| |
| |||||||
Log-Analyse und Auswertung: Cmd.exe wird kurzzeitig beim Start von Windows ausgeführtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
23.06.2012, 01:49
| #1 |
| |  Cmd.exe wird kurzzeitig beim Start von Windows ausgeführt Hallo liebe Leute, seit einiger Zeit öffnet sich beim Starten von Windows jedesmal kurzzeitig die cmd.exe und führt irgendetwas aus. Da ich in diesem Forum gelesen habe, dass dies eventuell ein Wurm/Würmer sein kann, ersuche ich nun bei euch um Hilfe. Seitdem dieses "Problem" besteht, wird der Desktop auch um einiges langsamer als vorher geladen. Ein Scan mit Avast ergab nichts und auch eine Systemwiederherstellung hat nicht geholfen. Ich habe nach den Ergebnissen der anderen Threads im Logfile von HJT gesucht, allerdings nichts dergleichen gefunden. Ich hoffe Ihr könnt mir meine OTL logs auswerten und ggf. Rat geben. OTL.txt: Code:
ATTFilter OTL logfile created on: 23.06.2012 02:00:05 - Run 1 OTL by OldTimer - Version 3.2.52.0 Folder = C:\Users\***\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,87 Gb Total Physical Memory | 4,51 Gb Available Physical Memory | 76,85% Memory free 11,73 Gb Paging File | 10,13 Gb Available in Paging File | 86,35% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 455,95 Gb Total Space | 69,06 Gb Free Space | 15,15% Space Free | Partition Type: NTFS Drive D: | 456,46 Gb Total Space | 183,50 Gb Free Space | 40,20% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.23 00:27:01 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe PRC - [2012.03.15 22:42:15 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.03.07 02:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2012.03.07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.02.23 12:40:40 | 002,886,528 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2009.12.22 20:11:42 | 000,181,480 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe PRC - [2009.12.09 11:24:16 | 000,076,320 | ---- | M] () -- C:\OEM\USBDECTION\USBS3S4Detection.exe PRC - [2009.10.13 20:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.10.13 20:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2009.09.30 20:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.09.30 20:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.09.10 15:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe PRC - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe PRC - [2009.08.18 09:27:26 | 000,629,280 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe PRC - [2009.08.13 00:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2009.08.12 23:58:28 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe PRC - [2009.08.04 07:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2009.05.14 17:07:12 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe PRC - [2008.10.25 01:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ========== Modules (No Company Name) ========== MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2009.08.18 09:31:22 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll MOD - [2009.08.18 09:27:26 | 000,629,280 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe MOD - [2009.02.03 02:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.06.19 12:05:35 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.06.16 23:00:25 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.06.01 13:18:16 | 000,736,104 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService) SRV - [2012.03.15 22:42:15 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.03.07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.02.29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.02.28 18:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.02.23 12:40:40 | 002,886,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.12.09 11:24:16 | 000,076,320 | ---- | M] () [Auto | Running] -- C:\OEM\USBDECTION\USBS3S4Detection.exe -- (USBS3S4Detection) SRV - [2009.10.13 20:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R) SRV - [2009.09.30 20:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2009.09.30 20:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2009.09.10 15:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service) SRV - [2009.08.25 19:38:06 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.08.13 00:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.05.14 17:07:12 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe -- (ABBYY.Licensing.PDFTransformer.Site License.3.0) SRV - [2008.10.25 01:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.03.07 02:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2012.03.07 02:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2012.03.07 02:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2012.03.07 02:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2012.03.07 02:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012.03.07 02:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.14 19:51:07 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2009.10.29 10:14:38 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2009.10.13 20:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.09.30 03:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.09.23 11:11:04 | 000,283,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel(R) DRV:64bit: - [2009.09.17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009.09.16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.02 13:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009.06.02 13:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009.06.02 13:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2009.05.06 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009.05.06 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5811&r=173602129141710c4h673f64je9969 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5811&r=173602129141710c4h673f64je9969 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5811&r=173602129141710c4h673f64je9969 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5811&r=173602129141710c4h673f64je9969 IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5811&r=173602129141710c4h673f64je9969 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m5811&r=173602129141710c4h673f64je9969 IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE471 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..network.proxy.http: "157.181.228.181" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.03.16 16:56:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.25 03:41:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.16 23:00:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.21 13:59:33 | 000,000,000 | ---D | M] [2012.02.14 19:08:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.06.15 19:30:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fy5wpy12.default\extensions [2012.03.16 22:36:00 | 000,000,933 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fy5wpy12.default\searchplugins\11-suche.xml [2012.03.16 22:36:00 | 000,002,419 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fy5wpy12.default\searchplugins\englische-ergebnisse.xml [2012.03.16 22:36:00 | 000,010,525 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fy5wpy12.default\searchplugins\gmx-suche.xml [2012.03.16 22:36:00 | 000,002,457 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fy5wpy12.default\searchplugins\lastminute.xml [2012.03.16 22:36:00 | 000,005,508 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fy5wpy12.default\searchplugins\webde-suche.xml [2012.06.13 12:47:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.06.13 12:47:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.02.25 03:41:17 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012.02.25 03:39:12 | 000,550,833 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FY5WPY12.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI [2012.06.15 19:30:57 | 000,182,698 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FY5WPY12.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI [2012.06.16 23:00:26 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.08 19:36:16 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.08 19:21:19 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.08 19:36:16 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.08 19:36:16 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.08 19:36:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.08 19:36:16 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe () O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [AdobeBridge] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53F9B157-4FFE-4027-AA83-3BB5E8F64FC8}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF47CFB1-341A-429E-9B4F-E7CF6D8ACFE5}: DhcpNameServer = 7.254.254.254 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.16 21:34:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dead Island DELUXE EDITION [2012.06.16 16:49:31 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Tunngle [2012.06.16 16:49:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Tunngle [2012.06.16 16:49:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Tunngle [2012.06.16 16:49:27 | 000,031,232 | ---- | C] (Tunngle.net) -- C:\Windows\SysNative\drivers\tap0901t.sys [2012.06.16 16:49:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle [2012.06.16 16:49:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tunngle [2012.06.15 14:44:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QfG [2012.06.15 00:15:05 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\wolfenstein [2012.06.13 12:26:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.06.13 12:26:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.12 19:57:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Activision [2012.06.12 17:58:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\globalip [2012.06.12 17:57:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\globalip [2012.06.10 19:37:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ArmA 2 Free [2012.06.10 19:29:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive [2012.06.10 19:29:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive [2012.06.10 19:27:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bohemia Interactive [2012.06.05 21:58:48 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\d. gray-man [2012.06.04 21:03:50 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\mashiro [2012.05.27 14:08:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\fltk.org [2012.05.27 14:08:02 | 000,000,000 | ---D | C] -- C:\ProgramData\fltk.org [2012.05.27 14:04:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amnesia - The Dark Descent [2012.05.27 14:01:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amnesia - The Dark Descent [2012.05.27 00:51:29 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Amnesia [2012.05.27 00:44:05 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\OnLive App [2012.05.27 00:43:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\OnLive App ========== Files - Modified Within 30 Days ========== [2012.06.23 01:58:42 | 000,000,168 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.06.23 01:23:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.22 19:58:09 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.22 19:58:09 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.22 19:50:32 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.22 19:50:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.22 19:50:14 | 429,178,879 | -HS- | M] () -- C:\hiberfil.sys [2012.06.19 13:52:57 | 000,002,124 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk [2012.06.17 16:13:56 | 004,916,208 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.16 21:34:52 | 000,001,261 | ---- | M] () -- C:\Users\Public\Desktop\Dead Island DELUXE EDITION.lnk [2012.06.16 17:56:23 | 000,001,084 | ---- | M] () -- C:\Users\***\Desktop\save_0.sav [2012.06.16 16:49:28 | 000,000,999 | ---- | M] () -- C:\Users\Public\Desktop\Tunngle beta.lnk [2012.06.14 23:58:08 | 001,634,396 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.14 23:58:08 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.14 23:58:08 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.14 23:58:08 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.14 23:58:08 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.13 20:52:35 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012.06.13 13:11:18 | 000,000,221 | ---- | M] () -- C:\Users\***\Desktop\Call of Duty Black Ops - Multiplayer.url [2012.06.13 12:39:12 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2012.06.07 12:01:00 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.06.07 12:01:00 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.06.07 12:00:40 | 000,282,864 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012.06.05 20:24:56 | 000,000,559 | ---- | M] () -- C:\Users\***\Desktop\antrag.rtf [2012.05.31 20:31:10 | 002,212,458 | ---- | M] () -- C:\Users\***\Desktop\The Qemists - Dem na Like me.mp3 [2012.05.27 14:04:29 | 000,002,184 | ---- | M] () -- C:\Users\***\Desktop\Amnesia.lnk ========== Files Created - No Company Name ========== [2012.06.23 01:58:42 | 000,000,168 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.06.16 21:34:52 | 000,001,261 | ---- | C] () -- C:\Users\Public\Desktop\Dead Island DELUXE EDITION.lnk [2012.06.16 20:54:55 | 000,001,084 | ---- | C] () -- C:\Users\***\Desktop\save_0.sav [2012.06.16 16:49:28 | 000,000,999 | ---- | C] () -- C:\Users\Public\Desktop\Tunngle beta.lnk [2012.06.13 13:11:18 | 000,000,221 | ---- | C] () -- C:\Users\***\Desktop\Call of Duty Black Ops - Multiplayer.url [2012.06.05 18:47:53 | 000,000,559 | ---- | C] () -- C:\Users\***\Desktop\antrag.rtf [2012.05.31 20:30:45 | 002,212,458 | ---- | C] () -- C:\Users\***\Desktop\The Qemists - Dem na Like me.mp3 [2012.05.27 14:04:29 | 000,002,184 | ---- | C] () -- C:\Users\***\Desktop\Amnesia.lnk [2012.04.10 19:32:14 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.03.15 22:22:30 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.03.15 22:22:29 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.03.05 21:34:09 | 000,000,154 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat [2012.02.29 16:14:47 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll [2012.02.20 18:09:18 | 002,580,552 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.02.14 15:37:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010.03.23 17:03:34 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== LOP Check ========== [2012.04.30 23:07:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AnvSoft [2012.03.08 18:55:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ASCOMP Software [2012.03.26 18:43:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2012.05.27 14:08:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\fltk.org [2012.06.13 22:37:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\globalip [2012.03.22 01:23:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2012.05.09 15:31:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mael [2012.05.09 15:33:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MW3 FoV Changer [2012.05.27 00:47:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OnLive App [2012.03.05 19:43:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2012.02.14 19:54:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Origin [2012.03.30 18:21:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PowerCinema [2012.04.30 21:13:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Publish Providers [2012.03.30 11:29:56 | 000,000,000 | ---D | M] -- C:\Users\***n\AppData\Roaming\SoftDMA [2012.04.30 22:33:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony [2012.03.03 16:01:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2012.03.05 21:34:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template [2012.06.13 22:37:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client [2012.06.16 17:56:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tunngle [2012.03.08 19:03:14 | 000,000,000 | ---D | M] -- C:\Users\***n\AppData\Roaming\Wise Registry Cleaner [2012.04.15 13:18:36 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:0B9176C0 < End of report > Code:
ATTFilter OTL Extras logfile created on: 23.06.2012 02:00:05 - Run 1
OTL by OldTimer - Version 3.2.52.0 Folder = C:\Users\***\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5,87 Gb Total Physical Memory | 4,51 Gb Available Physical Memory | 76,85% Memory free
11,73 Gb Paging File | 10,13 Gb Available in Paging File | 86,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,95 Gb Total Space | 69,06 Gb Free Space | 15,15% Space Free | Partition Type: NTFS
Drive D: | 456,46 Gb Total Space | 183,50 Gb Free Space | 40,20% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03EF506B-DF88-450D-B422-B1C71096B4F5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1038A522-47C0-4660-B143-FFA54A528876}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1FA35470-7A50-4097-ADFB-BC821B843D4D}" = lport=138 | protocol=17 | dir=in | app=system |
"{307BAA43-01A7-43D9-9352-6E1EFEE9F576}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{31BC85C4-43D5-478A-BE0E-1B75E3927A53}" = rport=137 | protocol=17 | dir=out | app=system |
"{33403FDD-DA43-49E9-8CC6-BF0C8DE4FD7C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{38501532-D4C4-4C02-9A3A-398504D11F7E}" = lport=139 | protocol=6 | dir=in | app=system |
"{4CE80C5C-F70B-4EED-A611-4E612BE6BB36}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{53297CF0-DDBC-4E45-A9D6-4A4CA1F45F82}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5516BB99-B707-4521-9FB4-157586FB8896}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{559BFC83-1B1B-4477-A706-F1BA36FC7BC9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{62FFD21D-58AF-420A-BC20-9ACA5C808466}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{72209B9A-9CAF-4743-80A5-A06BE932276B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7220EE75-0BBE-440C-942B-BF7C138A8D2B}" = lport=137 | protocol=17 | dir=in | app=system |
"{775307A0-F97D-434F-A280-3E23432689BD}" = rport=139 | protocol=6 | dir=out | app=system |
"{868E96EF-E07B-4939-9D2A-347664BD596E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{87819732-A47C-4FD6-BC97-A831C171F803}" = lport=445 | protocol=6 | dir=in | app=system |
"{949FF077-1389-410B-9A79-5557995D2999}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A13C82C5-2E8E-4AAE-984B-4C76419E451A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B0336BAD-535B-411C-A37C-045639A8D000}" = rport=138 | protocol=17 | dir=out | app=system |
"{E2ADDA45-8656-41FD-8428-7E7080395D52}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E4331275-778A-4F1F-9076-F7477AEF4F5D}" = rport=445 | protocol=6 | dir=out | app=system |
"{E82D1537-D7C3-4450-B6DD-F48C451E0E58}" = lport=10243 | protocol=6 | dir=in | app=system |
"{FC1B1E1B-456C-4D0B-B5B9-4F37B10F048D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FDF0CAAF-F370-47DD-8A83-268D84EBA070}" = rport=10243 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0030FFD1-C2C1-428D-B7E7-E0650BB982BD}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{02307528-C86E-4BBF-9428-B7E302B7B847}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{07592086-AE5E-46F1-86B6-CC952DF71454}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{1314A1F4-1C7D-4769-8D3D-BF1990FBA198}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{17D53AE8-8002-430E-B9D4-3F87F18BF71A}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe |
"{1EAF0413-F111-436A-BF0C-FE151622C258}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{227B00D3-CDCA-48DD-ABF1-857DD9670B64}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{2509EF46-E39E-4FDC-AC78-4DD1CD179926}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe |
"{267EFA48-D0F4-4618-B6A5-6DD21BA1E453}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{26C6B5C8-DFE2-47EE-88D0-4B0D4072C6EA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{2B318966-23A7-4108-A8E7-208812DEF442}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2F41FFB7-5360-4260-90B6-808E46B85A58}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |
"{30516F0B-B53E-470D-B54B-271940B81098}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3827585B-73FB-4577-8EEB-3F4D21765A46}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe |
"{39F540B0-5CF2-4835-827E-8743E9E9B39C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{3B275AD1-A760-4BFA-AD7C-989F5AC96671}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{3E41E247-7512-4A4B-96BC-22033ECC7959}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4115E656-23E8-43DF-B6FA-711FB52F77D4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{42E9E4CA-642F-468B-AD6C-DC8D8C4CFC8C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{43E6463F-FCE7-4498-8875-37CB84430E5C}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{47EF368B-962D-45DB-BA64-27AED065C7FA}" = protocol=6 | dir=out | app=system |
"{4B3B0491-FE6A-46D9-85D8-A8B53FBF6C93}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\***\counter-strike source\hl2.exe |
"{50F0997F-B736-4231-B493-223D2B9F2905}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{5697E0FF-84B9-4EB9-8099-135517167BA9}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{5A80DD47-12F1-4966-856D-E9191A03B273}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{5AA9E154-1625-49B5-AE80-322E62727762}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{611B35EF-D5A8-4579-A0AE-EA3849C6E304}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{66B1B88B-0253-4135-865A-42FB137E72EF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7023E179-E0D3-424A-B7C4-7CE2DBC97B1A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{7D89419D-3FCF-4423-A6B3-873F63448FEC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7F0E2CB4-CF9A-4C0D-8026-B55D63379ADD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7F308D97-F2EE-46F6-95FC-76BEB9B8B9E2}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe |
"{86D16B43-00D1-460A-9FAD-E46995FEAB3B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{87A3675E-25F8-422D-8E69-FFD89CD571DC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{8EAB2D98-F229-429E-9DCC-45383AEE121E}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{8FBDEF5C-DA95-43EF-AA27-E1ADBB296B92}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe |
"{94A8A306-72B3-42D4-9954-CF52BCCA39BD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{99DF18B9-BB8C-4983-AD5E-E23BFBC714B0}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{9C56900A-FC46-4007-BCD8-19A969771C05}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe |
"{9F05DDE3-4FF2-4868-86ED-54FF0A2533E5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{A1287D72-2DE5-4C1B-AD64-37BBD00050D7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{A1EFC2CF-947C-4185-A4D5-9B560E2E419F}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\playmovie.exe |
"{A6D8DB87-C3A0-425E-98D6-89E86EC40475}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{AE173EA2-1F37-4AA9-BCC6-449310FF4814}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B244B413-95CF-408D-B776-6EA1D25B8376}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B2C5CA90-2B8F-42FB-A186-EC1AB5D4E9CB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{B43CDBDB-58F2-482E-8390-8D49A88FBD8B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{B5254CB1-E7BE-4770-8431-1FFC50F94765}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B818D5A1-6A65-4C89-A1E8-2B1A13305AB4}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{B85700D3-8997-49A5-B6EF-EE6AC9CD4C76}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BA9A2103-9B1B-4354-8299-F21265D913FE}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe |
"{BBA025FD-FE80-485E-B45E-9039657B0636}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{BCFEBAD6-9D02-4269-8337-55BB0512111E}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{BDF94F4D-04BB-407F-86C1-05B5FAFAC7EE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{C04946C9-08AF-4061-9D11-15DFBFCBCFF0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C854823C-7BEA-4A39-A96E-FFE9A5B03294}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{D341923F-18CF-49FD-8F6E-94379E0EA8BA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\***\counter-strike source\hl2.exe |
"{D387E81E-1828-424F-990C-05CA6EB2B0DA}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{D7442AE3-FA8A-4D53-9625-6BE66FF11753}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{DC15BAE0-DDA6-40BF-8DA4-4EBA6255D464}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{DD45F759-4207-4B88-B375-3ABF4B502362}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E227429D-2291-40FB-A079-443FEA93EFE3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{EB17209B-FB7F-4B28-8560-831EBCBBCA06}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F7DB5436-9107-4A66-81D3-F8CFADF6A61E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{F9A1E60B-F7E7-457F-933E-A485CF25F623}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{FC9E3685-FED5-42F7-AD39-7830346598FB}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"TCP Query User{151A1421-8E98-4EF8-8379-35983FF90876}C:\program files (x86)\qfg\dead island deluxe edition\deadislandgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qfg\dead island deluxe edition\deadislandgame.exe |
"TCP Query User{4E680FB4-91A4-4C0E-BF04-771DEFBE1E4E}C:\program files (x86)\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gw2.exe |
"TCP Query User{5E93F293-CBD0-4A32-8E6D-C2D386DD2EA7}C:\program files (x86)\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa 11\game\fifa.exe |
"TCP Query User{72A64A11-406F-48F3-AE8C-81B03B596F38}C:\users\***\downloads\gw2\gw2.exe" = protocol=6 | dir=in | app=c:\users\***\downloads\gw2\gw2.exe |
"TCP Query User{81B970B2-17FA-45C4-80CF-8C76E65F60FB}C:\program files (x86)\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\the witcher 2\bin\witcher2.exe |
"TCP Query User{B3747FA3-B031-41B4-83B4-199AA085591D}C:\program files (x86)\konami\yu-gi-oh! power of chaos joey the passion\joey_pc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\konami\yu-gi-oh! power of chaos joey the passion\joey_pc.exe |
"TCP Query User{B5F40F7A-AE96-46E6-8103-48DB9ED46735}C:\program files (x86)\gameforge\nclauncher\nclauncher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gameforge\nclauncher\nclauncher.exe |
"TCP Query User{C0D901F7-F50F-4B16-878F-863E41BCB7BB}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe |
"TCP Query User{C2B43A0A-1BD2-45AC-8946-77ADB6956730}C:\program files (x86)\steam\steamapps\***\zombie panic! source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\***\zombie panic! source\hl2.exe |
"TCP Query User{D26D5176-76B1-4E91-B07A-E99C15F6E940}C:\program files (x86)\kingdoms of amalur- reckoning\reckoning.exe" = protocol=6 | dir=in | app=c:\program files (x86)\kingdoms of amalur- reckoning\reckoning.exe |
"TCP Query User{F7618B9B-FC27-40E5-9091-FA4BA34C9DAF}C:\windows\syswow64\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dpnsvr.exe |
"UDP Query User{154DA2F1-61E8-49BF-89B8-6FCA7A47358C}C:\program files (x86)\kingdoms of amalur- reckoning\reckoning.exe" = protocol=17 | dir=in | app=c:\program files (x86)\kingdoms of amalur- reckoning\reckoning.exe |
"UDP Query User{2203C30C-3D13-4170-881C-2725C07917F5}C:\program files (x86)\steam\steamapps\***\zombie panic! source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\***\zombie panic! source\hl2.exe |
"UDP Query User{3BD8F64E-0148-4D73-838A-E9C7E958DDE7}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe |
"UDP Query User{44D34652-A22B-475D-94E2-0C33376C856F}C:\program files (x86)\qfg\dead island deluxe edition\deadislandgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qfg\dead island deluxe edition\deadislandgame.exe |
"UDP Query User{67E0FFB9-8E6C-4CCC-8921-1F18940F8123}C:\windows\syswow64\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dpnsvr.exe |
"UDP Query User{70C4ED04-0306-4C54-AF45-C55CD79F90EE}C:\program files (x86)\gameforge\nclauncher\nclauncher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gameforge\nclauncher\nclauncher.exe |
"UDP Query User{9CC42FD5-2802-433E-B399-A90AD2A1D4F3}C:\program files (x86)\konami\yu-gi-oh! power of chaos joey the passion\joey_pc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\konami\yu-gi-oh! power of chaos joey the passion\joey_pc.exe |
"UDP Query User{C1EDC0D9-1FFF-4482-A827-1BF59F69B195}C:\program files (x86)\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gw2.exe |
"UDP Query User{CF148325-8EAE-4AFF-B61A-1ECFE2E83CEC}C:\program files (x86)\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa 11\game\fifa.exe |
"UDP Query User{D076B9D3-A58C-41D6-9F8D-4713DD66CFF1}C:\users\***\downloads\gw2\gw2.exe" = protocol=17 | dir=in | app=c:\users\***\downloads\gw2\gw2.exe |
"UDP Query User{E65923A6-A34C-4503-B8E3-8CC7CB386701}C:\program files (x86)\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\the witcher 2\bin\witcher2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{5F92DAD2-FD95-DD12-50DF-A6F66C7E67C8}" = AMD Drag and Drop Transcoding
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98BA2F7A-DCC7-C939-9A77-ABAFA55E0AF6}" = ATI AVIVO64 Codecs
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA300000-0001-6400-0000-074957833700}" = ABBYY PDF Transformer 3.0
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"WinRAR archiver" = WinRAR 4.10 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D1611C7-0381-4748-8218-9EE6616F1DD4}_is1" = Dead Island DELUXE EDITION
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{336DD6B4-B100-4048-B2B7-FBA7059FD959}" = Yu-Gi-Oh! Power of Chaos JOEY THE PASSION
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{3571656A-575D-4CED-809D-5547587121FF}" = Yu-Gi-Oh! Power of Chaos YUGI THE DESTINY
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{485C9280-B899-4D46-86F3-B3E459636EE5}" = Yu-Gi-Oh! Power of Chaos KAIBA THE REVENGE
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{50D69C54-6963-49A6-B762-A9FF8F56AF0F}" = Brockhaus multimedial 2010
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent
"{56415658-366E-4E28-A6BD-68EC63E560E0}" = Vegas Pro 9.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABEE079E-648E-488B-8301-0C3DB48C1BCE}_is1" = Acer GameZone Console
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B4815231-577B-4383-9F4B-AB17DFCC36C0}" = Just Aion Launcher
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}" = Steuer-Spar-Erklärung 2010
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA1B174B-4297-467C-9EF8-0AB8D4D5171E}" = Adobe After Effects CS5
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}" = AAVUpdateManager
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f174fe50-f02d-4952-a49d-bae9bf7d488a}" = Nero 9 Essentials
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F5FE4F51-9998-BC38-E32C-6C056ACA0BC1}" = Catalyst Control Center InstallProxy
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"5513-1208-7298-9440" = JDownloader 0.9
"ABBYY PDF Transformer 3.0" = ABBYY PDF Transformer 3.0
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"avast" = avast! Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"ESN Sonar-0.70.4" = ESN Sonar
"Fraps" = Fraps (remove only)
"HijackThis" = HijackThis 2.0.2
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NCLauncher_GameForge" = NC Launcher (GameForge)
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Risen 2 Dark Waters_is1" = Risen 2 Dark Waters
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 17505" = Zombie Panic Source Dedicated Server
"Steam App 240" = Counter-Strike: Source
"Steam App 42670" = Singularity
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server
"TeamViewer 7" = TeamViewer 7
"Tunngle beta_is1" = Tunngle beta
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11.06.2012 20:06:29 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 11.06.2012 22:44:57 | Computer Name = *** | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 11.06.2012 22:45:57 | Computer Name = *** | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 11.06.2012 22:47:33 | Computer Name = *** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 11.06.2012 22:47:33 | Computer Name = *** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 11.06.2012 22:47:33 | Computer Name = *** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 11.06.2012 22:47:33 | Computer Name = *** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 12.06.2012 11:59:14 | Computer Name =*** | Source = RasClient | ID = 20227
Description =
Error - 12.06.2012 15:04:32 | Computer Name = *** | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\***\Downloads\SoftonicDownloader_fuer_dr-divx.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 13.06.2012 06:26:37 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mbam.exe, Version: 1.60.0.59, Zeitstempel:
0x4ef23d40 Name des fehlerhaften Moduls: OLEAUT32.dll, Version: 6.1.7601.17676,
Zeitstempel: 0x4e58702a Ausnahmecode: 0xc0000005 Fehleroffset: 0x0001604c ID des fehlerhaften
Prozesses: 0x500 Startzeit der fehlerhaften Anwendung: 0x01cd494efd6278f8 Pfad der
fehlerhaften Anwendung: D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\OLEAUT32.dll Berichtskennung: 4100ec1a-b542-11e1-b603-90fba6863bc5
[ System Events ]
Error - 28.05.2012 07:02:36 | Computer Name = *** | Source = HECIx64 | ID = 458755
Description = Intel(R) Management Engine Interface driver has failed to perform
handshake with the Firmware.
Error - 29.05.2012 06:36:37 | Computer Name = *** | Source = HECIx64 | ID = 458755
Description = Intel(R) Management Engine Interface driver has failed to perform
handshake with the Firmware.
Error - 30.05.2012 10:28:15 | Computer Name = *** | Source = HECIx64 | ID = 458755
Description = Intel(R) Management Engine Interface driver has failed to perform
handshake with the Firmware.
Error - 31.05.2012 07:35:46 | Computer Name = *** | Source = HECIx64 | ID = 458755
Description = Intel(R) Management Engine Interface driver has failed to perform
handshake with the Firmware.
Error - 01.06.2012 07:49:15 | Computer Name = *** | Source = HECIx64 | ID = 458755
Description = Intel(R) Management Engine Interface driver has failed to perform
handshake with the Firmware.
Error - 01.06.2012 09:14:44 | Computer Name = *** | Source = HECIx64 | ID = 458755
Description = Intel(R) Management Engine Interface driver has failed to perform
handshake with the Firmware.
Error - 02.06.2012 03:53:26 | Computer Name = *** | Source = HECIx64 | ID = 458755
Description = Intel(R) Management Engine Interface driver has failed to perform
handshake with the Firmware.
Error - 02.06.2012 14:53:11 | Computer Name = *** | Source = HECIx64 | ID = 458755
Description = Intel(R) Management Engine Interface driver has failed to perform
handshake with the Firmware.
Error - 03.06.2012 04:34:28 | Computer Name = *** | Source = HECIx64 | ID = 458755
Description = Intel(R) Management Engine Interface driver has failed to perform
handshake with the Firmware.
Error - 03.06.2012 09:30:00 | Computer Name = *** | Source = HECIx64 | ID = 458755
Description = Intel(R) Management Engine Interface driver has failed to perform
handshake with the Firmware.
< End of report >
Geändert von PerfectOcean (23.06.2012 um 02:02 Uhr) |
|
26.06.2012, 09:56
| #2 |
| /// Malwareteam    | Cmd.exe wird kurzzeitig beim Start von Windows ausgeführt Mein Name ist Marius und ich werde dir bei deinem Problem helfen. Eines vorneweg: Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist. Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
Vista und Win7 User Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten. Schritt 1: Scan mit TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
Schritt 2: aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
__________________ |
|
27.06.2012, 10:45
| #3 |
| | Cmd.exe wird kurzzeitig beim Start von Windows ausgeführt Hallo,
__________________erstmal schonmal danke für die Hilfe. Die angeforderten Log-files habe ich hier: TDSSKILLER: Code:
ATTFilter 11:24:27.0238 3412 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
11:24:27.0457 3412 ============================================================
11:24:27.0457 3412 Current date / time: 2012/06/27 11:24:27.0457
11:24:27.0457 3412 SystemInfo:
11:24:27.0457 3412
11:24:27.0457 3412 OS Version: 6.1.7601 ServicePack: 1.0
11:24:27.0457 3412 Product type: Workstation
11:24:27.0457 3412 ComputerName: ***
11:24:27.0457 3412 UserName: ***
11:24:27.0457 3412 Windows directory: C:\Windows
11:24:27.0457 3412 System windows directory: C:\Windows
11:24:27.0457 3412 Running under WOW64
11:24:27.0457 3412 Processor architecture: Intel x64
11:24:27.0457 3412 Number of processors: 4
11:24:27.0457 3412 Page size: 0x1000
11:24:27.0457 3412 Boot type: Normal boot
11:24:27.0457 3412 ============================================================
11:24:27.0784 3412 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:24:27.0831 3412 ============================================================
11:24:27.0831 3412 \Device\Harddisk0\DR0:
11:24:27.0831 3412 MBR partitions:
11:24:27.0831 3412 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2600800, BlocksNum 0x32000
11:24:27.0831 3412 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2632800, BlocksNum 0x38FE7000
11:24:27.0831 3412 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3B619800, BlocksNum 0x390EC800
11:24:27.0831 3412 ============================================================
11:24:27.0862 3412 C: <-> \Device\Harddisk0\DR0\Partition1
11:24:27.0893 3412 D: <-> \Device\Harddisk0\DR0\Partition2
11:24:27.0893 3412 ============================================================
11:24:27.0893 3412 Initialize success
11:24:27.0893 3412 ============================================================
11:24:32.0589 4452 ============================================================
11:24:32.0589 4452 Scan started
11:24:32.0589 4452 Mode: Manual; TDLFS;
11:24:32.0589 4452 ============================================================
11:24:33.0088 4452 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:24:33.0088 4452 1394ohci - ok
11:24:33.0151 4452 AAV UpdateService (7eeb488346fbfa3731276c3ee8a8fd9e) C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
11:24:33.0166 4452 AAV UpdateService - ok
11:24:33.0229 4452 ABBYY.Licensing.PDFTransformer.Site License.3.0 (b33cf4de909a5b30f526d82053a63c8e) C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe
11:24:33.0244 4452 ABBYY.Licensing.PDFTransformer.Site License.3.0 - ok
11:24:33.0400 4452 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:24:33.0400 4452 ACPI - ok
11:24:33.0463 4452 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:24:33.0463 4452 AcpiPmi - ok
11:24:33.0572 4452 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:24:33.0587 4452 AdobeARMservice - ok
11:24:33.0650 4452 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:24:33.0650 4452 adp94xx - ok
11:24:33.0728 4452 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:24:33.0728 4452 adpahci - ok
11:24:33.0743 4452 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:24:33.0743 4452 adpu320 - ok
11:24:33.0790 4452 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
11:24:33.0790 4452 AeLookupSvc - ok
11:24:33.0868 4452 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
11:24:33.0868 4452 AFD - ok
11:24:33.0931 4452 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:24:33.0931 4452 agp440 - ok
11:24:33.0946 4452 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
11:24:33.0946 4452 ALG - ok
11:24:33.0962 4452 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:24:33.0962 4452 aliide - ok
11:24:34.0040 4452 AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
11:24:34.0040 4452 AMD External Events Utility - ok
11:24:34.0055 4452 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:24:34.0055 4452 amdide - ok
11:24:34.0087 4452 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:24:34.0087 4452 AmdK8 - ok
11:24:34.0477 4452 amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
11:24:34.0523 4452 amdkmdag - ok
11:24:34.0633 4452 amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
11:24:34.0633 4452 amdkmdap - ok
11:24:34.0664 4452 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:24:34.0664 4452 AmdPPM - ok
11:24:34.0679 4452 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:24:34.0679 4452 amdsata - ok
11:24:34.0711 4452 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:24:34.0726 4452 amdsbs - ok
11:24:34.0742 4452 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:24:34.0742 4452 amdxata - ok
11:24:34.0789 4452 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:24:34.0804 4452 AppID - ok
11:24:34.0820 4452 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
11:24:34.0820 4452 AppIDSvc - ok
11:24:34.0867 4452 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
11:24:34.0882 4452 Appinfo - ok
11:24:34.0913 4452 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:24:34.0913 4452 arc - ok
11:24:34.0929 4452 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:24:34.0929 4452 arcsas - ok
11:24:35.0069 4452 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:24:35.0069 4452 aspnet_state - ok
11:24:35.0101 4452 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
11:24:35.0101 4452 aswFsBlk - ok
11:24:35.0132 4452 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
11:24:35.0132 4452 aswMonFlt - ok
11:24:35.0163 4452 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
11:24:35.0163 4452 aswRdr - ok
11:24:35.0225 4452 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
11:24:35.0225 4452 aswSnx - ok
11:24:35.0257 4452 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
11:24:35.0257 4452 aswSP - ok
11:24:35.0288 4452 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
11:24:35.0288 4452 aswTdi - ok
11:24:35.0319 4452 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:24:35.0319 4452 AsyncMac - ok
11:24:35.0366 4452 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:24:35.0366 4452 atapi - ok
11:24:35.0413 4452 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
11:24:35.0413 4452 AtiHdmiService - ok
11:24:35.0475 4452 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:24:35.0491 4452 AudioEndpointBuilder - ok
11:24:35.0491 4452 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:24:35.0506 4452 AudioSrv - ok
11:24:35.0584 4452 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
11:24:35.0584 4452 avast! Antivirus - ok
11:24:35.0631 4452 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
11:24:35.0631 4452 AxInstSV - ok
11:24:35.0693 4452 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:24:35.0693 4452 b06bdrv - ok
11:24:35.0740 4452 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:24:35.0740 4452 b57nd60a - ok
11:24:35.0787 4452 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
11:24:35.0787 4452 BDESVC - ok
11:24:35.0803 4452 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:24:35.0803 4452 Beep - ok
11:24:35.0881 4452 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
11:24:35.0896 4452 BFE - ok
11:24:36.0005 4452 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
11:24:36.0021 4452 BITS - ok
11:24:36.0083 4452 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:24:36.0083 4452 blbdrive - ok
11:24:36.0130 4452 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:24:36.0130 4452 bowser - ok
11:24:36.0130 4452 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:24:36.0130 4452 BrFiltLo - ok
11:24:36.0161 4452 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:24:36.0161 4452 BrFiltUp - ok
11:24:36.0193 4452 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
11:24:36.0193 4452 Browser - ok
11:24:36.0224 4452 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:24:36.0224 4452 Brserid - ok
11:24:36.0239 4452 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:24:36.0239 4452 BrSerWdm - ok
11:24:36.0239 4452 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:24:36.0255 4452 BrUsbMdm - ok
11:24:36.0255 4452 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:24:36.0255 4452 BrUsbSer - ok
11:24:36.0271 4452 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:24:36.0271 4452 BTHMODEM - ok
11:24:36.0302 4452 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
11:24:36.0317 4452 bthserv - ok
11:24:36.0333 4452 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:24:36.0333 4452 cdfs - ok
11:24:36.0380 4452 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
11:24:36.0380 4452 cdrom - ok
11:24:36.0427 4452 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:24:36.0427 4452 CertPropSvc - ok
11:24:36.0442 4452 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:24:36.0442 4452 circlass - ok
11:24:36.0489 4452 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:24:36.0505 4452 CLFS - ok
11:24:36.0707 4452 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:24:36.0707 4452 clr_optimization_v2.0.50727_32 - ok
11:24:36.0957 4452 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:24:36.0957 4452 clr_optimization_v2.0.50727_64 - ok
11:24:37.0051 4452 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:24:37.0051 4452 clr_optimization_v4.0.30319_32 - ok
11:24:37.0191 4452 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:24:37.0191 4452 clr_optimization_v4.0.30319_64 - ok
11:24:37.0238 4452 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:24:37.0238 4452 CmBatt - ok
11:24:37.0363 4452 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:24:37.0363 4452 cmdide - ok
11:24:37.0456 4452 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
11:24:37.0456 4452 CNG - ok
11:24:37.0503 4452 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:24:37.0503 4452 Compbatt - ok
11:24:37.0534 4452 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:24:37.0534 4452 CompositeBus - ok
11:24:37.0550 4452 COMSysApp - ok
11:24:37.0565 4452 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:24:37.0565 4452 crcdisk - ok
11:24:37.0597 4452 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
11:24:37.0612 4452 CryptSvc - ok
11:24:37.0675 4452 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:24:37.0675 4452 DcomLaunch - ok
11:24:37.0846 4452 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
11:24:37.0862 4452 defragsvc - ok
11:24:37.0909 4452 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:24:37.0909 4452 DfsC - ok
11:24:37.0971 4452 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
11:24:37.0987 4452 Dhcp - ok
11:24:38.0018 4452 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:24:38.0018 4452 discache - ok
11:24:38.0049 4452 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:24:38.0049 4452 Disk - ok
11:24:38.0080 4452 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
11:24:38.0096 4452 Dnscache - ok
11:24:38.0143 4452 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
11:24:38.0143 4452 dot3svc - ok
11:24:38.0174 4452 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
11:24:38.0174 4452 DPS - ok
11:24:38.0205 4452 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:24:38.0205 4452 drmkaud - ok
11:24:38.0299 4452 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
11:24:38.0299 4452 dtsoftbus01 - ok
11:24:38.0891 4452 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:24:38.0907 4452 DXGKrnl - ok
11:24:38.0954 4452 e1kexpress (52a482dc61f24b498c8268866b90bb44) C:\Windows\system32\DRIVERS\e1k62x64.sys
11:24:38.0954 4452 e1kexpress - ok
11:24:39.0001 4452 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
11:24:39.0001 4452 EapHost - ok
11:24:39.0344 4452 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:24:39.0375 4452 ebdrv - ok
11:24:39.0547 4452 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
11:24:39.0562 4452 EFS - ok
11:24:39.0718 4452 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
11:24:39.0718 4452 ehRecvr - ok
11:24:39.0765 4452 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
11:24:39.0765 4452 ehSched - ok
11:24:39.0843 4452 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:24:39.0843 4452 elxstor - ok
11:24:39.0874 4452 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:24:39.0874 4452 ErrDev - ok
11:24:39.0921 4452 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
11:24:39.0937 4452 EventSystem - ok
11:24:39.0968 4452 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:24:39.0968 4452 exfat - ok
11:24:39.0999 4452 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:24:39.0999 4452 fastfat - ok
11:24:40.0093 4452 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
11:24:40.0108 4452 Fax - ok
11:24:40.0124 4452 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:24:40.0124 4452 fdc - ok
11:24:40.0139 4452 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
11:24:40.0139 4452 fdPHost - ok
11:24:40.0155 4452 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
11:24:40.0155 4452 FDResPub - ok
11:24:40.0171 4452 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:24:40.0171 4452 FileInfo - ok
11:24:40.0171 4452 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:24:40.0186 4452 Filetrace - ok
11:24:40.0186 4452 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:24:40.0186 4452 flpydisk - ok
11:24:40.0249 4452 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:24:40.0249 4452 FltMgr - ok
11:24:40.0670 4452 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
11:24:40.0685 4452 FontCache - ok
11:24:40.0779 4452 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:24:40.0779 4452 FontCache3.0.0.0 - ok
11:24:40.0935 4452 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:24:40.0935 4452 FsDepends - ok
11:24:40.0951 4452 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
11:24:40.0951 4452 Fs_Rec - ok
11:24:41.0044 4452 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:24:41.0044 4452 fvevol - ok
11:24:41.0075 4452 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:24:41.0075 4452 gagp30kx - ok
11:24:41.0153 4452 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
11:24:41.0169 4452 gpsvc - ok
11:24:41.0294 4452 Greg_Service (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
11:24:41.0294 4452 Greg_Service - ok
11:24:41.0372 4452 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:24:41.0372 4452 gupdate - ok
11:24:41.0387 4452 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:24:41.0387 4452 gupdatem - ok
11:24:41.0419 4452 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
11:24:41.0434 4452 gusvc - ok
11:24:41.0559 4452 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
11:24:41.0559 4452 hamachi - ok
11:24:42.0698 4452 Hamachi2Svc (d483dbaef409e8ab7477c28615fcd853) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
11:24:42.0713 4452 Hamachi2Svc - ok
11:24:42.0963 4452 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:24:42.0963 4452 hcw85cir - ok
11:24:43.0041 4452 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:24:43.0057 4452 HdAudAddService - ok
11:24:43.0072 4452 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
11:24:43.0072 4452 HDAudBus - ok
11:24:43.0119 4452 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
11:24:43.0119 4452 HECIx64 - ok
11:24:43.0135 4452 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:24:43.0150 4452 HidBatt - ok
11:24:43.0166 4452 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:24:43.0166 4452 HidBth - ok
11:24:43.0181 4452 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:24:43.0181 4452 HidIr - ok
11:24:43.0213 4452 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
11:24:43.0213 4452 hidserv - ok
11:24:43.0244 4452 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:24:43.0244 4452 HidUsb - ok
11:24:43.0275 4452 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
11:24:43.0275 4452 hkmsvc - ok
11:24:43.0337 4452 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
11:24:43.0337 4452 HomeGroupListener - ok
11:24:43.0384 4452 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
11:24:43.0384 4452 HomeGroupProvider - ok
11:24:43.0415 4452 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:24:43.0415 4452 HpSAMD - ok
11:24:43.0493 4452 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:24:43.0493 4452 HTTP - ok
11:24:43.0540 4452 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:24:43.0540 4452 hwpolicy - ok
11:24:43.0603 4452 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:24:43.0603 4452 i8042prt - ok
11:24:43.0712 4452 IAANTMON (660bf3255a1eb18ed803fd2fba6ae400) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
11:24:43.0712 4452 IAANTMON - ok
11:24:43.0743 4452 iaStor (be7d72fcf442c26975942007e0831241) C:\Windows\system32\DRIVERS\iaStor.sys
11:24:43.0743 4452 iaStor - ok
11:24:43.0805 4452 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:24:43.0821 4452 iaStorV - ok
11:24:44.0975 4452 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:24:44.0975 4452 idsvc - ok
11:24:45.0038 4452 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:24:45.0038 4452 iirsp - ok
11:24:45.0116 4452 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
11:24:45.0131 4452 IKEEXT - ok
11:24:45.0272 4452 IntcAzAudAddService (42943bb3ab7a405b30eff7c8283cc129) C:\Windows\system32\drivers\RTKVHD64.sys
11:24:45.0287 4452 IntcAzAudAddService - ok
11:24:45.0802 4452 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:24:45.0802 4452 intelide - ok
11:24:45.0849 4452 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:24:45.0849 4452 intelppm - ok
11:24:45.0896 4452 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
11:24:45.0911 4452 IPBusEnum - ok
11:24:45.0943 4452 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:24:45.0943 4452 IpFilterDriver - ok
11:24:46.0021 4452 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
11:24:46.0021 4452 iphlpsvc - ok
11:24:46.0286 4452 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:24:46.0286 4452 IPMIDRV - ok
11:24:46.0348 4452 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:24:46.0348 4452 IPNAT - ok
11:24:46.0395 4452 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:24:46.0395 4452 IRENUM - ok
11:24:46.0442 4452 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:24:46.0442 4452 isapnp - ok
11:24:46.0957 4452 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:24:46.0957 4452 iScsiPrt - ok
11:24:47.0003 4452 JRAID (75ddb94a2a24f9f7037d10a2dda06d36) C:\Windows\system32\DRIVERS\jraid.sys
11:24:47.0003 4452 JRAID - ok
11:24:47.0066 4452 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
11:24:47.0066 4452 kbdclass - ok
11:24:47.0128 4452 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
11:24:47.0128 4452 kbdhid - ok
11:24:47.0175 4452 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:24:47.0175 4452 KeyIso - ok
11:24:47.0191 4452 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
11:24:47.0191 4452 KSecDD - ok
11:24:47.0222 4452 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
11:24:47.0222 4452 KSecPkg - ok
11:24:47.0253 4452 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:24:47.0253 4452 ksthunk - ok
11:24:47.0534 4452 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
11:24:47.0549 4452 KtmRm - ok
11:24:47.0612 4452 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
11:24:47.0612 4452 LanmanServer - ok
11:24:47.0659 4452 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
11:24:47.0659 4452 LanmanWorkstation - ok
11:24:47.0705 4452 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:24:47.0705 4452 lltdio - ok
11:24:47.0752 4452 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
11:24:47.0752 4452 lltdsvc - ok
11:24:47.0783 4452 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
11:24:47.0783 4452 lmhosts - ok
11:24:47.0908 4452 LMS (a1c148801b4af64847aeb9f3ad9594ef) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
11:24:47.0908 4452 LMS - ok
11:24:47.0971 4452 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:24:47.0971 4452 LSI_FC - ok
11:24:47.0986 4452 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:24:48.0002 4452 LSI_SAS - ok
11:24:48.0017 4452 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:24:48.0017 4452 LSI_SAS2 - ok
11:24:48.0033 4452 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:24:48.0033 4452 LSI_SCSI - ok
11:24:48.0049 4452 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:24:48.0049 4452 luafv - ok
11:24:48.0376 4452 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
11:24:48.0376 4452 Mcx2Svc - ok
11:24:48.0407 4452 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:24:48.0407 4452 megasas - ok
11:24:48.0517 4452 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:24:48.0517 4452 MegaSR - ok
11:24:48.0548 4452 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:24:48.0548 4452 MMCSS - ok
11:24:48.0563 4452 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:24:48.0563 4452 Modem - ok
11:24:48.0595 4452 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:24:48.0595 4452 monitor - ok
11:24:48.0641 4452 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:24:48.0641 4452 mouclass - ok
11:24:48.0673 4452 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:24:48.0673 4452 mouhid - ok
11:24:48.0719 4452 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:24:48.0719 4452 mountmgr - ok
11:24:48.0922 4452 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:24:48.0922 4452 MozillaMaintenance - ok
11:24:48.0969 4452 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:24:48.0969 4452 mpio - ok
11:24:49.0078 4452 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:24:49.0078 4452 mpsdrv - ok
11:24:49.0359 4452 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
11:24:49.0375 4452 MpsSvc - ok
11:24:49.0499 4452 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:24:49.0499 4452 MRxDAV - ok
11:24:49.0562 4452 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:24:49.0562 4452 mrxsmb - ok
11:24:49.0609 4452 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:24:49.0624 4452 mrxsmb10 - ok
11:24:49.0718 4452 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:24:49.0718 4452 mrxsmb20 - ok
11:24:49.0796 4452 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:24:49.0796 4452 msahci - ok
11:24:49.0999 4452 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:24:49.0999 4452 msdsm - ok
11:24:50.0139 4452 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
11:24:50.0139 4452 MSDTC - ok
11:24:50.0217 4452 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:24:50.0217 4452 Msfs - ok
11:24:50.0217 4452 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:24:50.0217 4452 mshidkmdf - ok
11:24:50.0295 4452 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:24:50.0295 4452 msisadrv - ok
11:24:50.0373 4452 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
11:24:50.0373 4452 MSiSCSI - ok
11:24:50.0373 4452 msiserver - ok
11:24:50.0404 4452 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:24:50.0404 4452 MSKSSRV - ok
11:24:50.0420 4452 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:24:50.0435 4452 MSPCLOCK - ok
11:24:50.0435 4452 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:24:50.0435 4452 MSPQM - ok
11:24:50.0498 4452 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:24:50.0513 4452 MsRPC - ok
11:24:50.0560 4452 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:24:50.0560 4452 mssmbios - ok
11:24:50.0576 4452 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:24:50.0576 4452 MSTEE - ok
11:24:50.0591 4452 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:24:50.0591 4452 MTConfig - ok
11:24:50.0607 4452 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:24:50.0607 4452 Mup - ok
11:24:50.0654 4452 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
11:24:50.0654 4452 mwlPSDFilter - ok
11:24:50.0732 4452 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
11:24:50.0732 4452 mwlPSDNServ - ok
11:24:50.0747 4452 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
11:24:50.0763 4452 mwlPSDVDisk - ok
11:24:50.0950 4452 MWLService (2f139207f618ec2933830227eeffddb4) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
11:24:50.0950 4452 MWLService - ok
11:24:51.0044 4452 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
11:24:51.0044 4452 napagent - ok
11:24:51.0122 4452 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:24:51.0122 4452 NativeWifiP - ok
11:24:51.0215 4452 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:24:51.0231 4452 NDIS - ok
11:24:51.0247 4452 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:24:51.0247 4452 NdisCap - ok
11:24:51.0278 4452 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:24:51.0278 4452 NdisTapi - ok
11:24:51.0325 4452 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:24:51.0325 4452 Ndisuio - ok
11:24:51.0371 4452 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:24:51.0387 4452 NdisWan - ok
11:24:51.0481 4452 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:24:51.0481 4452 NDProxy - ok
11:24:52.0978 4452 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
11:24:52.0978 4452 Nero BackItUp Scheduler 4.0 - ok
11:24:53.0041 4452 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:24:53.0041 4452 NetBIOS - ok
11:24:53.0150 4452 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:24:53.0150 4452 NetBT - ok
11:24:53.0197 4452 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:24:53.0212 4452 Netlogon - ok
11:24:53.0275 4452 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
11:24:53.0275 4452 Netman - ok
11:24:53.0368 4452 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:24:53.0368 4452 NetMsmqActivator - ok
11:24:53.0384 4452 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:24:53.0384 4452 NetPipeActivator - ok
11:24:53.0431 4452 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
11:24:53.0446 4452 netprofm - ok
11:24:53.0446 4452 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:24:53.0446 4452 NetTcpActivator - ok
11:24:53.0462 4452 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:24:53.0462 4452 NetTcpPortSharing - ok
11:24:53.0524 4452 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:24:53.0524 4452 nfrd960 - ok
11:24:53.0571 4452 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
11:24:53.0587 4452 NlaSvc - ok
11:24:53.0587 4452 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:24:53.0602 4452 Npfs - ok
11:24:53.0618 4452 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
11:24:53.0618 4452 nsi - ok
11:24:53.0633 4452 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:24:53.0633 4452 nsiproxy - ok
11:24:53.0977 4452 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:24:53.0992 4452 Ntfs - ok
11:24:54.0179 4452 NTI IScheduleSvc (bd691091ac7d9713d8f0b07c6b099e6c) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
11:24:54.0195 4452 NTI IScheduleSvc - ok
11:24:54.0429 4452 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
11:24:54.0445 4452 NTIDrvr - ok
11:24:54.0445 4452 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:24:54.0445 4452 Null - ok
11:24:54.0491 4452 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:24:54.0491 4452 nvraid - ok
11:24:54.0538 4452 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:24:54.0554 4452 nvstor - ok
11:24:54.0616 4452 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:24:54.0616 4452 nv_agp - ok
11:24:54.0647 4452 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:24:54.0647 4452 ohci1394 - ok
11:24:54.0694 4452 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:24:54.0694 4452 p2pimsvc - ok
11:24:54.0757 4452 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
11:24:54.0757 4452 p2psvc - ok
11:24:54.0803 4452 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:24:54.0803 4452 Parport - ok
11:24:54.0835 4452 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
11:24:54.0850 4452 partmgr - ok
11:24:54.0897 4452 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
11:24:54.0913 4452 PcaSvc - ok
11:24:54.0944 4452 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:24:54.0944 4452 pci - ok
11:24:55.0006 4452 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:24:55.0006 4452 pciide - ok
11:24:55.0115 4452 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:24:55.0115 4452 pcmcia - ok
11:24:55.0147 4452 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:24:55.0147 4452 pcw - ok
11:24:55.0193 4452 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:24:55.0193 4452 PEAUTH - ok
11:24:55.0271 4452 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
11:24:55.0287 4452 PerfHost - ok
11:24:55.0427 4452 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
11:24:55.0443 4452 pla - ok
11:24:55.0505 4452 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
11:24:55.0521 4452 PlugPlay - ok
11:24:55.0568 4452 PnkBstrA - ok
11:24:55.0599 4452 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
11:24:55.0599 4452 PNRPAutoReg - ok
11:24:55.0646 4452 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:24:55.0646 4452 PNRPsvc - ok
11:24:55.0708 4452 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
11:24:55.0708 4452 PolicyAgent - ok
11:24:55.0755 4452 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
11:24:55.0771 4452 Power - ok
11:24:55.0817 4452 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:24:55.0817 4452 PptpMiniport - ok
11:24:55.0849 4452 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:24:55.0849 4452 Processor - ok
11:24:55.0911 4452 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
11:24:55.0911 4452 ProfSvc - ok
11:24:55.0942 4452 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:24:55.0942 4452 ProtectedStorage - ok
11:24:55.0989 4452 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:24:55.0989 4452 Psched - ok
11:24:56.0067 4452 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:24:56.0083 4452 ql2300 - ok
11:24:56.0207 4452 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:24:56.0207 4452 ql40xx - ok
11:24:56.0239 4452 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
11:24:56.0239 4452 QWAVE - ok
11:24:56.0254 4452 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:24:56.0254 4452 QWAVEdrv - ok
11:24:56.0270 4452 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:24:56.0270 4452 RasAcd - ok
11:24:56.0317 4452 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:24:56.0317 4452 RasAgileVpn - ok
11:24:56.0332 4452 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
11:24:56.0332 4452 RasAuto - ok
11:24:56.0379 4452 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:24:56.0379 4452 Rasl2tp - ok
11:24:56.0441 4452 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
11:24:56.0457 4452 RasMan - ok
11:24:56.0473 4452 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:24:56.0473 4452 RasPppoe - ok
11:24:56.0488 4452 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:24:56.0504 4452 RasSstp - ok
11:24:56.0535 4452 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:24:56.0551 4452 rdbss - ok
11:24:56.0566 4452 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:24:56.0566 4452 rdpbus - ok
11:24:56.0582 4452 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:24:56.0582 4452 RDPCDD - ok
11:24:56.0597 4452 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:24:56.0597 4452 RDPENCDD - ok
11:24:56.0629 4452 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:24:56.0629 4452 RDPREFMP - ok
11:24:56.0675 4452 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
11:24:56.0675 4452 RDPWD - ok
11:24:56.0738 4452 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:24:56.0738 4452 rdyboost - ok
11:24:56.0769 4452 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
11:24:56.0769 4452 RemoteAccess - ok
11:24:56.0816 4452 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
11:24:56.0816 4452 RemoteRegistry - ok
11:24:56.0831 4452 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
11:24:56.0847 4452 RpcEptMapper - ok
11:24:56.0863 4452 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
11:24:56.0863 4452 RpcLocator - ok
11:24:56.0909 4452 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:24:56.0909 4452 RpcSs - ok
11:24:56.0941 4452 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:24:56.0941 4452 rspndr - ok
11:24:56.0972 4452 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:24:56.0972 4452 SamSs - ok
11:24:57.0019 4452 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:24:57.0019 4452 sbp2port - ok
11:24:57.0112 4452 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
11:24:57.0112 4452 SCardSvr - ok
11:24:57.0128 4452 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:24:57.0128 4452 scfilter - ok
11:24:57.0253 4452 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
11:24:57.0268 4452 Schedule - ok
11:24:57.0299 4452 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:24:57.0299 4452 SCPolicySvc - ok
11:24:57.0362 4452 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
11:24:57.0362 4452 SDRSVC - ok
11:24:57.0424 4452 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:24:57.0424 4452 secdrv - ok
11:24:57.0471 4452 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
11:24:57.0471 4452 seclogon - ok
11:24:57.0502 4452 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
11:24:57.0502 4452 SENS - ok
11:24:57.0533 4452 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
11:24:57.0533 4452 SensrSvc - ok
11:24:57.0580 4452 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:24:57.0580 4452 Serenum - ok
11:24:57.0596 4452 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:24:57.0596 4452 Serial - ok
11:24:57.0643 4452 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:24:57.0643 4452 sermouse - ok
11:24:57.0689 4452 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
11:24:57.0689 4452 SessionEnv - ok
11:24:57.0721 4452 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:24:57.0736 4452 sffdisk - ok
11:24:57.0752 4452 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:24:57.0752 4452 sffp_mmc - ok
11:24:57.0767 4452 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:24:57.0767 4452 sffp_sd - ok
11:24:57.0783 4452 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:24:57.0783 4452 sfloppy - ok
11:24:57.0830 4452 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
11:24:57.0845 4452 SharedAccess - ok
11:24:57.0908 4452 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
11:24:57.0923 4452 ShellHWDetection - ok
11:24:57.0939 4452 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:24:57.0939 4452 SiSRaid2 - ok
11:24:57.0970 4452 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:24:57.0970 4452 SiSRaid4 - ok
11:24:58.0189 4452 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
11:24:58.0189 4452 SkypeUpdate - ok
11:24:58.0220 4452 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:24:58.0220 4452 Smb - ok
11:24:58.0267 4452 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
11:24:58.0282 4452 SNMPTRAP - ok
11:24:58.0282 4452 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:24:58.0298 4452 spldr - ok
11:24:58.0360 4452 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
11:24:58.0376 4452 Spooler - ok
11:24:58.0844 4452 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
11:24:58.0875 4452 sppsvc - ok
11:24:59.0062 4452 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
11:24:59.0062 4452 sppuinotify - ok
11:24:59.0203 4452 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:24:59.0203 4452 srv - ok
11:24:59.0296 4452 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:24:59.0296 4452 srv2 - ok
11:24:59.0733 4452 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:24:59.0733 4452 srvnet - ok
11:24:59.0780 4452 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
11:24:59.0780 4452 SSDPSRV - ok
11:24:59.0795 4452 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
11:24:59.0811 4452 SstpSvc - ok
11:24:59.0873 4452 Steam Client Service - ok
11:25:00.0029 4452 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:25:00.0029 4452 stexstor - ok
11:25:00.0107 4452 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
11:25:00.0123 4452 stisvc - ok
11:25:00.0170 4452 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:25:00.0170 4452 swenum - ok
11:25:00.0295 4452 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
11:25:00.0295 4452 SwitchBoard - ok
11:25:00.0357 4452 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
11:25:00.0357 4452 swprv - ok
11:25:00.0638 4452 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
11:25:00.0653 4452 SysMain - ok
11:25:00.0841 4452 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
11:25:00.0856 4452 TabletInputService - ok
11:25:00.0919 4452 tap0901t (b08740047145b9bce15bf75ca0f9718a) C:\Windows\system32\DRIVERS\tap0901t.sys
11:25:00.0919 4452 tap0901t - ok
11:25:00.0965 4452 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
11:25:00.0981 4452 TapiSrv - ok
11:25:01.0012 4452 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
11:25:01.0012 4452 TBS - ok
11:25:01.0137 4452 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
11:25:01.0153 4452 Tcpip - ok
11:25:01.0418 4452 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
11:25:01.0433 4452 TCPIP6 - ok
11:25:01.0683 4452 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:25:01.0683 4452 tcpipreg - ok
11:25:01.0730 4452 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:25:01.0730 4452 TDPIPE - ok
11:25:01.0917 4452 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
11:25:01.0917 4452 TDTCP - ok
11:25:01.0995 4452 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:25:01.0995 4452 tdx - ok
11:25:02.0978 4452 TeamViewer7 (74fc70ae64a7b7dabec9697ce0a1f4fa) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
11:25:03.0009 4452 TeamViewer7 - ok
11:25:03.0617 4452 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:25:03.0617 4452 TermDD - ok
11:25:03.0680 4452 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
11:25:03.0680 4452 TermService - ok
11:25:03.0711 4452 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
11:25:03.0711 4452 Themes - ok
11:25:03.0742 4452 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:25:03.0742 4452 THREADORDER - ok
11:25:03.0789 4452 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
11:25:03.0789 4452 TrkWks - ok
11:25:03.0851 4452 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
11:25:03.0851 4452 TrustedInstaller - ok
11:25:03.0898 4452 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:25:03.0898 4452 tssecsrv - ok
11:25:03.0945 4452 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:25:03.0945 4452 TsUsbFlt - ok
11:25:03.0992 4452 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:25:04.0007 4452 tunnel - ok
11:25:04.0085 4452 TunngleService (f8302e3e534af5e3f2588a974bea80df) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
11:25:04.0085 4452 TunngleService - ok
11:25:04.0148 4452 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:25:04.0148 4452 uagp35 - ok
11:25:04.0163 4452 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
11:25:04.0163 4452 UBHelper - ok
11:25:04.0210 4452 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:25:04.0226 4452 udfs - ok
11:25:04.0273 4452 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
11:25:04.0273 4452 UI0Detect - ok
11:25:04.0319 4452 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:25:04.0319 4452 uliagpkx - ok
11:25:04.0366 4452 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
11:25:04.0366 4452 umbus - ok
11:25:04.0413 4452 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:25:04.0413 4452 UmPass - ok
11:25:05.0053 4452 UNS (41118d920b2b268c0adc36421248cdcf) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
11:25:05.0068 4452 UNS - ok
11:25:05.0162 4452 Updater Service (70dde3a86dbeb1d6c3c30ad687b1877a) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
11:25:05.0162 4452 Updater Service - ok
11:25:05.0365 4452 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
11:25:05.0380 4452 upnphost - ok
11:25:05.0474 4452 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:25:05.0489 4452 usbccgp - ok
11:25:05.0521 4452 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:25:05.0521 4452 usbcir - ok
11:25:05.0552 4452 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
11:25:05.0552 4452 usbehci - ok
11:25:05.0614 4452 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:25:05.0614 4452 usbhub - ok
11:25:05.0630 4452 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
11:25:05.0645 4452 usbohci - ok
11:25:05.0677 4452 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:25:05.0677 4452 usbprint - ok
11:25:05.0723 4452 USBS3S4Detection (b5e6c4f280ebf0b16f74a5b415f2e0df) C:\OEM\USBDECTION\USBS3S4Detection.exe
11:25:05.0723 4452 USBS3S4Detection - ok
11:25:05.0770 4452 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:25:05.0770 4452 USBSTOR - ok
11:25:05.0770 4452 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
11:25:05.0770 4452 usbuhci - ok
11:25:05.0817 4452 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
11:25:05.0817 4452 UxSms - ok
11:25:05.0864 4452 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:25:05.0879 4452 VaultSvc - ok
11:25:05.0895 4452 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:25:05.0895 4452 vdrvroot - ok
11:25:05.0973 4452 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
11:25:05.0973 4452 vds - ok
11:25:06.0020 4452 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:25:06.0020 4452 vga - ok
11:25:06.0051 4452 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:25:06.0051 4452 VgaSave - ok
11:25:06.0113 4452 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:25:06.0113 4452 vhdmp - ok
11:25:06.0145 4452 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:25:06.0145 4452 viaide - ok
11:25:06.0191 4452 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:25:06.0191 4452 volmgr - ok
11:25:06.0269 4452 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:25:06.0269 4452 volmgrx - ok
11:25:06.0394 4452 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:25:06.0410 4452 volsnap - ok
11:25:06.0457 4452 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:25:06.0457 4452 vsmraid - ok
11:25:06.0722 4452 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
11:25:06.0737 4452 VSS - ok
11:25:06.0909 4452 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
11:25:06.0909 4452 vwifibus - ok
11:25:06.0956 4452 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
11:25:06.0971 4452 W32Time - ok
11:25:07.0018 4452 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:25:07.0018 4452 WacomPen - ok
11:25:07.0065 4452 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:25:07.0065 4452 WANARP - ok
11:25:07.0065 4452 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:25:07.0065 4452 Wanarpv6 - ok
11:25:07.0205 4452 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
11:25:07.0221 4452 wbengine - ok
11:25:07.0393 4452 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
11:25:07.0393 4452 WbioSrvc - ok
11:25:07.0455 4452 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
11:25:07.0471 4452 wcncsvc - ok
11:25:07.0486 4452 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
11:25:07.0486 4452 WcsPlugInService - ok
11:25:07.0564 4452 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:25:07.0564 4452 Wd - ok
11:25:07.0658 4452 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:25:07.0673 4452 Wdf01000 - ok
11:25:07.0689 4452 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:25:07.0689 4452 WdiServiceHost - ok
11:25:07.0705 4452 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:25:07.0705 4452 WdiSystemHost - ok
11:25:07.0783 4452 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
11:25:07.0783 4452 WebClient - ok
11:25:07.0829 4452 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
11:25:07.0829 4452 Wecsvc - ok
11:25:07.0907 4452 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
11:25:07.0907 4452 wercplsupport - ok
11:25:07.0954 4452 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
11:25:07.0954 4452 WerSvc - ok
11:25:08.0032 4452 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:25:08.0032 4452 WfpLwf - ok
11:25:08.0063 4452 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:25:08.0063 4452 WIMMount - ok
11:25:08.0173 4452 WinDefend - ok
11:25:08.0188 4452 WinHttpAutoProxySvc - ok
11:25:08.0282 4452 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
11:25:08.0282 4452 Winmgmt - ok
11:25:08.0875 4452 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
11:25:08.0890 4452 WinRM - ok
11:25:09.0046 4452 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
11:25:09.0062 4452 Wlansvc - ok
11:25:09.0187 4452 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:25:09.0187 4452 WmiAcpi - ok
11:25:09.0483 4452 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
11:25:09.0499 4452 wmiApSrv - ok
11:25:09.0577 4452 WMPNetworkSvc - ok
11:25:09.0592 4452 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
11:25:09.0592 4452 WPCSvc - ok
11:25:09.0670 4452 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
11:25:09.0670 4452 WPDBusEnum - ok
11:25:09.0717 4452 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:25:09.0717 4452 ws2ifsl - ok
11:25:09.0748 4452 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
11:25:09.0764 4452 wscsvc - ok
11:25:09.0764 4452 WSearch - ok
11:25:09.0935 4452 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
11:25:09.0951 4452 wuauserv - ok
11:25:10.0060 4452 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:25:10.0060 4452 WudfPf - ok
11:25:10.0091 4452 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:25:10.0091 4452 WUDFRd - ok
11:25:10.0138 4452 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
11:25:10.0138 4452 wudfsvc - ok
11:25:10.0169 4452 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
11:25:10.0169 4452 WwanSvc - ok
11:25:10.0216 4452 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:25:10.0481 4452 \Device\Harddisk0\DR0 - ok
11:25:10.0481 4452 Boot (0x1200) (ee3a95752d5ceb6260a355551ddad892) \Device\Harddisk0\DR0\Partition0
11:25:10.0497 4452 \Device\Harddisk0\DR0\Partition0 - ok
11:25:10.0497 4452 Boot (0x1200) (f436aa0c75adfd5e33c61420c8b3fbb5) \Device\Harddisk0\DR0\Partition1
11:25:10.0497 4452 \Device\Harddisk0\DR0\Partition1 - ok
11:25:10.0513 4452 Boot (0x1200) (8c7c62ec2cba5e6a4f9b9276e3f87def) \Device\Harddisk0\DR0\Partition2
11:25:10.0528 4452 \Device\Harddisk0\DR0\Partition2 - ok
11:25:10.0528 4452 ============================================================
11:25:10.0528 4452 Scan finished
11:25:10.0528 4452 ============================================================
11:25:10.0528 2648 Detected object count: 0
11:25:10.0528 2648 Actual detected object count: 0
11:25:16.0550 3512 Deinitialize success
Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-27 11:29:18
-----------------------------
11:29:18.311 OS Version: Windows x64 6.1.7601 Service Pack 1
11:29:18.311 Number of processors: 4 586 0x2502
11:29:18.311 ComputerName: *** UserName: ***
11:29:18.904 Initialize success
11:29:19.013 AVAST engine defs: 12062700
11:29:23.490 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:29:23.490 Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 8
11:29:23.521 Disk 0 MBR read successfully
11:29:23.521 Disk 0 MBR scan
11:29:23.521 Disk 0 Windows 7 default MBR code
11:29:23.521 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 19456 MB offset 2048
11:29:23.553 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 39847936
11:29:23.553 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 466894 MB offset 40052736
11:29:23.584 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 467417 MB offset 996251648
11:29:23.599 Disk 0 scanning C:\Windows\system32\drivers
11:29:30.089 Service scanning
11:29:44.285 Modules scanning
11:29:44.285 Disk 0 trace - called modules:
11:29:44.316 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
11:29:44.316 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80064ff060]
11:29:44.332 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800620b050]
11:29:45.143 AVAST engine scan C:\Windows
11:29:47.296 AVAST engine scan C:\Windows\system32
11:31:31.176 AVAST engine scan C:\Windows\system32\drivers
11:31:39.616 AVAST engine scan C:\Users\***
11:34:53.899 File: C:\Users\***\AppData\Local\Temp\Rar$EXa0.780\Windows Loader\Cracked Steam BuNDl3.exe **INFECTED** Win32:Malware-gen
11:36:59.151 AVAST engine scan C:\ProgramData
11:38:11.738 Scan finished successfully
11:40:55.866 Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
11:40:55.882 The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
|
|
27.06.2012, 10:51
| #4 |
| /// Malwareteam | Cmd.exe wird kurzzeitig beim Start von Windows ausgeführt Sieht ganz gut aus - kontrollieren wir alles nochmal!  Schritt 1: MBAM vollständig Downloade Dir bitte Malwarebytes
Schritt 2: ESET ESET Online Scanner
__________________ Kein Asylrecht für Trojaner!  Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
28.06.2012, 09:20
| #5 |
| | Cmd.exe wird kurzzeitig beim Start von Windows ausgeführt Hallo, die angeforderte Malwarebytes Log-file hier: Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.27.12 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 *** :: *** [Administrator] 28.06.2012 00:25:18 mbam-log-2012-06-28 (00-25-18).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 486582 Laufzeit: 1 Stunde(n), 18 Minute(n), 43 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 7 C:\$Recycle.Bin\S-1-5-21-2258752154-2290191259-1351797830-1001\$RH11YBL\Windows Loader\Cracked Steam BuNDl3.exe (Backdoor.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\$Recycle.Bin\S-1-5-21-2258752154-2290191259-1351797830-1001\$RSBI70S\Windows Loader\Cracked Steam BuNDl3.exe (Backdoor.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Local\Temp\Rar$EXa0.780\Windows Loader\Cracked Steam BuNDl3.exe (Backdoor.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\Downloads\SoftonicDownloader_fuer_dr-divx.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\Downloads\Adobe.After.Effects.CS5.v10.0.Incl\keygen.exe (Malware.Packer.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\Downloads\Adobe.After.Effects.CS5.v10.0.Incl\keygen_plugin.exe (Malware.Packer.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\Downloads\SVComplete\Sony Vegas\SonyVegasPro Patch.exe (RiskWare.Tool.HCK) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter C:\$Recycle.Bin\S-1-5-21-2258752154-2290191259-1351797830-1001\$RO25U9N.zip a variant of MSIL/Agent.NLB trojan
C:\Users\***\AppData\Local\Temp\jar_cache2823953106057161226.tmp a variant of Java/Exploit.CVE-2012-0507.AH trojan
C:\Users\***\AppData\Local\Temp\is1070216317\MyBabylonTB.exe Win32/Toolbar.Babylon application
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\23fd3c66-1253a9c8 Java/Exploit.Agent.NBH trojan
C:\Users\***\Downloads\Patch.rar probably a variant of Win32/Agent.BCOVDCM trojan
C:\Users\***\Downloads\SVComplete.rar probably a variant of Win32/Agent.BCOVDCM trojan
D:\Users\***\Downloads\Risen.GERMAN-OLDSCHOOLiS\Crack\dvm.dll probably a variant of Win32/Obfuscated.ISZPTDH trojan
D:\Users\***\Isos + Emulator\The.Witcher.2.Assassins.of.Kings-SKIDROW\DVD2\sr-tw2b.iso a variant of Win32/Packed.VMProtect.AAA trojan
|
|
28.06.2012, 09:46
| #6 | |
| /// Malwareteam | Cmd.exe wird kurzzeitig beim Start von Windows ausgeführtZitat:
 Alleine der Besuch auf Seiten, welche diese Dateien zum Download anbieten, beinhaltet ein hohes Risiko sich zu infizieren. Wenn Du den Crack startest, startest du eine ausführbare Datei aus einer sehr dubiosen Quelle. Im Quellcode der Datei kann alles mögliche stehen. ( z.B downloaden und ausführen von Malwaredateien ) Dies ist einer der Hauptursachen für Infektionen. Ausserdem sind Cracks, Keygens, usw. illegal und das ist genauso Diebstahl wie in einem Laden. Darum haben wir uns darauf geeinigt: Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden. Deshalb beschränkt sich unsere Hilfe für dich auf eine Anleitung zur Neuinstallation und Absicherung des Systems
__________________ --> Cmd.exe wird kurzzeitig beim Start von Windows ausgeführt |
|
28.06.2012, 12:46
| #7 |
| | Cmd.exe wird kurzzeitig beim Start von Windows ausgeführt Danke trotzdem für deine Hilfe. |
|
| Themen zu Cmd.exe wird kurzzeitig beim Start von Windows ausgeführt |
| adobe after effects, alternate, antivirus, auswerten, autorun, bho, black, call of duty, cmd.exe, desktop, error, failed, fehler, firefox, firefox 13.0.1, flash player, hijack, hijackthis, home, install.exe, jdownloader, launch, locker, logfile, mozilla, mywinlocker, plug-in, problem, realtek, registry, richtlinie, scan, searchscopes, security, software, start von windows, starten, svchost.exe, teamspeak, virus, windows, würmer |
