38,8MB 4.0.30319 - unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 18.03.2012 2,93MB 4.0.30319 - unbekannt
Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 22.11.2012 28,3MB 1.2.0241 - unbekannt
Microsoft Office Enterprise 2007 Microsoft Corporation 20.09.2012 12.0.4518.1014 - unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 16.03.2012 788KB 9.0.30729.4148 - unbekannt
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 16.03.2012 11,1MB 10.0.40219 - unbekannt
Mozilla Firefox 16.0.1 (x86 de) Mozilla 21.10.2012 38,5MB 16.0.1 - notwendig
Mozilla Maintenance Service Mozilla 28.12.2012 329KB 17.0 - notwendig
Mozilla Thunderbird 17.0 (x86 de) Mozilla 28.12.2012 41,9MB 17.0 - notwendig
Nexus Mod Manager Black Tree Gaming 05.12.2012 13,4MB 0.34.0 - notwendig
NVIDIA 3D Vision Controller-Treiber 280.19 NVIDIA Corporation 16.03.2012 280.19 - unbekannt
NVIDIA 3D Vision Treiber 306.97 NVIDIA Corporation 09.11.2012 306.97 - notwendig
NVIDIA Grafiktreiber 306.97 NVIDIA Corporation 09.11.2012 306.97 - notwendig
NVIDIA HD-Audiotreiber 1.2.23.3 NVIDIA Corporation 16.03.2012 1.2.23.3 - unbekannt
NVIDIA PhysX-Systemsoftware 9.10.0514 NVIDIA Corporation 16.03.2012 9.10.0514 - - unbekannt
NVIDIA Update 1.10.8 NVIDIA Corporation 09.11.2012 1.10.8 - - unbekannt
Realtek Ethernet Controller Driver Realtek 16.03.2012 7.46.610.2011 - notwendig
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 16.03.2012 6.0.1.6402 - notwendig
Skype™ 5.8 Skype Technologies S.A. 16.03.2012 19,0MB 5.8.158 - notwendig
Source SDK Base 2007 Valve 26.09.2012 - notwendig
StarCraft II Blizzard Entertainment 20.09.2012 1.5.3.23260 - notwendig
Steam Valve Corporation 16.03.2012 35,4MB 1.0.0.0 - notwendig
Trine 2 22.03.2012 1,45GB - unnötig
VLC media player 2.0.1 VideoLAN 20.09.2012 2.0.1 - notwendig
WinRAR 4.11 (64-Bit) win.rar GmbH 18.03.2012 4.11.0 - notwendig

Viele Grüße und Danke

markusg · 07.01.2013, 21:16

hi
Adobe Acrobat 6.0 : ist veraltet, aktuell ist version 7, sollte man upgraden, da ältere Versionen sicherheitslücken enthalten können, bzw features fehlen.

Deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:
Bonjour
EPU
Google
Trine

Öffne CCleaner analysieren, starten, PC neustarten.

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste
mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

daemlack · 08.01.2013, 18:51

Hi Markus,

also folgendes:

- beim Adobe-Reader hat sich alles ändern lassen, ausser der Updater. Da fragte die Firewall, ob ich den Zugriff zulassen will, ich bejahte, danach geschah nichts und auch die Einstellungen sind die Gleichen geblieben (nur bzgl Update)

- ich habe das EPU vorerst nicht deinstalliert, habe eben im Internet gefunden, dass das der Treiber für mein Motherboard ist? Besser nicht deinstallieren, oder?

- und hier das Log vom adwcleaner

Zitat:

# AdwCleaner v2.105 - Datei am 08/01/2013 um 18:48:11 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Stephan - STEPHAN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Stephan\Desktop\adwcleaner.exe
# Option [Suche]

**** [Dienste] ****

***** [Dateien / Ordner] *****

***** [Registrierungsdatenbank] *****

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v16.0.1 (de)

Datei : C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\m0tlaejt.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [731 octets] - [08/01/2013 18:48:11]

########## EOF - C:\AdwCleaner[R1].txt - [790 octets] ##########

und ein mal mehr: Danke

markusg · 08.01.2013, 18:55

EPU : behalten
Firewall: welche meinst du, die von windows?

daemlack · 09.01.2013, 11:07

ja genau, die von Windows.

28.12.2012, 15:51	#2
markusg /// Malware-holic	AntiVir meldete TR/Crypt.ZPACK.Gen Hi, Zonealarm kann erst mal runter, unter Win7 gibts bereits ne integrierte Firewall, die gut genug ist. Öffne bitte Avira, Verwaltung, Quarantäne, poste alle Fundmeldungen mit Pfadangabe __________________ __________________

08.01.2013, 18:55	#14
markusg /// Malware-holic	AntiVir meldete TR/Crypt.ZPACK.Gen EPU : behalten Firewall: welche meinst du, die von windows? __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

AntiVir meldete TR/Crypt.ZPACK.Gen

Plagegeister aller Art und deren Bekämpfung: AntiVir meldete TR/Crypt.ZPACK.Gen