| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
24.01.2013, 14:35
| #1 |
 |  GVU Trojaner Hallo Meinen Rechner hat es auch erwischt. Es kam die GVU Seite und nichts ging mehr. Habe dann Neustart ohne Internetverbindung gemacht aber da ging dann auch nichts. Habe den Rechner dann ausgestellt. Habe keinen 2 Rechner und sitz jetzt bei meinen Eltern. Zudem habe ich Passwörter geändert und das Onlinebänking Gesperrt. Ich könnte wenn es sein muss den Rechner Neuaufsetzen aber würde gerne ein paar Daten retten. Auf der System Platte (Favoriten, Eigene Dateien). Die Daten auf den 2 andern Platten würde ich gerne ganz behalten. Nartülich würde es mir lieber sein den Rechner nicht neu aufsetzen zumüssen. System: Windows 7 64 Bit Virenprogramm ist Antivir 1 ssd System Platte 1 ssd Daten 1 Sata Daten Da ich nicht wirklich weiß was jetzt genau zutun ist,um den Trojaner los zu werden bitte ich um Hilfe. Gruss Trummel |
|
24.01.2013, 14:55
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | GVU Trojaner Hallo und
__________________ Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung? Abgesicherter Modus zur Bereinigung
__________________ |
|
24.01.2013, 15:35
| #3 |
| | GVU Trojaner Ja das geht noch sitz jetzt zuhaus am rechner
__________________Gruß |
|
24.01.2013, 15:48
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Erstmal eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
24.01.2013, 17:20
| #5 |
| | GVU Trojaner So hier die Logs habe mein namen da nicht drin geändert wollte da nicht drin rum schreiben, evtl kann man die logs ja wieder löschen OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 24.01.2013 17:02:58 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pierce\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 3,30 Gb Available Physical Memory | 82,44% Memory free
8,00 Gb Paging File | 7,32 Gb Available in Paging File | 91,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74,43 Gb Total Space | 1,33 Gb Free Space | 1,79% Space Free | Partition Type: NTFS
Drive D: | 7,30 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 74,53 Gb Total Space | 1,95 Gb Free Space | 2,62% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 306,38 Gb Free Space | 65,78% Space Free | Partition Type: NTFS
Computer Name: PIERCE-PC | User Name: Pierce | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{139F78A3-D2BD-4EE3-BAD1-DEEE355E250F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1C62CBE9-32A7-4FA9-BBCE-DF7FA3D5F913}" = lport=137 | protocol=17 | dir=in | app=system |
"{2DF023C3-3582-4B95-BFF6-B8909F7E592F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2F5CFF07-6687-44CD-A5BE-E2AC6C5D035C}" = lport=445 | protocol=6 | dir=in | app=system |
"{3B50607C-DF3A-436A-9A46-E585F5428DFE}" = rport=139 | protocol=6 | dir=out | app=system |
"{419A1ACF-9ED2-49C6-A15B-AD1FD640BE0A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4ADAA2A6-3BA6-4CD2-98A9-7E245745CA17}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{61CF8174-1465-44A7-AE64-DBB235767A8D}" = rport=137 | protocol=17 | dir=out | app=system |
"{883CC362-74AF-4A18-A408-6A10FDEA5AE0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A251CA62-F4EF-4174-9631-E14EC31B5F73}" = rport=445 | protocol=6 | dir=out | app=system |
"{A7335B2B-536A-44A2-B7F3-A1E86038E640}" = lport=139 | protocol=6 | dir=in | app=system |
"{AFCC71E5-8EB0-4B2F-B30D-48FCC148A061}" = rport=138 | protocol=17 | dir=out | app=system |
"{B30B2F3B-F795-4674-A97B-5118392AE1F2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C1616ACE-159C-4706-8F68-452B5CB3E052}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DF073729-EF52-4D68-B58B-D36A3F07A07D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E280B208-40CE-4900-8E7D-EEBDF516F985}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E3ACCDC5-4ADD-4471-AAE2-0A990F863B51}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E767E4BC-850B-4EA8-89BF-1BFCFEB90F0E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F4B8B32A-C8AD-493F-9AE4-7982E535A2A5}" = lport=138 | protocol=17 | dir=in | app=system |
"{F6BB4128-8AC5-4D5F-98FA-0D9A4CE53786}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FDACD1EC-7555-4227-9422-EB305B24DF3D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08A9BFDE-0679-49D8-9472-71F359B29688}" = protocol=6 | dir=in | app=e:\steam\steam.exe |
"{08FC2ECE-4281-4B3B-86E3-9AC37FB6CD28}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{0BB3A01C-1857-4EC0-8A56-C18DD8418F0A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{0F99D00E-B418-4052-82F9-E499A1C2F13C}" = protocol=6 | dir=in | app=f:\eve online\bin\exefile.exe |
"{136A9FEB-85FD-46D6-B0CE-5875F499C567}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\port royale 3\portroyale3.exe |
"{13996990-E216-4833-87C7-F1FA6F1C66F0}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\theatre of war 2 africa 1943\africa1943.exe |
"{13DD0DB7-3536-4252-B8DC-ADC7F8F0B651}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\theatre of war\tow.exe |
"{153F667D-8F98-4A53-AB81-C30B99662DA3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1554F6B7-EFFD-474F-8A8D-0FC3F8EC723B}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\wargame european escalation\wargame.exe |
"{16BE248E-C876-4C6D-BA5F-4BFBE9801692}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1954F571-C1A6-43D6-9F2E-F1C68D115853}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1B347EC9-0F1D-4976-A144-657DA861668A}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{1EC2C1FD-386B-4C1D-9B1E-279B2B514380}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\crusader kings ii\ck2game.exe |
"{23E3F041-96E2-4482-8D08-6C426EB345E3}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\theatre of war\missioneditor\editor.exe |
"{243E59F2-3933-4F30-BA24-3C61C941098A}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2launcher.exe |
"{266FB3AB-A7F5-440F-8DAB-247571FC5E56}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2launcher.exe |
"{273B5475-11A5-42CE-A7A6-BBDC42B93768}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\planetside 2\launchpad.exe |
"{2ED81BB3-2D49-45EF-B5BA-3884519743FF}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\theatre of war\missioneditor\missiongen.exe |
"{3760A398-A872-435E-9BFC-BD7EF7AF7516}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\planetside 2\launchpad.exe |
"{38878D4A-0039-4662-9B70-8D7DF74509C4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3896F4F1-7C49-423B-9864-5D757E073359}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{3ADF36EB-EB2E-411A-A9BC-E49D54B0BD84}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{3BB83ED7-659D-4A0A-8F15-0800F5547FE4}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{3D050C5D-6F8A-4829-AB7B-A892AD8AA668}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\men of war assault squad\mow_assault_squad.exe |
"{3F610F2A-E26A-4904-A078-7B86B869D2AF}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\port royale 3\portroyale3.exe |
"{4300E751-42DF-418B-8A22-61017875700D}" = protocol=6 | dir=in | app=e:\civ 4\beyond the sword\civ4beyondsword_pitboss.exe |
"{43296787-5F79-4D49-B88D-2B1080F4E1FA}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\wargame european escalation\wargame.exe |
"{4496CA7A-4202-47BD-809A-634F7E42C8A2}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe |
"{4589C2FD-E257-4DDF-B5C9-A38D5D7C7943}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\theatre of war 2 africa 1943\options.exe |
"{460C7E10-988D-446F-80ED-D82CEB21E7AA}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\tropico 4\tropico4.exe |
"{4829A766-5229-46EA-BE3D-7CBA1D2EB95D}" = protocol=6 | dir=in | app=e:\civ 4\civilization4.exe |
"{4867FB36-2898-4142-A39B-A8079307457D}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\dead island\deadislandgame.exe |
"{49655377-0BAB-4BA5-A19A-A911C4276043}" = protocol=6 | dir=in | app=e:\arma 2\arma2oa.exe |
"{4A8CDC66-3B7C-4561-863D-CB1406BE0A66}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\men of war assault squad\mow_assault_squad.exe |
"{4B7E2D7F-F700-42E6-ACC5-DE19C617E6A2}" = protocol=17 | dir=in | app=c:\spiele\bf2\bf2.exe |
"{4BFF976D-62AD-459B-9461-595ABCA5E099}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\theatre of war 2 africa 1943\options.exe |
"{4E5349F4-EF9B-460E-8BA5-FC83FF70E4E4}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\theatre of war\tow.exe |
"{503ECACA-7531-4EF5-920D-F023E7C8B30B}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\men of war assault squad\mow_assault_squad.exe |
"{51B9E7B7-2E1C-44DC-8C59-F5BC4146F4A0}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\sid meier's civilization v sdk\sid meier's civilization v sdk.exe |
"{54460D41-6959-4B73-AEC7-83C355CCFA37}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\terraria\terraria.exe |
"{54A2FBF1-D4B5-4638-AE5A-5B60B1FBF396}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\theatre of war ii kursk 1943\kursk1943.exe |
"{560A0C0E-74A5-4A99-8706-6D16EBEBBF39}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\theatre of war\towsetup.exe |
"{57569D64-DEFE-40B0-A985-0D5FFF3EACF8}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{57E93041-D3BD-4174-8133-2686164BD7BE}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\theatre of war\towsetup.exe |
"{599CC9AA-FD57-4EDC-A3B8-4FAB27D5E853}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{59FBD013-D725-4C23-B93E-62E22278C321}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{5B3A6FB1-C7F6-4D6A-ADC3-C354D4274D0B}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\wargame european escalation\wargame.exe |
"{5B75F581-2CF9-45CC-9ED1-97355222CC1A}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{630D02D6-9849-45C9-8F9F-194A30663DCE}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\wargame european escalation\wargame.exe |
"{658A7110-06E1-44AD-874B-EAB78F020ABB}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{6D568D21-8A5B-4852-9166-8904C5D45132}" = protocol=17 | dir=in | app=e:\arma 2\arma2oa.exe |
"{6DE6E7E8-0323-4371-9CB7-BB204906BCBF}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\dead island\deadislandgame.exe |
"{6EB597AA-C763-45B9-801B-E43356AA3F44}" = protocol=17 | dir=in | app=e:\civ 4\beyond the sword\civ4beyondsword.exe |
"{73C08667-3533-4FFC-95C8-7DE60183A4CC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{754B692B-EA43-4AFA-8FE2-12992F67AC6B}" = protocol=6 | dir=in | app=e:\coh\reliccoh.exe |
"{77343666-791D-4BCB-BB03-89DE86CDEC10}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{775828F7-CF91-4F2D-BE8D-4F83736BE2E8}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\dead island\deadislandgame.exe |
"{78EFE8DA-3609-4A7E-936B-2D82E4D87430}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{7DFED31F-1DFA-4CC3-8D36-47CEC4511852}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\theatre of war 2 africa 1943\africa1943.exe |
"{8075B66C-FA3C-44C3-8E47-9546881288C7}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{81EA2F37-8B69-4105-87EF-447764EDECEE}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{83BE40A6-8075-4779-B8EB-954D0301BF59}" = protocol=6 | dir=in | app=c:\spiele\bf2\bf2.exe |
"{84F116F8-8608-4133-ACE7-B5DDB48CD9D4}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\endless space\endlessspace.exe |
"{86FE9660-6348-43B2-BC85-35C2F08E4FA9}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{8A058070-33A3-4E84-9EC7-6E277C8412AF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8C303989-3975-4A49-91AA-98DFE5032C8E}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\wargame european escalation\wargame.exe |
"{8C3E65E3-FE4B-4359-A6B5-761269CCA418}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\crusader kings ii\ck2game.exe |
"{8EEC9FE5-9F89-4E8E-B2E8-D55823B0B2DA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8F268563-AE64-482B-819F-8CB94855CE55}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\men of war assault squad\mow_assault_squad.exe |
"{902E8B7E-EF44-4EFE-A023-CEDB954D6A65}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe |
"{90930351-A6AE-4371-A492-4EF4B9BC6161}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{90A91AE0-6827-48AF-9863-EB586D66D23C}" = protocol=17 | dir=in | app=c:\spiele\mass effect 2\binaries\masseffect2.exe |
"{93DCB4FD-ADCB-40DE-ABA9-AAE5FBD6EFDB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{95902940-C006-4713-95B7-BC3E263D6DF9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{974FB648-CAA6-4946-BE2E-455FD4506D0B}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"{97FC5D22-35F5-46F7-AA43-62378B325D94}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\sid meier's civilization v sdk\sid meier's civilization v sdk.exe |
"{9DC842DB-69BE-4A2A-97AE-FADA4CA6025D}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\dead island\deadislandgame.exe |
"{9DE3516E-F201-40B9-BDF7-713232FB75EE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{9DF87F72-FBF1-487A-AEE7-D6BA0D7C1083}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{9E828F32-D3E4-4466-9588-9407CAB14E19}" = protocol=17 | dir=in | app=c:\spiele\mass effect 2\masseffect2launcher.exe |
"{A1535A48-62FE-42A7-99FC-35B80763AD9D}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\sid meier's civilization v sdk\sid meier's civilization v sdk.exe |
"{A2AB3BE4-98CC-4FC1-87F1-F7A197FDEFBD}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\endless space\endlessspace.exe |
"{A2B2D3A8-8EA6-4884-B495-BEACA937C17B}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\tropico 4\tropico4.exe |
"{A4CBFB12-8A3F-4406-A978-B6BFE998D96E}" = protocol=6 | dir=in | app=e:\coh\relicdownloader\relicdownloader.exe |
"{A55174C2-3CDF-4C98-A22D-F6886C2EE164}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{A5966CDC-CC4C-4CC7-917D-F1E5386B7AAA}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\crusader kings ii\ck2game.exe |
"{A7022298-E07E-4B65-AF6B-25499A46E902}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\theatre of war\missioneditor\missiongen.exe |
"{A7980DE4-7419-4DE2-B113-D40AB9C2F3DD}" = protocol=17 | dir=in | app=e:\civ 4\beyond the sword\civ4beyondsword_pitboss.exe |
"{A7FF47A7-737A-4B6B-8466-46EAE38DB3A2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{A8CBE96F-8530-4A88-86FE-A45D8407CD89}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A93BA15A-4336-4824-A683-432B11E0723D}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{A9AA580D-278F-42B9-961B-A50F4559B155}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{AA693B6A-6B6B-4804-98DF-6990232489B4}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\endless space\endlessspace.exe |
"{B1DEC078-6478-489F-B641-CA5DAA7F43A4}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\endless space\endlessspace.exe |
"{B2BDE698-F4A9-4EBA-9239-642859C46EEE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B505BAFC-4CF2-459C-BA5D-277B66A8729C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B8C88A02-BB6C-49BD-AD15-912809346FC3}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\theatre of war ii kursk 1943\kursk1943.exe |
"{BBC73C44-9FDB-4646-905F-B2E3E068CC88}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{BDDF5222-54A1-471A-96CD-F52973C8FFAA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{BFA0CA62-7D16-4628-B878-9462075D185C}" = protocol=6 | dir=in | app=e:\civ 4\beyond the sword\civ4beyondsword.exe |
"{BFA51A14-92CC-4597-BE18-D22E6C1384A8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C34C709C-7B99-46BC-9B60-E4050A65E3F9}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\wargame european escalation\wargame.exe |
"{C484F089-6390-43F5-AD9B-EA3380176DD4}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{CA2010CA-169F-4CFC-86BF-A21A07BE3907}" = protocol=6 | dir=out | app=system |
"{CF2553B2-C08D-4310-BB77-028EDFB293E0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CF3DB441-0E76-4AF7-B084-72C8023B796C}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\tropico 4\tropico4.exe |
"{CF477DB8-B223-4D3C-A3F0-EB864974A7B2}" = protocol=17 | dir=in | app=e:\steam\steam.exe |
"{D18A296F-5268-412F-ADC9-5F8E53794463}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\theatre of war\missioneditor\editor.exe |
"{D290A896-0F6D-4D36-BDB4-D97AE3D2928E}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{D454CDF0-D101-4F17-8E74-F6245C13E672}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D4655629-72B3-4C3F-BFEA-924FE57A03B9}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{D6129173-D4B7-4BCD-83A8-EEFFC5ECC661}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\port royale 3\portroyale3.exe |
"{D7ACD0F6-8CB2-4066-A722-9B76F5705E61}" = protocol=6 | dir=in | app=c:\spiele\mass effect 2\masseffect2launcher.exe |
"{D7CC652C-1E0F-40E2-8965-EACCC85A983B}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\crusader kings ii\ck2game.exe |
"{DD505DB3-A4A6-4B87-B4A1-453EB579438B}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\terraria\terraria.exe |
"{DDCE6D7E-8102-4A62-B68F-AFCE6FFA5E89}" = protocol=17 | dir=in | app=e:\coh\reliccoh.exe |
"{E105CF09-1CCA-44D2-BA48-FD73EE21A5CC}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\tropico 4\tropico4.exe |
"{E2A15A13-6D55-45A8-A9DF-09F7DCCE633B}" = protocol=17 | dir=in | app=f:\eve online\bin\exefile.exe |
"{E2EC47C1-DF4D-471C-B86E-136108ECFBB5}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{E4B13330-D71B-42FB-925E-1EE289D01907}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E5075295-552E-47B6-A6DC-7114CBC74EF1}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{E9BE0227-02FD-4A85-B5F2-589312FB4F10}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E9CE8A9C-A7D0-4828-9687-AFCCFDC1EBE3}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\sid meier's civilization v sdk\sid meier's civilization v sdk.exe |
"{EB4EA075-AAAE-4CC9-B543-FF4E2D0E78B7}" = protocol=6 | dir=in | app=c:\spiele\mass effect 2\binaries\masseffect2.exe |
"{EC8347D4-C296-434B-82E6-611AFE762833}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{EE2F4786-787C-4A1C-BC29-D0AC2AAEE9A3}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{F42738A7-BA8B-4768-882C-EB9DF4088907}" = protocol=17 | dir=in | app=e:\civ 4\civilization4.exe |
"{F67FB88F-AB43-4A24-894F-4262381C7832}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\port royale 3\portroyale3.exe |
"{F7F838A9-55F6-4CE1-92FA-6AD52FE35FEB}" = protocol=58 | dir=in | app=system |
"{F7F9C1BC-9DDF-46AC-8AF6-F9C336B7D7AE}" = protocol=17 | dir=in | app=e:\coh\relicdownloader\relicdownloader.exe |
"{F8835270-5FE8-410A-A028-020B2328CE55}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{F8DF4F1D-FBF2-42AF-9D5D-73713FB5CDBC}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"{FE47FD2D-55BA-4DE0-9BDC-F0248C0157EE}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"TCP Query User{201A8364-C761-4204-9F09-456CA9789EB2}C:\spiele\bf1942\bf1942.exe" = protocol=6 | dir=in | app=c:\spiele\bf1942\bf1942.exe |
"TCP Query User{42DEABBE-6FE8-410C-AC63-2BB22465E2B8}E:\arma 2\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=e:\arma 2\expansion\beta\arma2oa.exe |
"TCP Query User{48705D98-F303-42DE-9BD4-14C8DBB4799A}C:\spiele\bf2\forgottenhope2.exe" = protocol=6 | dir=in | app=c:\spiele\bf2\forgottenhope2.exe |
"TCP Query User{4AF8AAA4-F95F-424E-AB51-7128405236B5}F:\steam\steam.exe" = protocol=6 | dir=in | app=f:\steam\steam.exe |
"TCP Query User{4FB1EC24-CBD9-4FFF-9503-5125D38FF7A5}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=6 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe |
"TCP Query User{54F6B0F5-E4DF-49B7-BBF0-E82490D15221}C:\spiele\eu3 complete\eu3game.exe" = protocol=6 | dir=in | app=c:\spiele\eu3 complete\eu3game.exe |
"TCP Query User{5546CEB4-D9B8-4DC6-997C-3BC5800F8967}E:\eve online\bin\exefile.exe" = protocol=6 | dir=in | app=e:\eve online\bin\exefile.exe |
"TCP Query User{5A82F9E7-E604-4F02-B206-77A4A268FC5B}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{691AFC1E-06F7-41CF-8CD8-E8BF7DC28295}F:\eve online\bin\exefile.exe" = protocol=6 | dir=in | app=f:\eve online\bin\exefile.exe |
"TCP Query User{91171CAE-DCAA-40B3-9997-BBD5ACA302FF}E:\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=e:\world_of_tanks\wotlauncher.exe |
"TCP Query User{91B9AB42-FD42-407E-A9A4-510E37BF459F}F:\steam\steamapps\common\theatre of war ii kursk 1943\kursk1943.bin" = protocol=6 | dir=in | app=f:\steam\steamapps\common\theatre of war ii kursk 1943\kursk1943.bin |
"TCP Query User{9FA74E56-F56F-4C6E-84FD-044002C20BA8}C:\users\pierce\appdata\local\temp\d6b1c34127c0425097a1b6f12c6f7665\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\pierce\appdata\local\temp\d6b1c34127c0425097a1b6f12c6f7665\relicdownloader.exe |
"TCP Query User{B1B69B7D-3AFA-4D02-97AE-294DC4D1C285}E:\hoi3 neu\hoi3_sf_ftm305_tfh402\hoi3_tfh.exe" = protocol=6 | dir=in | app=e:\hoi3 neu\hoi3_sf_ftm305_tfh402\hoi3_tfh.exe |
"TCP Query User{D95521E2-5381-472D-8955-5B241D5EFCA9}E:\arma 2\@dayz\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=e:\arma 2\@dayz\expansion\beta\arma2oa.exe |
"TCP Query User{E82C95A9-19C2-45C9-ABD5-6536288F3AFF}E:\arma 2\arma2.exe" = protocol=6 | dir=in | app=e:\arma 2\arma2.exe |
"TCP Query User{EC371077-F772-453B-9F43-347E06DA3FDA}F:\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=f:\steam\steamapps\common\planetside 2\planetside2.exe |
"TCP Query User{F079665A-CFAF-46FD-875B-7C9D5D05951E}E:\hoi3 new\hoi3_sf_ftm305_tfh402 - francesco\hoi3_tfh.exe" = protocol=6 | dir=in | app=e:\hoi3 new\hoi3_sf_ftm305_tfh402 - francesco\hoi3_tfh.exe |
"TCP Query User{F0A64BA1-AE06-4E55-BDCF-28CC3857003C}E:\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=e:\world_of_tanks\worldoftanks.exe |
"TCP Query User{F23E5729-3A96-46F3-A0F1-6E1F721FC456}F:\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe" = protocol=6 | dir=in | app=f:\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe |
"UDP Query User{0D22E7E4-2647-446E-8466-8D16D5906677}E:\eve online\bin\exefile.exe" = protocol=17 | dir=in | app=e:\eve online\bin\exefile.exe |
"UDP Query User{14168602-1EAD-41D2-B68C-ABF687F3FCC2}F:\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=f:\steam\steamapps\common\planetside 2\planetside2.exe |
"UDP Query User{2408E727-4B94-4EB4-B715-91A098B62586}E:\arma 2\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=e:\arma 2\expansion\beta\arma2oa.exe |
"UDP Query User{4D0558C3-937F-4461-B61B-8040DB210FBA}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{8E09BE51-0A63-4CA1-8E28-5BA7B4E97ADF}F:\eve online\bin\exefile.exe" = protocol=17 | dir=in | app=f:\eve online\bin\exefile.exe |
"UDP Query User{900394C1-6ECD-47FA-A110-79B9B70C82D5}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=17 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe |
"UDP Query User{98051E54-01FA-4E8E-B695-E742CC7338AD}E:\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=e:\world_of_tanks\worldoftanks.exe |
"UDP Query User{B32DDDC4-4CF0-4FF2-A6B7-E79FCC9D90DC}C:\users\pierce\appdata\local\temp\d6b1c34127c0425097a1b6f12c6f7665\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\pierce\appdata\local\temp\d6b1c34127c0425097a1b6f12c6f7665\relicdownloader.exe |
"UDP Query User{C30D7B86-1C6F-4B7E-9FF4-79696B98869C}E:\hoi3 new\hoi3_sf_ftm305_tfh402 - francesco\hoi3_tfh.exe" = protocol=17 | dir=in | app=e:\hoi3 new\hoi3_sf_ftm305_tfh402 - francesco\hoi3_tfh.exe |
"UDP Query User{C555B734-926C-452D-8A62-2E4AC2835D83}E:\arma 2\arma2.exe" = protocol=17 | dir=in | app=e:\arma 2\arma2.exe |
"UDP Query User{C8DC8538-7511-495C-B192-73C778B0761F}E:\arma 2\@dayz\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=e:\arma 2\@dayz\expansion\beta\arma2oa.exe |
"UDP Query User{D2B46F80-EE19-459C-9042-A8F32F8ADF0E}C:\spiele\bf2\forgottenhope2.exe" = protocol=17 | dir=in | app=c:\spiele\bf2\forgottenhope2.exe |
"UDP Query User{D8791B0E-493D-4A25-823B-3DF60AE9B551}C:\spiele\eu3 complete\eu3game.exe" = protocol=17 | dir=in | app=c:\spiele\eu3 complete\eu3game.exe |
"UDP Query User{DDA136A9-8261-40BE-B06B-0A627CE05754}E:\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=e:\world_of_tanks\wotlauncher.exe |
"UDP Query User{E2B1F8B4-FCA1-43BA-BA48-D1242D7F281E}E:\hoi3 neu\hoi3_sf_ftm305_tfh402\hoi3_tfh.exe" = protocol=17 | dir=in | app=e:\hoi3 neu\hoi3_sf_ftm305_tfh402\hoi3_tfh.exe |
"UDP Query User{EE64EE35-B976-4A74-9234-1E5C73A99475}F:\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe" = protocol=17 | dir=in | app=f:\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe |
"UDP Query User{EEAC2883-6CC3-4C9B-9B8B-DADB3686371D}C:\spiele\bf1942\bf1942.exe" = protocol=17 | dir=in | app=c:\spiele\bf1942\bf1942.exe |
"UDP Query User{F9CF49A0-4303-424F-BFEF-2458F8984609}F:\steam\steam.exe" = protocol=17 | dir=in | app=f:\steam\steam.exe |
"UDP Query User{FAD552E5-6B83-4FDD-A943-9A90F262D3EA}F:\steam\steamapps\common\theatre of war ii kursk 1943\kursk1943.bin" = protocol=17 | dir=in | app=f:\steam\steamapps\common\theatre of war ii kursk 1943\kursk1943.bin |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10
"{26A24AE4-039D-4CA4-87B4-2F86416030FF}" = Java(TM) 6 Update 30 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{68CA3A47-3F7E-0E92-DC0D-5B0C02D9AFAD}" = ccc-utility64
"{6BB150E8-6CBB-5F8F-CAE7-BE21B2C92D31}" = AMD Accelerated Video Transcoding
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8424B163-D1E0-48B7-88A2-C7A61767B3D7}" = Microsoft SQL Server Compact 4.0 x64 ENU
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{914F7627-B645-9895-F723-BAEAAC865E75}" = AMD Catalyst Install Manager
"{99720953-c1d6-4b90-8012-b7c3337f4efe}.sdb" = Battlefield 1942 Windows Vista/7 Compatibility Fix
"{CFA5BA6D-D6BB-AE1B-E61E-5B1ACFC8F0BB}" = AMD Drag and Drop Transcoding
"{DA3372D5-F228-5C71-3FAC-177D4AEE8659}" = AMD Media Foundation Decoders
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"sp6" = Logitech SetPoint 6.30
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TS3 Overlay" = TS3 Overlay
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D45A4B-D7F5-C03E-1650-885756303D13}" = CCC Help Norwegian
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{0613D880-939E-4C9D-AD7C-A10DF7D7D5E9}" = EveHQ
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1AAA38A8-5E6E-4F4E-A84B-F1EE589E93E9}" = Pixel-Fighter.com Toolbox
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{284E9E9A-D8BE-3588-D0BA-E9BB61970A1D}" = CCC Help Hungarian
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater
"{30E18A93-982E-AF1B-D646-E8C5DAECA390}" = CCC Help French
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4021F8B5-E8BB-D0F9-AF28-4970013FAE3D}" = Catalyst Control Center
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{470D66DF-B597-124E-EDCE-8B966AA5F230}" = CCC Help Portuguese
"{483924A6-52C5-9169-0280-14272D5FBA70}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E3AA543-09D7-401E-9DF2-2591D24C7C49}" = Addon Sync 2009
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{52F7EC17-C7D9-4254-BBC5-404A67844ED1}" = EveMeepV3
"{57AE1BE1-24E8-4169-D52C-ABE31BD91562}" = CCC Help Finnish
"{5B5745F7-23EF-9E5E-6689-512C9FA08222}" = CCC Help English
"{611E417A-82C3-415C-B9C4-7C8DBF02E6D5}" = TS Notifier
"{625031C9-E249-2A53-C282-C1E9872B211E}" = CCC Help Turkish
"{655E0B5A-7ADF-A052-587F-64F0E59B58E7}" = CCC Help Dutch
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74437563-D720-0307-90FC-1C351B1041D7}" = Catalyst Control Center Localization All
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{789A4D10-821B-3FA5-52B0-F0FAEEDED9F4}" = CCC Help Czech
"{7BA14A92-C229-5E00-3ADE-8D22F81B849E}" = CCC Help German
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80A5B901-C7BD-D300-17BA-9E02F18EAB77}" = CCC Help Danish
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{82F505E6-5879-B30A-12B7-7795969D3BBB}" = CCC Help Polish
"{8476003F-6927-8393-C6F4-FAF47D61D00B}" = CCC Help Korean
"{89A2D79E-B3AD-A83A-795F-5645EFF922D3}" = CCC Help Greek
"{89C0F58F-9E5B-2B45-D9DF-7988A54BECA8}" = CCC Help Italian
"{8B91D776-792D-F02B-DE43-BF398549C729}" = CCC Help Spanish
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8F272838-BDD6-B433-D650-25E231AEFA8A}" = Catalyst Control Center InstallProxy
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{983BE967-28E9-5C78-8851-638DAC4AF66E}" = CCC Help Swedish
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A707240D-18D3-07F4-AE2E-6AE76C220192}" = CCC Help Japanese
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{B95AC87D-630B-603F-3F12-AA22B3BBA69C}" = CCC Help Chinese Traditional
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{C3E9887A-23BA-4777-8080-191A5AFCAB74}" = Mumble 1.2.3
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EB1C554C-5343-9A69-1B8C-666AF192CA19}" = CCC Help Russian
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F32D24DD-D787-10F9-D21E-BC3FAB3064CB}" = Catalyst Control Center Graphics Previews Common
"{F8D90583-7BB5-75A9-B23F-A353AD4674BC}" = CCC Help Thai
"ARMA 2 Operation Arrowhead" = ARMA 2 Operation Arrowhead Uninstall
"ArmA2" = ArmA2 Uninstall
"AudioCS" = Creative Audio-Systemsteuerung
"Avira AntiVir Desktop" = Avira Free Antivirus
"BattlEye" = BattlEye Uninstall
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"Blitzkrieg" = Blitzkrieg Mod
"CMFI_is1" = Combat Mission Fortress Italy
"CoH Community Mappack" = CoH Community Mappack
"Company of Heroes" = Company of Heroes
"CPU-Control_is1" = CPU-Control
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"DAEMON Tools Lite" = DAEMON Tools Lite
"EVE" = EVE Online (remove only)
"EVEMon" = EVEMon
"Forgotten Hope" = Forgotten Hope 0.70
"Fraps" = Fraps (remove only)
"Hamachi" = Hamachi 1.0.3.0
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Pidgin" = Pidgin
"PunkBusterSvc" = PunkBuster Services
"Steam App 105600" = Terraria
"Steam App 108800" = Crysis 2 Maximum Edition
"Steam App 16830" = Sid Meier's Civilization V SDK
"Steam App 203770" = Crusader Kings II
"Steam App 205610" = Port Royale 3
"Steam App 208140" = Endless Space
"Steam App 218230" = PlanetSide 2
"Steam App 22380" = Fallout: New Vegas
"Steam App 34330" = Total War: SHOGUN 2
"Steam App 35450" = Red Orchestra 2: Heroes of Stalingrad
"Steam App 46290" = Theatre of War
"Steam App 46340" = Theatre of War 2: Africa 1943
"Steam App 46360" = Theatre of War 2: Kursk 1943
"Steam App 57690" = Tropico 4
"Steam App 58610" = Wargame: European Escalation
"Steam App 64000" = Men of War: Assault Squad
"Steam App 65800" = Dungeon Defenders
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 8930" = Sid Meier's Civilization V
"Steam App 91310" = Dead Island
"VLC media player" = VLC media player 1.1.11
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1890510484-2314157509-767822104-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BASE 5.2" = BASE 5.2
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 22.01.2013 19:22:32 | Computer Name = Pierce-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "f:\Steam\steamapps\common\total
war shogun 2\ModManager.exe". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 22.01.2013 19:22:33 | Computer Name = Pierce-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "f:\Steam\steamapps\common\total
war shogun 2\benchmarks\benchmark_output.exe". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 22.01.2013 19:22:34 | Computer Name = Pierce-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "f:\Steam\steamapps\common\total
war shogun 2\redist\flashsecurity.exe". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 22.01.2013 19:22:34 | Computer Name = Pierce-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "f:\Steam\steamapps\common\total
war shogun 2\redist\flashsecurity1.exe". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 22.01.2013 19:59:07 | Computer Name = Pierce-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16457,
Zeitstempel: 0x50a2f9e3 Name des fehlerhaften Moduls: MSHTML.dll, Version: 9.0.8112.16457,
Zeitstempel: 0x50a30507 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00921720 ID des fehlerhaften
Prozesses: 0x11d8 Startzeit der fehlerhaften Anwendung: 0x01cdf8edaab4040b Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: C:\Windows\system32\MSHTML.dll Berichtskennung: b475625e-64ef-11e2-8d8b-00261859817f
Error - 22.01.2013 23:48:36 | Computer Name = Pierce-PC | Source = WinMgmt | ID = 10
Description =
Error - 23.01.2013 12:14:06 | Computer Name = Pierce-PC | Source = WinMgmt | ID = 10
Description =
Error - 24.01.2013 06:25:13 | Computer Name = Pierce-PC | Source = WinMgmt | ID = 10
Description =
Error - 24.01.2013 07:37:56 | Computer Name = Pierce-PC | Source = WinMgmt | ID = 10
Description =
Error - 24.01.2013 07:42:04 | Computer Name = Pierce-PC | Source = WinMgmt | ID = 10
Description =
Error - 24.01.2013 10:34:52 | Computer Name = Pierce-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 24.01.2013 12:04:03 | Computer Name = Pierce-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 24.01.2013 12:05:45 | Computer Name = Pierce-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 24.01.2013 12:05:45 | Computer Name = Pierce-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 24.01.2013 12:05:45 | Computer Name = Pierce-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 24.01.2013 12:06:11 | Computer Name = Pierce-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 24.01.2013 12:06:11 | Computer Name = Pierce-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 24.01.2013 12:06:11 | Computer Name = Pierce-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 24.01.2013 12:06:11 | Computer Name = Pierce-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 24.01.2013 12:06:11 | Computer Name = Pierce-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 24.01.2013 12:06:11 | Computer Name = Pierce-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
OTL Logfile: Code:
ATTFilter OTL logfile created on: 24.01.2013 17:02:58 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pierce\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,30 Gb Available Physical Memory | 82,44% Memory free 8,00 Gb Paging File | 7,32 Gb Available in Paging File | 91,52% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 74,43 Gb Total Space | 1,33 Gb Free Space | 1,79% Space Free | Partition Type: NTFS Drive D: | 7,30 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive E: | 74,53 Gb Total Space | 1,95 Gb Free Space | 2,62% Space Free | Partition Type: NTFS Drive F: | 465,76 Gb Total Space | 306,38 Gb Free Space | 65,78% Space Free | Partition Type: NTFS Computer Name: PIERCE-PC | User Name: Pierce | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Pierce\Desktop\OTL.exe (OldTimer Tools) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.) DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.) DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.) DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.) DRV:64bit: - (P17) -- C:\Windows\SysNative\drivers\P17.sys (Creative Technology Ltd.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1890510484-2314157509-767822104-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-1890510484-2314157509-767822104-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1890510484-2314157509-767822104-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1890510484-2314157509-767822104-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 49 0D FD F7 60 6D CC 01 [binary data] IE - HKU\S-1-5-21-1890510484-2314157509-767822104-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1890510484-2314157509-767822104-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1890510484-2314157509-767822104-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.12 10:51:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.12 10:51:28 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.18 11:41:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pierce\AppData\Roaming\mozilla\Extensions [2012.05.26 14:13:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pierce\AppData\Roaming\mozilla\Firefox\Profiles\h6wwgarx.default\extensions [2011.12.11 22:10:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.12 10:51:28 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.07.03 20:58:59 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.12 10:51:27 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.07.03 20:58:59 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.07.03 20:58:59 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.03 20:58:59 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.03 20:58:59 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [P17RunE] C:\Windows\SysWow64\P17RunE.dll (Creative Technology Ltd.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1890510484-2314157509-767822104-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-1890510484-2314157509-767822104-1001..\Run: [svñhîst] C:\Users\Pierce\wgsdgsdgdsgsd.exe (Softspecialists) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-1890510484-2314157509-767822104-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-1890510484-2314157509-767822104-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-1890510484-2314157509-767822104-1001\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-1890510484-2314157509-767822104-1001\..Trusted Domains: sony.com ([]* in Trusted sites) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} hxxp://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.145.0.cab (Battlefield Heroes Updater) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5C3E0F8-1104-4CA2-92CA-EA220DE1FC9F}: DhcpNameServer = 192.168.2.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.10.26 17:45:39 | 000,779,496 | R--- | M] (BioWare) - D:\autorun.exe -- [ UDF ] O32 - AutoRun File - [2009.10.26 22:21:41 | 000,000,054 | R--- | M] () - D:\autorun.inf -- [ UDF ] O33 - MountPoints2\{fbab6cbb-d952-11e0-a7a5-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{fbab6cbb-d952-11e0-a7a5-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe -- [2009.10.26 17:45:39 | 000,779,496 | R--- | M] (BioWare) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.24 16:52:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Pierce\Desktop\OTL.exe [2013.01.24 12:34:12 | 000,054,784 | RHS- | C] (Softspecialists) -- C:\Users\Pierce\wgsdgsdgdsgsd.exe [2013.01.22 23:05:14 | 000,000,000 | ---D | C] -- C:\Users\Pierce\AppData\Roaming\Indicium Technologies [2013.01.22 23:04:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition [2013.01.22 23:04:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition [2013.01.22 23:02:25 | 000,000,000 | ---D | C] -- C:\Users\Pierce\Documents\EveHQ [2013.01.22 23:01:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EveHQ [2013.01.22 23:01:44 | 000,000,000 | ---D | C] -- C:\Users\Pierce\AppData\Roaming\EveHQ [2013.01.22 22:46:57 | 000,000,000 | ---D | C] -- C:\Users\Pierce\AppData\Local\EveMeep3 [2013.01.22 22:45:27 | 000,000,000 | ---D | C] -- C:\Users\Pierce\Documents\EveMeep [2013.01.22 22:44:46 | 000,000,000 | ---D | C] -- C:\Users\Pierce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Evemeep3 [2013.01.22 22:33:16 | 000,000,000 | ---D | C] -- C:\Users\Pierce\AppData\Roaming\EVEMon [2013.01.22 22:33:13 | 000,000,000 | ---D | C] -- C:\Users\Pierce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVEMon [2013.01.22 21:37:20 | 000,000,000 | ---D | C] -- C:\Users\Pierce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Custom Salem Updater [2013.01.22 19:49:21 | 000,000,000 | ---D | C] -- C:\Users\Pierce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firaxis Games [2013.01.20 18:52:19 | 000,000,000 | ---D | C] -- C:\Users\Pierce\.salem [2013.01.20 18:51:48 | 000,000,000 | ---D | C] -- C:\Users\Pierce\Salem [2013.01.14 13:29:46 | 000,000,000 | ---D | C] -- C:\Users\Pierce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CoH Community Mappack [2013.01.11 05:13:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.01.11 05:13:53 | 000,260,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.01.11 05:13:50 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.01.11 05:13:50 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.01.11 05:13:50 | 000,095,184 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.01.11 05:13:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.01.11 00:44:24 | 000,000,000 | ---D | C] -- C:\Users\Pierce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blitzkrieg Mod [2013.01.09 23:32:49 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.01.09 23:32:49 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013.01.09 23:32:44 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013.01.09 23:32:39 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2013.01.02 00:05:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA [2012.12.25 19:38:39 | 000,000,000 | ---D | C] -- C:\Users\Pierce\AppData\Local\Programs ========== Files - Modified Within 30 Days ========== [2013.01.24 16:52:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pierce\Desktop\OTL.exe [2013.01.24 15:37:14 | 001,613,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.24 15:37:14 | 000,696,848 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.24 15:37:14 | 000,652,166 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.24 15:37:14 | 000,148,144 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.24 15:37:14 | 000,121,098 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.24 15:33:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.24 15:32:59 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys [2013.01.24 12:47:28 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.24 12:47:28 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.24 12:40:20 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.24 12:34:12 | 000,054,784 | RHS- | M] (Softspecialists) -- C:\Users\Pierce\wgsdgsdgdsgsd.exe [2013.01.24 12:29:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.22 23:01:45 | 000,002,543 | ---- | M] () -- C:\Users\Public\Desktop\EveHQ.lnk [2013.01.22 22:46:55 | 000,000,963 | ---- | M] () -- C:\Users\Pierce\Desktop\EveMeep3.exe - Verknüpfung.lnk [2013.01.22 21:37:20 | 000,002,173 | ---- | M] () -- C:\Users\Pierce\Desktop\Custom Salem Updater.lnk [2013.01.22 19:58:27 | 000,001,132 | ---- | M] () -- C:\Users\Pierce\Desktop\Civ4BeyondSword.exe - Verknüpfung.lnk [2013.01.22 19:17:51 | 000,000,201 | ---- | M] () -- C:\Users\Pierce\Desktop\Total War SHOGUN 2.url [2013.01.16 13:42:28 | 000,000,000 | ---- | M] () -- C:\Users\Pierce\Documents\ts3_clientui-win64-1351504843-2013-01-16 13_42_28.775139.dmp [2013.01.16 13:30:43 | 000,000,000 | ---- | M] () -- C:\Users\Pierce\Documents\ts3_clientui-win64-1351504843-2013-01-16 13_30_43.780445.dmp [2013.01.16 13:07:21 | 000,000,000 | ---- | M] () -- C:\Users\Pierce\Documents\ts3_clientui-win64-1351090895-2013-01-16 13_07_21.264356.dmp [2013.01.11 05:13:46 | 000,859,072 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.01.11 05:13:46 | 000,779,704 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.01.11 05:13:46 | 000,260,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.01.11 05:13:46 | 000,174,000 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.01.11 05:13:46 | 000,173,992 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.01.11 05:13:46 | 000,095,184 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.01.11 00:50:20 | 000,000,671 | ---- | M] () -- C:\Users\Pierce\Desktop\Blitzkrieg Mod.lnk [2013.01.10 15:23:39 | 000,294,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.10 03:07:04 | 001,590,370 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.01.01 23:18:05 | 000,000,202 | ---- | M] () -- C:\Users\Pierce\Desktop\Terraria.url [2012.12.30 19:52:05 | 000,111,928 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.12.30 19:21:29 | 000,111,928 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 ========== Files Created - No Company Name ========== [2013.01.22 23:01:45 | 000,002,543 | ---- | C] () -- C:\Users\Public\Desktop\EveHQ.lnk [2013.01.22 22:46:55 | 000,000,963 | ---- | C] () -- C:\Users\Pierce\Desktop\EveMeep3.exe - Verknüpfung.lnk [2013.01.22 19:57:25 | 000,001,132 | ---- | C] () -- C:\Users\Pierce\Desktop\Civ4BeyondSword.exe - Verknüpfung.lnk [2013.01.22 19:17:50 | 000,000,201 | ---- | C] () -- C:\Users\Pierce\Desktop\Total War SHOGUN 2.url [2013.01.20 18:51:48 | 000,002,173 | ---- | C] () -- C:\Users\Pierce\Desktop\Custom Salem Updater.lnk [2013.01.16 13:42:28 | 000,000,000 | ---- | C] () -- C:\Users\Pierce\Documents\ts3_clientui-win64-1351504843-2013-01-16 13_42_28.775139.dmp [2013.01.16 13:30:43 | 000,000,000 | ---- | C] () -- C:\Users\Pierce\Documents\ts3_clientui-win64-1351504843-2013-01-16 13_30_43.780445.dmp [2013.01.16 13:07:21 | 000,000,000 | ---- | C] () -- C:\Users\Pierce\Documents\ts3_clientui-win64-1351090895-2013-01-16 13_07_21.264356.dmp [2013.01.11 00:44:26 | 000,000,671 | ---- | C] () -- C:\Users\Pierce\Desktop\Blitzkrieg Mod.lnk [2013.01.02 00:04:39 | 001,590,370 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.01.01 23:18:05 | 000,000,202 | ---- | C] () -- C:\Users\Pierce\Desktop\Terraria.url [2012.12.24 01:47:30 | 000,000,218 | ---- | C] () -- C:\Users\Pierce\.recently-used.xbel [2012.07.04 06:34:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.07.04 06:34:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.06.22 17:09:21 | 000,000,529 | ---- | C] () -- C:\Windows\eReg.dat [2012.04.18 19:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.02.17 19:44:28 | 000,111,928 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.02.17 19:43:20 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.01.28 16:16:14 | 000,000,000 | ---- | C] () -- C:\Users\Pierce\AppData\Local\{09D142B4-77A4-422D-B189-37377C6E1C0C} [2012.01.26 18:48:17 | 000,000,000 | ---- | C] () -- C:\Users\Pierce\AppData\Local\{FB9017D5-3234-4A21-AF85-B52229339836} [2011.12.10 14:28:20 | 000,000,000 | ---- | C] () -- C:\Users\Pierce\AppData\Local\{D5F8C78D-0B4F-4534-8DB6-9A0E362D4C55} [2011.12.10 14:27:19 | 000,000,000 | ---- | C] () -- C:\Users\Pierce\AppData\Local\{08C478D6-61CE-4DA4-96C4-A325A98F0A94} [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.09.07 14:19:46 | 000,166,912 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2011.09.07 14:19:46 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2011.09.07 14:13:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.08.03 19:18:22 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\.minecraft [2012.03.01 22:23:03 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\.minecraft - Kopie [2012.03.04 16:16:09 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\.minecraft versionen [2013.01.24 12:01:01 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\.purple [2012.01.20 06:42:09 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\.spoutcraft [2012.01.09 19:05:34 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\.spoutcraft - Kopie [2012.10.12 18:54:16 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\.techniclauncher [2011.09.11 17:38:55 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\ArmA II Launcher [2012.01.09 11:29:19 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\bandicraft [2012.06.22 17:53:52 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\CPUControl [2011.09.09 19:54:20 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\DAEMON Tools Lite [2013.01.22 23:07:24 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\EveHQ [2013.01.22 22:33:21 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\EVEMon [2012.12.23 19:57:43 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\gtk-2.0 [2013.01.24 12:35:15 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\ICQ [2013.01.22 23:05:14 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\Indicium Technologies [2012.05.06 15:51:20 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\Kalypso Media [2011.09.11 14:17:03 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\Leadertech [2013.01.23 01:19:35 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\Mumble [2012.01.09 19:05:16 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\Neuer Ordner [2011.10.08 12:06:25 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\OpenOffice.org [2012.07.13 19:20:57 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\six-updater [2011.09.11 12:34:27 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\six-zsync [2012.11.04 18:51:57 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\Tropico 4 [2013.01.24 00:55:18 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\TS3Client [2012.07.12 09:25:05 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\ts3overlay [2012.07.12 10:22:13 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\TSNotifier [2012.07.30 22:39:00 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\wargaming.net ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 4096 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys @Alternate Data Stream - 3584 bytes -> C:\ProgramData:gs5sys @Alternate Data Stream - 1536 bytes -> C:\Users\Pierce\Documents\desktop.ini:gs5sys @Alternate Data Stream - 1536 bytes -> C:\Users\Pierce\Desktop\desktop.ini:gs5sys < End of report > |
|
24.01.2013, 17:21
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU TrojanerZitat:
__________________ --> GVU Trojaner |
|
24.01.2013, 17:28
| #7 |
| | GVU Trojaner Sry habe es eh gelesen bloß was soll ich machen da steht ja überall der Name. Oder habe ich sonst noch was falsch gemacht. Gruss |
|
24.01.2013, 21:44
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner Du hättest ja auch vorher editieren und dann erst posten müssen...ich bin nicht für das nachträgliche Editieren von Logs berechtigt! Auch wenn ich es technisch gesehen machen könnte
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.01.2013, 22:11
| #9 |
| | GVU Trojaner Hatte es dann im post nochmal probiert aber die 60 min waren schon abgelaufen. Ich hoffe einfach mal das es nicht so schlimm ist da es ja nicht mein Name ist. Dachte nur das man evtl sachen da auslesen kann die evtl nicht für dauer öffentlich sein sollten. Gruß |
|
24.01.2013, 22:25
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner Das Editieren macht man im lokalen Texteditor NOTEPAD vor dem Posten hier im Forum
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.01.2013, 22:33
| #11 |
| | GVU Trojaner Ja das ist mir jetzt auch klar habe da wohl doch überstürzt gehandelt  Kannst du mir schon was zur auswertung sagen? gruß |
|
24.01.2013, 22:42
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner Ok, hier der Fix, teste bitte danach ob sich Windows normal und nicht nur abgesichert hochfahren lässt Fixen mit OTL
Code:
ATTFilter :OTL
O4 - HKU\S-1-5-21-1890510484-2314157509-767822104-1001..\Run: [svñhîst] C:\Users\Pierce\wgsdgsdgdsgsd.exe (Softspecialists)
@Alternate Data Stream - 4096 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys
@Alternate Data Stream - 3584 bytes -> C:\ProgramData:gs5sys
@Alternate Data Stream - 1536 bytes -> C:\Users\Pierce\Documents\desktop.ini:gs5sys
@Alternate Data Stream - 1536 bytes -> C:\Users\Pierce\Desktop\desktop.ini:gs5sys
:Files
C:\Users\Pierce\wgsdgsdgdsgsd.exe
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.01.2013, 23:06
| #13 |
| | GVU Trojaner So der Pc fährt jetzt wieder normal hoch. Aber oben links ist für kurze zeit immer noch so ein kleines dos Fenster zu sehn. Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1890510484-2314157509-767822104-1001\Software\Microsoft\Windows\CurrentVersion\Run\\svñhîst deleted successfully.
C:\Users\*****\wgsdgsdgdsgsd.exe moved successfully.
ADS C:\Users\Public\Documents\desktop.ini:gs5sys deleted successfully.
ADS C:\ProgramData:gs5sys deleted successfully.
ADS C:\Users\*****\Documents\desktop.ini:gs5sys deleted successfully.
ADS C:\Users\*****\Desktop\desktop.ini:gs5sys deleted successfully.
========== FILES ==========
File\Folder C:\Users\*****\wgsdgsdgdsgsd.exe not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\*****\Desktop\cmd.bat deleted successfully.
C:\Users\*****\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: mods
User: *****
->Temp folder emptied: 468703452 bytes
->Temporary Internet Files folder emptied: 1279781421 bytes
->Java cache emptied: 78662 bytes
->FireFox cache emptied: 328853056 bytes
->Flash cache emptied: 616 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 388241876 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 9917 bytes
Total Files Cleaned = 2.351,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 01242013_224728
Files\Folders moved on Reboot...
C:\Users\*****\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
25.01.2013, 12:06
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner Wir sind ja auch noch lange nicht fertig! 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.01.2013, 15:34
| #15 |
| | GVU Trojaner Hallo Erstmal möchte ich mich schon mal für deine Hilfe bedanken. Finde es richtig klasse wie einem hier im Board geholfen wird.  Gruß Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-25 15:07:37
-----------------------------
15:07:37.245 OS Version: Windows x64 6.1.7601 Service Pack 1
15:07:37.245 Number of processors: 4 586 0x1707
15:07:37.245 ComputerName: *****-PC UserName: *****
15:07:37.542 Initialize success
15:08:45.768 AVAST engine defs: 13012500
15:09:28.529 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
15:09:28.531 Disk 0 Vendor: INTEL_SSDSA2M080G2GC 2CV102M3 Size: 76319MB BusType: 3
15:09:28.534 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-4
15:09:28.536 Disk 1 Vendor: INTEL_SSDSA2MH080G1GC 045C8820 Size: 76319MB BusType: 3
15:09:28.539 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP0T0L0-0
15:09:28.541 Disk 2 Vendor: ST3500630A 3.AAF Size: 476940MB BusType: 3
15:09:28.544 Disk 0 MBR read successfully
15:09:28.549 Disk 0 MBR scan
15:09:28.554 Disk 0 Windows 7 default MBR code
15:09:28.556 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
15:09:28.561 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 76217 MB offset 206848
15:09:28.571 Disk 0 scanning C:\Windows\system32\drivers
15:09:31.556 Service scanning
15:09:38.894 Modules scanning
15:09:38.901 Disk 0 trace - called modules:
15:09:38.909 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
15:09:38.914 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003ea8060]
15:09:38.919 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa8003cb1520]
15:09:38.924 5 ACPI.sys[fffff88000fb07a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0xfffffa8003cad680]
15:09:39.174 AVAST engine scan C:\Windows
15:09:39.564 AVAST engine scan C:\Windows\system32
15:10:59.337 AVAST engine scan C:\Windows\system32\drivers
15:11:02.705 AVAST engine scan C:\Users\*****
15:12:17.996 AVAST engine scan C:\ProgramData
15:12:37.629 Scan finished successfully
15:13:35.975 Disk 0 MBR has been saved successfully to "C:\Users\*****\Desktop\MBR.dat"
15:13:35.975 The log file has been saved successfully to "C:\Users\*****\Desktop\aswMBR.txt"
Code:
ATTFilter 15:19:01.0301 2560 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:19:01.0401 2560 ============================================================
15:19:01.0401 2560 Current date / time: 2013/01/25 15:19:01.0401
15:19:01.0401 2560 SystemInfo:
15:19:01.0401 2560
15:19:01.0401 2560 OS Version: 6.1.7601 ServicePack: 1.0
15:19:01.0401 2560 Product type: Workstation
15:19:01.0401 2560 ComputerName: *****-PC
15:19:01.0403 2560 UserName: *****
15:19:01.0403 2560 Windows directory: C:\Windows
15:19:01.0403 2560 System windows directory: C:\Windows
15:19:01.0403 2560 Running under WOW64
15:19:01.0403 2560 Processor architecture: Intel x64
15:19:01.0403 2560 Number of processors: 4
15:19:01.0403 2560 Page size: 0x1000
15:19:01.0403 2560 Boot type: Normal boot
15:19:01.0403 2560 ============================================================
15:19:09.0179 2560 Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:19:09.0179 2560 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x8F74, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
15:19:09.0179 2560 Drive \Device\Harddisk1\DR1 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:19:09.0179 2560 ============================================================
15:19:09.0179 2560 \Device\Harddisk2\DR2:
15:19:09.0179 2560 MBR partitions:
15:19:09.0179 2560 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
15:19:09.0179 2560 \Device\Harddisk0\DR0:
15:19:09.0179 2560 MBR partitions:
15:19:09.0179 2560 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:19:09.0179 2560 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x94DC800
15:19:09.0179 2560 \Device\Harddisk1\DR1:
15:19:09.0179 2560 MBR partitions:
15:19:09.0179 2560 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x950E800
15:19:09.0179 2560 ============================================================
15:19:09.0179 2560 C: <-> \Device\Harddisk0\DR0\Partition2
15:19:09.0179 2560 E: <-> \Device\Harddisk1\DR1\Partition1
15:19:09.0210 2560 F: <-> \Device\Harddisk2\DR2\Partition1
15:19:09.0210 2560 ============================================================
15:19:09.0210 2560 Initialize success
15:19:09.0210 2560 ============================================================
15:22:09.0249 0564 ============================================================
15:22:09.0249 0564 Scan started
15:22:09.0249 0564 Mode: Manual; SigCheck; TDLFS;
15:22:09.0249 0564 ============================================================
15:22:09.0829 0564 ================ Scan system memory ========================
15:22:09.0829 0564 System memory - ok
15:22:09.0829 0564 ================ Scan services =============================
15:22:09.0867 0564 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:22:09.0912 0564 1394ohci - ok
15:22:09.0919 0564 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:22:09.0934 0564 ACPI - ok
15:22:09.0939 0564 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:22:09.0962 0564 AcpiPmi - ok
15:22:09.0967 0564 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:22:09.0977 0564 AdobeARMservice - ok
15:22:09.0984 0564 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:22:10.0004 0564 adp94xx - ok
15:22:10.0012 0564 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:22:10.0027 0564 adpahci - ok
15:22:10.0032 0564 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:22:10.0044 0564 adpu320 - ok
15:22:10.0049 0564 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:22:10.0102 0564 AeLookupSvc - ok
15:22:10.0112 0564 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
15:22:10.0129 0564 AFD - ok
15:22:10.0134 0564 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:22:10.0144 0564 agp440 - ok
15:22:10.0149 0564 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:22:10.0164 0564 ALG - ok
15:22:10.0167 0564 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
15:22:10.0177 0564 aliide - ok
15:22:10.0184 0564 [ E20DDDFBD0DBE7D8EAD4D7A51D654367 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:22:10.0209 0564 AMD External Events Utility - ok
15:22:10.0212 0564 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
15:22:10.0222 0564 amdide - ok
15:22:10.0227 0564 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:22:10.0239 0564 AmdK8 - ok
15:22:10.0359 0564 [ 4284FB1240537A33E6EC417EFD87D40F ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
15:22:10.0539 0564 amdkmdag - ok
15:22:10.0549 0564 [ 6C25C497E05EFD0CB6033A0444FC9B51 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
15:22:10.0569 0564 amdkmdap - ok
15:22:10.0572 0564 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
15:22:10.0584 0564 AmdPPM - ok
15:22:10.0587 0564 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:22:10.0599 0564 amdsata - ok
15:22:10.0604 0564 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
15:22:10.0617 0564 amdsbs - ok
15:22:10.0622 0564 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:22:10.0632 0564 amdxata - ok
15:22:10.0639 0564 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:22:10.0647 0564 AntiVirSchedulerService - ok
15:22:10.0652 0564 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:22:10.0659 0564 AntiVirService - ok
15:22:10.0664 0564 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
15:22:10.0739 0564 AppID - ok
15:22:10.0742 0564 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:22:10.0772 0564 AppIDSvc - ok
15:22:10.0777 0564 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
15:22:10.0807 0564 Appinfo - ok
15:22:10.0812 0564 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
15:22:10.0822 0564 arc - ok
15:22:10.0827 0564 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:22:10.0837 0564 arcsas - ok
15:22:10.0852 0564 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:22:10.0862 0564 aspnet_state - ok
15:22:10.0864 0564 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:22:10.0894 0564 AsyncMac - ok
15:22:10.0899 0564 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
15:22:10.0909 0564 atapi - ok
15:22:10.0914 0564 [ 24464B908E143D2561E9E452FEE97309 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
15:22:10.0929 0564 AtiHDAudioService - ok
15:22:11.0049 0564 [ 4284FB1240537A33E6EC417EFD87D40F ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
15:22:11.0167 0564 atikmdag - ok
15:22:11.0179 0564 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:22:11.0217 0564 AudioEndpointBuilder - ok
15:22:11.0227 0564 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:22:11.0259 0564 AudioSrv - ok
15:22:11.0264 0564 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
15:22:11.0274 0564 avgntflt - ok
15:22:11.0279 0564 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
15:22:11.0289 0564 avipbb - ok
15:22:11.0294 0564 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
15:22:11.0302 0564 avkmgr - ok
15:22:11.0307 0564 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:22:11.0329 0564 AxInstSV - ok
15:22:11.0337 0564 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
15:22:11.0354 0564 b06bdrv - ok
15:22:11.0359 0564 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:22:11.0374 0564 b57nd60a - ok
15:22:11.0382 0564 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:22:11.0394 0564 BDESVC - ok
15:22:11.0397 0564 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:22:11.0427 0564 Beep - ok
15:22:11.0437 0564 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
15:22:11.0474 0564 BFE - ok
15:22:11.0487 0564 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
15:22:11.0527 0564 BITS - ok
15:22:11.0532 0564 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:22:11.0542 0564 blbdrive - ok
15:22:11.0547 0564 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:22:11.0557 0564 bowser - ok
15:22:11.0562 0564 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
15:22:11.0574 0564 BrFiltLo - ok
15:22:11.0579 0564 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
15:22:11.0592 0564 BrFiltUp - ok
15:22:11.0597 0564 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
15:22:11.0609 0564 Browser - ok
15:22:11.0614 0564 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:22:11.0632 0564 Brserid - ok
15:22:11.0634 0564 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:22:11.0649 0564 BrSerWdm - ok
15:22:11.0652 0564 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:22:11.0664 0564 BrUsbMdm - ok
15:22:11.0669 0564 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:22:11.0679 0564 BrUsbSer - ok
15:22:11.0684 0564 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:22:11.0697 0564 BTHMODEM - ok
15:22:11.0702 0564 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:22:11.0732 0564 bthserv - ok
15:22:11.0737 0564 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:22:11.0767 0564 cdfs - ok
15:22:11.0772 0564 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:22:11.0784 0564 cdrom - ok
15:22:11.0789 0564 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
15:22:11.0819 0564 CertPropSvc - ok
15:22:11.0822 0564 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
15:22:11.0834 0564 circlass - ok
15:22:11.0842 0564 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:22:11.0857 0564 CLFS - ok
15:22:11.0864 0564 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:22:11.0874 0564 clr_optimization_v2.0.50727_32 - ok
15:22:11.0882 0564 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:22:11.0889 0564 clr_optimization_v2.0.50727_64 - ok
15:22:11.0902 0564 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:22:11.0912 0564 clr_optimization_v4.0.30319_32 - ok
15:22:11.0914 0564 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:22:11.0924 0564 clr_optimization_v4.0.30319_64 - ok
15:22:11.0927 0564 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
15:22:11.0939 0564 CmBatt - ok
15:22:11.0944 0564 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:22:11.0952 0564 cmdide - ok
15:22:11.0962 0564 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
15:22:11.0987 0564 CNG - ok
15:22:11.0989 0564 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
15:22:11.0999 0564 Compbatt - ok
15:22:12.0004 0564 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
15:22:12.0017 0564 CompositeBus - ok
15:22:12.0019 0564 COMSysApp - ok
15:22:12.0022 0564 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:22:12.0032 0564 crcdisk - ok
15:22:12.0037 0564 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
15:22:12.0042 0564 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
15:22:12.0042 0564 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
15:22:12.0049 0564 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:22:12.0062 0564 CryptSvc - ok
15:22:12.0069 0564 [ 69CDBA2B9C397E349A04FA70DD9170A2 ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
15:22:12.0074 0564 CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
15:22:12.0074 0564 CTAudSvcService - detected UnsignedFile.Multi.Generic (1)
15:22:12.0084 0564 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:22:12.0122 0564 DcomLaunch - ok
15:22:12.0129 0564 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:22:12.0162 0564 defragsvc - ok
15:22:12.0167 0564 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:22:12.0194 0564 DfsC - ok
15:22:12.0202 0564 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
15:22:12.0217 0564 Dhcp - ok
15:22:12.0222 0564 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:22:12.0252 0564 discache - ok
15:22:12.0254 0564 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
15:22:12.0267 0564 Disk - ok
15:22:12.0272 0564 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:22:12.0284 0564 Dnscache - ok
15:22:12.0289 0564 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:22:12.0322 0564 dot3svc - ok
15:22:12.0327 0564 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
15:22:12.0359 0564 DPS - ok
15:22:12.0362 0564 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:22:12.0374 0564 drmkaud - ok
15:22:12.0382 0564 [ D3D64CF7B2BCEAA34A270F45A3FFFB36 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:22:12.0394 0564 dtsoftbus01 - ok
15:22:12.0407 0564 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:22:12.0434 0564 DXGKrnl - ok
15:22:12.0439 0564 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:22:12.0469 0564 EapHost - ok
15:22:12.0504 0564 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
15:22:12.0557 0564 ebdrv - ok
15:22:12.0562 0564 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
15:22:12.0574 0564 EFS - ok
15:22:12.0584 0564 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:22:12.0607 0564 ehRecvr - ok
15:22:12.0612 0564 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:22:12.0624 0564 ehSched - ok
15:22:12.0632 0564 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:22:12.0652 0564 elxstor - ok
15:22:12.0654 0564 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:22:12.0667 0564 ErrDev - ok
15:22:12.0677 0564 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:22:12.0712 0564 EventSystem - ok
15:22:12.0717 0564 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:22:12.0749 0564 exfat - ok
15:22:12.0754 0564 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:22:12.0787 0564 fastfat - ok
15:22:12.0797 0564 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
15:22:12.0817 0564 Fax - ok
15:22:12.0822 0564 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:22:12.0832 0564 fdc - ok
15:22:12.0837 0564 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:22:12.0867 0564 fdPHost - ok
15:22:12.0869 0564 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:22:12.0899 0564 FDResPub - ok
15:22:12.0902 0564 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:22:12.0914 0564 FileInfo - ok
15:22:12.0917 0564 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:22:12.0947 0564 Filetrace - ok
15:22:12.0952 0564 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:22:12.0962 0564 flpydisk - ok
15:22:12.0969 0564 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:22:12.0984 0564 FltMgr - ok
15:22:12.0997 0564 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
15:22:13.0024 0564 FontCache - ok
15:22:13.0029 0564 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:22:13.0037 0564 FontCache3.0.0.0 - ok
15:22:13.0039 0564 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:22:13.0052 0564 FsDepends - ok
15:22:13.0054 0564 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:22:13.0064 0564 Fs_Rec - ok
15:22:13.0069 0564 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:22:13.0087 0564 fvevol - ok
15:22:13.0089 0564 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:22:13.0102 0564 gagp30kx - ok
15:22:13.0112 0564 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
15:22:13.0149 0564 gpsvc - ok
15:22:13.0154 0564 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:22:13.0164 0564 gupdate - ok
15:22:13.0167 0564 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:22:13.0177 0564 gupdatem - ok
15:22:13.0182 0564 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:22:13.0192 0564 gusvc - ok
15:22:13.0197 0564 [ F8F0851D336C3B88DBD7232B6348E09A ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
15:22:13.0204 0564 hamachi - ok
15:22:13.0209 0564 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:22:13.0219 0564 hcw85cir - ok
15:22:13.0227 0564 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:22:13.0244 0564 HdAudAddService - ok
15:22:13.0249 0564 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:22:13.0264 0564 HDAudBus - ok
15:22:13.0267 0564 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
15:22:13.0279 0564 HidBatt - ok
15:22:13.0284 0564 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:22:13.0297 0564 HidBth - ok
15:22:13.0302 0564 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
15:22:13.0314 0564 HidIr - ok
15:22:13.0317 0564 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
15:22:13.0347 0564 hidserv - ok
15:22:13.0352 0564 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:22:13.0362 0564 HidUsb - ok
15:22:13.0367 0564 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:22:13.0397 0564 hkmsvc - ok
15:22:13.0402 0564 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:22:13.0417 0564 HomeGroupListener - ok
15:22:13.0422 0564 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:22:13.0434 0564 HomeGroupProvider - ok
15:22:13.0439 0564 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:22:13.0449 0564 HpSAMD - ok
15:22:13.0459 0564 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:22:13.0499 0564 HTTP - ok
15:22:13.0502 0564 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:22:13.0512 0564 hwpolicy - ok
15:22:13.0517 0564 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:22:13.0529 0564 i8042prt - ok
15:22:13.0537 0564 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:22:13.0554 0564 iaStorV - ok
15:22:13.0564 0564 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:22:13.0587 0564 idsvc - ok
15:22:13.0592 0564 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:22:13.0602 0564 iirsp - ok
15:22:13.0614 0564 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
15:22:13.0654 0564 IKEEXT - ok
15:22:13.0659 0564 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
15:22:13.0672 0564 intelide - ok
15:22:13.0674 0564 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:22:13.0687 0564 intelppm - ok
15:22:13.0689 0564 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:22:13.0719 0564 IPBusEnum - ok
15:22:13.0724 0564 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:22:13.0752 0564 IpFilterDriver - ok
15:22:13.0762 0564 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:22:13.0782 0564 iphlpsvc - ok
15:22:13.0784 0564 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:22:13.0797 0564 IPMIDRV - ok
15:22:13.0802 0564 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:22:13.0832 0564 IPNAT - ok
15:22:13.0837 0564 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:22:13.0852 0564 IRENUM - ok
15:22:13.0854 0564 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:22:13.0864 0564 isapnp - ok
15:22:13.0872 0564 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:22:13.0887 0564 iScsiPrt - ok
15:22:13.0889 0564 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:22:13.0902 0564 kbdclass - ok
15:22:13.0904 0564 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:22:13.0914 0564 kbdhid - ok
15:22:13.0919 0564 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
15:22:13.0929 0564 KeyIso - ok
15:22:13.0932 0564 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:22:13.0944 0564 KSecDD - ok
15:22:13.0949 0564 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:22:13.0962 0564 KSecPkg - ok
15:22:13.0967 0564 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:22:13.0997 0564 ksthunk - ok
15:22:14.0004 0564 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:22:14.0037 0564 KtmRm - ok
15:22:14.0044 0564 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
15:22:14.0074 0564 LanmanServer - ok
15:22:14.0079 0564 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:22:14.0112 0564 LanmanWorkstation - ok
15:22:14.0119 0564 [ 19EFF704CD16DD0429E128431F1DD631 ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
15:22:14.0134 0564 LBTServ - ok
15:22:14.0139 0564 [ 1074C77A47835E03C15BF92452F9A750 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
15:22:14.0147 0564 LHidFilt - ok
15:22:14.0152 0564 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:22:14.0182 0564 lltdio - ok
15:22:14.0189 0564 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:22:14.0222 0564 lltdsvc - ok
15:22:14.0227 0564 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:22:14.0257 0564 lmhosts - ok
15:22:14.0259 0564 [ 96999C364C649E2866A268F7420A304A ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
15:22:14.0269 0564 LMouFilt - ok
15:22:14.0277 0564 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:22:14.0287 0564 LSI_FC - ok
15:22:14.0292 0564 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:22:14.0302 0564 LSI_SAS - ok
15:22:14.0307 0564 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
15:22:14.0317 0564 LSI_SAS2 - ok
15:22:14.0322 0564 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:22:14.0332 0564 LSI_SCSI - ok
15:22:14.0337 0564 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:22:14.0367 0564 luafv - ok
15:22:14.0372 0564 [ 11DDB1D900078FBE3691DF7B878AEC28 ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys
15:22:14.0382 0564 LUsbFilt - ok
15:22:14.0384 0564 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:22:14.0397 0564 Mcx2Svc - ok
15:22:14.0402 0564 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
15:22:14.0412 0564 megasas - ok
15:22:14.0419 0564 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
15:22:14.0432 0564 MegaSR - ok
15:22:14.0437 0564 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:22:14.0467 0564 MMCSS - ok
15:22:14.0469 0564 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:22:14.0499 0564 Modem - ok
15:22:14.0509 0564 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:22:14.0524 0564 monitor - ok
15:22:14.0529 0564 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:22:14.0539 0564 mouclass - ok
15:22:14.0542 0564 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:22:14.0554 0564 mouhid - ok
15:22:14.0559 0564 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:22:14.0569 0564 mountmgr - ok
15:22:14.0574 0564 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:22:14.0584 0564 MozillaMaintenance - ok
15:22:14.0589 0564 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
15:22:14.0602 0564 mpio - ok
15:22:14.0604 0564 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:22:14.0634 0564 mpsdrv - ok
15:22:14.0647 0564 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:22:14.0684 0564 MpsSvc - ok
15:22:14.0692 0564 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:22:14.0707 0564 MRxDAV - ok
15:22:14.0712 0564 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:22:14.0724 0564 mrxsmb - ok
15:22:14.0732 0564 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:22:14.0744 0564 mrxsmb10 - ok
15:22:14.0749 0564 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:22:14.0759 0564 mrxsmb20 - ok
15:22:14.0762 0564 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
15:22:14.0774 0564 msahci - ok
15:22:14.0777 0564 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:22:14.0789 0564 msdsm - ok
15:22:14.0792 0564 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:22:14.0807 0564 MSDTC - ok
15:22:14.0812 0564 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:22:14.0842 0564 Msfs - ok
15:22:14.0847 0564 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:22:14.0877 0564 mshidkmdf - ok
15:22:14.0879 0564 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:22:14.0889 0564 msisadrv - ok
15:22:14.0894 0564 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:22:14.0927 0564 MSiSCSI - ok
15:22:14.0929 0564 msiserver - ok
15:22:14.0932 0564 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:22:14.0962 0564 MSKSSRV - ok
15:22:14.0964 0564 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:22:14.0994 0564 MSPCLOCK - ok
15:22:14.0999 0564 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:22:15.0029 0564 MSPQM - ok
15:22:15.0037 0564 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:22:15.0052 0564 MsRPC - ok
15:22:15.0057 0564 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:22:15.0067 0564 mssmbios - ok
15:22:15.0072 0564 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:22:15.0102 0564 MSTEE - ok
15:22:15.0104 0564 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
15:22:15.0114 0564 MTConfig - ok
15:22:15.0119 0564 [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
15:22:15.0129 0564 MTsensor - ok
15:22:15.0132 0564 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:22:15.0142 0564 Mup - ok
15:22:15.0152 0564 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
15:22:15.0187 0564 napagent - ok
15:22:15.0194 0564 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:22:15.0214 0564 NativeWifiP - ok
15:22:15.0227 0564 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:22:15.0252 0564 NDIS - ok
15:22:15.0257 0564 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:22:15.0287 0564 NdisCap - ok
15:22:15.0289 0564 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:22:15.0319 0564 NdisTapi - ok
15:22:15.0322 0564 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:22:15.0352 0564 Ndisuio - ok
15:22:15.0357 0564 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:22:15.0387 0564 NdisWan - ok
15:22:15.0392 0564 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:22:15.0419 0564 NDProxy - ok
15:22:15.0424 0564 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:22:15.0454 0564 NetBIOS - ok
15:22:15.0459 0564 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:22:15.0489 0564 NetBT - ok
15:22:15.0494 0564 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
15:22:15.0504 0564 Netlogon - ok
15:22:15.0512 0564 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:22:15.0547 0564 Netman - ok
15:22:15.0552 0564 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:22:15.0562 0564 NetMsmqActivator - ok
15:22:15.0577 0564 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:22:15.0587 0564 NetPipeActivator - ok
15:22:15.0594 0564 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:22:15.0632 0564 netprofm - ok
15:22:15.0634 0564 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:22:15.0644 0564 NetTcpActivator - ok
15:22:15.0649 0564 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:22:15.0657 0564 NetTcpPortSharing - ok
15:22:15.0659 0564 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:22:15.0672 0564 nfrd960 - ok
15:22:15.0677 0564 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:22:15.0692 0564 NlaSvc - ok
15:22:15.0694 0564 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:22:15.0724 0564 Npfs - ok
15:22:15.0729 0564 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:22:15.0759 0564 nsi - ok
15:22:15.0762 0564 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:22:15.0792 0564 nsiproxy - ok
15:22:15.0812 0564 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:22:15.0849 0564 Ntfs - ok
15:22:15.0854 0564 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:22:15.0882 0564 Null - ok
15:22:15.0887 0564 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:22:15.0899 0564 nvraid - ok
15:22:15.0904 0564 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:22:15.0917 0564 nvstor - ok
15:22:15.0922 0564 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:22:15.0932 0564 nv_agp - ok
15:22:15.0937 0564 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:22:15.0949 0564 ohci1394 - ok
15:22:15.0964 0564 [ EDD1DCD36F6115ACC6935C3F88FF54D7 ] P17 C:\Windows\system32\drivers\P17.sys
15:22:15.0992 0564 P17 - ok
15:22:15.0999 0564 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:22:16.0014 0564 p2pimsvc - ok
15:22:16.0024 0564 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:22:16.0039 0564 p2psvc - ok
15:22:16.0044 0564 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
15:22:16.0057 0564 Parport - ok
15:22:16.0059 0564 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:22:16.0072 0564 partmgr - ok
15:22:16.0077 0564 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:22:16.0094 0564 PcaSvc - ok
15:22:16.0099 0564 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
15:22:16.0112 0564 pci - ok
15:22:16.0117 0564 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
15:22:16.0127 0564 pciide - ok
15:22:16.0132 0564 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
15:22:16.0144 0564 pcmcia - ok
15:22:16.0149 0564 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:22:16.0159 0564 pcw - ok
15:22:16.0169 0564 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:22:16.0209 0564 PEAUTH - ok
15:22:16.0234 0564 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:22:16.0247 0564 PerfHost - ok
15:22:16.0269 0564 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
15:22:16.0317 0564 pla - ok
15:22:16.0324 0564 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:22:16.0342 0564 PlugPlay - ok
15:22:16.0344 0564 PnkBstrA - ok
15:22:16.0349 0564 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:22:16.0359 0564 PNRPAutoReg - ok
15:22:16.0367 0564 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:22:16.0382 0564 PNRPsvc - ok
15:22:16.0389 0564 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:22:16.0424 0564 PolicyAgent - ok
15:22:16.0432 0564 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:22:16.0464 0564 Power - ok
15:22:16.0469 0564 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:22:16.0499 0564 PptpMiniport - ok
15:22:16.0502 0564 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
15:22:16.0514 0564 Processor - ok
15:22:16.0519 0564 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
15:22:16.0532 0564 ProfSvc - ok
15:22:16.0537 0564 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:22:16.0547 0564 ProtectedStorage - ok
15:22:16.0552 0564 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:22:16.0582 0564 Psched - ok
15:22:16.0597 0564 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:22:16.0632 0564 ql2300 - ok
15:22:16.0637 0564 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:22:16.0649 0564 ql40xx - ok
15:22:16.0654 0564 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:22:16.0674 0564 QWAVE - ok
15:22:16.0677 0564 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:22:16.0692 0564 QWAVEdrv - ok
15:22:16.0697 0564 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:22:16.0724 0564 RasAcd - ok
15:22:16.0729 0564 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:22:16.0759 0564 RasAgileVpn - ok
15:22:16.0764 0564 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:22:16.0794 0564 RasAuto - ok
15:22:16.0799 0564 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:22:16.0829 0564 Rasl2tp - ok
15:22:16.0837 0564 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
15:22:16.0869 0564 RasMan - ok
15:22:16.0874 0564 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:22:16.0904 0564 RasPppoe - ok
15:22:16.0909 0564 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:22:16.0939 0564 RasSstp - ok
15:22:16.0947 0564 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:22:16.0977 0564 rdbss - ok
15:22:16.0982 0564 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
15:22:16.0994 0564 rdpbus - ok
15:22:16.0997 0564 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:22:17.0027 0564 RDPCDD - ok
15:22:17.0032 0564 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:22:17.0062 0564 RDPENCDD - ok
15:22:17.0067 0564 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:22:17.0097 0564 RDPREFMP - ok
15:22:17.0102 0564 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:22:17.0112 0564 RdpVideoMiniport - ok
15:22:17.0119 0564 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:22:17.0132 0564 RDPWD - ok
15:22:17.0137 0564 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:22:17.0149 0564 rdyboost - ok
15:22:17.0154 0564 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:22:17.0184 0564 RemoteAccess - ok
15:22:17.0189 0564 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:22:17.0222 0564 RemoteRegistry - ok
15:22:17.0224 0564 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:22:17.0257 0564 RpcEptMapper - ok
15:22:17.0259 0564 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:22:17.0272 0564 RpcLocator - ok
15:22:17.0279 0564 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
15:22:17.0312 0564 RpcSs - ok
15:22:17.0317 0564 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:22:17.0347 0564 rspndr - ok
15:22:17.0352 0564 [ ABCB5A38A0D85BDF69B7877E1AD1EED5 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
15:22:17.0374 0564 RTL8167 - ok
15:22:17.0379 0564 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
15:22:17.0389 0564 SamSs - ok
15:22:17.0394 0564 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:22:17.0404 0564 sbp2port - ok
15:22:17.0409 0564 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:22:17.0444 0564 SCardSvr - ok
15:22:17.0447 0564 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:22:17.0474 0564 scfilter - ok
15:22:17.0489 0564 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
15:22:17.0532 0564 Schedule - ok
15:22:17.0534 0564 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:22:17.0564 0564 SCPolicySvc - ok
15:22:17.0569 0564 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:22:17.0582 0564 SDRSVC - ok
15:22:17.0587 0564 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:22:17.0617 0564 secdrv - ok
15:22:17.0619 0564 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
15:22:17.0649 0564 seclogon - ok
15:22:17.0652 0564 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
15:22:17.0682 0564 SENS - ok
15:22:17.0687 0564 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:22:17.0699 0564 SensrSvc - ok
15:22:17.0702 0564 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:22:17.0712 0564 Serenum - ok
15:22:17.0717 0564 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:22:17.0727 0564 Serial - ok
15:22:17.0732 0564 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:22:17.0744 0564 sermouse - ok
15:22:17.0752 0564 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
15:22:17.0784 0564 SessionEnv - ok
15:22:17.0787 0564 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:22:17.0799 0564 sffdisk - ok
15:22:17.0802 0564 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:22:17.0817 0564 sffp_mmc - ok
15:22:17.0819 0564 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:22:17.0832 0564 sffp_sd - ok
15:22:17.0837 0564 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
15:22:17.0847 0564 sfloppy - ok
15:22:17.0854 0564 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:22:17.0887 0564 SharedAccess - ok
15:22:17.0897 0564 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:22:17.0929 0564 ShellHWDetection - ok
15:22:17.0932 0564 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
15:22:17.0942 0564 SiSRaid2 - ok
15:22:17.0947 0564 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:22:17.0957 0564 SiSRaid4 - ok
15:22:17.0962 0564 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:22:17.0992 0564 Smb - ok
15:22:17.0999 0564 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:22:18.0012 0564 SNMPTRAP - ok
15:22:18.0014 0564 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:22:18.0027 0564 spldr - ok
15:22:18.0034 0564 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
15:22:18.0052 0564 Spooler - ok
15:22:18.0089 0564 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
15:22:18.0162 0564 sppsvc - ok
15:22:18.0167 0564 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:22:18.0197 0564 sppuinotify - ok
15:22:18.0204 0564 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
15:22:18.0222 0564 srv - ok
15:22:18.0229 0564 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:22:18.0247 0564 srv2 - ok
15:22:18.0252 0564 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:22:18.0264 0564 srvnet - ok
15:22:18.0269 0564 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:22:18.0304 0564 SSDPSRV - ok
15:22:18.0307 0564 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:22:18.0339 0564 SstpSvc - ok
15:22:18.0342 0564 Steam Client Service - ok
15:22:18.0347 0564 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
15:22:18.0357 0564 stexstor - ok
15:22:18.0367 0564 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
15:22:18.0389 0564 stisvc - ok
15:22:18.0394 0564 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:22:18.0404 0564 swenum - ok
15:22:18.0414 0564 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:22:18.0452 0564 swprv - ok
15:22:18.0472 0564 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
15:22:18.0509 0564 SysMain - ok
15:22:18.0514 0564 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:22:18.0532 0564 TabletInputService - ok
15:22:18.0539 0564 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:22:18.0572 0564 TapiSrv - ok
15:22:18.0574 0564 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:22:18.0607 0564 TBS - ok
15:22:18.0627 0564 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:22:18.0669 0564 Tcpip - ok
15:22:18.0692 0564 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:22:18.0724 0564 TCPIP6 - ok
15:22:18.0729 0564 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:22:18.0739 0564 tcpipreg - ok
15:22:18.0744 0564 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:22:18.0757 0564 TDPIPE - ok
15:22:18.0759 0564 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:22:18.0772 0564 TDTCP - ok
15:22:18.0777 0564 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:22:18.0804 0564 tdx - ok
15:22:18.0809 0564 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:22:18.0819 0564 TermDD - ok
15:22:18.0829 0564 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
15:22:18.0869 0564 TermService - ok
15:22:18.0874 0564 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:22:18.0889 0564 Themes - ok
15:22:18.0894 0564 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:22:18.0924 0564 THREADORDER - ok
15:22:18.0929 0564 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:22:18.0959 0564 TrkWks - ok
15:22:18.0964 0564 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:22:18.0994 0564 TrustedInstaller - ok
15:22:18.0999 0564 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:22:19.0027 0564 tssecsrv - ok
15:22:19.0032 0564 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:22:19.0042 0564 TsUsbFlt - ok
15:22:19.0047 0564 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
15:22:19.0057 0564 TsUsbGD - ok
15:22:19.0062 0564 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:22:19.0092 0564 tunnel - ok
15:22:19.0097 0564 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:22:19.0107 0564 uagp35 - ok
15:22:19.0114 0564 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:22:19.0144 0564 udfs - ok
15:22:19.0152 0564 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:22:19.0164 0564 UI0Detect - ok
15:22:19.0169 0564 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:22:19.0179 0564 uliagpkx - ok
15:22:19.0184 0564 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:22:19.0194 0564 umbus - ok
15:22:19.0199 0564 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
15:22:19.0209 0564 UmPass - ok
15:22:19.0217 0564 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:22:19.0252 0564 upnphost - ok
15:22:19.0254 0564 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:22:19.0267 0564 usbccgp - ok
15:22:19.0269 0564 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:22:19.0284 0564 usbcir - ok
15:22:19.0289 0564 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
15:22:19.0299 0564 usbehci - ok
15:22:19.0307 0564 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:22:19.0319 0564 usbhub - ok
15:22:19.0324 0564 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:22:19.0334 0564 usbohci - ok
15:22:19.0339 0564 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
15:22:19.0352 0564 usbprint - ok
15:22:19.0354 0564 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:22:19.0367 0564 USBSTOR - ok
15:22:19.0369 0564 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
15:22:19.0379 0564 usbuhci - ok
15:22:19.0384 0564 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:22:19.0417 0564 UxSms - ok
15:22:19.0419 0564 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
15:22:19.0432 0564 VaultSvc - ok
15:22:19.0434 0564 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:22:19.0444 0564 vdrvroot - ok
15:22:19.0454 0564 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
15:22:19.0489 0564 vds - ok
15:22:19.0494 0564 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:22:19.0507 0564 vga - ok
15:22:19.0509 0564 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:22:19.0539 0564 VgaSave - ok
15:22:19.0544 0564 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:22:19.0559 0564 vhdmp - ok
15:22:19.0562 0564 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
15:22:19.0572 0564 viaide - ok
15:22:19.0577 0564 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:22:19.0614 0564 volmgr - ok
15:22:19.0627 0564 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:22:19.0642 0564 volmgrx - ok
15:22:19.0647 0564 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:22:19.0662 0564 volsnap - ok
15:22:19.0667 0564 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:22:19.0680 0564 vsmraid - ok
15:22:19.0700 0564 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
15:22:19.0747 0564 VSS - ok
15:22:19.0750 0564 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
15:22:19.0765 0564 vwifibus - ok
15:22:19.0772 0564 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:22:19.0807 0564 W32Time - ok
15:22:19.0812 0564 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:22:19.0822 0564 WacomPen - ok
15:22:19.0827 0564 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:22:19.0857 0564 WANARP - ok
15:22:19.0860 0564 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:22:19.0890 0564 Wanarpv6 - ok
15:22:19.0907 0564 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
15:22:19.0937 0564 wbengine - ok
15:22:19.0945 0564 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:22:19.0962 0564 WbioSrvc - ok
15:22:19.0970 0564 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:22:19.0990 0564 wcncsvc - ok
15:22:19.0995 0564 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:22:20.0007 0564 WcsPlugInService - ok
15:22:20.0010 0564 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
15:22:20.0020 0564 Wd - ok
15:22:20.0032 0564 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:22:20.0057 0564 Wdf01000 - ok
15:22:20.0060 0564 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:22:20.0090 0564 WdiServiceHost - ok
15:22:20.0095 0564 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:22:20.0110 0564 WdiSystemHost - ok
15:22:20.0115 0564 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
15:22:20.0135 0564 WebClient - ok
15:22:20.0140 0564 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:22:20.0175 0564 Wecsvc - ok
15:22:20.0180 0564 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:22:20.0210 0564 wercplsupport - ok
15:22:20.0215 0564 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:22:20.0245 0564 WerSvc - ok
15:22:20.0250 0564 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:22:20.0280 0564 WfpLwf - ok
15:22:20.0282 0564 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:22:20.0292 0564 WIMMount - ok
15:22:20.0295 0564 WinDefend - ok
15:22:20.0300 0564 WinHttpAutoProxySvc - ok
15:22:20.0310 0564 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:22:20.0340 0564 Winmgmt - ok
15:22:20.0362 0564 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
15:22:20.0417 0564 WinRM - ok
15:22:20.0432 0564 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:22:20.0460 0564 Wlansvc - ok
15:22:20.0465 0564 [ 680A7846370000D20D7E74917D5B7936 ] WmBEnum C:\Windows\system32\drivers\WmBEnum.sys
15:22:20.0475 0564 WmBEnum - ok
15:22:20.0477 0564 [ 14C35BA8189C6F65D839163AA285E954 ] WmFilter C:\Windows\system32\drivers\WmFilter.sys
15:22:20.0485 0564 WmFilter - ok
15:22:20.0492 0564 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:22:20.0505 0564 WmiAcpi - ok
15:22:20.0512 0564 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:22:20.0527 0564 wmiApSrv - ok
15:22:20.0530 0564 WMPNetworkSvc - ok
15:22:20.0535 0564 [ 8488DD91A3EE54A8E29F02AD7BB8201E ] WmVirHid C:\Windows\system32\drivers\WmVirHid.sys
15:22:20.0542 0564 WmVirHid - ok
15:22:20.0545 0564 [ 14802B3A30AA849C97CB968CCC813BF3 ] WmXlCore C:\Windows\system32\drivers\WmXlCore.sys
15:22:20.0555 0564 WmXlCore - ok
15:22:20.0557 0564 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:22:20.0570 0564 WPCSvc - ok
15:22:20.0575 0564 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:22:20.0597 0564 WPDBusEnum - ok
15:22:20.0600 0564 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:22:20.0630 0564 ws2ifsl - ok
15:22:20.0635 0564 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
15:22:20.0650 0564 wscsvc - ok
15:22:20.0652 0564 WSearch - ok
15:22:20.0682 0564 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:22:20.0732 0564 wuauserv - ok
15:22:20.0737 0564 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:22:20.0747 0564 WudfPf - ok
15:22:20.0752 0564 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:22:20.0765 0564 WUDFRd - ok
15:22:20.0770 0564 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:22:20.0782 0564 wudfsvc - ok
15:22:20.0790 0564 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
15:22:20.0807 0564 WwanSvc - ok
15:22:20.0812 0564 ================ Scan global ===============================
15:22:20.0817 0564 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:22:20.0820 0564 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
15:22:20.0827 0564 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
15:22:20.0832 0564 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:22:20.0840 0564 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:22:20.0842 0564 [Global] - ok
15:22:20.0845 0564 ================ Scan MBR ==================================
15:22:20.0857 0564 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk2\DR2
15:22:20.0912 0564 \Device\Harddisk2\DR2 - ok
15:22:20.0915 0564 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:22:20.0985 0564 \Device\Harddisk0\DR0 - ok
15:22:20.0987 0564 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
15:22:21.0000 0564 \Device\Harddisk1\DR1 - ok
15:22:21.0000 0564 ================ Scan VBR ==================================
15:22:21.0027 0564 [ C4F7A122A8050FEB2E24022520816D81 ] \Device\Harddisk2\DR2\Partition1
15:22:21.0030 0564 \Device\Harddisk2\DR2\Partition1 - ok
15:22:21.0032 0564 [ 104A4B2020FF2900AF7330BAE009DFAA ] \Device\Harddisk0\DR0\Partition1
15:22:21.0032 0564 \Device\Harddisk0\DR0\Partition1 - ok
15:22:21.0035 0564 [ E9E090CF443957569C75B66FC0381EA4 ] \Device\Harddisk0\DR0\Partition2
15:22:21.0037 0564 \Device\Harddisk0\DR0\Partition2 - ok
15:22:21.0040 0564 [ 8D1D5C7715547CC1BAA13E1298830D10 ] \Device\Harddisk1\DR1\Partition1
15:22:21.0040 0564 \Device\Harddisk1\DR1\Partition1 - ok
15:22:21.0040 0564 ============================================================
15:22:21.0040 0564 Scan finished
15:22:21.0040 0564 ============================================================
15:22:21.0050 3568 Detected object count: 2
15:22:21.0050 3568 Actual detected object count: 2
15:23:16.0145 3568 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:23:16.0145 3568 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:23:16.0145 3568 CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
15:23:16.0145 3568 CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:23:52.0706 3632 Deinitialize success
|
|
| Themen zu GVU Trojaner |
| ander, dateien, daten, eigene dateien, favoriten, geändert, interne, internetverbindung, lieber, neu aufsetzen, neuaufsetzen, neustart, nichts, passwörter, platte, platten, programm, rechner, seite, system, troja, trojaner, verbindung, wirklich, würde, zutun |
Textbox. 
Linear-Darstellung
