| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: My Security Shield entfernenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.03.2012, 17:37
| #1 |
 |  My Security Shield entfernen Hallo troyaner-board, ich habe mir gerade my security shield eingefangen und kann weder fogger noch otl installieren. Downloaden geht noch, aber mehr auch nicht. Komme ich um eine Neuinstallation herum? Bzw. Könnte ich mit einem Knoppixboot wenigstens meine Dateien Retten? Mein Letztes Backup ist leider schon etwas älter und ich war gerade dabei an einer wichtigen Arbeit zuschreiben? Ich kann nicht mal mehr den taskmanager öffnen gibt es ne andere möglichkeit sich die laufenden Prozesse anzeigen zu lassen um My security Shield zu killen? Gibt es einen Virenscanner der mich vor einer neu infektion bewahren kann? Gruß björn Geändert von kruesae (22.03.2012 um 17:39 Uhr) Grund: was vergessen |
|
22.03.2012, 17:49
| #2 |
| /// Malware-holic   | My Security Shield entfernen hi,
__________________na über schutzmöglichkeiten sprechen wir am ende. starte mal neu, drücke f8 wähle abgesicherter modus mit netzwerk, melde dich im betroffenen konto an. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
22.03.2012, 17:56
| #3 |
| | My Security Shield entfernen Ich habe gerade das Workaround http://www.trojaner-board.de/89160-m...entfernen.html ausprobiert und rkill gestartet und es Poppt auch kurz eine Kommandokonsole auf. OTL kann ich zwar Downloaden, aber wenn ich es starte wird es sofort wieder beendet. Oder meinstest du ich soll es starten nach dem ich den rechner neugestartet habe?
__________________ |
|
22.03.2012, 17:58
| #4 |
| /// Malware-holic | My Security Shield entfernen wenn du hier hilfe willst, mache ausschließlich das, was hier steht. hast du den start in den abgesicherten modus mit netzwerk probiert?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
22.03.2012, 18:08
| #5 |
| | My Security Shield entfernen Ja habe ich probiert. Ich habe die ganze Zeit auf F8 rum gehämmert aber es kam kein Auswahl Bildschirm. Ich habe Win7 x64 Pro vllt. gibt es da ne andere Möglichkeit in den zugelangen. Um OTL starten zu können habe ich beim 2. Reboot versuch einfach den Prozess vom My Security Shield gekillt. Und konnte dann OTL starten ich hoffe das war korrekt ansonsten starte ich nacher nochmal neu und probiers dann noch mal. Muss gleich zur Arbeit los. Ich hatte leider was missverstanden hier die Log mit dem Quickscan und der Liste:OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.03.2012 18:13:28 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\***\Desktop
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,98 Gb Total Physical Memory | 6,30 Gb Available Physical Memory | 78,96% Memory free
15,95 Gb Paging File | 14,03 Gb Available in Paging File | 87,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 552,83 Gb Free Space | 59,35% Space Free | Partition Type: NTFS
Drive E: | 3,71 Gb Total Space | 3,32 Gb Free Space | 89,53% Space Free | Partition Type: FAT32
Computer Name: HANNIBAL | User Name: Superuser | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\***\Desktop\tester.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\***\AppData\Local\Temp\Temp1_gogdownloader_0901376.zip\GOGDownloader.exe (GOG.com)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
========== Win32 Services (SafeList) ==========
SRV:64bit: - (Intel(R) PROSet Monitoring Service) Intel(R) -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (DAUpdaterSvc) -- c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe (BioWare)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (DTSAudioService) -- C:\Programme\Realtek\Audio\HDA\DTSAudioService64.exe (DTS)
========== Driver Services (SafeList) ==========
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (SWDUMon) -- C:\Windows\SysNative\drivers\SWDUMon.sys ()
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (e1cexpress) Intel(R) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (ATHDFU) -- C:\Windows\SysNative\drivers\AthDfu.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "hxxp://www.tixuma.de/"
FF - prefs.js..extensions.enabledItems: OpenXMLViewer@Codeplex.com:1.0.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.87
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.01 21:01:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.11.24 23:01:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
[2011.11.14 22:40:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Superuser\AppData\Roaming\mozilla\Extensions
[2011.12.02 20:24:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Superuser\AppData\Roaming\mozilla\Firefox\Profiles\2w1zbof6.default\extensions
[2011.12.02 20:24:41 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Superuser\AppData\Roaming\mozilla\Firefox\Profiles\2w1zbof6.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2011.12.02 20:24:41 | 000,000,000 | ---D | M] (OpenXMLViewer) -- C:\Users\Superuser\AppData\Roaming\mozilla\Firefox\Profiles\2w1zbof6.default\extensions\OpenXMLViewer@Codeplex.com
[2012.02.01 21:01:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.02.01 21:01:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.01 21:01:41 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.01 21:01:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.01 21:01:41 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.01 21:01:41 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.01 21:01:41 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.01 21:01:41 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKCU..\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe (NEXON Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4:64bit: - HKLM..\RunOnce: [NoIE4StubProcessing] C:\Windows\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89D676DD-87CD-4ADE-8D7E-FB7F75E3BD88}: DhcpNameServer = 192.168.2.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0d2f4075-0e6a-11e1-a13c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0d2f4075-0e6a-11e1-a13c-806e6f6e6963}\Shell\AutoRun\command - "" = D:\ZToolBar.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012.03.10 22:34:36 | 000,000,000 | ---D | C] -- C:\Users\Superuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVEMon
[2012.03.10 22:34:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EVEMon
[2012.03.01 10:16:11 | 000,000,000 | ---D | C] -- C:\Users\Superuser\AppData\Local\Origin
[2012.03.01 10:11:44 | 000,000,000 | ---D | C] -- C:\Users\Superuser\AppData\Roaming\Origin
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.03.22 18:07:02 | 000,014,272 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.22 18:07:02 | 000,014,272 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.22 18:05:31 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.22 18:05:31 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.22 18:05:31 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.22 18:05:31 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.22 18:05:30 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.22 17:59:42 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2012.03.22 17:59:40 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2012.03.22 17:59:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.22 17:59:28 | 2129,219,583 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.21 10:03:45 | 000,282,864 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.03.21 10:03:45 | 000,282,864 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.03.21 10:03:21 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.03.15 07:13:01 | 000,292,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.02.28 13:14:26 | 001,589,442 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.02.21 21:29:48 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.02.21 21:29:47 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.03.10 22:34:41 | 000,048,533 | ---- | C] () -- C:\Users\Superuser\Documents\EVEMon_Settings_3315.xml.bak
[2012.02.21 21:29:48 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.02.21 21:29:47 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012.01.27 01:07:01 | 000,282,864 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.01.27 01:07:00 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.12.04 15:24:44 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.11.14 21:09:18 | 000,043,403 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011.11.14 21:08:43 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.11.14 21:08:38 | 000,029,279 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.05.31 07:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011.05.31 07:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
========== LOP Check ==========
[2012.03.10 22:35:34 | 000,000,000 | ---D | M] -- C:\Users\Superuser\AppData\Roaming\EVEMon
[2011.11.15 05:20:54 | 000,000,000 | ---D | M] -- C:\Users\Superuser\AppData\Roaming\MotionDSP
[2012.03.01 10:16:12 | 000,000,000 | ---D | M] -- C:\Users\Superuser\AppData\Roaming\Origin
[2012.02.01 21:33:33 | 000,000,000 | ---D | M] -- C:\Users\Superuser\AppData\Roaming\PunkBuster
[2011.11.24 23:01:45 | 000,000,000 | ---D | M] -- C:\Users\Superuser\AppData\Roaming\Thunderbird
[2012.02.05 10:47:24 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.03.22 17:59:40 | 000,000,418 | ---- | M] () -- C:\Windows\Tasks\SlimDrivers Startup.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2011.12.16 12:34:44 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.11.14 21:06:05 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.12.07 23:45:48 | 000,000,000 | ---D | M] -- C:\Download
[2012.02.02 11:32:31 | 000,000,000 | ---D | M] -- C:\Games
[2011.11.14 21:17:48 | 000,000,000 | ---D | M] -- C:\Intel
[2011.12.07 23:46:32 | 000,000,000 | ---D | M] -- C:\Nexon
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.01.01 12:42:48 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.03.10 22:34:35 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.02.14 20:08:31 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.11.14 21:06:05 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.11.14 21:26:59 | 000,000,000 | ---D | M] -- C:\RaidTool
[2011.11.14 21:06:05 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.03.22 18:14:19 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.01.01 12:37:51 | 000,000,000 | ---D | M] -- C:\Temp
[2011.12.16 12:34:36 | 000,000,000 | R--D | M] -- C:\Users
[2012.01.27 00:20:13 | 000,000,000 | ---D | M] -- C:\Windows
< %PROGRAMFILES%\*.exe >
< %LOCALAPPDATA%\*.exe >
< %systemroot%\*. /mp /s >
< MD5 for: AGP440.SYS >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: EXPLORER.EXE >
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2012.03.22 17:50:44 | 001,008,141 | ---- | M] () MD5=28C253A0212B221E96F6A17499B91651 -- C:\Users\***\Downloads\eXplorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2011.01.16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Superuser\AppData\Local\Temp\RarSFX0\procs\explorer.exe
[2011.01.16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Superuser\AppData\Local\Temp\RarSFX1\procs\explorer.exe
[2011.01.16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Superuser\AppData\Local\Temp\RarSFX2\procs\explorer.exe
[2011.01.16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Superuser\AppData\Local\Temp\RarSFX3\procs\explorer.exe
[2011.01.16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Superuser\AppData\Local\Temp\RarSFX4\procs\explorer.exe
[2011.01.16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Superuser\AppData\Local\Temp\RarSFX5\procs\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2005.08.16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Superuser\AppData\Local\Temp\RarSFX0\h\explorer.exe
[2005.08.16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Superuser\AppData\Local\Temp\RarSFX1\h\explorer.exe
[2005.08.16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Superuser\AppData\Local\Temp\RarSFX2\h\explorer.exe
[2005.08.16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Superuser\AppData\Local\Temp\RarSFX3\h\explorer.exe
[2005.08.16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Superuser\AppData\Local\Temp\RarSFX4\h\explorer.exe
[2005.08.16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Superuser\AppData\Local\Temp\RarSFX5\h\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: IASTORV.SYS >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Users\Superuser\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20111115T042431408162\pci\ven_8086&dev_2822&cc_0104\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Users\Superuser\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20111115T044632917016\pci\ven_8086&dev_2822&cc_0104\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Users\Superuser\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20111116T035107018296\pci\ven_8086&dev_2822&cc_0104\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Users\Superuser\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20111116T035532373017\pci\ven_8086&dev_2822&cc_0104\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Users\Superuser\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20111116T040118256421\pci\ven_8086&dev_2822&cc_0104\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
< MD5 for: USER32.DLL >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
< MD5 for: USERINIT.EXE >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Superuser\AppData\Local\Temp\RarSFX5\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Superuser\AppData\Local\Temp\RarSFX5\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
< %USERPROFILE%\*.* >
[2012.03.22 18:10:41 | 000,786,432 | -HS- | M] () -- C:\Users\Superuser\NTUSER.DAT
[2012.03.22 18:10:41 | 000,262,144 | -HS- | M] () -- C:\Users\Superuser\ntuser.dat.LOG1
[2011.11.14 21:06:10 | 000,000,000 | -HS- | M] () -- C:\Users\Superuser\ntuser.dat.LOG2
[2011.11.14 21:10:29 | 000,065,536 | -HS- | M] () -- C:\Users\Superuser\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011.11.14 21:10:29 | 000,524,288 | -HS- | M] () -- C:\Users\Superuser\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011.11.14 21:10:29 | 000,524,288 | -HS- | M] () -- C:\Users\Superuser\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011.12.04 15:21:11 | 000,065,536 | -HS- | M] () -- C:\Users\Superuser\NTUSER.DAT{0ad59a12-1e57-11e1-99c9-00268332a5fe}.TM.blf
[2011.12.04 15:21:11 | 000,524,288 | -HS- | M] () -- C:\Users\Superuser\NTUSER.DAT{0ad59a12-1e57-11e1-99c9-00268332a5fe}.TMContainer00000000000000000001.regtrans-ms
[2011.12.04 15:21:11 | 000,524,288 | -HS- | M] () -- C:\Users\Superuser\NTUSER.DAT{0ad59a12-1e57-11e1-99c9-00268332a5fe}.TMContainer00000000000000000002.regtrans-ms
[2011.12.06 14:21:43 | 000,065,536 | -HS- | M] () -- C:\Users\Superuser\NTUSER.DAT{109d953b-1fd4-11e1-9076-00268332a5fe}.TM.blf
[2011.12.06 14:21:43 | 000,524,288 | -HS- | M] () -- C:\Users\Superuser\NTUSER.DAT{109d953b-1fd4-11e1-9076-00268332a5fe}.TMContainer00000000000000000001.regtrans-ms
[2011.12.06 14:21:43 | 000,524,288 | -HS- | M] () -- C:\Users\Superuser\NTUSER.DAT{109d953b-1fd4-11e1-9076-00268332a5fe}.TMContainer00000000000000000002.regtrans-ms
[2012.02.16 21:31:15 | 000,065,536 | -HS- | M] () -- C:\Users\Superuser\NTUSER.DAT{2aa0299c-58ac-11e1-ae49-14dae944d0d4}.TM.blf
[2012.02.16 21:31:15 | 000,524,288 | -HS- | M] () -- C:\Users\Superuser\NTUSER.DAT{2aa0299c-58ac-11e1-ae49-14dae944d0d4}.TMContainer00000000000000000001.regtrans-ms
[2012.02.16 21:31:15 | 000,524,288 | -HS- | M] () -- C:\Users\Superuser\NTUSER.DAT{2aa0299c-58ac-11e1-ae49-14dae944d0d4}.TMContainer00000000000000000002.regtrans-ms
[2012.01.02 12:24:46 | 000,065,536 | -HS- | M] () -- C:\Users\Superuser\NTUSER.DAT{5560d662-3521-11e1-b50b-00268332a5fe}.TM.blf
[2012.01.02 12:24:46 | 000,524,288 | -HS- | M] () -- C:\Users\Superuser\NTUSER.DAT{5560d662-3521-11e1-b50b-00268332a5fe}.TMContainer00000000000000000001.regtrans-ms
[2012.01.02 12:24:46 | 000,524,288 | -HS- | M] () -- C:\Users\Superuser\NTUSER.DAT{5560d662-3521-11e1-b50b-00268332a5fe}.TMContainer00000000000000000002.regtrans-ms
[2011.12.17 09:55:58 | 000,065,536 | -HS- | M] () -- C:\Users\Superuser\NTUSER.DAT{5d1cae42-288a-11e1-8c3f-14dae944d0d4}.TM.blf
[2011.12.17 09:55:58 | 000,524,288 | -HS- | M] () -- C:\Users\Superuser\NTUSER.DAT{5d1cae42-288a-11e1-8c3f-14dae944d0d4}.TMContainer00000000000000000001.regtrans-ms
[2011.12.17 09:55:58 | 000,524,288 | -HS- | M] () -- C:\Users\Superuser\NTUSER.DAT{5d1cae42-288a-11e1-8c3f-14dae944d0d4}.TMContainer00000000000000000002.regtrans-ms
[2012.01.31 11:52:08 | 000,065,536 | -HS- | M] () -- C:\Users\Superuser\NTUSER.DAT{73cc946f-4be3-11e1-ab90-00268332a5fe}.TM.blf
[2012.01.31 11:52:08 | 000,524,288 | -HS- | M] () -- C:\Users\Superuser\NTUSER.DAT{73cc946f-4be3-11e1-ab90-00268332a5fe}.TMContainer00000000000000000001.regtrans-ms
[2012.01.31 11:52:08 | 000,524,288 | -HS- | M] () -- C:\Users\Superuser\NTUSER.DAT{73cc946f-4be3-11e1-ab90-00268332a5fe}.TMContainer00000000000000000002.regtrans-ms
[2012.01.27 18:03:51 | 000,065,536 | -HS- | M] () -- C:\Users\Superuser\NTUSER.DAT{a090bdd3-4902-11e1-b882-00268332a5fe}.TM.blf
[2012.01.27 18:03:51 | 000,524,288 | -HS- | M] () -- C:\Users\Superuser\NTUSER.DAT{a090bdd3-4902-11e1-b882-00268332a5fe}.TMContainer00000000000000000001.regtrans-ms
[2012.01.27 18:03:51 | 000,524,288 | -HS- | M] () -- C:\Users\Superuser\NTUSER.DAT{a090bdd3-4902-11e1-b882-00268332a5fe}.TMContainer00000000000000000002.regtrans-ms
[2012.02.01 20:57:50 | 000,065,536 | -HS- | M] () -- C:\Users\Superuser\NTUSER.DAT{c4fde935-4cba-11e1-99c9-14dae944d0d4}.TM.blf
[2012.02.01 20:57:50 | 000,524,288 | -HS- | M] () -- C:\Users\Superuser\NTUSER.DAT{c4fde935-4cba-11e1-99c9-14dae944d0d4}.TMContainer00000000000000000001.regtrans-ms
[2012.02.01 20:57:50 | 000,524,288 | -HS- | M] () -- C:\Users\Superuser\NTUSER.DAT{c4fde935-4cba-11e1-99c9-14dae944d0d4}.TMContainer00000000000000000002.regtrans-ms
[2011.12.12 10:00:00 | 000,065,536 | -HS- | M] () -- C:\Users\Superuser\NTUSER.DAT{d6847278-2494-11e1-a7f5-00268332a5fe}.TM.blf
[2011.12.12 10:00:00 | 000,524,288 | -HS- | M] () -- C:\Users\Superuser\NTUSER.DAT{d6847278-2494-11e1-a7f5-00268332a5fe}.TMContainer00000000000000000001.regtrans-ms
[2011.12.12 10:00:00 | 000,524,288 | -HS- | M] () -- C:\Users\Superuser\NTUSER.DAT{d6847278-2494-11e1-a7f5-00268332a5fe}.TMContainer00000000000000000002.regtrans-ms
[2012.01.27 00:14:14 | 000,065,536 | -HS- | M] () -- C:\Users\Superuser\NTUSER.DAT{db4b154b-4872-11e1-8c4b-14dae944d0d4}.TM.blf
[2012.01.27 00:14:14 | 000,524,288 | -HS- | M] () -- C:\Users\Superuser\NTUSER.DAT{db4b154b-4872-11e1-8c4b-14dae944d0d4}.TMContainer00000000000000000001.regtrans-ms
[2012.01.27 00:14:14 | 000,524,288 | -HS- | M] () -- C:\Users\Superuser\NTUSER.DAT{db4b154b-4872-11e1-8c4b-14dae944d0d4}.TMContainer00000000000000000002.regtrans-ms
[2011.11.14 21:06:11 | 000,000,020 | -HS- | M] () -- C:\Users\Superuser\ntuser.ini
< %USERPROFILE%\Local Settings\Temp\*.exe >
< %USERPROFILE%\Local Settings\Temp\*.dll >
< %USERPROFILE%\Application Data\*.exe >
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
< End of report >
OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 22.03.2012 18:13:28 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Björn\Desktop
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,98 Gb Total Physical Memory | 6,30 Gb Available Physical Memory | 78,96% Memory free
15,95 Gb Paging File | 14,03 Gb Available in Paging File | 87,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 552,83 Gb Free Space | 59,35% Space Free | Partition Type: NTFS
Drive E: | 3,71 Gb Total Space | 3,32 Gb Free Space | 89,53% Space Free | Partition Type: FAT32
Computer Name: HANNIBAL | User Name: Superuser | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{44663264-E108-4938-BF9E-A767315072C9}" = Intel(R) Network Connections 16.3.48.0
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4f94b43a-8a00-4ac4-bb94-269cf24aef97}.sdb" = Dungeon Keeper 2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PROSetDX" = Intel(R) Network Connections 16.3.48.0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist
"{67CDD5A0-C572-4D2C-A354-6492B51F4138}" = SlimDrivers
"{6C90C4C4-559D-4FE8-A4BF-37550E74D1FC}" = Bloodline Champions
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Age of Conan_is1" = Age of Conan: Unchained
"Avira AntiVir Desktop" = Avira Free Antivirus
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Battlelog Web Plugins" = Battlelog Web Plugins
"Dungeon Keeper 2_is1" = Dungeon Keeper 2
"ESN Sonar-0.70.4" = ESN Sonar
"EVE" = EVE Online (remove only)
"EVEMon" = EVEMon
"Freespace with Silent Threat Expansion_is1" = Freespace with Silent Threat Expansion
"MagniDriver" = marvell 91xx driver
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 10.0 (x86 de)" = Mozilla Firefox 10.0 (x86 de)
"Mozilla Thunderbird 9.0.1 (x86 de)" = Mozilla Thunderbird 9.0.1 (x86 de)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Origin" = Origin
"Painkiller Black_is1" = Painkiller Black
"PunkBusterSvc" = PunkBuster Services
"Samsung ML-2850 Series" = Samsung ML-2850 Series
"Star Trek Online" = Star Trek Online
"Star Wolves_is1" = Star Wolves
"Steam App 102600" = Orcs Must Die!
"Steam App 201310" = X3: Albion Prelude
"Steam App 203970" = Kingdoms of Amalur: Reckoning Demo
"Steam App 20570" = Warhammer® 40,000™: Dawn of War® II – Chaos Rising™
"Steam App 240" = Counter-Strike: Source
"Steam App 24400" = King Arthur - The Role-playing Wargame
"Steam App 2820" = X3: Terran Conflict
"Steam App 41500" = Torchlight
"Steam App 43110" = Metro 2033
"Steam App 47810" = Dragon Age: Origins - Ultimate Edition
"Steam App 55150" = Warhammer 40,000 Space Marine
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Stronghold_is1" = Stronghold
"Super Castle Attack" = Super Castle Attack
"Vindictus EU" = Vindictus EU
"vReveal" = vReveal
"Wing Commander Privateer_is1" = Wing Commander Privateer
"XIII_is1" = XIII
"ZOTAC FireStorm" = ZOTAC FireStorm
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 26.01.2012 19:26:04 | Computer Name = Hannibal | Source = Windows Installer 3.1 | ID = 921877
Description =
Error - 26.01.2012 19:38:11 | Computer Name = Hannibal | Source = Windows Installer 3.1 | ID = 921877
Description =
Error - 26.01.2012 20:31:02 | Computer Name = Hannibal | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: javaw.exe, Version: 6.0.290.11, Zeitstempel:
0x4e897ca0 Name des fehlerhaften Moduls: java.dll, Version: 6.0.290.11, Zeitstempel:
0x4e89b321 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00004e0a ID des fehlerhaften Prozesses:
0x1778 Startzeit der fehlerhaften Anwendung: 0x01ccdc8af2458919 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Java\jre6\bin\javaw.exe Pfad des fehlerhaften
Moduls: C:\Program Files (x86)\Java\jre6\bin\java.dll Berichtskennung: 30c46ad6-487e-11e1-8c4b-14dae944d0d4
Error - 02.02.2012 06:31:04 | Computer Name = Hannibal | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Björn\Downloads\SoftonicDownloader_fuer_power-mp3-wma-converter.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Error - 02.02.2012 06:31:06 | Computer Name = Hannibal | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Björn\Downloads\SoftonicDownloader_fuer_slimdrivers.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Error - 04.02.2012 08:36:23 | Computer Name = Hannibal | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 10.0.0.4411 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 122c Startzeit:
01cce31fea6b4ab3 Endzeit: 43 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
c920b44b-4f2c-11e1-ac9a-00268332a5fe
Error - 14.02.2012 14:22:01 | Computer Name = Hannibal | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Björn\Downloads\SoftonicDownloader_fuer_power-mp3-wma-converter.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Error - 14.02.2012 14:22:12 | Computer Name = Hannibal | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Björn\Downloads\SoftonicDownloader_fuer_slimdrivers.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Error - 23.02.2012 10:45:40 | Computer Name = Hannibal | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TESV.exe, Version: 1.4.21.0, Zeitstempel:
0x4f21d14b Name des fehlerhaften Moduls: TESV.exe, Version: 1.4.21.0, Zeitstempel:
0x4f21d14b Ausnahmecode: 0xc0000417 Fehleroffset: 0x00b30f49 ID des fehlerhaften Prozesses:
0x16dc Startzeit der fehlerhaften Anwendung: 0x01ccf238d8f68aef Pfad der fehlerhaften
Anwendung: c:\program files (x86)\steam\steamapps\common\skyrim\TESV.exe Pfad des
fehlerhaften Moduls: c:\program files (x86)\steam\steamapps\common\skyrim\TESV.exe
Berichtskennung:
0df131ca-5e2d-11e1-9627-00268332a5fe
Error - 01.03.2012 05:11:43 | Computer Name = Hannibal | Source = Windows Installer 3.1 | ID = 921877
Description =
[ System Events ]
Error - 21.03.2012 16:53:01 | Computer Name = Hannibal | Source = bowser | ID = 8003
Description =
Error - 21.03.2012 17:23:04 | Computer Name = Hannibal | Source = bowser | ID = 8003
Description =
Error - 22.03.2012 11:42:53 | Computer Name = Hannibal | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 22.03.2012 11:45:48 | Computer Name = Hannibal | Source = bowser | ID = 8003
Description =
Error - 22.03.2012 12:27:52 | Computer Name = Hannibal | Source = bowser | ID = 8003
Description =
Error - 22.03.2012 12:30:52 | Computer Name = Hannibal | Source = bowser | ID = 8003
Description =
Error - 22.03.2012 12:49:20 | Computer Name = Hannibal | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.2.103 registriert werden. Der Computer mit IP-Adresse 192.168.2.102
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 22.03.2012 12:54:54 | Computer Name = Hannibal | Source = bowser | ID = 8003
Description =
Error - 22.03.2012 12:57:55 | Computer Name = Hannibal | Source = bowser | ID = 8003
Description =
Error - 22.03.2012 12:59:36 | Computer Name = Hannibal | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
< End of report >
Geändert von kruesae (22.03.2012 um 18:23 Uhr) Grund: Missverständnis |
|
22.03.2012, 23:52
| #7 |
| | My Security Shield entfernen Besten Dank für deine Zeit erstmal. Ich stehe gerade etwas auf dem Schlauch mit "öffne computer, öffne C: dann _OTL" meinst du ich ich soll in der Verzeichnis gehen in dem OTL.exe liegt? Den genau unter C: ist nichts was _OTL heißt. Vllt. liest du das heute Nacht noch  , wenn nicht schlaf gut. |
|
23.03.2012, 12:58
| #8 |
| /// Malware-holic | My Security Shield entfernen bei dir muss es da eig nen ordner _OTL geben, denn laut log läuft otl bei dir auf c:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
23.03.2012, 17:15
| #9 |
| | My Security Shield entfernen Ich habe mal einen Screenshot von einem Verzeichnisbaum auf C: gemacht und einen Screen wo OTL liegt nämlich auf meinem Desktop. Ich lasse OTL gleich nochmal durchlaufen vllt. wird dann ein Ordner erstellt. Laut Leitfaden für Combofix.exe sollen alle Fenster geschlossen werden, warum soll ich dann vorher den OTL-Ordner öffnen? |
|
23.03.2012, 19:03
| #10 |
| | My Security Shield entfernen Sry für den Doppelpost ich habe Combofix laut leitfaden laufen lassen. Ich hoffe das Ergebnis ist positiv Combofix Logfile: Code:
ATTFilter ComboFix 12-03-22.01 - Superuser 23.03.2012 18:50:01.1.4 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.8169.6271 [GMT 1:00]
ausgeführt von:: c:\users\Bj÷rn\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Downloaded Installers
c:\program files (x86)\Downloaded Installers\{67cdd5a0-c572-4d2c-a354-6492b51f4138}\setup.msi
c:\users\Björn\AppData\Local\shctsphp.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-23 bis 2012-03-23 ))))))))))))))))))))))))))))))
.
.
2012-03-23 17:53 . 2012-03-23 17:53 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-03-23 15:44 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{041E9B46-20E0-4EE0-B225-6CCE05EBECB4}\mpengine.dll
2012-03-14 17:29 . 2011-11-19 18:30 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 17:29 . 2011-11-19 14:25 3957616 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 17:29 . 2011-11-19 14:25 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 14:45 . 2012-02-03 04:16 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 14:45 . 2012-02-10 06:18 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 14:45 . 2012-02-10 06:17 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-14 14:45 . 2012-02-10 06:17 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-14 14:45 . 2012-02-10 05:41 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 14:45 . 2012-02-10 05:41 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-03-14 14:45 . 2012-02-10 06:17 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-03-14 14:45 . 2012-02-10 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-14 14:45 . 2012-02-10 05:41 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-03-14 14:45 . 2012-02-10 05:41 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-03-14 14:45 . 2012-02-10 05:41 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-03-14 14:44 . 2012-01-25 06:27 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 14:44 . 2012-01-25 06:27 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 14:44 . 2012-01-25 06:20 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 14:44 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 14:44 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 14:44 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 14:44 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-10 21:34 . 2012-03-10 21:34 -------- d-----w- c:\program files (x86)\EVEMon
2012-03-01 09:16 . 2012-03-01 09:16 -------- d-----w- c:\users\Superuser\AppData\Local\Origin
2012-03-01 09:11 . 2012-03-01 09:16 -------- d-----w- c:\users\Superuser\AppData\Roaming\Origin
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-21 09:03 . 2012-01-27 17:05 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-03-21 09:03 . 2012-01-27 00:07 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-03-21 09:03 . 2012-01-27 00:07 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-02-23 08:18 . 2011-11-14 20:54 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-21 20:29 . 2012-02-21 20:29 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-02-21 20:29 . 2012-02-21 20:29 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-02-21 20:29 . 2012-02-21 20:29 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-02-21 20:29 . 2012-02-21 20:29 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-02-21 20:29 . 2012-02-21 20:29 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-02-21 20:29 . 2012-02-21 20:29 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-02-21 20:29 . 2012-02-21 20:29 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-02-21 20:29 . 2012-02-21 20:29 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-02-21 20:29 . 2012-02-21 20:29 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-02-21 20:29 . 2012-02-21 20:29 1798656 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-21 20:29 . 2012-02-21 20:29 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-02-21 20:29 . 2012-02-21 20:29 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-02-21 20:29 . 2012-02-21 20:29 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-02-21 20:29 . 2012-02-21 20:29 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-21 20:29 . 2012-02-21 20:29 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-21 20:29 . 2012-02-21 20:29 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-02-21 20:29 . 2012-02-21 20:29 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-21 20:29 . 2012-02-21 20:29 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-21 20:29 . 2012-02-21 20:29 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-02-21 20:29 . 2012-02-21 20:29 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-02-21 20:29 . 2012-02-21 20:29 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-02-21 20:29 . 2012-02-21 20:29 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-02-21 20:29 . 2012-02-21 20:29 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-21 20:29 . 2012-02-21 20:29 448512 ----a-w- c:\windows\system32\html.iec
2012-02-21 20:29 . 2012-02-21 20:29 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-02-21 20:29 . 2012-02-21 20:29 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-21 20:29 . 2012-02-21 20:29 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-21 20:29 . 2012-02-21 20:29 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-21 20:29 . 2012-02-21 20:29 2308096 ----a-w- c:\windows\system32\jscript9.dll
2012-02-21 20:29 . 2012-02-21 20:29 222208 ----a-w- c:\windows\system32\msls31.dll
2012-02-21 20:29 . 2012-02-21 20:29 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-21 20:29 . 2012-02-21 20:29 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-02-21 20:29 . 2012-02-21 20:29 160256 ----a-w- c:\windows\system32\wextract.exe
2012-02-21 20:29 . 2012-02-21 20:29 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-21 20:29 . 2012-02-21 20:29 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-02-21 20:29 . 2012-02-21 20:29 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-21 20:29 . 2012-02-21 20:29 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-21 20:29 . 2012-02-21 20:29 12288 ----a-w- c:\windows\system32\mshta.exe
2012-02-21 20:29 . 2012-02-21 20:29 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-02-21 20:29 . 2012-02-21 20:29 114176 ----a-w- c:\windows\system32\admparse.dll
2012-02-21 20:29 . 2012-02-21 20:29 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-21 20:29 . 2012-02-21 20:29 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-02-17 15:28 . 2011-11-15 03:50 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-15 18:46 . 2011-11-15 03:55 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-02-14 19:18 . 2012-01-27 00:07 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-01-04 09:58 . 2012-02-16 14:49 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 09:03 . 2012-02-16 14:49 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-01-03 06:24 . 2012-02-16 14:48 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-01-03 05:44 . 2012-02-16 14:48 478208 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-01-02 11:24 . 2011-11-15 04:23 15672 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2011-12-28 03:59 . 2012-02-16 14:48 499200 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-11-24 1242448]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"KPeerNexonEU"="c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe" [2011-12-07 438272]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2000-01-01 43608]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe [2011-05-20 25832]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-19 86224]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]
S2 DTSAudioService;DTSAudioService;c:\program files\Realtek\Audio\HDA\DTSAudioService64.exe [2000-01-01 210024]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2000-01-01 2253120]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-23 c:\windows\Tasks\SlimDrivers Startup.job
- c:\program files (x86)\SlimDrivers\SlimDrivers.exe [2011-09-07 10:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-10-27 613536]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-10-27 379040]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2000-01-01 12681320]
"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2000-01-01 2277480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NoIE4StubProcessing"="c:\windows\system32\reg.exe DELETE HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" [X]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Superuser\AppData\Roaming\Mozilla\Firefox\Profiles\2w1zbof6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.tixuma.de/
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-03-23 18:55:26
ComboFix-quarantined-files.txt 2012-03-23 17:55
.
Vor Suchlauf: 13 Verzeichnis(se), 598.383.140.864 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 598.670.184.448 Bytes frei
.
- - End Of File - - F4C2795DED91D2B248674DCDFED2788C
|
|
24.03.2012, 19:18
| #11 |
| /// Malware-holic | My Security Shield entfernen tdss killer ausführen log posten http://www.trojaner-board.de/82358-t...entfernen.html
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
24.03.2012, 19:38
| #12 |
| | My Security Shield entfernen Ich hoffe du konntest den Sonnigen Tag genießen   hier war Mistwetter19:34:45.0738 6732 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00 19:34:45.0950 6732 ============================================================ 19:34:45.0950 6732 Current date / time: 2012/03/24 19:34:45.0950 19:34:45.0950 6732 SystemInfo: 19:34:45.0950 6732 19:34:45.0950 6732 OS Version: 6.1.7600 ServicePack: 0.0 19:34:45.0950 6732 Product type: Workstation 19:34:45.0950 6732 ComputerName: HANNIBAL 19:34:45.0950 6732 UserName: Superuser 19:34:45.0950 6732 Windows directory: C:\Windows 19:34:45.0950 6732 System windows directory: C:\Windows 19:34:45.0950 6732 Running under WOW64 19:34:45.0950 6732 Processor architecture: Intel x64 19:34:45.0950 6732 Number of processors: 4 19:34:45.0950 6732 Page size: 0x1000 19:34:45.0950 6732 Boot type: Normal boot 19:34:45.0950 6732 ============================================================ 19:34:46.0106 6732 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0B00000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 19:34:46.0108 6732 Drive \Device\Harddisk1\DR1 - Size: 0xEE200000 (3.72 Gb), SectorSize: 0x200, Cylinders: 0x1E5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 19:34:46.0109 6732 \Device\Harddisk0\DR0: 19:34:46.0109 6732 MBR used 19:34:46.0109 6732 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 19:34:46.0109 6732 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D2800 19:34:46.0109 6732 \Device\Harddisk1\DR1: 19:34:46.0110 6732 MBR used 19:34:46.0110 6732 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x14B8, BlocksNum 0x76FB48 19:34:46.0129 6732 Initialize success 19:34:46.0129 6732 ============================================================ 19:35:38.0349 6560 ============================================================ 19:35:38.0349 6560 Scan started 19:35:38.0349 6560 Mode: Manual; 19:35:38.0349 6560 ============================================================ 19:35:40.0034 6560 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys 19:35:40.0034 6560 1394ohci - ok 19:35:40.0050 6560 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys 19:35:40.0050 6560 ACPI - ok 19:35:40.0065 6560 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys 19:35:40.0065 6560 AcpiPmi - ok 19:35:40.0143 6560 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 19:35:40.0143 6560 AdobeARMservice - ok 19:35:40.0175 6560 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 19:35:40.0190 6560 adp94xx - ok 19:35:40.0206 6560 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 19:35:40.0206 6560 adpahci - ok 19:35:40.0221 6560 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 19:35:40.0221 6560 adpu320 - ok 19:35:40.0253 6560 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 19:35:40.0253 6560 AeLookupSvc - ok 19:35:40.0299 6560 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys 19:35:40.0299 6560 AFD - ok 19:35:40.0315 6560 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys 19:35:40.0315 6560 agp440 - ok 19:35:40.0331 6560 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 19:35:40.0331 6560 ALG - ok 19:35:40.0346 6560 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys 19:35:40.0346 6560 aliide - ok 19:35:40.0362 6560 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys 19:35:40.0362 6560 amdide - ok 19:35:40.0393 6560 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 19:35:40.0393 6560 AmdK8 - ok 19:35:40.0440 6560 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 19:35:40.0440 6560 AmdPPM - ok 19:35:40.0455 6560 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys 19:35:40.0455 6560 amdsata - ok 19:35:40.0487 6560 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 19:35:40.0487 6560 amdsbs - ok 19:35:40.0502 6560 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys 19:35:40.0502 6560 amdxata - ok 19:35:40.0549 6560 AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 19:35:40.0549 6560 AntiVirSchedulerService - ok 19:35:40.0565 6560 AntiVirService (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 19:35:40.0565 6560 AntiVirService - ok 19:35:40.0580 6560 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys 19:35:40.0580 6560 AppID - ok 19:35:40.0596 6560 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 19:35:40.0596 6560 AppIDSvc - ok 19:35:40.0627 6560 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll 19:35:40.0627 6560 Appinfo - ok 19:35:40.0658 6560 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll 19:35:40.0658 6560 AppMgmt - ok 19:35:40.0674 6560 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 19:35:40.0674 6560 arc - ok 19:35:40.0689 6560 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 19:35:40.0689 6560 arcsas - ok 19:35:40.0736 6560 asmthub3 (954950d11ada98ac1b7ee3c770e4622c) C:\Windows\system32\DRIVERS\asmthub3.sys 19:35:40.0736 6560 asmthub3 - ok 19:35:40.0752 6560 asmtxhci (01dbb05db1db95803e3c9f2b49afe79c) C:\Windows\system32\DRIVERS\asmtxhci.sys 19:35:40.0767 6560 asmtxhci - ok 19:35:40.0799 6560 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 19:35:40.0814 6560 aspnet_state - ok 19:35:40.0845 6560 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 19:35:40.0845 6560 AsyncMac - ok 19:35:40.0861 6560 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys 19:35:40.0861 6560 atapi - ok 19:35:40.0877 6560 AthBTPort (aaae03f8eda817ec28c5445193ea8bf3) C:\Windows\system32\DRIVERS\btath_flt.sys 19:35:40.0877 6560 AthBTPort - ok 19:35:40.0892 6560 ATHDFU (4ecc791539f23982411864037d1ac8fc) C:\Windows\system32\Drivers\AthDfu.sys 19:35:40.0892 6560 ATHDFU - ok 19:35:40.0923 6560 AtherosSvc (c34b28d6285ead94b3a2faba84e90da5) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe 19:35:40.0923 6560 AtherosSvc - ok 19:35:40.0955 6560 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll 19:35:40.0955 6560 AudioEndpointBuilder - ok 19:35:40.0970 6560 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll 19:35:40.0986 6560 AudioSrv - ok 19:35:41.0001 6560 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys 19:35:41.0001 6560 avgntflt - ok 19:35:41.0033 6560 avipbb (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys 19:35:41.0033 6560 avipbb - ok 19:35:41.0033 6560 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys 19:35:41.0033 6560 avkmgr - ok 19:35:41.0048 6560 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll 19:35:41.0064 6560 AxInstSV - ok 19:35:41.0079 6560 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 19:35:41.0079 6560 b06bdrv - ok 19:35:41.0111 6560 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 19:35:41.0111 6560 b57nd60a - ok 19:35:41.0126 6560 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 19:35:41.0126 6560 BDESVC - ok 19:35:41.0142 6560 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 19:35:41.0142 6560 Beep - ok 19:35:41.0157 6560 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll 19:35:41.0157 6560 BFE - ok 19:35:41.0204 6560 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll 19:35:41.0204 6560 BITS - ok 19:35:41.0235 6560 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 19:35:41.0235 6560 blbdrive - ok 19:35:41.0251 6560 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys 19:35:41.0251 6560 bowser - ok 19:35:41.0267 6560 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 19:35:41.0267 6560 BrFiltLo - ok 19:35:41.0282 6560 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 19:35:41.0282 6560 BrFiltUp - ok 19:35:41.0313 6560 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys 19:35:41.0313 6560 BridgeMP - ok 19:35:41.0313 6560 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll 19:35:41.0313 6560 Browser - ok 19:35:41.0329 6560 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 19:35:41.0329 6560 Brserid - ok 19:35:41.0329 6560 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 19:35:41.0329 6560 BrSerWdm - ok 19:35:41.0345 6560 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 19:35:41.0345 6560 BrUsbMdm - ok 19:35:41.0345 6560 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 19:35:41.0345 6560 BrUsbSer - ok 19:35:41.0360 6560 BTATH_A2DP (3b1b573371b206d1d5f25e0ef5fcd6d6) C:\Windows\system32\drivers\btath_a2dp.sys 19:35:41.0360 6560 BTATH_A2DP - ok 19:35:41.0376 6560 BTATH_BUS (2d0446336d9db55a742b999ec16adf15) C:\Windows\system32\DRIVERS\btath_bus.sys 19:35:41.0376 6560 BTATH_BUS - ok 19:35:41.0391 6560 BTATH_HCRP (9a9694bbeb2849eaf95dffcae5df02ad) C:\Windows\system32\DRIVERS\btath_hcrp.sys 19:35:41.0391 6560 BTATH_HCRP - ok 19:35:41.0407 6560 BTATH_LWFLT (fc0a8075ddf2e9c66267aec91e0676f9) C:\Windows\system32\DRIVERS\btath_lwflt.sys 19:35:41.0407 6560 BTATH_LWFLT - ok 19:35:41.0423 6560 BTATH_RCP (5eb4815cbddba4541f2380dae6e269ab) C:\Windows\system32\DRIVERS\btath_rcp.sys 19:35:41.0423 6560 BTATH_RCP - ok 19:35:41.0438 6560 BtFilter (0ecede7b33cfd9a52a61220abbd09a50) C:\Windows\system32\DRIVERS\btfilter.sys 19:35:41.0438 6560 BtFilter - ok 19:35:41.0469 6560 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys 19:35:41.0469 6560 BthEnum - ok 19:35:41.0469 6560 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 19:35:41.0469 6560 BTHMODEM - ok 19:35:41.0485 6560 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys 19:35:41.0501 6560 BthPan - ok 19:35:41.0516 6560 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys 19:35:41.0516 6560 BTHPORT - ok 19:35:41.0516 6560 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 19:35:41.0516 6560 bthserv - ok 19:35:41.0532 6560 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys 19:35:41.0532 6560 BTHUSB - ok 19:35:41.0547 6560 catchme - ok 19:35:41.0563 6560 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 19:35:41.0563 6560 cdfs - ok 19:35:41.0579 6560 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys 19:35:41.0579 6560 cdrom - ok 19:35:41.0594 6560 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll 19:35:41.0594 6560 CertPropSvc - ok 19:35:41.0610 6560 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 19:35:41.0610 6560 circlass - ok 19:35:41.0625 6560 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 19:35:41.0625 6560 CLFS - ok 19:35:41.0657 6560 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 19:35:41.0657 6560 clr_optimization_v2.0.50727_32 - ok 19:35:41.0672 6560 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 19:35:41.0672 6560 clr_optimization_v2.0.50727_64 - ok 19:35:41.0719 6560 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 19:35:41.0719 6560 clr_optimization_v4.0.30319_32 - ok 19:35:41.0735 6560 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 19:35:41.0735 6560 clr_optimization_v4.0.30319_64 - ok 19:35:41.0750 6560 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 19:35:41.0750 6560 CmBatt - ok 19:35:41.0766 6560 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys 19:35:41.0766 6560 cmdide - ok 19:35:41.0828 6560 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys 19:35:41.0828 6560 CNG - ok 19:35:41.0844 6560 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 19:35:41.0844 6560 Compbatt - ok 19:35:41.0859 6560 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys 19:35:41.0859 6560 CompositeBus - ok 19:35:41.0859 6560 COMSysApp - ok 19:35:41.0875 6560 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 19:35:41.0875 6560 crcdisk - ok 19:35:41.0891 6560 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll 19:35:41.0891 6560 CryptSvc - ok 19:35:41.0906 6560 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys 19:35:41.0906 6560 CSC - ok 19:35:41.0937 6560 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll 19:35:41.0937 6560 CscService - ok 19:35:42.0062 6560 DAUpdaterSvc (914a7156b0c0f10be645a02e13f576b2) c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe 19:35:42.0062 6560 DAUpdaterSvc - ok 19:35:42.0093 6560 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll 19:35:42.0093 6560 DcomLaunch - ok 19:35:42.0140 6560 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 19:35:42.0140 6560 defragsvc - ok 19:35:42.0156 6560 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys 19:35:42.0156 6560 DfsC - ok 19:35:42.0203 6560 DgiVecp - ok 19:35:42.0218 6560 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll 19:35:42.0218 6560 Dhcp - ok 19:35:42.0234 6560 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 19:35:42.0234 6560 discache - ok 19:35:42.0265 6560 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 19:35:42.0265 6560 Disk - ok 19:35:42.0281 6560 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll 19:35:42.0281 6560 Dnscache - ok 19:35:42.0296 6560 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll 19:35:42.0296 6560 dot3svc - ok 19:35:42.0312 6560 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll 19:35:42.0327 6560 DPS - ok 19:35:42.0343 6560 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 19:35:42.0343 6560 drmkaud - ok 19:35:42.0390 6560 DTSAudioService (44bb65b1d3827043978fc8e11ca7c0b4) C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe 19:35:42.0390 6560 DTSAudioService - ok 19:35:42.0421 6560 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys 19:35:42.0437 6560 DXGKrnl - ok 19:35:42.0452 6560 e1cexpress (faf4969bddee7786862bbd75f4b499de) C:\Windows\system32\DRIVERS\e1c62x64.sys 19:35:42.0452 6560 e1cexpress - ok 19:35:42.0468 6560 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 19:35:42.0468 6560 EapHost - ok 19:35:42.0530 6560 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 19:35:42.0546 6560 ebdrv - ok 19:35:42.0593 6560 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe 19:35:42.0593 6560 EFS - ok 19:35:42.0624 6560 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe 19:35:42.0639 6560 ehRecvr - ok 19:35:42.0655 6560 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 19:35:42.0655 6560 ehSched - ok 19:35:42.0671 6560 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 19:35:42.0671 6560 elxstor - ok 19:35:42.0686 6560 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys 19:35:42.0686 6560 ErrDev - ok 19:35:42.0717 6560 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 19:35:42.0717 6560 EventSystem - ok 19:35:42.0749 6560 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 19:35:42.0749 6560 exfat - ok 19:35:42.0780 6560 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 19:35:42.0780 6560 fastfat - ok 19:35:42.0795 6560 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe 19:35:42.0811 6560 Fax - ok 19:35:42.0811 6560 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 19:35:42.0811 6560 fdc - ok 19:35:42.0827 6560 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 19:35:42.0827 6560 fdPHost - ok 19:35:42.0842 6560 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 19:35:42.0842 6560 FDResPub - ok 19:35:42.0858 6560 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 19:35:42.0858 6560 FileInfo - ok 19:35:42.0873 6560 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 19:35:42.0873 6560 Filetrace - ok 19:35:42.0873 6560 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 19:35:42.0873 6560 flpydisk - ok 19:35:42.0889 6560 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys 19:35:42.0889 6560 FltMgr - ok 19:35:42.0951 6560 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll 19:35:42.0967 6560 FontCache - ok 19:35:43.0014 6560 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 19:35:43.0014 6560 FontCache3.0.0.0 - ok 19:35:43.0029 6560 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 19:35:43.0029 6560 FsDepends - ok 19:35:43.0061 6560 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 19:35:43.0061 6560 Fs_Rec - ok 19:35:43.0092 6560 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys 19:35:43.0092 6560 fvevol - ok 19:35:43.0107 6560 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 19:35:43.0107 6560 gagp30kx - ok 19:35:43.0139 6560 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll 19:35:43.0154 6560 gpsvc - ok 19:35:43.0170 6560 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 19:35:43.0170 6560 hcw85cir - ok 19:35:43.0201 6560 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys 19:35:43.0201 6560 HdAudAddService - ok 19:35:43.0232 6560 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys 19:35:43.0232 6560 HDAudBus - ok 19:35:43.0232 6560 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 19:35:43.0232 6560 HidBatt - ok 19:35:43.0248 6560 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 19:35:43.0248 6560 HidBth - ok 19:35:43.0248 6560 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 19:35:43.0263 6560 HidIr - ok 19:35:43.0263 6560 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll 19:35:43.0263 6560 hidserv - ok 19:35:43.0279 6560 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys 19:35:43.0279 6560 HidUsb - ok 19:35:43.0295 6560 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll 19:35:43.0295 6560 hkmsvc - ok 19:35:43.0326 6560 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll 19:35:43.0326 6560 HomeGroupListener - ok 19:35:43.0341 6560 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll 19:35:43.0341 6560 HomeGroupProvider - ok 19:35:43.0357 6560 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys 19:35:43.0357 6560 HpSAMD - ok 19:35:43.0388 6560 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys 19:35:43.0388 6560 HTTP - ok 19:35:43.0404 6560 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys 19:35:43.0404 6560 hwpolicy - ok 19:35:43.0419 6560 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 19:35:43.0419 6560 i8042prt - ok 19:35:43.0435 6560 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys 19:35:43.0435 6560 iaStorV - ok 19:35:43.0466 6560 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 19:35:43.0482 6560 idsvc - ok 19:35:43.0497 6560 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 19:35:43.0497 6560 iirsp - ok 19:35:43.0529 6560 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll 19:35:43.0544 6560 IKEEXT - ok 19:35:43.0607 6560 IntcAzAudAddService (a5f7cef8a939ebe270462edefd629f20) C:\Windows\system32\drivers\RTKVHD64.sys 19:35:43.0622 6560 IntcAzAudAddService - ok 19:35:43.0653 6560 Intel(R) PROSet Monitoring Service (ce30e176d5f67728de368242108b9c34) C:\Windows\system32\IProsetMonitor.exe 19:35:43.0653 6560 Intel(R) PROSet Monitoring Service - ok 19:35:43.0653 6560 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys 19:35:43.0669 6560 intelide - ok 19:35:43.0747 6560 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 19:35:43.0747 6560 intelppm - ok 19:35:43.0856 6560 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 19:35:43.0856 6560 IPBusEnum - ok 19:35:43.0887 6560 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys 19:35:43.0887 6560 IpFilterDriver - ok 19:35:43.0903 6560 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll 19:35:43.0903 6560 iphlpsvc - ok 19:35:43.0919 6560 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys 19:35:43.0919 6560 IPMIDRV - ok 19:35:43.0919 6560 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 19:35:43.0919 6560 IPNAT - ok 19:35:43.0934 6560 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 19:35:43.0934 6560 IRENUM - ok 19:35:43.0950 6560 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys 19:35:43.0950 6560 isapnp - ok 19:35:43.0965 6560 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys 19:35:43.0965 6560 iScsiPrt - ok 19:35:43.0997 6560 JRAID (e86d4e8663efebd7c4e2a43f80cb1339) C:\Windows\system32\DRIVERS\jraid.sys 19:35:43.0997 6560 JRAID - ok 19:35:44.0012 6560 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 19:35:44.0012 6560 kbdclass - ok 19:35:44.0028 6560 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys 19:35:44.0028 6560 kbdhid - ok 19:35:44.0059 6560 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 19:35:44.0059 6560 KeyIso - ok 19:35:44.0075 6560 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys 19:35:44.0075 6560 KSecDD - ok 19:35:44.0090 6560 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys 19:35:44.0106 6560 KSecPkg - ok 19:35:44.0106 6560 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 19:35:44.0106 6560 ksthunk - ok 19:35:44.0137 6560 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 19:35:44.0137 6560 KtmRm - ok 19:35:44.0168 6560 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll 19:35:44.0168 6560 LanmanServer - ok 19:35:44.0199 6560 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll 19:35:44.0199 6560 LanmanWorkstation - ok 19:35:44.0231 6560 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 19:35:44.0231 6560 lltdio - ok 19:35:44.0246 6560 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 19:35:44.0246 6560 lltdsvc - ok 19:35:44.0262 6560 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 19:35:44.0262 6560 lmhosts - ok 19:35:44.0293 6560 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 19:35:44.0293 6560 LSI_FC - ok 19:35:44.0309 6560 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 19:35:44.0309 6560 LSI_SAS - ok 19:35:44.0324 6560 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 19:35:44.0324 6560 LSI_SAS2 - ok 19:35:44.0340 6560 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 19:35:44.0340 6560 LSI_SCSI - ok 19:35:44.0371 6560 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 19:35:44.0371 6560 luafv - ok 19:35:44.0402 6560 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll 19:35:44.0402 6560 Mcx2Svc - ok 19:35:44.0418 6560 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 19:35:44.0418 6560 megasas - ok 19:35:44.0433 6560 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 19:35:44.0433 6560 MegaSR - ok 19:35:44.0465 6560 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys 19:35:44.0465 6560 MEIx64 - ok 19:35:44.0465 6560 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 19:35:44.0480 6560 MMCSS - ok 19:35:44.0480 6560 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 19:35:44.0480 6560 Modem - ok 19:35:44.0496 6560 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 19:35:44.0496 6560 monitor - ok 19:35:44.0527 6560 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 19:35:44.0527 6560 mouclass - ok 19:35:44.0543 6560 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 19:35:44.0543 6560 mouhid - ok 19:35:44.0558 6560 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys 19:35:44.0558 6560 mountmgr - ok 19:35:44.0558 6560 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys 19:35:44.0558 6560 mpio - ok 19:35:44.0574 6560 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 19:35:44.0574 6560 mpsdrv - ok 19:35:44.0589 6560 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll 19:35:44.0605 6560 MpsSvc - ok 19:35:44.0605 6560 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys 19:35:44.0605 6560 MRxDAV - ok 19:35:44.0621 6560 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys 19:35:44.0621 6560 mrxsmb - ok 19:35:44.0652 6560 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys 19:35:44.0652 6560 mrxsmb10 - ok 19:35:44.0667 6560 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys 19:35:44.0667 6560 mrxsmb20 - ok 19:35:44.0683 6560 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys 19:35:44.0683 6560 msahci - ok 19:35:44.0714 6560 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys 19:35:44.0714 6560 msdsm - ok 19:35:44.0730 6560 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 19:35:44.0730 6560 MSDTC - ok 19:35:44.0745 6560 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 19:35:44.0745 6560 Msfs - ok 19:35:44.0761 6560 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 19:35:44.0761 6560 mshidkmdf - ok 19:35:44.0777 6560 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys 19:35:44.0777 6560 msisadrv - ok 19:35:44.0792 6560 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 19:35:44.0792 6560 MSiSCSI - ok 19:35:44.0792 6560 msiserver - ok 19:35:44.0823 6560 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 19:35:44.0823 6560 MSKSSRV - ok 19:35:44.0839 6560 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 19:35:44.0839 6560 MSPCLOCK - ok 19:35:44.0839 6560 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 19:35:44.0839 6560 MSPQM - ok 19:35:44.0855 6560 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys 19:35:44.0855 6560 MsRPC - ok 19:35:44.0870 6560 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 19:35:44.0886 6560 mssmbios - ok 19:35:44.0886 6560 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 19:35:44.0886 6560 MSTEE - ok 19:35:44.0901 6560 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 19:35:44.0901 6560 MTConfig - ok 19:35:44.0917 6560 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 19:35:44.0917 6560 Mup - ok 19:35:44.0948 6560 mv91xx (38b4c95e821528fb91df16a78e04450f) C:\Windows\system32\DRIVERS\mv91xx.sys 19:35:44.0948 6560 mv91xx - ok 19:35:44.0979 6560 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll 19:35:44.0979 6560 napagent - ok 19:35:45.0011 6560 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 19:35:45.0011 6560 NativeWifiP - ok 19:35:45.0042 6560 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys 19:35:45.0042 6560 NDIS - ok 19:35:45.0057 6560 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 19:35:45.0057 6560 NdisCap - ok 19:35:45.0089 6560 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 19:35:45.0089 6560 NdisTapi - ok 19:35:45.0089 6560 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys 19:35:45.0089 6560 Ndisuio - ok 19:35:45.0104 6560 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys 19:35:45.0104 6560 NdisWan - ok 19:35:45.0120 6560 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys 19:35:45.0120 6560 NDProxy - ok 19:35:45.0135 6560 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 19:35:45.0135 6560 NetBIOS - ok 19:35:45.0151 6560 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys 19:35:45.0151 6560 NetBT - ok 19:35:45.0182 6560 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 19:35:45.0198 6560 Netlogon - ok 19:35:45.0213 6560 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 19:35:45.0229 6560 Netman - ok 19:35:45.0276 6560 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 19:35:45.0276 6560 NetMsmqActivator - ok 19:35:45.0276 6560 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 19:35:45.0276 6560 NetPipeActivator - ok 19:35:45.0291 6560 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 19:35:45.0291 6560 netprofm - ok 19:35:45.0307 6560 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 19:35:45.0307 6560 NetTcpActivator - ok 19:35:45.0307 6560 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 19:35:45.0307 6560 NetTcpPortSharing - ok 19:35:45.0338 6560 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 19:35:45.0338 6560 nfrd960 - ok 19:35:45.0354 6560 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll 19:35:45.0354 6560 NlaSvc - ok 19:35:45.0369 6560 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 19:35:45.0369 6560 Npfs - ok 19:35:45.0385 6560 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 19:35:45.0385 6560 nsi - ok 19:35:45.0401 6560 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 19:35:45.0401 6560 nsiproxy - ok 19:35:45.0447 6560 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys 19:35:45.0463 6560 Ntfs - ok 19:35:45.0479 6560 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 19:35:45.0479 6560 Null - ok 19:35:45.0494 6560 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys 19:35:45.0494 6560 NVHDA - ok 19:35:45.0681 6560 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys 19:35:45.0728 6560 nvlddmkm - ok 19:35:45.0759 6560 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys 19:35:45.0759 6560 nvraid - ok 19:35:45.0775 6560 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys 19:35:45.0775 6560 nvstor - ok 19:35:45.0822 6560 nvsvc (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe 19:35:45.0837 6560 nvsvc - ok 19:35:45.0884 6560 nvUpdatusService (7e22de30e222bfdfcec7e77032baf3cd) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe 19:35:45.0900 6560 nvUpdatusService - ok 19:35:45.0915 6560 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys 19:35:45.0915 6560 nv_agp - ok 19:35:45.0931 6560 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys 19:35:45.0931 6560 ohci1394 - ok 19:35:45.0978 6560 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 19:35:45.0978 6560 ose - ok 19:35:46.0025 6560 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 19:35:46.0025 6560 p2pimsvc - ok 19:35:46.0040 6560 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 19:35:46.0056 6560 p2psvc - ok 19:35:46.0056 6560 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 19:35:46.0056 6560 Parport - ok 19:35:46.0071 6560 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys 19:35:46.0071 6560 partmgr - ok 19:35:46.0087 6560 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 19:35:46.0087 6560 PcaSvc - ok 19:35:46.0103 6560 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys 19:35:46.0103 6560 pci - ok 19:35:46.0118 6560 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys 19:35:46.0118 6560 pciide - ok 19:35:46.0118 6560 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 19:35:46.0134 6560 pcmcia - ok 19:35:46.0149 6560 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 19:35:46.0149 6560 pcw - ok 19:35:46.0165 6560 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 19:35:46.0181 6560 PEAUTH - ok 19:35:46.0243 6560 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll 19:35:46.0243 6560 PeerDistSvc - ok 19:35:46.0305 6560 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 19:35:46.0305 6560 PerfHost - ok 19:35:46.0337 6560 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll 19:35:46.0352 6560 pla - ok 19:35:46.0383 6560 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll 19:35:46.0383 6560 PlugPlay - ok 19:35:46.0415 6560 PnkBstrA - ok 19:35:46.0430 6560 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 19:35:46.0430 6560 PNRPAutoReg - ok 19:35:46.0461 6560 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 19:35:46.0461 6560 PNRPsvc - ok 19:35:46.0477 6560 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll 19:35:46.0477 6560 PolicyAgent - ok 19:35:46.0508 6560 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 19:35:46.0508 6560 Power - ok 19:35:46.0524 6560 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys 19:35:46.0524 6560 PptpMiniport - ok 19:35:46.0539 6560 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 19:35:46.0539 6560 Processor - ok 19:35:46.0555 6560 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll 19:35:46.0555 6560 ProfSvc - ok 19:35:46.0586 6560 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 19:35:46.0586 6560 ProtectedStorage - ok 19:35:46.0602 6560 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys 19:35:46.0617 6560 Psched - ok 19:35:46.0649 6560 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 19:35:46.0649 6560 ql2300 - ok 19:35:46.0680 6560 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 19:35:46.0680 6560 ql40xx - ok 19:35:46.0742 6560 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 19:35:46.0742 6560 QWAVE - ok 19:35:46.0773 6560 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 19:35:46.0773 6560 QWAVEdrv - ok 19:35:46.0789 6560 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 19:35:46.0789 6560 RasAcd - ok 19:35:46.0805 6560 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 19:35:46.0805 6560 RasAgileVpn - ok 19:35:46.0820 6560 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 19:35:46.0820 6560 RasAuto - ok 19:35:46.0836 6560 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys 19:35:46.0836 6560 Rasl2tp - ok 19:35:46.0867 6560 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll 19:35:46.0883 6560 RasMan - ok 19:35:46.0898 6560 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 19:35:46.0898 6560 RasPppoe - ok 19:35:46.0914 6560 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 19:35:46.0914 6560 RasSstp - ok 19:35:46.0929 6560 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys 19:35:46.0929 6560 rdbss - ok 19:35:46.0945 6560 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 19:35:46.0945 6560 rdpbus - ok 19:35:46.0961 6560 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 19:35:46.0961 6560 RDPCDD - ok 19:35:46.0976 6560 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys 19:35:46.0992 6560 RDPDR - ok 19:35:47.0007 6560 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 19:35:47.0007 6560 RDPENCDD - ok 19:35:47.0007 6560 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 19:35:47.0007 6560 RDPREFMP - ok 19:35:47.0054 6560 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys 19:35:47.0054 6560 RDPWD - ok 19:35:47.0085 6560 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys 19:35:47.0085 6560 rdyboost - ok 19:35:47.0117 6560 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 19:35:47.0117 6560 RemoteAccess - ok 19:35:47.0132 6560 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 19:35:47.0132 6560 RemoteRegistry - ok 19:35:47.0163 6560 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys 19:35:47.0163 6560 RFCOMM - ok 19:35:47.0179 6560 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 19:35:47.0179 6560 RpcEptMapper - ok 19:35:47.0195 6560 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 19:35:47.0195 6560 RpcLocator - ok 19:35:47.0226 6560 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll 19:35:47.0226 6560 RpcSs - ok 19:35:47.0257 6560 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 19:35:47.0257 6560 rspndr - ok 19:35:47.0273 6560 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys 19:35:47.0273 6560 s3cap - ok 19:35:47.0273 6560 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 19:35:47.0273 6560 SamSs - ok 19:35:47.0288 6560 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys 19:35:47.0288 6560 sbp2port - ok 19:35:47.0304 6560 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 19:35:47.0304 6560 SCardSvr - ok 19:35:47.0319 6560 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys 19:35:47.0319 6560 scfilter - ok 19:35:47.0351 6560 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll 19:35:47.0366 6560 Schedule - ok 19:35:47.0382 6560 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll 19:35:47.0382 6560 SCPolicySvc - ok 19:35:47.0397 6560 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll 19:35:47.0413 6560 SDRSVC - ok 19:35:47.0413 6560 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 19:35:47.0429 6560 secdrv - ok 19:35:47.0429 6560 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll 19:35:47.0429 6560 seclogon - ok 19:35:47.0444 6560 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll 19:35:47.0444 6560 SENS - ok 19:35:47.0460 6560 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 19:35:47.0460 6560 SensrSvc - ok 19:35:47.0491 6560 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 19:35:47.0491 6560 Serenum - ok 19:35:47.0507 6560 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 19:35:47.0507 6560 Serial - ok 19:35:47.0522 6560 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 19:35:47.0522 6560 sermouse - ok 19:35:47.0553 6560 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll 19:35:47.0553 6560 SessionEnv - ok 19:35:47.0553 6560 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys 19:35:47.0569 6560 sffdisk - ok 19:35:47.0569 6560 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys 19:35:47.0569 6560 sffp_mmc - ok 19:35:47.0569 6560 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys 19:35:47.0569 6560 sffp_sd - ok 19:35:47.0600 6560 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 19:35:47.0600 6560 sfloppy - ok 19:35:47.0631 6560 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 19:35:47.0631 6560 SharedAccess - ok 19:35:47.0647 6560 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll 19:35:47.0647 6560 ShellHWDetection - ok 19:35:47.0663 6560 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 19:35:47.0678 6560 SiSRaid2 - ok 19:35:47.0694 6560 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 19:35:47.0694 6560 SiSRaid4 - ok 19:35:47.0709 6560 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 19:35:47.0709 6560 Smb - ok 19:35:47.0725 6560 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 19:35:47.0725 6560 SNMPTRAP - ok 19:35:47.0741 6560 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 19:35:47.0741 6560 spldr - ok 19:35:47.0772 6560 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe 19:35:47.0787 6560 Spooler - ok 19:35:47.0850 6560 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe 19:35:47.0881 6560 sppsvc - ok 19:35:47.0881 6560 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 19:35:47.0881 6560 sppuinotify - ok 19:35:47.0912 6560 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys 19:35:47.0912 6560 srv - ok 19:35:47.0943 6560 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys 19:35:47.0943 6560 srv2 - ok 19:35:47.0975 6560 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys 19:35:47.0975 6560 srvnet - ok 19:35:47.0990 6560 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 19:35:47.0990 6560 SSDPSRV - ok 19:35:48.0021 6560 SSPORT (0211ab46b73a2623b86c1cfcb30579ab) C:\Windows\system32\Drivers\SSPORT.sys 19:35:48.0021 6560 SSPORT - ok 19:35:48.0037 6560 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 19:35:48.0037 6560 SstpSvc - ok 19:35:48.0068 6560 Steam Client Service - ok 19:35:48.0131 6560 Stereo Service (9e1222c417291bc836210743624a8e5e) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 19:35:48.0131 6560 Stereo Service - ok 19:35:48.0146 6560 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 19:35:48.0146 6560 stexstor - ok 19:35:48.0162 6560 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll 19:35:48.0177 6560 stisvc - ok 19:35:48.0193 6560 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys 19:35:48.0193 6560 storflt - ok 19:35:48.0209 6560 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll 19:35:48.0209 6560 StorSvc - ok 19:35:48.0224 6560 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys 19:35:48.0224 6560 storvsc - ok 19:35:48.0271 6560 SWDUMon (b6432149c4cd703109f98f2e8c2bb9fd) C:\Windows\system32\DRIVERS\SWDUMon.sys 19:35:48.0271 6560 SWDUMon - ok 19:35:48.0287 6560 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 19:35:48.0287 6560 swenum - ok 19:35:48.0318 6560 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 19:35:48.0318 6560 swprv - ok 19:35:48.0380 6560 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll 19:35:48.0396 6560 SysMain - ok 19:35:48.0411 6560 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll 19:35:48.0411 6560 TabletInputService - ok 19:35:48.0427 6560 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll 19:35:48.0427 6560 TapiSrv - ok 19:35:48.0443 6560 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 19:35:48.0443 6560 TBS - ok 19:35:48.0489 6560 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys 19:35:48.0505 6560 Tcpip - ok 19:35:48.0552 6560 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys 19:35:48.0567 6560 TCPIP6 - ok 19:35:48.0567 6560 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys 19:35:48.0567 6560 tcpipreg - ok 19:35:48.0583 6560 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 19:35:48.0583 6560 TDPIPE - ok 19:35:48.0614 6560 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys 19:35:48.0614 6560 TDTCP - ok 19:35:48.0645 6560 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys 19:35:48.0645 6560 tdx - ok 19:35:48.0661 6560 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys 19:35:48.0661 6560 TermDD - ok 19:35:48.0708 6560 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll 19:35:48.0708 6560 TermService - ok 19:35:48.0723 6560 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 19:35:48.0723 6560 Themes - ok 19:35:48.0739 6560 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 19:35:48.0739 6560 THREADORDER - ok 19:35:48.0739 6560 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 19:35:48.0739 6560 TrkWks - ok 19:35:48.0786 6560 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe 19:35:48.0786 6560 TrustedInstaller - ok 19:35:48.0817 6560 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys 19:35:48.0817 6560 tssecsrv - ok 19:35:48.0833 6560 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys 19:35:48.0833 6560 tunnel - ok 19:35:48.0864 6560 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 19:35:48.0864 6560 uagp35 - ok 19:35:48.0879 6560 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys 19:35:48.0879 6560 udfs - ok 19:35:48.0895 6560 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 19:35:48.0895 6560 UI0Detect - ok 19:35:48.0911 6560 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys 19:35:48.0911 6560 uliagpkx - ok 19:35:48.0942 6560 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys 19:35:48.0942 6560 umbus - ok 19:35:48.0957 6560 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 19:35:48.0957 6560 UmPass - ok 19:35:48.0973 6560 UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll 19:35:48.0973 6560 UmRdpService - ok 19:35:48.0989 6560 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 19:35:49.0004 6560 upnphost - ok 19:35:49.0020 6560 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys 19:35:49.0020 6560 usbccgp - ok 19:35:49.0035 6560 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys 19:35:49.0035 6560 usbcir - ok 19:35:49.0051 6560 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\drivers\usbehci.sys 19:35:49.0051 6560 usbehci - ok 19:35:49.0082 6560 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys 19:35:49.0082 6560 usbhub - ok 19:35:49.0098 6560 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys 19:35:49.0098 6560 usbohci - ok 19:35:49.0113 6560 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 19:35:49.0113 6560 usbprint - ok 19:35:49.0129 6560 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 19:35:49.0129 6560 usbscan - ok 19:35:49.0160 6560 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS 19:35:49.0160 6560 USBSTOR - ok 19:35:49.0160 6560 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys 19:35:49.0160 6560 usbuhci - ok 19:35:49.0191 6560 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 19:35:49.0191 6560 UxSms - ok 19:35:49.0207 6560 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 19:35:49.0207 6560 VaultSvc - ok 19:35:49.0223 6560 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys 19:35:49.0223 6560 vdrvroot - ok 19:35:49.0254 6560 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe 19:35:49.0254 6560 vds - ok 19:35:49.0269 6560 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 19:35:49.0269 6560 vga - ok 19:35:49.0285 6560 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 19:35:49.0285 6560 VgaSave - ok 19:35:49.0301 6560 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys 19:35:49.0301 6560 vhdmp - ok 19:35:49.0301 6560 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys 19:35:49.0316 6560 viaide - ok 19:35:49.0316 6560 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys 19:35:49.0332 6560 vmbus - ok 19:35:49.0332 6560 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys 19:35:49.0332 6560 VMBusHID - ok 19:35:49.0347 6560 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys 19:35:49.0347 6560 volmgr - ok 19:35:49.0363 6560 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys 19:35:49.0379 6560 volmgrx - ok 19:35:49.0394 6560 volsnap (c9d0eaf58d6ba71e128e715ea43ad87d) C:\Windows\system32\DRIVERS\volsnap.sys 19:35:49.0394 6560 volsnap - ok 19:35:49.0425 6560 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 19:35:49.0425 6560 vsmraid - ok 19:35:49.0472 6560 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe 19:35:49.0488 6560 VSS - ok 19:35:49.0503 6560 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 19:35:49.0503 6560 vwifibus - ok 19:35:49.0519 6560 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 19:35:49.0519 6560 W32Time - ok 19:35:49.0550 6560 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 19:35:49.0550 6560 WacomPen - ok 19:35:49.0550 6560 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 19:35:49.0566 6560 WANARP - ok 19:35:49.0566 6560 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 19:35:49.0566 6560 Wanarpv6 - ok 19:35:49.0581 6560 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe 19:35:49.0597 6560 wbengine - ok 19:35:49.0613 6560 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 19:35:49.0613 6560 WbioSrvc - ok 19:35:49.0644 6560 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll 19:35:49.0644 6560 wcncsvc - ok 19:35:49.0659 6560 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 19:35:49.0659 6560 WcsPlugInService - ok 19:35:49.0675 6560 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 19:35:49.0675 6560 Wd - ok 19:35:49.0691 6560 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 19:35:49.0691 6560 Wdf01000 - ok 19:35:49.0706 6560 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 19:35:49.0706 6560 WdiServiceHost - ok 19:35:49.0722 6560 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 19:35:49.0722 6560 WdiSystemHost - ok 19:35:49.0737 6560 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll 19:35:49.0737 6560 WebClient - ok 19:35:49.0753 6560 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 19:35:49.0769 6560 Wecsvc - ok 19:35:49.0784 6560 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 19:35:49.0784 6560 wercplsupport - ok 19:35:49.0800 6560 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 19:35:49.0800 6560 WerSvc - ok 19:35:49.0815 6560 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 19:35:49.0815 6560 WfpLwf - ok 19:35:49.0831 6560 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 19:35:49.0831 6560 WIMMount - ok 19:35:49.0847 6560 WinDefend - ok 19:35:49.0847 6560 WinHttpAutoProxySvc - ok 19:35:49.0878 6560 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 19:35:49.0893 6560 Winmgmt - ok 19:35:49.0940 6560 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll 19:35:49.0956 6560 WinRM - ok 19:35:50.0003 6560 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 19:35:50.0003 6560 Wlansvc - ok 19:35:50.0112 6560 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 19:35:50.0127 6560 wlidsvc - ok 19:35:50.0143 6560 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 19:35:50.0143 6560 WmiAcpi - ok 19:35:50.0143 6560 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 19:35:50.0159 6560 wmiApSrv - ok 19:35:50.0159 6560 WMPNetworkSvc - ok 19:35:50.0174 6560 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 19:35:50.0174 6560 WPCSvc - ok 19:35:50.0205 6560 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll 19:35:50.0205 6560 WPDBusEnum - ok 19:35:50.0205 6560 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 19:35:50.0205 6560 ws2ifsl - ok 19:35:50.0237 6560 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll 19:35:50.0237 6560 wscsvc - ok 19:35:50.0237 6560 WSearch - ok 19:35:50.0299 6560 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll 19:35:50.0315 6560 wuauserv - ok 19:35:50.0330 6560 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys 19:35:50.0330 6560 WudfPf - ok 19:35:50.0346 6560 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys 19:35:50.0361 6560 WUDFRd - ok 19:35:50.0361 6560 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll 19:35:50.0377 6560 wudfsvc - ok 19:35:50.0393 6560 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 19:35:50.0393 6560 WwanSvc - ok 19:35:50.0424 6560 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 19:35:50.0471 6560 \Device\Harddisk0\DR0 - ok 19:35:50.0471 6560 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1 19:35:51.0765 6560 \Device\Harddisk1\DR1 - ok 19:35:51.0765 6560 Boot (0x1200) (2cceaf3cfacc7b1b468c22244607abfc) \Device\Harddisk0\DR0\Partition0 19:35:51.0781 6560 \Device\Harddisk0\DR0\Partition0 - ok 19:35:51.0781 6560 Boot (0x1200) (40a34aa637d2f3edbd6f6a7ec9d4d6b3) \Device\Harddisk0\DR0\Partition1 19:35:51.0781 6560 \Device\Harddisk0\DR0\Partition1 - ok 19:35:51.0781 6560 Boot (0x1200) (6b75c90b800e8b1bcef308a639504bec) \Device\Harddisk1\DR1\Partition0 19:35:51.0781 6560 \Device\Harddisk1\DR1\Partition0 - ok 19:35:51.0781 6560 ============================================================ 19:35:51.0781 6560 Scan finished 19:35:51.0781 6560 ============================================================ 19:35:51.0781 2640 Detected object count: 0 19:35:51.0781 2640 Actual detected object count: 0 |
|
25.03.2012, 17:06
| #13 |
| /// Malware-holic | My Security Shield entfernen sieht gut aus. malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
25.03.2012, 19:20
| #14 |
| | My Security Shield entfernen Hier die Ergebnisse meines Malwarebytes durchlaufs Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.25.02 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Superuser :: HANNIBAL [Administrator] Schutz: Aktiviert 25.03.2012 19:22:07 mbam-log-2012-03-25 (19-22-07).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 516135 Laufzeit: 41 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 5 C:\Program Files (x86)\Steam\SteamApps\common\skyrim\Data\Skyrim_Memory_4gb_Patch\Skyrim.Memory.(4gb).Patch.exe (PUP.Hacktool.Patcher) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Qoobox\Quarantine\C\Users\Björn\AppData\Local\shctsphp.exe.vir (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Björn\Downloads\w7kf-setup.exe (PUP.Hacktool) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Björn\Downloads\produkey-x64\ProduKey.exe (PUP.PSWTool.ProductKey) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Björn\Downloads\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
25.03.2012, 20:03
| #15 |
| /// Malware-holic | My Security Shield entfernen lade den CCleaner standard: CCleaner Download - CCleaner 3.16.1666 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu My Security Shield entfernen |
| arbeit, backup, dateien, dateien retten, downloaden, eingefangen, entferne, entfernen, gefangen, gen, installiere, my security shield, my security shield entfernen, neuinstallation, retten, security, security shield, shield, wichtige, älter |
Linear-Darstellung
