Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 24.01.2013, 14:35   #1
Trummel
 
GVU Trojaner - Standard

GVU Trojaner



Hallo

Meinen Rechner hat es auch erwischt.
Es kam die GVU Seite und nichts ging mehr.
Habe dann Neustart ohne Internetverbindung gemacht aber da ging dann auch nichts.
Habe den Rechner dann ausgestellt.
Habe keinen 2 Rechner und sitz jetzt bei meinen Eltern.
Zudem habe ich Passwörter geändert und das Onlinebänking Gesperrt.

Ich könnte wenn es sein muss den Rechner Neuaufsetzen aber würde gerne ein paar Daten retten.
Auf der System Platte (Favoriten, Eigene Dateien).
Die Daten auf den 2 andern Platten würde ich gerne ganz behalten.

Nartülich würde es mir lieber sein den Rechner nicht neu aufsetzen zumüssen.

System:
Windows 7 64 Bit
Virenprogramm ist Antivir
1 ssd System Platte
1 ssd Daten
1 Sata Daten

Da ich nicht wirklich weiß was jetzt genau zutun ist,um den Trojaner los zu werden bitte ich um Hilfe.

Gruss Trummel

Alt 24.01.2013, 14:55   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner - Standard

GVU Trojaner



Hallo und

Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?



Abgesicherter Modus zur Bereinigung
  • Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
  • Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

    Windows im abgesicherten Modusstarten
__________________

__________________

Alt 24.01.2013, 15:35   #3
Trummel
 
GVU Trojaner - Standard

GVU Trojaner



Ja das geht noch sitz jetzt zuhaus am rechner

Gruß
__________________

Alt 24.01.2013, 15:48   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner - Standard

GVU Trojaner



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.01.2013, 17:20   #5
Trummel
 
GVU Trojaner - Standard

GVU Trojaner



So hier die Logs habe mein namen da nicht drin geändert wollte da nicht drin rum schreiben, evtl kann man die logs ja wieder löschen

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 24.01.2013 17:02:58 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Pierce\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,30 Gb Available Physical Memory | 82,44% Memory free
8,00 Gb Paging File | 7,32 Gb Available in Paging File | 91,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74,43 Gb Total Space | 1,33 Gb Free Space | 1,79% Space Free | Partition Type: NTFS
Drive D: | 7,30 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 74,53 Gb Total Space | 1,95 Gb Free Space | 2,62% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 306,38 Gb Free Space | 65,78% Space Free | Partition Type: NTFS
 
Computer Name: PIERCE-PC | User Name: Pierce | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{139F78A3-D2BD-4EE3-BAD1-DEEE355E250F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1C62CBE9-32A7-4FA9-BBCE-DF7FA3D5F913}" = lport=137 | protocol=17 | dir=in | app=system | 
"{2DF023C3-3582-4B95-BFF6-B8909F7E592F}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{2F5CFF07-6687-44CD-A5BE-E2AC6C5D035C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{3B50607C-DF3A-436A-9A46-E585F5428DFE}" = rport=139 | protocol=6 | dir=out | app=system | 
"{419A1ACF-9ED2-49C6-A15B-AD1FD640BE0A}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{4ADAA2A6-3BA6-4CD2-98A9-7E245745CA17}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{61CF8174-1465-44A7-AE64-DBB235767A8D}" = rport=137 | protocol=17 | dir=out | app=system | 
"{883CC362-74AF-4A18-A408-6A10FDEA5AE0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A251CA62-F4EF-4174-9631-E14EC31B5F73}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A7335B2B-536A-44A2-B7F3-A1E86038E640}" = lport=139 | protocol=6 | dir=in | app=system | 
"{AFCC71E5-8EB0-4B2F-B30D-48FCC148A061}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B30B2F3B-F795-4674-A97B-5118392AE1F2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C1616ACE-159C-4706-8F68-452B5CB3E052}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DF073729-EF52-4D68-B58B-D36A3F07A07D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E280B208-40CE-4900-8E7D-EEBDF516F985}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E3ACCDC5-4ADD-4471-AAE2-0A990F863B51}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E767E4BC-850B-4EA8-89BF-1BFCFEB90F0E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{F4B8B32A-C8AD-493F-9AE4-7982E535A2A5}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F6BB4128-8AC5-4D5F-98FA-0D9A4CE53786}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FDACD1EC-7555-4227-9422-EB305B24DF3D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08A9BFDE-0679-49D8-9472-71F359B29688}" = protocol=6 | dir=in | app=e:\steam\steam.exe | 
"{08FC2ECE-4281-4B3B-86E3-9AC37FB6CD28}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{0BB3A01C-1857-4EC0-8A56-C18DD8418F0A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{0F99D00E-B418-4052-82F9-E499A1C2F13C}" = protocol=6 | dir=in | app=f:\eve online\bin\exefile.exe | 
"{136A9FEB-85FD-46D6-B0CE-5875F499C567}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\port royale 3\portroyale3.exe | 
"{13996990-E216-4833-87C7-F1FA6F1C66F0}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\theatre of war 2 africa 1943\africa1943.exe | 
"{13DD0DB7-3536-4252-B8DC-ADC7F8F0B651}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\theatre of war\tow.exe | 
"{153F667D-8F98-4A53-AB81-C30B99662DA3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1554F6B7-EFFD-474F-8A8D-0FC3F8EC723B}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\wargame european escalation\wargame.exe | 
"{16BE248E-C876-4C6D-BA5F-4BFBE9801692}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1954F571-C1A6-43D6-9F2E-F1C68D115853}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1B347EC9-0F1D-4976-A144-657DA861668A}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
"{1EC2C1FD-386B-4C1D-9B1E-279B2B514380}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\crusader kings ii\ck2game.exe | 
"{23E3F041-96E2-4482-8D08-6C426EB345E3}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\theatre of war\missioneditor\editor.exe | 
"{243E59F2-3933-4F30-BA24-3C61C941098A}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2launcher.exe | 
"{266FB3AB-A7F5-440F-8DAB-247571FC5E56}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2launcher.exe | 
"{273B5475-11A5-42CE-A7A6-BBDC42B93768}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\planetside 2\launchpad.exe | 
"{2ED81BB3-2D49-45EF-B5BA-3884519743FF}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\theatre of war\missioneditor\missiongen.exe | 
"{3760A398-A872-435E-9BFC-BD7EF7AF7516}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\planetside 2\launchpad.exe | 
"{38878D4A-0039-4662-9B70-8D7DF74509C4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{3896F4F1-7C49-423B-9864-5D757E073359}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\total war shogun 2\shogun2.exe | 
"{3ADF36EB-EB2E-411A-A9BC-E49D54B0BD84}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\total war shogun 2\shogun2.exe | 
"{3BB83ED7-659D-4A0A-8F15-0800F5547FE4}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
"{3D050C5D-6F8A-4829-AB7B-A892AD8AA668}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\men of war assault squad\mow_assault_squad.exe | 
"{3F610F2A-E26A-4904-A078-7B86B869D2AF}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\port royale 3\portroyale3.exe | 
"{4300E751-42DF-418B-8A22-61017875700D}" = protocol=6 | dir=in | app=e:\civ 4\beyond the sword\civ4beyondsword_pitboss.exe | 
"{43296787-5F79-4D49-B88D-2B1080F4E1FA}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\wargame european escalation\wargame.exe | 
"{4496CA7A-4202-47BD-809A-634F7E42C8A2}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe | 
"{4589C2FD-E257-4DDF-B5C9-A38D5D7C7943}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\theatre of war 2 africa 1943\options.exe | 
"{460C7E10-988D-446F-80ED-D82CEB21E7AA}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\tropico 4\tropico4.exe | 
"{4829A766-5229-46EA-BE3D-7CBA1D2EB95D}" = protocol=6 | dir=in | app=e:\civ 4\civilization4.exe | 
"{4867FB36-2898-4142-A39B-A8079307457D}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\dead island\deadislandgame.exe | 
"{49655377-0BAB-4BA5-A19A-A911C4276043}" = protocol=6 | dir=in | app=e:\arma 2\arma2oa.exe | 
"{4A8CDC66-3B7C-4561-863D-CB1406BE0A66}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\men of war assault squad\mow_assault_squad.exe | 
"{4B7E2D7F-F700-42E6-ACC5-DE19C617E6A2}" = protocol=17 | dir=in | app=c:\spiele\bf2\bf2.exe | 
"{4BFF976D-62AD-459B-9461-595ABCA5E099}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\theatre of war 2 africa 1943\options.exe | 
"{4E5349F4-EF9B-460E-8BA5-FC83FF70E4E4}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\theatre of war\tow.exe | 
"{503ECACA-7531-4EF5-920D-F023E7C8B30B}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\men of war assault squad\mow_assault_squad.exe | 
"{51B9E7B7-2E1C-44DC-8C59-F5BC4146F4A0}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\sid meier's civilization v sdk\sid meier's civilization v sdk.exe | 
"{54460D41-6959-4B73-AEC7-83C355CCFA37}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\terraria\terraria.exe | 
"{54A2FBF1-D4B5-4638-AE5A-5B60B1FBF396}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\theatre of war ii kursk 1943\kursk1943.exe | 
"{560A0C0E-74A5-4A99-8706-6D16EBEBBF39}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\theatre of war\towsetup.exe | 
"{57569D64-DEFE-40B0-A985-0D5FFF3EACF8}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
"{57E93041-D3BD-4174-8133-2686164BD7BE}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\theatre of war\towsetup.exe | 
"{599CC9AA-FD57-4EDC-A3B8-4FAB27D5E853}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
"{59FBD013-D725-4C23-B93E-62E22278C321}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{5B3A6FB1-C7F6-4D6A-ADC3-C354D4274D0B}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\wargame european escalation\wargame.exe | 
"{5B75F581-2CF9-45CC-9ED1-97355222CC1A}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{630D02D6-9849-45C9-8F9F-194A30663DCE}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\wargame european escalation\wargame.exe | 
"{658A7110-06E1-44AD-874B-EAB78F020ABB}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | 
"{6D568D21-8A5B-4852-9166-8904C5D45132}" = protocol=17 | dir=in | app=e:\arma 2\arma2oa.exe | 
"{6DE6E7E8-0323-4371-9CB7-BB204906BCBF}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\dead island\deadislandgame.exe | 
"{6EB597AA-C763-45B9-801B-E43356AA3F44}" = protocol=17 | dir=in | app=e:\civ 4\beyond the sword\civ4beyondsword.exe | 
"{73C08667-3533-4FFC-95C8-7DE60183A4CC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{754B692B-EA43-4AFA-8FE2-12992F67AC6B}" = protocol=6 | dir=in | app=e:\coh\reliccoh.exe | 
"{77343666-791D-4BCB-BB03-89DE86CDEC10}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{775828F7-CF91-4F2D-BE8D-4F83736BE2E8}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\dead island\deadislandgame.exe | 
"{78EFE8DA-3609-4A7E-936B-2D82E4D87430}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{7DFED31F-1DFA-4CC3-8D36-47CEC4511852}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\theatre of war 2 africa 1943\africa1943.exe | 
"{8075B66C-FA3C-44C3-8E47-9546881288C7}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{81EA2F37-8B69-4105-87EF-447764EDECEE}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat | 
"{83BE40A6-8075-4779-B8EB-954D0301BF59}" = protocol=6 | dir=in | app=c:\spiele\bf2\bf2.exe | 
"{84F116F8-8608-4133-ACE7-B5DDB48CD9D4}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\endless space\endlessspace.exe | 
"{86FE9660-6348-43B2-BC85-35C2F08E4FA9}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | 
"{8A058070-33A3-4E84-9EC7-6E277C8412AF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8C303989-3975-4A49-91AA-98DFE5032C8E}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\wargame european escalation\wargame.exe | 
"{8C3E65E3-FE4B-4359-A6B5-761269CCA418}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\crusader kings ii\ck2game.exe | 
"{8EEC9FE5-9F89-4E8E-B2E8-D55823B0B2DA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8F268563-AE64-482B-819F-8CB94855CE55}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\men of war assault squad\mow_assault_squad.exe | 
"{902E8B7E-EF44-4EFE-A023-CEDB954D6A65}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe | 
"{90930351-A6AE-4371-A492-4EF4B9BC6161}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | 
"{90A91AE0-6827-48AF-9863-EB586D66D23C}" = protocol=17 | dir=in | app=c:\spiele\mass effect 2\binaries\masseffect2.exe | 
"{93DCB4FD-ADCB-40DE-ABA9-AAE5FBD6EFDB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{95902940-C006-4713-95B7-BC3E263D6DF9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{974FB648-CAA6-4946-BE2E-455FD4506D0B}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html | 
"{97FC5D22-35F5-46F7-AA43-62378B325D94}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\sid meier's civilization v sdk\sid meier's civilization v sdk.exe | 
"{9DC842DB-69BE-4A2A-97AE-FADA4CA6025D}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\dead island\deadislandgame.exe | 
"{9DE3516E-F201-40B9-BDF7-713232FB75EE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{9DF87F72-FBF1-487A-AEE7-D6BA0D7C1083}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{9E828F32-D3E4-4466-9588-9407CAB14E19}" = protocol=17 | dir=in | app=c:\spiele\mass effect 2\masseffect2launcher.exe | 
"{A1535A48-62FE-42A7-99FC-35B80763AD9D}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\sid meier's civilization v sdk\sid meier's civilization v sdk.exe | 
"{A2AB3BE4-98CC-4FC1-87F1-F7A197FDEFBD}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\endless space\endlessspace.exe | 
"{A2B2D3A8-8EA6-4884-B495-BEACA937C17B}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\tropico 4\tropico4.exe | 
"{A4CBFB12-8A3F-4406-A978-B6BFE998D96E}" = protocol=6 | dir=in | app=e:\coh\relicdownloader\relicdownloader.exe | 
"{A55174C2-3CDF-4C98-A22D-F6886C2EE164}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{A5966CDC-CC4C-4CC7-917D-F1E5386B7AAA}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\crusader kings ii\ck2game.exe | 
"{A7022298-E07E-4B65-AF6B-25499A46E902}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\theatre of war\missioneditor\missiongen.exe | 
"{A7980DE4-7419-4DE2-B113-D40AB9C2F3DD}" = protocol=17 | dir=in | app=e:\civ 4\beyond the sword\civ4beyondsword_pitboss.exe | 
"{A7FF47A7-737A-4B6B-8466-46EAE38DB3A2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{A8CBE96F-8530-4A88-86FE-A45D8407CD89}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A93BA15A-4336-4824-A683-432B11E0723D}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{A9AA580D-278F-42B9-961B-A50F4559B155}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{AA693B6A-6B6B-4804-98DF-6990232489B4}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\endless space\endlessspace.exe | 
"{B1DEC078-6478-489F-B641-CA5DAA7F43A4}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\endless space\endlessspace.exe | 
"{B2BDE698-F4A9-4EBA-9239-642859C46EEE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B505BAFC-4CF2-459C-BA5D-277B66A8729C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B8C88A02-BB6C-49BD-AD15-912809346FC3}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\theatre of war ii kursk 1943\kursk1943.exe | 
"{BBC73C44-9FDB-4646-905F-B2E3E068CC88}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{BDDF5222-54A1-471A-96CD-F52973C8FFAA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{BFA0CA62-7D16-4628-B878-9462075D185C}" = protocol=6 | dir=in | app=e:\civ 4\beyond the sword\civ4beyondsword.exe | 
"{BFA51A14-92CC-4597-BE18-D22E6C1384A8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C34C709C-7B99-46BC-9B60-E4050A65E3F9}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\wargame european escalation\wargame.exe | 
"{C484F089-6390-43F5-AD9B-EA3380176DD4}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat | 
"{CA2010CA-169F-4CFC-86BF-A21A07BE3907}" = protocol=6 | dir=out | app=system | 
"{CF2553B2-C08D-4310-BB77-028EDFB293E0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CF3DB441-0E76-4AF7-B084-72C8023B796C}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\tropico 4\tropico4.exe | 
"{CF477DB8-B223-4D3C-A3F0-EB864974A7B2}" = protocol=17 | dir=in | app=e:\steam\steam.exe | 
"{D18A296F-5268-412F-ADC9-5F8E53794463}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\theatre of war\missioneditor\editor.exe | 
"{D290A896-0F6D-4D36-BDB4-D97AE3D2928E}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat | 
"{D454CDF0-D101-4F17-8E74-F6245C13E672}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D4655629-72B3-4C3F-BFEA-924FE57A03B9}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | 
"{D6129173-D4B7-4BCD-83A8-EEFFC5ECC661}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\port royale 3\portroyale3.exe | 
"{D7ACD0F6-8CB2-4066-A722-9B76F5705E61}" = protocol=6 | dir=in | app=c:\spiele\mass effect 2\masseffect2launcher.exe | 
"{D7CC652C-1E0F-40E2-8965-EACCC85A983B}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\crusader kings ii\ck2game.exe | 
"{DD505DB3-A4A6-4B87-B4A1-453EB579438B}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\terraria\terraria.exe | 
"{DDCE6D7E-8102-4A62-B68F-AFCE6FFA5E89}" = protocol=17 | dir=in | app=e:\coh\reliccoh.exe | 
"{E105CF09-1CCA-44D2-BA48-FD73EE21A5CC}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\tropico 4\tropico4.exe | 
"{E2A15A13-6D55-45A8-A9DF-09F7DCCE633B}" = protocol=17 | dir=in | app=f:\eve online\bin\exefile.exe | 
"{E2EC47C1-DF4D-471C-B86E-136108ECFBB5}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat | 
"{E4B13330-D71B-42FB-925E-1EE289D01907}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E5075295-552E-47B6-A6DC-7114CBC74EF1}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{E9BE0227-02FD-4A85-B5F2-589312FB4F10}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E9CE8A9C-A7D0-4828-9687-AFCCFDC1EBE3}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\sid meier's civilization v sdk\sid meier's civilization v sdk.exe | 
"{EB4EA075-AAAE-4CC9-B543-FF4E2D0E78B7}" = protocol=6 | dir=in | app=c:\spiele\mass effect 2\binaries\masseffect2.exe | 
"{EC8347D4-C296-434B-82E6-611AFE762833}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{EE2F4786-787C-4A1C-BC29-D0AC2AAEE9A3}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{F42738A7-BA8B-4768-882C-EB9DF4088907}" = protocol=17 | dir=in | app=e:\civ 4\civilization4.exe | 
"{F67FB88F-AB43-4A24-894F-4262381C7832}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\port royale 3\portroyale3.exe | 
"{F7F838A9-55F6-4CE1-92FA-6AD52FE35FEB}" = protocol=58 | dir=in | app=system | 
"{F7F9C1BC-9DDF-46AC-8AF6-F9C336B7D7AE}" = protocol=17 | dir=in | app=e:\coh\relicdownloader\relicdownloader.exe | 
"{F8835270-5FE8-410A-A028-020B2328CE55}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{F8DF4F1D-FBF2-42AF-9D5D-73713FB5CDBC}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html | 
"{FE47FD2D-55BA-4DE0-9BDC-F0248C0157EE}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"TCP Query User{201A8364-C761-4204-9F09-456CA9789EB2}C:\spiele\bf1942\bf1942.exe" = protocol=6 | dir=in | app=c:\spiele\bf1942\bf1942.exe | 
"TCP Query User{42DEABBE-6FE8-410C-AC63-2BB22465E2B8}E:\arma 2\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=e:\arma 2\expansion\beta\arma2oa.exe | 
"TCP Query User{48705D98-F303-42DE-9BD4-14C8DBB4799A}C:\spiele\bf2\forgottenhope2.exe" = protocol=6 | dir=in | app=c:\spiele\bf2\forgottenhope2.exe | 
"TCP Query User{4AF8AAA4-F95F-424E-AB51-7128405236B5}F:\steam\steam.exe" = protocol=6 | dir=in | app=f:\steam\steam.exe | 
"TCP Query User{4FB1EC24-CBD9-4FFF-9503-5125D38FF7A5}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=6 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe | 
"TCP Query User{54F6B0F5-E4DF-49B7-BBF0-E82490D15221}C:\spiele\eu3 complete\eu3game.exe" = protocol=6 | dir=in | app=c:\spiele\eu3 complete\eu3game.exe | 
"TCP Query User{5546CEB4-D9B8-4DC6-997C-3BC5800F8967}E:\eve online\bin\exefile.exe" = protocol=6 | dir=in | app=e:\eve online\bin\exefile.exe | 
"TCP Query User{5A82F9E7-E604-4F02-B206-77A4A268FC5B}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{691AFC1E-06F7-41CF-8CD8-E8BF7DC28295}F:\eve online\bin\exefile.exe" = protocol=6 | dir=in | app=f:\eve online\bin\exefile.exe | 
"TCP Query User{91171CAE-DCAA-40B3-9997-BBD5ACA302FF}E:\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=e:\world_of_tanks\wotlauncher.exe | 
"TCP Query User{91B9AB42-FD42-407E-A9A4-510E37BF459F}F:\steam\steamapps\common\theatre of war ii kursk 1943\kursk1943.bin" = protocol=6 | dir=in | app=f:\steam\steamapps\common\theatre of war ii kursk 1943\kursk1943.bin | 
"TCP Query User{9FA74E56-F56F-4C6E-84FD-044002C20BA8}C:\users\pierce\appdata\local\temp\d6b1c34127c0425097a1b6f12c6f7665\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\pierce\appdata\local\temp\d6b1c34127c0425097a1b6f12c6f7665\relicdownloader.exe | 
"TCP Query User{B1B69B7D-3AFA-4D02-97AE-294DC4D1C285}E:\hoi3 neu\hoi3_sf_ftm305_tfh402\hoi3_tfh.exe" = protocol=6 | dir=in | app=e:\hoi3 neu\hoi3_sf_ftm305_tfh402\hoi3_tfh.exe | 
"TCP Query User{D95521E2-5381-472D-8955-5B241D5EFCA9}E:\arma 2\@dayz\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=e:\arma 2\@dayz\expansion\beta\arma2oa.exe | 
"TCP Query User{E82C95A9-19C2-45C9-ABD5-6536288F3AFF}E:\arma 2\arma2.exe" = protocol=6 | dir=in | app=e:\arma 2\arma2.exe | 
"TCP Query User{EC371077-F772-453B-9F43-347E06DA3FDA}F:\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=f:\steam\steamapps\common\planetside 2\planetside2.exe | 
"TCP Query User{F079665A-CFAF-46FD-875B-7C9D5D05951E}E:\hoi3 new\hoi3_sf_ftm305_tfh402 - francesco\hoi3_tfh.exe" = protocol=6 | dir=in | app=e:\hoi3 new\hoi3_sf_ftm305_tfh402 - francesco\hoi3_tfh.exe | 
"TCP Query User{F0A64BA1-AE06-4E55-BDCF-28CC3857003C}E:\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=e:\world_of_tanks\worldoftanks.exe | 
"TCP Query User{F23E5729-3A96-46F3-A0F1-6E1F721FC456}F:\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe" = protocol=6 | dir=in | app=f:\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe | 
"UDP Query User{0D22E7E4-2647-446E-8466-8D16D5906677}E:\eve online\bin\exefile.exe" = protocol=17 | dir=in | app=e:\eve online\bin\exefile.exe | 
"UDP Query User{14168602-1EAD-41D2-B68C-ABF687F3FCC2}F:\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=f:\steam\steamapps\common\planetside 2\planetside2.exe | 
"UDP Query User{2408E727-4B94-4EB4-B715-91A098B62586}E:\arma 2\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=e:\arma 2\expansion\beta\arma2oa.exe | 
"UDP Query User{4D0558C3-937F-4461-B61B-8040DB210FBA}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{8E09BE51-0A63-4CA1-8E28-5BA7B4E97ADF}F:\eve online\bin\exefile.exe" = protocol=17 | dir=in | app=f:\eve online\bin\exefile.exe | 
"UDP Query User{900394C1-6ECD-47FA-A110-79B9B70C82D5}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=17 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe | 
"UDP Query User{98051E54-01FA-4E8E-B695-E742CC7338AD}E:\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=e:\world_of_tanks\worldoftanks.exe | 
"UDP Query User{B32DDDC4-4CF0-4FF2-A6B7-E79FCC9D90DC}C:\users\pierce\appdata\local\temp\d6b1c34127c0425097a1b6f12c6f7665\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\pierce\appdata\local\temp\d6b1c34127c0425097a1b6f12c6f7665\relicdownloader.exe | 
"UDP Query User{C30D7B86-1C6F-4B7E-9FF4-79696B98869C}E:\hoi3 new\hoi3_sf_ftm305_tfh402 - francesco\hoi3_tfh.exe" = protocol=17 | dir=in | app=e:\hoi3 new\hoi3_sf_ftm305_tfh402 - francesco\hoi3_tfh.exe | 
"UDP Query User{C555B734-926C-452D-8A62-2E4AC2835D83}E:\arma 2\arma2.exe" = protocol=17 | dir=in | app=e:\arma 2\arma2.exe | 
"UDP Query User{C8DC8538-7511-495C-B192-73C778B0761F}E:\arma 2\@dayz\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=e:\arma 2\@dayz\expansion\beta\arma2oa.exe | 
"UDP Query User{D2B46F80-EE19-459C-9042-A8F32F8ADF0E}C:\spiele\bf2\forgottenhope2.exe" = protocol=17 | dir=in | app=c:\spiele\bf2\forgottenhope2.exe | 
"UDP Query User{D8791B0E-493D-4A25-823B-3DF60AE9B551}C:\spiele\eu3 complete\eu3game.exe" = protocol=17 | dir=in | app=c:\spiele\eu3 complete\eu3game.exe | 
"UDP Query User{DDA136A9-8261-40BE-B06B-0A627CE05754}E:\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=e:\world_of_tanks\wotlauncher.exe | 
"UDP Query User{E2B1F8B4-FCA1-43BA-BA48-D1242D7F281E}E:\hoi3 neu\hoi3_sf_ftm305_tfh402\hoi3_tfh.exe" = protocol=17 | dir=in | app=e:\hoi3 neu\hoi3_sf_ftm305_tfh402\hoi3_tfh.exe | 
"UDP Query User{EE64EE35-B976-4A74-9234-1E5C73A99475}F:\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe" = protocol=17 | dir=in | app=f:\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe | 
"UDP Query User{EEAC2883-6CC3-4C9B-9B8B-DADB3686371D}C:\spiele\bf1942\bf1942.exe" = protocol=17 | dir=in | app=c:\spiele\bf1942\bf1942.exe | 
"UDP Query User{F9CF49A0-4303-424F-BFEF-2458F8984609}F:\steam\steam.exe" = protocol=17 | dir=in | app=f:\steam\steam.exe | 
"UDP Query User{FAD552E5-6B83-4FDD-A943-9A90F262D3EA}F:\steam\steamapps\common\theatre of war ii kursk 1943\kursk1943.bin" = protocol=17 | dir=in | app=f:\steam\steamapps\common\theatre of war ii kursk 1943\kursk1943.bin | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10
"{26A24AE4-039D-4CA4-87B4-2F86416030FF}" = Java(TM) 6 Update 30 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{68CA3A47-3F7E-0E92-DC0D-5B0C02D9AFAD}" = ccc-utility64
"{6BB150E8-6CBB-5F8F-CAE7-BE21B2C92D31}" = AMD Accelerated Video Transcoding
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8424B163-D1E0-48B7-88A2-C7A61767B3D7}" = Microsoft SQL Server Compact 4.0 x64 ENU
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{914F7627-B645-9895-F723-BAEAAC865E75}" = AMD Catalyst Install Manager
"{99720953-c1d6-4b90-8012-b7c3337f4efe}.sdb" = Battlefield 1942 Windows Vista/7 Compatibility Fix
"{CFA5BA6D-D6BB-AE1B-E61E-5B1ACFC8F0BB}" = AMD Drag and Drop Transcoding
"{DA3372D5-F228-5C71-3FAC-177D4AEE8659}" = AMD Media Foundation Decoders
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"sp6" = Logitech SetPoint 6.30
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TS3 Overlay" = TS3 Overlay
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D45A4B-D7F5-C03E-1650-885756303D13}" = CCC Help Norwegian
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{0613D880-939E-4C9D-AD7C-A10DF7D7D5E9}" = EveHQ
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1AAA38A8-5E6E-4F4E-A84B-F1EE589E93E9}" = Pixel-Fighter.com Toolbox
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{284E9E9A-D8BE-3588-D0BA-E9BB61970A1D}" = CCC Help Hungarian
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater
"{30E18A93-982E-AF1B-D646-E8C5DAECA390}" = CCC Help French
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4021F8B5-E8BB-D0F9-AF28-4970013FAE3D}" = Catalyst Control Center
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{470D66DF-B597-124E-EDCE-8B966AA5F230}" = CCC Help Portuguese
"{483924A6-52C5-9169-0280-14272D5FBA70}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E3AA543-09D7-401E-9DF2-2591D24C7C49}" = Addon Sync 2009
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{52F7EC17-C7D9-4254-BBC5-404A67844ED1}" = EveMeepV3
"{57AE1BE1-24E8-4169-D52C-ABE31BD91562}" = CCC Help Finnish
"{5B5745F7-23EF-9E5E-6689-512C9FA08222}" = CCC Help English
"{611E417A-82C3-415C-B9C4-7C8DBF02E6D5}" = TS Notifier
"{625031C9-E249-2A53-C282-C1E9872B211E}" = CCC Help Turkish
"{655E0B5A-7ADF-A052-587F-64F0E59B58E7}" = CCC Help Dutch
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74437563-D720-0307-90FC-1C351B1041D7}" = Catalyst Control Center Localization All
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{789A4D10-821B-3FA5-52B0-F0FAEEDED9F4}" = CCC Help Czech
"{7BA14A92-C229-5E00-3ADE-8D22F81B849E}" = CCC Help German
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80A5B901-C7BD-D300-17BA-9E02F18EAB77}" = CCC Help Danish
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{82F505E6-5879-B30A-12B7-7795969D3BBB}" = CCC Help Polish
"{8476003F-6927-8393-C6F4-FAF47D61D00B}" = CCC Help Korean
"{89A2D79E-B3AD-A83A-795F-5645EFF922D3}" = CCC Help Greek
"{89C0F58F-9E5B-2B45-D9DF-7988A54BECA8}" = CCC Help Italian
"{8B91D776-792D-F02B-DE43-BF398549C729}" = CCC Help Spanish
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8F272838-BDD6-B433-D650-25E231AEFA8A}" = Catalyst Control Center InstallProxy
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{983BE967-28E9-5C78-8851-638DAC4AF66E}" = CCC Help Swedish
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A707240D-18D3-07F4-AE2E-6AE76C220192}" = CCC Help Japanese
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{B95AC87D-630B-603F-3F12-AA22B3BBA69C}" = CCC Help Chinese Traditional
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{C3E9887A-23BA-4777-8080-191A5AFCAB74}" = Mumble 1.2.3
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EB1C554C-5343-9A69-1B8C-666AF192CA19}" = CCC Help Russian
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F32D24DD-D787-10F9-D21E-BC3FAB3064CB}" = Catalyst Control Center Graphics Previews Common
"{F8D90583-7BB5-75A9-B23F-A353AD4674BC}" = CCC Help Thai
"ARMA 2 Operation Arrowhead" = ARMA 2 Operation Arrowhead Uninstall
"ArmA2" = ArmA2 Uninstall
"AudioCS" = Creative Audio-Systemsteuerung
"Avira AntiVir Desktop" = Avira Free Antivirus
"BattlEye" = BattlEye Uninstall
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"Blitzkrieg" = Blitzkrieg Mod
"CMFI_is1" = Combat Mission Fortress Italy
"CoH Community Mappack" = CoH Community Mappack
"Company of Heroes" = Company of Heroes
"CPU-Control_is1" = CPU-Control
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"DAEMON Tools Lite" = DAEMON Tools Lite
"EVE" = EVE Online (remove only)
"EVEMon" = EVEMon
"Forgotten Hope" = Forgotten Hope 0.70
"Fraps" = Fraps (remove only)
"Hamachi" = Hamachi 1.0.3.0
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Pidgin" = Pidgin
"PunkBusterSvc" = PunkBuster Services
"Steam App 105600" = Terraria
"Steam App 108800" = Crysis 2 Maximum Edition
"Steam App 16830" = Sid Meier's Civilization V SDK
"Steam App 203770" = Crusader Kings II
"Steam App 205610" = Port Royale 3
"Steam App 208140" = Endless Space
"Steam App 218230" = PlanetSide 2
"Steam App 22380" = Fallout: New Vegas
"Steam App 34330" = Total War: SHOGUN 2
"Steam App 35450" = Red Orchestra 2: Heroes of Stalingrad
"Steam App 46290" = Theatre of War
"Steam App 46340" = Theatre of War 2: Africa 1943
"Steam App 46360" = Theatre of War 2: Kursk 1943 
"Steam App 57690" = Tropico 4
"Steam App 58610" = Wargame: European Escalation
"Steam App 64000" = Men of War: Assault Squad
"Steam App 65800" = Dungeon Defenders
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 8930" = Sid Meier's Civilization V
"Steam App 91310" = Dead Island
"VLC media player" = VLC media player 1.1.11
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1890510484-2314157509-767822104-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BASE 5.2" = BASE 5.2
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 22.01.2013 19:22:32 | Computer Name = Pierce-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "f:\Steam\steamapps\common\total
 war shogun 2\ModManager.exe".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 22.01.2013 19:22:33 | Computer Name = Pierce-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "f:\Steam\steamapps\common\total
 war shogun 2\benchmarks\benchmark_output.exe".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 22.01.2013 19:22:34 | Computer Name = Pierce-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "f:\Steam\steamapps\common\total
 war shogun 2\redist\flashsecurity.exe".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 22.01.2013 19:22:34 | Computer Name = Pierce-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "f:\Steam\steamapps\common\total
 war shogun 2\redist\flashsecurity1.exe".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 22.01.2013 19:59:07 | Computer Name = Pierce-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16457,
 Zeitstempel: 0x50a2f9e3  Name des fehlerhaften Moduls: MSHTML.dll, Version: 9.0.8112.16457,
 Zeitstempel: 0x50a30507  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00921720  ID des fehlerhaften
 Prozesses: 0x11d8  Startzeit der fehlerhaften Anwendung: 0x01cdf8edaab4040b  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\system32\MSHTML.dll  Berichtskennung: b475625e-64ef-11e2-8d8b-00261859817f
 
Error - 22.01.2013 23:48:36 | Computer Name = Pierce-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.01.2013 12:14:06 | Computer Name = Pierce-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.01.2013 06:25:13 | Computer Name = Pierce-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.01.2013 07:37:56 | Computer Name = Pierce-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.01.2013 07:42:04 | Computer Name = Pierce-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.01.2013 10:34:52 | Computer Name = Pierce-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 24.01.2013 12:04:03 | Computer Name = Pierce-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 24.01.2013 12:05:45 | Computer Name = Pierce-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 24.01.2013 12:05:45 | Computer Name = Pierce-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 24.01.2013 12:05:45 | Computer Name = Pierce-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 24.01.2013 12:06:11 | Computer Name = Pierce-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 24.01.2013 12:06:11 | Computer Name = Pierce-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 24.01.2013 12:06:11 | Computer Name = Pierce-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 24.01.2013 12:06:11 | Computer Name = Pierce-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 24.01.2013 12:06:11 | Computer Name = Pierce-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 24.01.2013 12:06:11 | Computer Name = Pierce-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >
         
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 24.01.2013 17:02:58 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Pierce\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,30 Gb Available Physical Memory | 82,44% Memory free
8,00 Gb Paging File | 7,32 Gb Available in Paging File | 91,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74,43 Gb Total Space | 1,33 Gb Free Space | 1,79% Space Free | Partition Type: NTFS
Drive D: | 7,30 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 74,53 Gb Total Space | 1,95 Gb Free Space | 2,62% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 306,38 Gb Free Space | 65,78% Space Free | Partition Type: NTFS
 
Computer Name: PIERCE-PC | User Name: Pierce | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Pierce\Desktop\OTL.exe (OldTimer Tools)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.)
DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.)
DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.)
DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.)
DRV:64bit: - (P17) -- C:\Windows\SysNative\drivers\P17.sys (Creative Technology Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1890510484-2314157509-767822104-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1890510484-2314157509-767822104-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1890510484-2314157509-767822104-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1890510484-2314157509-767822104-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 49 0D FD F7 60 6D CC 01  [binary data]
IE - HKU\S-1-5-21-1890510484-2314157509-767822104-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1890510484-2314157509-767822104-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1890510484-2314157509-767822104-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.12 10:51:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.12 10:51:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.09.18 11:41:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pierce\AppData\Roaming\mozilla\Extensions
[2012.05.26 14:13:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pierce\AppData\Roaming\mozilla\Firefox\Profiles\h6wwgarx.default\extensions
[2011.12.11 22:10:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.10.12 10:51:28 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.07.03 20:58:59 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.12 10:51:27 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.03 20:58:59 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.03 20:58:59 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.03 20:58:59 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.03 20:58:59 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [P17RunE] C:\Windows\SysWow64\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1890510484-2314157509-767822104-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1890510484-2314157509-767822104-1001..\Run: [svñhîst] C:\Users\Pierce\wgsdgsdgdsgsd.exe (Softspecialists)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1890510484-2314157509-767822104-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1890510484-2314157509-767822104-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1890510484-2314157509-767822104-1001\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1890510484-2314157509-767822104-1001\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} hxxp://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.145.0.cab (Battlefield Heroes Updater)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5C3E0F8-1104-4CA2-92CA-EA220DE1FC9F}: DhcpNameServer = 192.168.2.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.10.26 17:45:39 | 000,779,496 | R--- | M] (BioWare) - D:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2009.10.26 22:21:41 | 000,000,054 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{fbab6cbb-d952-11e0-a7a5-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fbab6cbb-d952-11e0-a7a5-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe -- [2009.10.26 17:45:39 | 000,779,496 | R--- | M] (BioWare)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.24 16:52:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Pierce\Desktop\OTL.exe
[2013.01.24 12:34:12 | 000,054,784 | RHS- | C] (Softspecialists) -- C:\Users\Pierce\wgsdgsdgdsgsd.exe
[2013.01.22 23:05:14 | 000,000,000 | ---D | C] -- C:\Users\Pierce\AppData\Roaming\Indicium Technologies
[2013.01.22 23:04:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2013.01.22 23:04:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2013.01.22 23:02:25 | 000,000,000 | ---D | C] -- C:\Users\Pierce\Documents\EveHQ
[2013.01.22 23:01:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EveHQ
[2013.01.22 23:01:44 | 000,000,000 | ---D | C] -- C:\Users\Pierce\AppData\Roaming\EveHQ
[2013.01.22 22:46:57 | 000,000,000 | ---D | C] -- C:\Users\Pierce\AppData\Local\EveMeep3
[2013.01.22 22:45:27 | 000,000,000 | ---D | C] -- C:\Users\Pierce\Documents\EveMeep
[2013.01.22 22:44:46 | 000,000,000 | ---D | C] -- C:\Users\Pierce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Evemeep3
[2013.01.22 22:33:16 | 000,000,000 | ---D | C] -- C:\Users\Pierce\AppData\Roaming\EVEMon
[2013.01.22 22:33:13 | 000,000,000 | ---D | C] -- C:\Users\Pierce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVEMon
[2013.01.22 21:37:20 | 000,000,000 | ---D | C] -- C:\Users\Pierce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Custom Salem Updater
[2013.01.22 19:49:21 | 000,000,000 | ---D | C] -- C:\Users\Pierce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firaxis Games
[2013.01.20 18:52:19 | 000,000,000 | ---D | C] -- C:\Users\Pierce\.salem
[2013.01.20 18:51:48 | 000,000,000 | ---D | C] -- C:\Users\Pierce\Salem
[2013.01.14 13:29:46 | 000,000,000 | ---D | C] -- C:\Users\Pierce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CoH Community Mappack
[2013.01.11 05:13:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.01.11 05:13:53 | 000,260,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.01.11 05:13:50 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.01.11 05:13:50 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.01.11 05:13:50 | 000,095,184 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.01.11 05:13:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.01.11 00:44:24 | 000,000,000 | ---D | C] -- C:\Users\Pierce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blitzkrieg Mod
[2013.01.09 23:32:49 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.01.09 23:32:49 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.01.09 23:32:44 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013.01.09 23:32:39 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013.01.02 00:05:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA
[2012.12.25 19:38:39 | 000,000,000 | ---D | C] -- C:\Users\Pierce\AppData\Local\Programs
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.24 16:52:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pierce\Desktop\OTL.exe
[2013.01.24 15:37:14 | 001,613,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.24 15:37:14 | 000,696,848 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.24 15:37:14 | 000,652,166 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.24 15:37:14 | 000,148,144 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.24 15:37:14 | 000,121,098 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.24 15:33:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.24 15:32:59 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.24 12:47:28 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.24 12:47:28 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.24 12:40:20 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.24 12:34:12 | 000,054,784 | RHS- | M] (Softspecialists) -- C:\Users\Pierce\wgsdgsdgdsgsd.exe
[2013.01.24 12:29:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.22 23:01:45 | 000,002,543 | ---- | M] () -- C:\Users\Public\Desktop\EveHQ.lnk
[2013.01.22 22:46:55 | 000,000,963 | ---- | M] () -- C:\Users\Pierce\Desktop\EveMeep3.exe - Verknüpfung.lnk
[2013.01.22 21:37:20 | 000,002,173 | ---- | M] () -- C:\Users\Pierce\Desktop\Custom Salem Updater.lnk
[2013.01.22 19:58:27 | 000,001,132 | ---- | M] () -- C:\Users\Pierce\Desktop\Civ4BeyondSword.exe - Verknüpfung.lnk
[2013.01.22 19:17:51 | 000,000,201 | ---- | M] () -- C:\Users\Pierce\Desktop\Total War SHOGUN 2.url
[2013.01.16 13:42:28 | 000,000,000 | ---- | M] () -- C:\Users\Pierce\Documents\ts3_clientui-win64-1351504843-2013-01-16 13_42_28.775139.dmp
[2013.01.16 13:30:43 | 000,000,000 | ---- | M] () -- C:\Users\Pierce\Documents\ts3_clientui-win64-1351504843-2013-01-16 13_30_43.780445.dmp
[2013.01.16 13:07:21 | 000,000,000 | ---- | M] () -- C:\Users\Pierce\Documents\ts3_clientui-win64-1351090895-2013-01-16 13_07_21.264356.dmp
[2013.01.11 05:13:46 | 000,859,072 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.01.11 05:13:46 | 000,779,704 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.01.11 05:13:46 | 000,260,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.01.11 05:13:46 | 000,174,000 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.01.11 05:13:46 | 000,173,992 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.01.11 05:13:46 | 000,095,184 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.01.11 00:50:20 | 000,000,671 | ---- | M] () -- C:\Users\Pierce\Desktop\Blitzkrieg Mod.lnk
[2013.01.10 15:23:39 | 000,294,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.10 03:07:04 | 001,590,370 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.01 23:18:05 | 000,000,202 | ---- | M] () -- C:\Users\Pierce\Desktop\Terraria.url
[2012.12.30 19:52:05 | 000,111,928 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.12.30 19:21:29 | 000,111,928 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
 
========== Files Created - No Company Name ==========
 
[2013.01.22 23:01:45 | 000,002,543 | ---- | C] () -- C:\Users\Public\Desktop\EveHQ.lnk
[2013.01.22 22:46:55 | 000,000,963 | ---- | C] () -- C:\Users\Pierce\Desktop\EveMeep3.exe - Verknüpfung.lnk
[2013.01.22 19:57:25 | 000,001,132 | ---- | C] () -- C:\Users\Pierce\Desktop\Civ4BeyondSword.exe - Verknüpfung.lnk
[2013.01.22 19:17:50 | 000,000,201 | ---- | C] () -- C:\Users\Pierce\Desktop\Total War SHOGUN 2.url
[2013.01.20 18:51:48 | 000,002,173 | ---- | C] () -- C:\Users\Pierce\Desktop\Custom Salem Updater.lnk
[2013.01.16 13:42:28 | 000,000,000 | ---- | C] () -- C:\Users\Pierce\Documents\ts3_clientui-win64-1351504843-2013-01-16 13_42_28.775139.dmp
[2013.01.16 13:30:43 | 000,000,000 | ---- | C] () -- C:\Users\Pierce\Documents\ts3_clientui-win64-1351504843-2013-01-16 13_30_43.780445.dmp
[2013.01.16 13:07:21 | 000,000,000 | ---- | C] () -- C:\Users\Pierce\Documents\ts3_clientui-win64-1351090895-2013-01-16 13_07_21.264356.dmp
[2013.01.11 00:44:26 | 000,000,671 | ---- | C] () -- C:\Users\Pierce\Desktop\Blitzkrieg Mod.lnk
[2013.01.02 00:04:39 | 001,590,370 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.01 23:18:05 | 000,000,202 | ---- | C] () -- C:\Users\Pierce\Desktop\Terraria.url
[2012.12.24 01:47:30 | 000,000,218 | ---- | C] () -- C:\Users\Pierce\.recently-used.xbel
[2012.07.04 06:34:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.07.04 06:34:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.06.22 17:09:21 | 000,000,529 | ---- | C] () -- C:\Windows\eReg.dat
[2012.04.18 19:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.02.17 19:44:28 | 000,111,928 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.02.17 19:43:20 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.01.28 16:16:14 | 000,000,000 | ---- | C] () -- C:\Users\Pierce\AppData\Local\{09D142B4-77A4-422D-B189-37377C6E1C0C}
[2012.01.26 18:48:17 | 000,000,000 | ---- | C] () -- C:\Users\Pierce\AppData\Local\{FB9017D5-3234-4A21-AF85-B52229339836}
[2011.12.10 14:28:20 | 000,000,000 | ---- | C] () -- C:\Users\Pierce\AppData\Local\{D5F8C78D-0B4F-4534-8DB6-9A0E362D4C55}
[2011.12.10 14:27:19 | 000,000,000 | ---- | C] () -- C:\Users\Pierce\AppData\Local\{08C478D6-61CE-4DA4-96C4-A325A98F0A94}
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.09.07 14:19:46 | 000,166,912 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011.09.07 14:19:46 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011.09.07 14:13:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.08.03 19:18:22 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\.minecraft
[2012.03.01 22:23:03 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\.minecraft - Kopie
[2012.03.04 16:16:09 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\.minecraft versionen
[2013.01.24 12:01:01 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\.purple
[2012.01.20 06:42:09 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\.spoutcraft
[2012.01.09 19:05:34 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\.spoutcraft - Kopie
[2012.10.12 18:54:16 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\.techniclauncher
[2011.09.11 17:38:55 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\ArmA II Launcher
[2012.01.09 11:29:19 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\bandicraft
[2012.06.22 17:53:52 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\CPUControl
[2011.09.09 19:54:20 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\DAEMON Tools Lite
[2013.01.22 23:07:24 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\EveHQ
[2013.01.22 22:33:21 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\EVEMon
[2012.12.23 19:57:43 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\gtk-2.0
[2013.01.24 12:35:15 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\ICQ
[2013.01.22 23:05:14 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\Indicium Technologies
[2012.05.06 15:51:20 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\Kalypso Media
[2011.09.11 14:17:03 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\Leadertech
[2013.01.23 01:19:35 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\Mumble
[2012.01.09 19:05:16 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\Neuer Ordner
[2011.10.08 12:06:25 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\OpenOffice.org
[2012.07.13 19:20:57 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\six-updater
[2011.09.11 12:34:27 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\six-zsync
[2012.11.04 18:51:57 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\Tropico 4
[2013.01.24 00:55:18 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\TS3Client
[2012.07.12 09:25:05 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\ts3overlay
[2012.07.12 10:22:13 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\TSNotifier
[2012.07.30 22:39:00 | 000,000,000 | ---D | M] -- C:\Users\Pierce\AppData\Roaming\wargaming.net
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 4096 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys
@Alternate Data Stream - 3584 bytes -> C:\ProgramData:gs5sys
@Alternate Data Stream - 1536 bytes -> C:\Users\Pierce\Documents\desktop.ini:gs5sys
@Alternate Data Stream - 1536 bytes -> C:\Users\Pierce\Desktop\desktop.ini:gs5sys

< End of report >
         
--- --- ---


Alt 24.01.2013, 17:21   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner - Standard

GVU Trojaner



Zitat:
evtl kann man die logs ja wieder löschen
Sagmal warum liest du meine Hinweise denn nicht?!
__________________
--> GVU Trojaner

Alt 24.01.2013, 17:28   #7
Trummel
 
GVU Trojaner - Standard

GVU Trojaner



Sry habe es eh gelesen bloß was soll ich machen da steht ja überall der Name.
Oder habe ich sonst noch was falsch gemacht.

Gruss

Alt 24.01.2013, 21:44   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner - Standard

GVU Trojaner



Du hättest ja auch vorher editieren und dann erst posten müssen...ich bin nicht für das nachträgliche Editieren von Logs berechtigt! Auch wenn ich es technisch gesehen machen könnte
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.01.2013, 22:11   #9
Trummel
 
GVU Trojaner - Standard

GVU Trojaner



Hatte es dann im post nochmal probiert aber die 60 min waren schon abgelaufen.
Ich hoffe einfach mal das es nicht so schlimm ist da es ja nicht mein Name ist.
Dachte nur das man evtl sachen da auslesen kann die evtl nicht für dauer öffentlich sein sollten.

Gruß

Alt 24.01.2013, 22:25   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner - Standard

GVU Trojaner



Das Editieren macht man im lokalen Texteditor NOTEPAD vor dem Posten hier im Forum
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.01.2013, 22:33   #11
Trummel
 
GVU Trojaner - Standard

GVU Trojaner



Ja das ist mir jetzt auch klar habe da wohl doch überstürzt gehandelt
Kannst du mir schon was zur auswertung sagen?

gruß

Alt 24.01.2013, 22:42   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner - Standard

GVU Trojaner



Ok, hier der Fix, teste bitte danach ob sich Windows normal und nicht nur abgesichert hochfahren lässt

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
O4 - HKU\S-1-5-21-1890510484-2314157509-767822104-1001..\Run: [svñhîst] C:\Users\Pierce\wgsdgsdgdsgsd.exe (Softspecialists)
@Alternate Data Stream - 4096 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys
@Alternate Data Stream - 3584 bytes -> C:\ProgramData:gs5sys
@Alternate Data Stream - 1536 bytes -> C:\Users\Pierce\Documents\desktop.ini:gs5sys
@Alternate Data Stream - 1536 bytes -> C:\Users\Pierce\Desktop\desktop.ini:gs5sys
:Files
C:\Users\Pierce\wgsdgsdgdsgsd.exe
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.01.2013, 23:06   #13
Trummel
 
GVU Trojaner - Standard

GVU Trojaner



So der Pc fährt jetzt wieder normal hoch.
Aber oben links ist für kurze zeit immer noch so ein kleines dos Fenster zu sehn.



Code:
ATTFilter
 
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1890510484-2314157509-767822104-1001\Software\Microsoft\Windows\CurrentVersion\Run\\svñhîst deleted successfully.
C:\Users\*****\wgsdgsdgdsgsd.exe moved successfully.
ADS C:\Users\Public\Documents\desktop.ini:gs5sys deleted successfully.
ADS C:\ProgramData:gs5sys deleted successfully.
ADS C:\Users\*****\Documents\desktop.ini:gs5sys deleted successfully.
ADS C:\Users\*****\Desktop\desktop.ini:gs5sys deleted successfully.
========== FILES ==========
File\Folder C:\Users\*****\wgsdgsdgdsgsd.exe not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\*****\Desktop\cmd.bat deleted successfully.
C:\Users\*****\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: mods
 
User: *****
->Temp folder emptied: 468703452 bytes
->Temporary Internet Files folder emptied: 1279781421 bytes
->Java cache emptied: 78662 bytes
->FireFox cache emptied: 328853056 bytes
->Flash cache emptied: 616 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 388241876 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 9917 bytes
 
Total Files Cleaned = 2.351,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 01242013_224728

Files\Folders moved on Reboot...
C:\Users\*****\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Alt 25.01.2013, 12:06   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner - Standard

GVU Trojaner



Wir sind ja auch noch lange nicht fertig!

1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.01.2013, 15:34   #15
Trummel
 
GVU Trojaner - Standard

GVU Trojaner



Hallo
Erstmal möchte ich mich schon mal für deine Hilfe bedanken.
Finde es richtig klasse wie einem hier im Board geholfen wird.


Gruß


Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-25 15:07:37
-----------------------------
15:07:37.245    OS Version: Windows x64 6.1.7601 Service Pack 1
15:07:37.245    Number of processors: 4 586 0x1707
15:07:37.245    ComputerName: *****-PC  UserName: *****
15:07:37.542    Initialize success
15:08:45.768    AVAST engine defs: 13012500
15:09:28.529    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
15:09:28.531    Disk 0 Vendor: INTEL_SSDSA2M080G2GC 2CV102M3 Size: 76319MB BusType: 3
15:09:28.534    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-4
15:09:28.536    Disk 1 Vendor: INTEL_SSDSA2MH080G1GC 045C8820 Size: 76319MB BusType: 3
15:09:28.539    Disk 2  \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP0T0L0-0
15:09:28.541    Disk 2 Vendor: ST3500630A 3.AAF Size: 476940MB BusType: 3
15:09:28.544    Disk 0 MBR read successfully
15:09:28.549    Disk 0 MBR scan
15:09:28.554    Disk 0 Windows 7 default MBR code
15:09:28.556    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
15:09:28.561    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        76217 MB offset 206848
15:09:28.571    Disk 0 scanning C:\Windows\system32\drivers
15:09:31.556    Service scanning
15:09:38.894    Modules scanning
15:09:38.901    Disk 0 trace - called modules:
15:09:38.909    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys 
15:09:38.914    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003ea8060]
15:09:38.919    3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa8003cb1520]
15:09:38.924    5 ACPI.sys[fffff88000fb07a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0xfffffa8003cad680]
15:09:39.174    AVAST engine scan C:\Windows
15:09:39.564    AVAST engine scan C:\Windows\system32
15:10:59.337    AVAST engine scan C:\Windows\system32\drivers
15:11:02.705    AVAST engine scan C:\Users\*****
15:12:17.996    AVAST engine scan C:\ProgramData
15:12:37.629    Scan finished successfully
15:13:35.975    Disk 0 MBR has been saved successfully to "C:\Users\*****\Desktop\MBR.dat"
15:13:35.975    The log file has been saved successfully to "C:\Users\*****\Desktop\aswMBR.txt"
         

Code:
ATTFilter
15:19:01.0301 2560  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:19:01.0401 2560  ============================================================
15:19:01.0401 2560  Current date / time: 2013/01/25 15:19:01.0401
15:19:01.0401 2560  SystemInfo:
15:19:01.0401 2560  
15:19:01.0401 2560  OS Version: 6.1.7601 ServicePack: 1.0
15:19:01.0401 2560  Product type: Workstation
15:19:01.0401 2560  ComputerName: *****-PC
15:19:01.0403 2560  UserName: *****
15:19:01.0403 2560  Windows directory: C:\Windows
15:19:01.0403 2560  System windows directory: C:\Windows
15:19:01.0403 2560  Running under WOW64
15:19:01.0403 2560  Processor architecture: Intel x64
15:19:01.0403 2560  Number of processors: 4
15:19:01.0403 2560  Page size: 0x1000
15:19:01.0403 2560  Boot type: Normal boot
15:19:01.0403 2560  ============================================================
15:19:09.0179 2560  Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:19:09.0179 2560  Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x8F74, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
15:19:09.0179 2560  Drive \Device\Harddisk1\DR1 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:19:09.0179 2560  ============================================================
15:19:09.0179 2560  \Device\Harddisk2\DR2:
15:19:09.0179 2560  MBR partitions:
15:19:09.0179 2560  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
15:19:09.0179 2560  \Device\Harddisk0\DR0:
15:19:09.0179 2560  MBR partitions:
15:19:09.0179 2560  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:19:09.0179 2560  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x94DC800
15:19:09.0179 2560  \Device\Harddisk1\DR1:
15:19:09.0179 2560  MBR partitions:
15:19:09.0179 2560  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x950E800
15:19:09.0179 2560  ============================================================
15:19:09.0179 2560  C: <-> \Device\Harddisk0\DR0\Partition2
15:19:09.0179 2560  E: <-> \Device\Harddisk1\DR1\Partition1
15:19:09.0210 2560  F: <-> \Device\Harddisk2\DR2\Partition1
15:19:09.0210 2560  ============================================================
15:19:09.0210 2560  Initialize success
15:19:09.0210 2560  ============================================================
15:22:09.0249 0564  ============================================================
15:22:09.0249 0564  Scan started
15:22:09.0249 0564  Mode: Manual; SigCheck; TDLFS; 
15:22:09.0249 0564  ============================================================
15:22:09.0829 0564  ================ Scan system memory ========================
15:22:09.0829 0564  System memory - ok
15:22:09.0829 0564  ================ Scan services =============================
15:22:09.0867 0564  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:22:09.0912 0564  1394ohci - ok
15:22:09.0919 0564  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:22:09.0934 0564  ACPI - ok
15:22:09.0939 0564  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:22:09.0962 0564  AcpiPmi - ok
15:22:09.0967 0564  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:22:09.0977 0564  AdobeARMservice - ok
15:22:09.0984 0564  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
15:22:10.0004 0564  adp94xx - ok
15:22:10.0012 0564  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
15:22:10.0027 0564  adpahci - ok
15:22:10.0032 0564  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
15:22:10.0044 0564  adpu320 - ok
15:22:10.0049 0564  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:22:10.0102 0564  AeLookupSvc - ok
15:22:10.0112 0564  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
15:22:10.0129 0564  AFD - ok
15:22:10.0134 0564  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
15:22:10.0144 0564  agp440 - ok
15:22:10.0149 0564  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
15:22:10.0164 0564  ALG - ok
15:22:10.0167 0564  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:22:10.0177 0564  aliide - ok
15:22:10.0184 0564  [ E20DDDFBD0DBE7D8EAD4D7A51D654367 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:22:10.0209 0564  AMD External Events Utility - ok
15:22:10.0212 0564  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
15:22:10.0222 0564  amdide - ok
15:22:10.0227 0564  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
15:22:10.0239 0564  AmdK8 - ok
15:22:10.0359 0564  [ 4284FB1240537A33E6EC417EFD87D40F ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
15:22:10.0539 0564  amdkmdag - ok
15:22:10.0549 0564  [ 6C25C497E05EFD0CB6033A0444FC9B51 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
15:22:10.0569 0564  amdkmdap - ok
15:22:10.0572 0564  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
15:22:10.0584 0564  AmdPPM - ok
15:22:10.0587 0564  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:22:10.0599 0564  amdsata - ok
15:22:10.0604 0564  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
15:22:10.0617 0564  amdsbs - ok
15:22:10.0622 0564  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:22:10.0632 0564  amdxata - ok
15:22:10.0639 0564  [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:22:10.0647 0564  AntiVirSchedulerService - ok
15:22:10.0652 0564  [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:22:10.0659 0564  AntiVirService - ok
15:22:10.0664 0564  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
15:22:10.0739 0564  AppID - ok
15:22:10.0742 0564  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:22:10.0772 0564  AppIDSvc - ok
15:22:10.0777 0564  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
15:22:10.0807 0564  Appinfo - ok
15:22:10.0812 0564  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
15:22:10.0822 0564  arc - ok
15:22:10.0827 0564  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
15:22:10.0837 0564  arcsas - ok
15:22:10.0852 0564  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:22:10.0862 0564  aspnet_state - ok
15:22:10.0864 0564  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:22:10.0894 0564  AsyncMac - ok
15:22:10.0899 0564  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
15:22:10.0909 0564  atapi - ok
15:22:10.0914 0564  [ 24464B908E143D2561E9E452FEE97309 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
15:22:10.0929 0564  AtiHDAudioService - ok
15:22:11.0049 0564  [ 4284FB1240537A33E6EC417EFD87D40F ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
15:22:11.0167 0564  atikmdag - ok
15:22:11.0179 0564  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:22:11.0217 0564  AudioEndpointBuilder - ok
15:22:11.0227 0564  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:22:11.0259 0564  AudioSrv - ok
15:22:11.0264 0564  [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
15:22:11.0274 0564  avgntflt - ok
15:22:11.0279 0564  [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
15:22:11.0289 0564  avipbb - ok
15:22:11.0294 0564  [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
15:22:11.0302 0564  avkmgr - ok
15:22:11.0307 0564  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:22:11.0329 0564  AxInstSV - ok
15:22:11.0337 0564  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
15:22:11.0354 0564  b06bdrv - ok
15:22:11.0359 0564  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:22:11.0374 0564  b57nd60a - ok
15:22:11.0382 0564  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:22:11.0394 0564  BDESVC - ok
15:22:11.0397 0564  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:22:11.0427 0564  Beep - ok
15:22:11.0437 0564  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
15:22:11.0474 0564  BFE - ok
15:22:11.0487 0564  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
15:22:11.0527 0564  BITS - ok
15:22:11.0532 0564  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:22:11.0542 0564  blbdrive - ok
15:22:11.0547 0564  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:22:11.0557 0564  bowser - ok
15:22:11.0562 0564  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
15:22:11.0574 0564  BrFiltLo - ok
15:22:11.0579 0564  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
15:22:11.0592 0564  BrFiltUp - ok
15:22:11.0597 0564  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
15:22:11.0609 0564  Browser - ok
15:22:11.0614 0564  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:22:11.0632 0564  Brserid - ok
15:22:11.0634 0564  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:22:11.0649 0564  BrSerWdm - ok
15:22:11.0652 0564  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:22:11.0664 0564  BrUsbMdm - ok
15:22:11.0669 0564  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:22:11.0679 0564  BrUsbSer - ok
15:22:11.0684 0564  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
15:22:11.0697 0564  BTHMODEM - ok
15:22:11.0702 0564  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
15:22:11.0732 0564  bthserv - ok
15:22:11.0737 0564  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:22:11.0767 0564  cdfs - ok
15:22:11.0772 0564  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:22:11.0784 0564  cdrom - ok
15:22:11.0789 0564  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
15:22:11.0819 0564  CertPropSvc - ok
15:22:11.0822 0564  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
15:22:11.0834 0564  circlass - ok
15:22:11.0842 0564  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
15:22:11.0857 0564  CLFS - ok
15:22:11.0864 0564  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:22:11.0874 0564  clr_optimization_v2.0.50727_32 - ok
15:22:11.0882 0564  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:22:11.0889 0564  clr_optimization_v2.0.50727_64 - ok
15:22:11.0902 0564  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:22:11.0912 0564  clr_optimization_v4.0.30319_32 - ok
15:22:11.0914 0564  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:22:11.0924 0564  clr_optimization_v4.0.30319_64 - ok
15:22:11.0927 0564  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
15:22:11.0939 0564  CmBatt - ok
15:22:11.0944 0564  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:22:11.0952 0564  cmdide - ok
15:22:11.0962 0564  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
15:22:11.0987 0564  CNG - ok
15:22:11.0989 0564  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
15:22:11.0999 0564  Compbatt - ok
15:22:12.0004 0564  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
15:22:12.0017 0564  CompositeBus - ok
15:22:12.0019 0564  COMSysApp - ok
15:22:12.0022 0564  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
15:22:12.0032 0564  crcdisk - ok
15:22:12.0037 0564  [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
15:22:12.0042 0564  Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
15:22:12.0042 0564  Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
15:22:12.0049 0564  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:22:12.0062 0564  CryptSvc - ok
15:22:12.0069 0564  [ 69CDBA2B9C397E349A04FA70DD9170A2 ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
15:22:12.0074 0564  CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
15:22:12.0074 0564  CTAudSvcService - detected UnsignedFile.Multi.Generic (1)
15:22:12.0084 0564  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:22:12.0122 0564  DcomLaunch - ok
15:22:12.0129 0564  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
15:22:12.0162 0564  defragsvc - ok
15:22:12.0167 0564  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:22:12.0194 0564  DfsC - ok
15:22:12.0202 0564  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:22:12.0217 0564  Dhcp - ok
15:22:12.0222 0564  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
15:22:12.0252 0564  discache - ok
15:22:12.0254 0564  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
15:22:12.0267 0564  Disk - ok
15:22:12.0272 0564  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:22:12.0284 0564  Dnscache - ok
15:22:12.0289 0564  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:22:12.0322 0564  dot3svc - ok
15:22:12.0327 0564  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
15:22:12.0359 0564  DPS - ok
15:22:12.0362 0564  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:22:12.0374 0564  drmkaud - ok
15:22:12.0382 0564  [ D3D64CF7B2BCEAA34A270F45A3FFFB36 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:22:12.0394 0564  dtsoftbus01 - ok
15:22:12.0407 0564  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:22:12.0434 0564  DXGKrnl - ok
15:22:12.0439 0564  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
15:22:12.0469 0564  EapHost - ok
15:22:12.0504 0564  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
15:22:12.0557 0564  ebdrv - ok
15:22:12.0562 0564  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
15:22:12.0574 0564  EFS - ok
15:22:12.0584 0564  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:22:12.0607 0564  ehRecvr - ok
15:22:12.0612 0564  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
15:22:12.0624 0564  ehSched - ok
15:22:12.0632 0564  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
15:22:12.0652 0564  elxstor - ok
15:22:12.0654 0564  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:22:12.0667 0564  ErrDev - ok
15:22:12.0677 0564  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
15:22:12.0712 0564  EventSystem - ok
15:22:12.0717 0564  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
15:22:12.0749 0564  exfat - ok
15:22:12.0754 0564  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:22:12.0787 0564  fastfat - ok
15:22:12.0797 0564  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
15:22:12.0817 0564  Fax - ok
15:22:12.0822 0564  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
15:22:12.0832 0564  fdc - ok
15:22:12.0837 0564  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
15:22:12.0867 0564  fdPHost - ok
15:22:12.0869 0564  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:22:12.0899 0564  FDResPub - ok
15:22:12.0902 0564  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:22:12.0914 0564  FileInfo - ok
15:22:12.0917 0564  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:22:12.0947 0564  Filetrace - ok
15:22:12.0952 0564  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:22:12.0962 0564  flpydisk - ok
15:22:12.0969 0564  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:22:12.0984 0564  FltMgr - ok
15:22:12.0997 0564  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
15:22:13.0024 0564  FontCache - ok
15:22:13.0029 0564  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:22:13.0037 0564  FontCache3.0.0.0 - ok
15:22:13.0039 0564  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:22:13.0052 0564  FsDepends - ok
15:22:13.0054 0564  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:22:13.0064 0564  Fs_Rec - ok
15:22:13.0069 0564  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:22:13.0087 0564  fvevol - ok
15:22:13.0089 0564  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
15:22:13.0102 0564  gagp30kx - ok
15:22:13.0112 0564  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
15:22:13.0149 0564  gpsvc - ok
15:22:13.0154 0564  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:22:13.0164 0564  gupdate - ok
15:22:13.0167 0564  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:22:13.0177 0564  gupdatem - ok
15:22:13.0182 0564  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:22:13.0192 0564  gusvc - ok
15:22:13.0197 0564  [ F8F0851D336C3B88DBD7232B6348E09A ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
15:22:13.0204 0564  hamachi - ok
15:22:13.0209 0564  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:22:13.0219 0564  hcw85cir - ok
15:22:13.0227 0564  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:22:13.0244 0564  HdAudAddService - ok
15:22:13.0249 0564  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
15:22:13.0264 0564  HDAudBus - ok
15:22:13.0267 0564  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
15:22:13.0279 0564  HidBatt - ok
15:22:13.0284 0564  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
15:22:13.0297 0564  HidBth - ok
15:22:13.0302 0564  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
15:22:13.0314 0564  HidIr - ok
15:22:13.0317 0564  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
15:22:13.0347 0564  hidserv - ok
15:22:13.0352 0564  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:22:13.0362 0564  HidUsb - ok
15:22:13.0367 0564  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:22:13.0397 0564  hkmsvc - ok
15:22:13.0402 0564  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:22:13.0417 0564  HomeGroupListener - ok
15:22:13.0422 0564  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:22:13.0434 0564  HomeGroupProvider - ok
15:22:13.0439 0564  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:22:13.0449 0564  HpSAMD - ok
15:22:13.0459 0564  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:22:13.0499 0564  HTTP - ok
15:22:13.0502 0564  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:22:13.0512 0564  hwpolicy - ok
15:22:13.0517 0564  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
15:22:13.0529 0564  i8042prt - ok
15:22:13.0537 0564  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:22:13.0554 0564  iaStorV - ok
15:22:13.0564 0564  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:22:13.0587 0564  idsvc - ok
15:22:13.0592 0564  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
15:22:13.0602 0564  iirsp - ok
15:22:13.0614 0564  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
15:22:13.0654 0564  IKEEXT - ok
15:22:13.0659 0564  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
15:22:13.0672 0564  intelide - ok
15:22:13.0674 0564  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:22:13.0687 0564  intelppm - ok
15:22:13.0689 0564  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:22:13.0719 0564  IPBusEnum - ok
15:22:13.0724 0564  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:22:13.0752 0564  IpFilterDriver - ok
15:22:13.0762 0564  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:22:13.0782 0564  iphlpsvc - ok
15:22:13.0784 0564  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:22:13.0797 0564  IPMIDRV - ok
15:22:13.0802 0564  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:22:13.0832 0564  IPNAT - ok
15:22:13.0837 0564  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:22:13.0852 0564  IRENUM - ok
15:22:13.0854 0564  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:22:13.0864 0564  isapnp - ok
15:22:13.0872 0564  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:22:13.0887 0564  iScsiPrt - ok
15:22:13.0889 0564  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:22:13.0902 0564  kbdclass - ok
15:22:13.0904 0564  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:22:13.0914 0564  kbdhid - ok
15:22:13.0919 0564  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
15:22:13.0929 0564  KeyIso - ok
15:22:13.0932 0564  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:22:13.0944 0564  KSecDD - ok
15:22:13.0949 0564  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:22:13.0962 0564  KSecPkg - ok
15:22:13.0967 0564  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
15:22:13.0997 0564  ksthunk - ok
15:22:14.0004 0564  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:22:14.0037 0564  KtmRm - ok
15:22:14.0044 0564  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:22:14.0074 0564  LanmanServer - ok
15:22:14.0079 0564  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:22:14.0112 0564  LanmanWorkstation - ok
15:22:14.0119 0564  [ 19EFF704CD16DD0429E128431F1DD631 ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
15:22:14.0134 0564  LBTServ - ok
15:22:14.0139 0564  [ 1074C77A47835E03C15BF92452F9A750 ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
15:22:14.0147 0564  LHidFilt - ok
15:22:14.0152 0564  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:22:14.0182 0564  lltdio - ok
15:22:14.0189 0564  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:22:14.0222 0564  lltdsvc - ok
15:22:14.0227 0564  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:22:14.0257 0564  lmhosts - ok
15:22:14.0259 0564  [ 96999C364C649E2866A268F7420A304A ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
15:22:14.0269 0564  LMouFilt - ok
15:22:14.0277 0564  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
15:22:14.0287 0564  LSI_FC - ok
15:22:14.0292 0564  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
15:22:14.0302 0564  LSI_SAS - ok
15:22:14.0307 0564  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
15:22:14.0317 0564  LSI_SAS2 - ok
15:22:14.0322 0564  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
15:22:14.0332 0564  LSI_SCSI - ok
15:22:14.0337 0564  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
15:22:14.0367 0564  luafv - ok
15:22:14.0372 0564  [ 11DDB1D900078FBE3691DF7B878AEC28 ] LUsbFilt        C:\Windows\system32\Drivers\LUsbFilt.Sys
15:22:14.0382 0564  LUsbFilt - ok
15:22:14.0384 0564  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:22:14.0397 0564  Mcx2Svc - ok
15:22:14.0402 0564  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
15:22:14.0412 0564  megasas - ok
15:22:14.0419 0564  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
15:22:14.0432 0564  MegaSR - ok
15:22:14.0437 0564  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
15:22:14.0467 0564  MMCSS - ok
15:22:14.0469 0564  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
15:22:14.0499 0564  Modem - ok
15:22:14.0509 0564  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:22:14.0524 0564  monitor - ok
15:22:14.0529 0564  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:22:14.0539 0564  mouclass - ok
15:22:14.0542 0564  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:22:14.0554 0564  mouhid - ok
15:22:14.0559 0564  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:22:14.0569 0564  mountmgr - ok
15:22:14.0574 0564  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:22:14.0584 0564  MozillaMaintenance - ok
15:22:14.0589 0564  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:22:14.0602 0564  mpio - ok
15:22:14.0604 0564  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:22:14.0634 0564  mpsdrv - ok
15:22:14.0647 0564  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:22:14.0684 0564  MpsSvc - ok
15:22:14.0692 0564  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:22:14.0707 0564  MRxDAV - ok
15:22:14.0712 0564  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:22:14.0724 0564  mrxsmb - ok
15:22:14.0732 0564  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:22:14.0744 0564  mrxsmb10 - ok
15:22:14.0749 0564  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:22:14.0759 0564  mrxsmb20 - ok
15:22:14.0762 0564  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:22:14.0774 0564  msahci - ok
15:22:14.0777 0564  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:22:14.0789 0564  msdsm - ok
15:22:14.0792 0564  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
15:22:14.0807 0564  MSDTC - ok
15:22:14.0812 0564  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:22:14.0842 0564  Msfs - ok
15:22:14.0847 0564  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:22:14.0877 0564  mshidkmdf - ok
15:22:14.0879 0564  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:22:14.0889 0564  msisadrv - ok
15:22:14.0894 0564  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:22:14.0927 0564  MSiSCSI - ok
15:22:14.0929 0564  msiserver - ok
15:22:14.0932 0564  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:22:14.0962 0564  MSKSSRV - ok
15:22:14.0964 0564  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:22:14.0994 0564  MSPCLOCK - ok
15:22:14.0999 0564  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:22:15.0029 0564  MSPQM - ok
15:22:15.0037 0564  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:22:15.0052 0564  MsRPC - ok
15:22:15.0057 0564  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
15:22:15.0067 0564  mssmbios - ok
15:22:15.0072 0564  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:22:15.0102 0564  MSTEE - ok
15:22:15.0104 0564  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
15:22:15.0114 0564  MTConfig - ok
15:22:15.0119 0564  [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
15:22:15.0129 0564  MTsensor - ok
15:22:15.0132 0564  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
15:22:15.0142 0564  Mup - ok
15:22:15.0152 0564  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
15:22:15.0187 0564  napagent - ok
15:22:15.0194 0564  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:22:15.0214 0564  NativeWifiP - ok
15:22:15.0227 0564  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:22:15.0252 0564  NDIS - ok
15:22:15.0257 0564  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:22:15.0287 0564  NdisCap - ok
15:22:15.0289 0564  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:22:15.0319 0564  NdisTapi - ok
15:22:15.0322 0564  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:22:15.0352 0564  Ndisuio - ok
15:22:15.0357 0564  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:22:15.0387 0564  NdisWan - ok
15:22:15.0392 0564  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:22:15.0419 0564  NDProxy - ok
15:22:15.0424 0564  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:22:15.0454 0564  NetBIOS - ok
15:22:15.0459 0564  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:22:15.0489 0564  NetBT - ok
15:22:15.0494 0564  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
15:22:15.0504 0564  Netlogon - ok
15:22:15.0512 0564  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
15:22:15.0547 0564  Netman - ok
15:22:15.0552 0564  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:22:15.0562 0564  NetMsmqActivator - ok
15:22:15.0577 0564  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:22:15.0587 0564  NetPipeActivator - ok
15:22:15.0594 0564  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
15:22:15.0632 0564  netprofm - ok
15:22:15.0634 0564  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:22:15.0644 0564  NetTcpActivator - ok
15:22:15.0649 0564  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:22:15.0657 0564  NetTcpPortSharing - ok
15:22:15.0659 0564  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
15:22:15.0672 0564  nfrd960 - ok
15:22:15.0677 0564  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:22:15.0692 0564  NlaSvc - ok
15:22:15.0694 0564  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:22:15.0724 0564  Npfs - ok
15:22:15.0729 0564  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
15:22:15.0759 0564  nsi - ok
15:22:15.0762 0564  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:22:15.0792 0564  nsiproxy - ok
15:22:15.0812 0564  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:22:15.0849 0564  Ntfs - ok
15:22:15.0854 0564  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
15:22:15.0882 0564  Null - ok
15:22:15.0887 0564  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:22:15.0899 0564  nvraid - ok
15:22:15.0904 0564  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:22:15.0917 0564  nvstor - ok
15:22:15.0922 0564  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:22:15.0932 0564  nv_agp - ok
15:22:15.0937 0564  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:22:15.0949 0564  ohci1394 - ok
15:22:15.0964 0564  [ EDD1DCD36F6115ACC6935C3F88FF54D7 ] P17             C:\Windows\system32\drivers\P17.sys
15:22:15.0992 0564  P17 - ok
15:22:15.0999 0564  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:22:16.0014 0564  p2pimsvc - ok
15:22:16.0024 0564  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:22:16.0039 0564  p2psvc - ok
15:22:16.0044 0564  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
15:22:16.0057 0564  Parport - ok
15:22:16.0059 0564  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:22:16.0072 0564  partmgr - ok
15:22:16.0077 0564  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:22:16.0094 0564  PcaSvc - ok
15:22:16.0099 0564  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
15:22:16.0112 0564  pci - ok
15:22:16.0117 0564  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
15:22:16.0127 0564  pciide - ok
15:22:16.0132 0564  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
15:22:16.0144 0564  pcmcia - ok
15:22:16.0149 0564  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
15:22:16.0159 0564  pcw - ok
15:22:16.0169 0564  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:22:16.0209 0564  PEAUTH - ok
15:22:16.0234 0564  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:22:16.0247 0564  PerfHost - ok
15:22:16.0269 0564  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
15:22:16.0317 0564  pla - ok
15:22:16.0324 0564  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:22:16.0342 0564  PlugPlay - ok
15:22:16.0344 0564  PnkBstrA - ok
15:22:16.0349 0564  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:22:16.0359 0564  PNRPAutoReg - ok
15:22:16.0367 0564  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:22:16.0382 0564  PNRPsvc - ok
15:22:16.0389 0564  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:22:16.0424 0564  PolicyAgent - ok
15:22:16.0432 0564  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
15:22:16.0464 0564  Power - ok
15:22:16.0469 0564  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:22:16.0499 0564  PptpMiniport - ok
15:22:16.0502 0564  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
15:22:16.0514 0564  Processor - ok
15:22:16.0519 0564  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
15:22:16.0532 0564  ProfSvc - ok
15:22:16.0537 0564  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:22:16.0547 0564  ProtectedStorage - ok
15:22:16.0552 0564  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:22:16.0582 0564  Psched - ok
15:22:16.0597 0564  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
15:22:16.0632 0564  ql2300 - ok
15:22:16.0637 0564  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
15:22:16.0649 0564  ql40xx - ok
15:22:16.0654 0564  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
15:22:16.0674 0564  QWAVE - ok
15:22:16.0677 0564  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:22:16.0692 0564  QWAVEdrv - ok
15:22:16.0697 0564  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:22:16.0724 0564  RasAcd - ok
15:22:16.0729 0564  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:22:16.0759 0564  RasAgileVpn - ok
15:22:16.0764 0564  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
15:22:16.0794 0564  RasAuto - ok
15:22:16.0799 0564  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:22:16.0829 0564  Rasl2tp - ok
15:22:16.0837 0564  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
15:22:16.0869 0564  RasMan - ok
15:22:16.0874 0564  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:22:16.0904 0564  RasPppoe - ok
15:22:16.0909 0564  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:22:16.0939 0564  RasSstp - ok
15:22:16.0947 0564  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:22:16.0977 0564  rdbss - ok
15:22:16.0982 0564  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
15:22:16.0994 0564  rdpbus - ok
15:22:16.0997 0564  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:22:17.0027 0564  RDPCDD - ok
15:22:17.0032 0564  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:22:17.0062 0564  RDPENCDD - ok
15:22:17.0067 0564  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:22:17.0097 0564  RDPREFMP - ok
15:22:17.0102 0564  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:22:17.0112 0564  RdpVideoMiniport - ok
15:22:17.0119 0564  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:22:17.0132 0564  RDPWD - ok
15:22:17.0137 0564  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:22:17.0149 0564  rdyboost - ok
15:22:17.0154 0564  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:22:17.0184 0564  RemoteAccess - ok
15:22:17.0189 0564  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:22:17.0222 0564  RemoteRegistry - ok
15:22:17.0224 0564  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:22:17.0257 0564  RpcEptMapper - ok
15:22:17.0259 0564  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
15:22:17.0272 0564  RpcLocator - ok
15:22:17.0279 0564  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
15:22:17.0312 0564  RpcSs - ok
15:22:17.0317 0564  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:22:17.0347 0564  rspndr - ok
15:22:17.0352 0564  [ ABCB5A38A0D85BDF69B7877E1AD1EED5 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
15:22:17.0374 0564  RTL8167 - ok
15:22:17.0379 0564  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
15:22:17.0389 0564  SamSs - ok
15:22:17.0394 0564  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:22:17.0404 0564  sbp2port - ok
15:22:17.0409 0564  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:22:17.0444 0564  SCardSvr - ok
15:22:17.0447 0564  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:22:17.0474 0564  scfilter - ok
15:22:17.0489 0564  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
15:22:17.0532 0564  Schedule - ok
15:22:17.0534 0564  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:22:17.0564 0564  SCPolicySvc - ok
15:22:17.0569 0564  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:22:17.0582 0564  SDRSVC - ok
15:22:17.0587 0564  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:22:17.0617 0564  secdrv - ok
15:22:17.0619 0564  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
15:22:17.0649 0564  seclogon - ok
15:22:17.0652 0564  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
15:22:17.0682 0564  SENS - ok
15:22:17.0687 0564  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:22:17.0699 0564  SensrSvc - ok
15:22:17.0702 0564  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
15:22:17.0712 0564  Serenum - ok
15:22:17.0717 0564  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
15:22:17.0727 0564  Serial - ok
15:22:17.0732 0564  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
15:22:17.0744 0564  sermouse - ok
15:22:17.0752 0564  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:22:17.0784 0564  SessionEnv - ok
15:22:17.0787 0564  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:22:17.0799 0564  sffdisk - ok
15:22:17.0802 0564  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:22:17.0817 0564  sffp_mmc - ok
15:22:17.0819 0564  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:22:17.0832 0564  sffp_sd - ok
15:22:17.0837 0564  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
15:22:17.0847 0564  sfloppy - ok
15:22:17.0854 0564  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:22:17.0887 0564  SharedAccess - ok
15:22:17.0897 0564  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:22:17.0929 0564  ShellHWDetection - ok
15:22:17.0932 0564  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
15:22:17.0942 0564  SiSRaid2 - ok
15:22:17.0947 0564  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
15:22:17.0957 0564  SiSRaid4 - ok
15:22:17.0962 0564  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:22:17.0992 0564  Smb - ok
15:22:17.0999 0564  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:22:18.0012 0564  SNMPTRAP - ok
15:22:18.0014 0564  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:22:18.0027 0564  spldr - ok
15:22:18.0034 0564  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
15:22:18.0052 0564  Spooler - ok
15:22:18.0089 0564  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
15:22:18.0162 0564  sppsvc - ok
15:22:18.0167 0564  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:22:18.0197 0564  sppuinotify - ok
15:22:18.0204 0564  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:22:18.0222 0564  srv - ok
15:22:18.0229 0564  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:22:18.0247 0564  srv2 - ok
15:22:18.0252 0564  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:22:18.0264 0564  srvnet - ok
15:22:18.0269 0564  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:22:18.0304 0564  SSDPSRV - ok
15:22:18.0307 0564  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:22:18.0339 0564  SstpSvc - ok
15:22:18.0342 0564  Steam Client Service - ok
15:22:18.0347 0564  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
15:22:18.0357 0564  stexstor - ok
15:22:18.0367 0564  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
15:22:18.0389 0564  stisvc - ok
15:22:18.0394 0564  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
15:22:18.0404 0564  swenum - ok
15:22:18.0414 0564  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
15:22:18.0452 0564  swprv - ok
15:22:18.0472 0564  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
15:22:18.0509 0564  SysMain - ok
15:22:18.0514 0564  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:22:18.0532 0564  TabletInputService - ok
15:22:18.0539 0564  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:22:18.0572 0564  TapiSrv - ok
15:22:18.0574 0564  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
15:22:18.0607 0564  TBS - ok
15:22:18.0627 0564  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:22:18.0669 0564  Tcpip - ok
15:22:18.0692 0564  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:22:18.0724 0564  TCPIP6 - ok
15:22:18.0729 0564  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:22:18.0739 0564  tcpipreg - ok
15:22:18.0744 0564  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:22:18.0757 0564  TDPIPE - ok
15:22:18.0759 0564  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:22:18.0772 0564  TDTCP - ok
15:22:18.0777 0564  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:22:18.0804 0564  tdx - ok
15:22:18.0809 0564  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
15:22:18.0819 0564  TermDD - ok
15:22:18.0829 0564  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
15:22:18.0869 0564  TermService - ok
15:22:18.0874 0564  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
15:22:18.0889 0564  Themes - ok
15:22:18.0894 0564  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
15:22:18.0924 0564  THREADORDER - ok
15:22:18.0929 0564  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
15:22:18.0959 0564  TrkWks - ok
15:22:18.0964 0564  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:22:18.0994 0564  TrustedInstaller - ok
15:22:18.0999 0564  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:22:19.0027 0564  tssecsrv - ok
15:22:19.0032 0564  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:22:19.0042 0564  TsUsbFlt - ok
15:22:19.0047 0564  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
15:22:19.0057 0564  TsUsbGD - ok
15:22:19.0062 0564  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:22:19.0092 0564  tunnel - ok
15:22:19.0097 0564  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
15:22:19.0107 0564  uagp35 - ok
15:22:19.0114 0564  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:22:19.0144 0564  udfs - ok
15:22:19.0152 0564  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:22:19.0164 0564  UI0Detect - ok
15:22:19.0169 0564  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:22:19.0179 0564  uliagpkx - ok
15:22:19.0184 0564  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
15:22:19.0194 0564  umbus - ok
15:22:19.0199 0564  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
15:22:19.0209 0564  UmPass - ok
15:22:19.0217 0564  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
15:22:19.0252 0564  upnphost - ok
15:22:19.0254 0564  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:22:19.0267 0564  usbccgp - ok
15:22:19.0269 0564  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:22:19.0284 0564  usbcir - ok
15:22:19.0289 0564  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
15:22:19.0299 0564  usbehci - ok
15:22:19.0307 0564  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:22:19.0319 0564  usbhub - ok
15:22:19.0324 0564  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
15:22:19.0334 0564  usbohci - ok
15:22:19.0339 0564  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
15:22:19.0352 0564  usbprint - ok
15:22:19.0354 0564  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:22:19.0367 0564  USBSTOR - ok
15:22:19.0369 0564  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
15:22:19.0379 0564  usbuhci - ok
15:22:19.0384 0564  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
15:22:19.0417 0564  UxSms - ok
15:22:19.0419 0564  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
15:22:19.0432 0564  VaultSvc - ok
15:22:19.0434 0564  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:22:19.0444 0564  vdrvroot - ok
15:22:19.0454 0564  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
15:22:19.0489 0564  vds - ok
15:22:19.0494 0564  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:22:19.0507 0564  vga - ok
15:22:19.0509 0564  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:22:19.0539 0564  VgaSave - ok
15:22:19.0544 0564  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
15:22:19.0559 0564  vhdmp - ok
15:22:19.0562 0564  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
15:22:19.0572 0564  viaide - ok
15:22:19.0577 0564  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:22:19.0614 0564  volmgr - ok
15:22:19.0627 0564  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:22:19.0642 0564  volmgrx - ok
15:22:19.0647 0564  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:22:19.0662 0564  volsnap - ok
15:22:19.0667 0564  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
15:22:19.0680 0564  vsmraid - ok
15:22:19.0700 0564  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
15:22:19.0747 0564  VSS - ok
15:22:19.0750 0564  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
15:22:19.0765 0564  vwifibus - ok
15:22:19.0772 0564  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
15:22:19.0807 0564  W32Time - ok
15:22:19.0812 0564  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
15:22:19.0822 0564  WacomPen - ok
15:22:19.0827 0564  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:22:19.0857 0564  WANARP - ok
15:22:19.0860 0564  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:22:19.0890 0564  Wanarpv6 - ok
15:22:19.0907 0564  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
15:22:19.0937 0564  wbengine - ok
15:22:19.0945 0564  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:22:19.0962 0564  WbioSrvc - ok
15:22:19.0970 0564  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:22:19.0990 0564  wcncsvc - ok
15:22:19.0995 0564  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:22:20.0007 0564  WcsPlugInService - ok
15:22:20.0010 0564  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
15:22:20.0020 0564  Wd - ok
15:22:20.0032 0564  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:22:20.0057 0564  Wdf01000 - ok
15:22:20.0060 0564  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:22:20.0090 0564  WdiServiceHost - ok
15:22:20.0095 0564  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:22:20.0110 0564  WdiSystemHost - ok
15:22:20.0115 0564  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
15:22:20.0135 0564  WebClient - ok
15:22:20.0140 0564  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:22:20.0175 0564  Wecsvc - ok
15:22:20.0180 0564  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:22:20.0210 0564  wercplsupport - ok
15:22:20.0215 0564  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:22:20.0245 0564  WerSvc - ok
15:22:20.0250 0564  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:22:20.0280 0564  WfpLwf - ok
15:22:20.0282 0564  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:22:20.0292 0564  WIMMount - ok
15:22:20.0295 0564  WinDefend - ok
15:22:20.0300 0564  WinHttpAutoProxySvc - ok
15:22:20.0310 0564  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:22:20.0340 0564  Winmgmt - ok
15:22:20.0362 0564  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
15:22:20.0417 0564  WinRM - ok
15:22:20.0432 0564  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:22:20.0460 0564  Wlansvc - ok
15:22:20.0465 0564  [ 680A7846370000D20D7E74917D5B7936 ] WmBEnum         C:\Windows\system32\drivers\WmBEnum.sys
15:22:20.0475 0564  WmBEnum - ok
15:22:20.0477 0564  [ 14C35BA8189C6F65D839163AA285E954 ] WmFilter        C:\Windows\system32\drivers\WmFilter.sys
15:22:20.0485 0564  WmFilter - ok
15:22:20.0492 0564  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
15:22:20.0505 0564  WmiAcpi - ok
15:22:20.0512 0564  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:22:20.0527 0564  wmiApSrv - ok
15:22:20.0530 0564  WMPNetworkSvc - ok
15:22:20.0535 0564  [ 8488DD91A3EE54A8E29F02AD7BB8201E ] WmVirHid        C:\Windows\system32\drivers\WmVirHid.sys
15:22:20.0542 0564  WmVirHid - ok
15:22:20.0545 0564  [ 14802B3A30AA849C97CB968CCC813BF3 ] WmXlCore        C:\Windows\system32\drivers\WmXlCore.sys
15:22:20.0555 0564  WmXlCore - ok
15:22:20.0557 0564  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:22:20.0570 0564  WPCSvc - ok
15:22:20.0575 0564  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:22:20.0597 0564  WPDBusEnum - ok
15:22:20.0600 0564  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:22:20.0630 0564  ws2ifsl - ok
15:22:20.0635 0564  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
15:22:20.0650 0564  wscsvc - ok
15:22:20.0652 0564  WSearch - ok
15:22:20.0682 0564  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:22:20.0732 0564  wuauserv - ok
15:22:20.0737 0564  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:22:20.0747 0564  WudfPf - ok
15:22:20.0752 0564  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:22:20.0765 0564  WUDFRd - ok
15:22:20.0770 0564  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:22:20.0782 0564  wudfsvc - ok
15:22:20.0790 0564  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:22:20.0807 0564  WwanSvc - ok
15:22:20.0812 0564  ================ Scan global ===============================
15:22:20.0817 0564  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:22:20.0820 0564  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
15:22:20.0827 0564  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
15:22:20.0832 0564  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:22:20.0840 0564  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:22:20.0842 0564  [Global] - ok
15:22:20.0845 0564  ================ Scan MBR ==================================
15:22:20.0857 0564  [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk2\DR2
15:22:20.0912 0564  \Device\Harddisk2\DR2 - ok
15:22:20.0915 0564  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:22:20.0985 0564  \Device\Harddisk0\DR0 - ok
15:22:20.0987 0564  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
15:22:21.0000 0564  \Device\Harddisk1\DR1 - ok
15:22:21.0000 0564  ================ Scan VBR ==================================
15:22:21.0027 0564  [ C4F7A122A8050FEB2E24022520816D81 ] \Device\Harddisk2\DR2\Partition1
15:22:21.0030 0564  \Device\Harddisk2\DR2\Partition1 - ok
15:22:21.0032 0564  [ 104A4B2020FF2900AF7330BAE009DFAA ] \Device\Harddisk0\DR0\Partition1
15:22:21.0032 0564  \Device\Harddisk0\DR0\Partition1 - ok
15:22:21.0035 0564  [ E9E090CF443957569C75B66FC0381EA4 ] \Device\Harddisk0\DR0\Partition2
15:22:21.0037 0564  \Device\Harddisk0\DR0\Partition2 - ok
15:22:21.0040 0564  [ 8D1D5C7715547CC1BAA13E1298830D10 ] \Device\Harddisk1\DR1\Partition1
15:22:21.0040 0564  \Device\Harddisk1\DR1\Partition1 - ok
15:22:21.0040 0564  ============================================================
15:22:21.0040 0564  Scan finished
15:22:21.0040 0564  ============================================================
15:22:21.0050 3568  Detected object count: 2
15:22:21.0050 3568  Actual detected object count: 2
15:23:16.0145 3568  Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:23:16.0145 3568  Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:23:16.0145 3568  CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
15:23:16.0145 3568  CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:23:52.0706 3632  Deinitialize success
         

Antwort

Themen zu GVU Trojaner
ander, dateien, daten, eigene dateien, favoriten, geändert, interne, internetverbindung, lieber, neu aufsetzen, neuaufsetzen, neustart, nichts, passwörter, platte, platten, programm, rechner, seite, system, troja, trojaner, verbindung, wirklich, würde, zutun



Zum Thema GVU Trojaner - Hallo Meinen Rechner hat es auch erwischt. Es kam die GVU Seite und nichts ging mehr. Habe dann Neustart ohne Internetverbindung gemacht aber da ging dann auch nichts. Habe den - GVU Trojaner...
Archiv
Du betrachtest: GVU Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.