| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/ATRAPAS.GEN, GEN2 und TR/Small.F1 mit ständigen MeldungenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.06.2012, 19:43
| #1 |
 |  TR/ATRAPAS.GEN, GEN2 und TR/Small.F1 mit ständigen Meldungen Kurz vorweg: Eure goldenen Regeln sind verwirrend. Bei den einen soll man gucken ob es soetwas nicht schon einmal gegeben hat und bei den anderen soll man das garnicht ausprobieren. *verwirrt* Hey, also seit heut Morgen hab ich das Problem das Avira in unregelmäßigen, kurzen Abständen Meldungen macht, das die besagten Programme gefunden wurden. Die Dateien werden unter C:\Windows\Installer\{1a010c53-5aa6-5c59-2759-42e47dea94f8}\U\ gefunden. Es kommen nur Meldungen bei bestehender Internetverbindung. 1. Ich hab defogger benutzt. 2. otl.txt Code:
ATTFilter OTL logfile created on: 22.06.2012 19:49:46 - Run 1 OTL by OldTimer - Version 3.2.51.0 Folder = C:\Users\Benni\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 45,15% Memory free 7,73 Gb Paging File | 5,41 Gb Available in Paging File | 69,97% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 453,94 Gb Total Space | 329,60 Gb Free Space | 72,61% Space Free | Partition Type: NTFS Computer Name: BENNI´S-PC | User Name: Benni | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.22 19:45:29 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Benni\Downloads\OTL.exe PRC - [2012.06.04 13:59:11 | 000,466,896 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe PRC - [2012.06.04 13:59:11 | 000,466,896 | ---- | M] (Avira Operations GmbH & Co. KG) -- c:\program files (x86)\avira\antivir desktop\avscan.exe PRC - [2012.06.04 13:59:11 | 000,466,896 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe PRC - [2012.06.04 13:59:11 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.06.04 13:59:11 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.06.04 13:59:11 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.10.21 20:40:38 | 000,073,728 | ---- | M] (Atheros) -- C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe PRC - [2011.10.17 16:12:52 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.08.30 18:53:46 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2010.12.23 11:00:12 | 003,344,384 | ---- | M] () -- C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe PRC - [2009.12.28 05:37:10 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2009.11.02 01:40:52 | 001,100,368 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2009.10.01 06:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.10.01 06:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.09.25 01:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe PRC - [2009.07.10 03:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe PRC - [2009.07.04 04:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2006.11.03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe ========== Modules (No Company Name) ========== MOD - [2010.12.23 11:00:12 | 003,344,384 | ---- | M] () -- C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe MOD - [2010.12.02 14:01:18 | 000,994,304 | ---- | M] () -- C:\Program Files (x86)\MOUSE Editor\Data\MouseEditor\Forms\TrayIconWebAdvertisement\TrayIconWebAdvertisement.dll MOD - [2010.12.02 11:56:52 | 000,815,104 | ---- | M] () -- C:\Program Files (x86)\MOUSE Editor\Data\MouseEditor\Forms\OSD_Text\OSD_Text.dll MOD - [2010.11.24 03:11:21 | 002,535,936 | ---- | M] () -- C:\Program Files (x86)\MOUSE Editor\Data\MouseEditor\Forms\ScreenCapture\ScreenCapture.dll MOD - [2010.11.01 14:16:00 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\MOUSE Editor\DLL\DLL_AnalyzeGesturesInOne.dll MOD - [2010.10.11 04:13:52 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\MOUSE Editor\DLL\DLL_MouseDeviceManager.dll MOD - [2010.09.20 08:19:01 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\MOUSE Editor\DLL\DLL_AnalyzeGesturesInRight.dll MOD - [2010.09.20 08:18:57 | 000,085,504 | ---- | M] () -- C:\Program Files (x86)\MOUSE Editor\DLL\DLL_ZoomControl.dll MOD - [2010.09.20 08:18:54 | 000,054,272 | ---- | M] () -- C:\Program Files (x86)\MOUSE Editor\DLL\DLL_ScrollbarControl.dll MOD - [2010.09.20 08:18:50 | 000,117,760 | ---- | M] () -- C:\Program Files (x86)\MOUSE Editor\DLL\DLL_Wheel4D.dll MOD - [2009.12.28 05:37:10 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.07.28 23:35:34 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Disabled | Unknown] -- C:\Windows\SysNative\svchost.exe -- (SharedAccess) SRV:64bit: - [2009.07.14 03:39:20 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ) SRV - [2012.06.17 13:40:52 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.06.04 13:59:11 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.06.04 13:59:11 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.06.01 19:17:59 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.02.28 18:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.10.21 20:40:38 | 000,073,728 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe -- (ZAtheros Wlan Agent) SRV - [2011.10.17 16:12:52 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2011.08.30 18:53:46 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.10.01 06:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2009.10.01 06:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2009.09.30 15:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2009.09.25 01:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service) SRV - [2009.07.10 03:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2009.07.04 04:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.30 18:19:56 | 002,297,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.03.28 04:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Programme\LSI SoftModem\agr64svc.exe -- (AgereModemAudio) SRV - [2007.01.11 04:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.06.04 13:59:11 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.06.04 13:59:11 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011.12.02 19:38:08 | 000,239,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2011.11.23 16:13:10 | 002,796,544 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011.10.17 15:55:32 | 000,559,384 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.09.16 17:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.07.29 00:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2011.07.29 00:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.07.28 22:54:10 | 000,309,248 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.03.31 20:08:06 | 000,412,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.02.10 22:02:00 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009.12.18 00:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2009.09.18 06:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.09.17 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009.08.13 21:20:46 | 001,209,856 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009.08.09 23:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2009.07.23 00:06:26 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:26:13 | 000,189,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC) DRV:64bit: - [2009.06.20 04:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 22:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.03 05:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009.06.03 05:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009.06.03 05:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2009.05.06 02:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009.05.06 02:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2006.12.05 11:34:26 | 000,572,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207) DRV - [2010.11.01 06:08:46 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys -- (WinRing0_1_2_0) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27360110d016l03d8z105t4971e441 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27360110d016l03d8z105t4971e441 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27360110d016l03d8z105t4971e441 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27360110d016l03d8z105t4971e441 IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27360110d016l03d8z105t4971e441 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={FB1FD20E-1ECB-4FD8-A1AE-1A3F96887A29}&mid=dc161533aa3947d0a2a8d16f6b68595f-410f23d519b479a34fceb40994758e119ed9e140&lang=de&ds=od011&pr=sa&d=2012-03-22 15:23:38&v=10.2.0.3&sap=hp IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE363 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={FB1FD20E-1ECB-4FD8-A1AE-1A3F96887A29}&mid=dc161533aa3947d0a2a8d16f6b68595f-410f23d519b479a34fceb40994758e119ed9e140&lang=de&ds=od011&pr=sa&d=2012-03-22 15:23:38&v=10.2.0.3&sap=dsp&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/|hxxp://ts6.travian.de/dorf1.php" FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledItems: {e2c58150-9d72-11dd-ad8b-0800200c9a66}:1.3.1 FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7B3789daa5-d450-42db-ab92-525375a232f9%7D&mid=dc161533aa3947d0a2a8d16f6b68595f-410f23d519b479a34fceb40994758e119ed9e140&ds=od011&v=10.2.0.3&lang=de&pr=sa&d=2012-03-22%2015%3A23%3A38&sap=ku&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll File not found FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Benni\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.24 23:55:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 13:40:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.21 16:24:39 | 000,000,000 | ---D | M] [2011.10.18 14:26:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benni\AppData\Roaming\mozilla\Extensions [2010.09.30 16:36:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benni\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2011.10.18 14:26:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benni\AppData\Roaming\mozilla\Extensions\prism@developer.mozilla.org [2012.06.02 23:32:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benni\AppData\Roaming\mozilla\Firefox\Profiles\e9koplpd.default\extensions [2011.03.19 19:26:51 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Benni\AppData\Roaming\mozilla\Firefox\Profiles\e9koplpd.default\extensions\personas@christopher.beard [2012.03.17 22:29:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.01.24 23:55:07 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012.06.17 13:40:52 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.10.01 20:28:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.22 16:23:27 | 000,003,749 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2011.10.01 20:28:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.10.01 20:28:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.10.01 20:28:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.01 20:28:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.01 20:28:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found. O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.) O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [ccleaner] C:\Program Files (x86)\CCleaner\CCleaner64.exe (Piriform Ltd) O4 - HKCU..\Run: [OscarEditor] C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe () O4 - HKCU..\Run: [Xvid] C:\Program Files (x86)\XviD\CheckUpdate.exe () O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.exe - Verknüpfung.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.4.0) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.4.0) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.4.1) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.4.1) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B568ABAA-7280-411C-B11F-85168FC4DE44}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C05802F8-E6BF-4286-B352-97A9C53E16F2}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{01ef7b56-43f0-11df-ab52-00262d7912b4}\Shell - "" = AutoRun O33 - MountPoints2\{01ef7b56-43f0-11df-ab52-00262d7912b4}\Shell\AutoRun\command - "" = E:\Setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.22 17:17:00 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Roaming\Malwarebytes [2012.06.22 17:16:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.22 17:16:50 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.22 17:16:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.21 19:55:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Regnum Online [2012.06.21 12:03:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2012.06.21 12:03:31 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Roaming\pdfforge [2012.06.21 12:03:29 | 000,095,232 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll [2012.06.21 12:03:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator [2012.06.12 00:17:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid [2012.06.11 13:46:43 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Local\Macromedia [2012.06.06 17:43:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net [2012.06.02 19:37:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow [2012.06.02 19:37:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ffdshow [2012.05.27 14:47:29 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Roaming\LolClient2 [2009.11.05 05:33:04 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== File not found -- C:\Windows\SysNative\ [2012.06.22 19:44:25 | 000,000,000 | ---- | M] () -- C:\Users\Benni\defogger_reenable [2012.06.22 19:44:09 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.22 17:44:04 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.22 17:16:51 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.22 10:42:17 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.22 10:42:17 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.22 10:34:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.22 10:33:56 | 3111,518,208 | -HS- | M] () -- C:\hiberfil.sys [2012.06.21 12:03:32 | 000,001,204 | ---- | M] () -- C:\Users\Public\Desktop\PDFArchitect.lnk [2012.06.21 12:03:32 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2012.06.19 02:35:18 | 000,007,604 | ---- | M] () -- C:\Users\Benni\AppData\Local\Resmon.ResmonCfg [2012.06.17 19:53:09 | 000,249,275 | ---- | M] () -- C:\Users\Benni\Desktop\Skyrim add on.jpg [2012.06.16 23:16:06 | 000,143,514 | ---- | M] () -- C:\Users\Benni\Desktop\181414_437905312910103_280672572_n.jpg [2012.06.15 06:51:42 | 000,095,232 | ---- | M] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll [2012.06.05 17:09:56 | 001,527,614 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.05 17:09:56 | 000,664,868 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.05 17:09:56 | 000,625,010 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.05 17:09:56 | 000,135,004 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.05 17:09:56 | 000,110,648 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.04 13:59:11 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.06.04 13:59:11 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.06.02 19:37:53 | 000,001,186 | ---- | M] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk [2012.06.02 19:37:53 | 000,001,174 | ---- | M] () -- C:\Users\Public\Desktop\Game Booster 3.lnk [2012.05.29 17:15:45 | 000,001,021 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.05.25 07:46:53 | 000,031,915 | ---- | M] () -- C:\Users\Benni\Desktop\WismarAlterSchwede.jpg [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== File not found -- C:\Windows\SysNative\ [2012.06.22 19:44:25 | 000,000,000 | ---- | C] () -- C:\Users\Benni\defogger_reenable [2012.06.22 18:21:36 | 000,022,016 | ---- | C] () -- C:\Windows\Installer\{1a010c53-5aa6-5c59-2759-42e47dea94f8}\U\800000cb.@ [2012.06.22 18:21:36 | 000,001,648 | ---- | C] () -- C:\Windows\Installer\{1a010c53-5aa6-5c59-2759-42e47dea94f8}\U\00000001.@ [2012.06.22 17:35:35 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{1a010c53-5aa6-5c59-2759-42e47dea94f8}\U\80000000.@ [2012.06.22 17:16:51 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.21 12:03:32 | 000,001,204 | ---- | C] () -- C:\Users\Public\Desktop\PDFArchitect.lnk [2012.06.21 12:03:32 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2012.06.17 19:52:46 | 000,249,275 | ---- | C] () -- C:\Users\Benni\Desktop\Skyrim add on.jpg [2012.06.16 23:15:46 | 000,143,514 | ---- | C] () -- C:\Users\Benni\Desktop\181414_437905312910103_280672572_n.jpg [2012.06.12 00:17:32 | 000,696,832 | ---- | C] () -- C:\Windows\SysNative\xvidcore.dll [2012.06.12 00:17:32 | 000,255,488 | ---- | C] () -- C:\Windows\SysNative\xvidvfw.dll [2012.06.12 00:17:32 | 000,173,568 | ---- | C] () -- C:\Windows\SysNative\xvid.ax [2012.06.12 00:17:31 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2012.06.12 00:17:31 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2012.06.12 00:17:31 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax [2012.06.02 19:37:53 | 000,001,186 | ---- | C] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk [2012.06.02 19:37:53 | 000,001,174 | ---- | C] () -- C:\Users\Public\Desktop\Game Booster 3.lnk [2012.06.02 19:37:49 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2012.05.25 07:46:52 | 000,031,915 | ---- | C] () -- C:\Users\Benni\Desktop\WismarAlterSchwede.jpg [2011.12.20 23:36:50 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat [2011.10.02 13:00:09 | 000,004,614 | ---- | C] () -- C:\Users\Benni\.recently-used.xbel [2011.09.28 06:58:31 | 000,000,000 | ---- | C] () -- C:\Users\Benni\AppData\Local\{2A266CAB-D9B5-41DD-BEED-6B492DC72B8A} [2011.07.28 17:49:12 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.06.18 17:22:28 | 000,000,705 | ---- | C] () -- C:\Windows\kaillera.ini [2011.04.09 03:13:52 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{1a010c53-5aa6-5c59-2759-42e47dea94f8}\@ [2011.04.09 03:13:52 | 000,002,048 | -HS- | C] () -- C:\Users\Benni\AppData\Local\{1a010c53-5aa6-5c59-2759-42e47dea94f8}\@ [2011.03.27 01:33:27 | 000,041,974 | ---- | C] () -- C:\Users\Benni\AppData\Roaming\room.dat [2011.03.25 19:50:32 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini [2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.03.08 16:31:39 | 000,000,093 | ---- | C] () -- C:\Users\Benni\AppData\Local\fusioncache.dat [2011.03.08 16:29:57 | 001,554,122 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.11.09 16:06:48 | 003,360,624 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2010.10.07 19:30:16 | 000,121,052 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2010.04.10 21:55:34 | 000,000,000 | ---- | C] () -- C:\Users\Benni\__ng3d.lock [2010.03.04 22:29:38 | 000,004,608 | ---- | C] () -- C:\Users\Benni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.01.18 22:49:40 | 000,007,604 | ---- | C] () -- C:\Users\Benni\AppData\Local\Resmon.ResmonCfg ========== LOP Check ========== [2010.10.13 22:55:09 | 000,000,000 | -HSD | M] -- C:\Users\Benni\AppData\Roaming\.# [2010.01.18 13:46:25 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\GameConsole [2011.09.29 19:36:57 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\gtk-2.0 [2010.03.26 23:15:00 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\HLSW [2010.07.21 07:39:46 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\LolClient [2012.05.27 14:47:29 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\LolClient2 [2012.01.23 07:46:01 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\OnLive App [2010.10.16 21:03:55 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\OpenArena [2012.03.22 16:13:08 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\OpenCandy [2010.09.02 18:22:02 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\OpenOffice.org [2012.06.21 12:11:51 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\pdfforge [2011.10.18 14:26:16 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Prism [2011.03.19 20:26:58 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\PunkBuster [2012.04.06 23:21:03 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Rainmeter [2012.03.04 15:44:55 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\RotMG.Production [2010.04.01 05:16:13 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\SoftDMA [2010.09.30 16:36:26 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\TomTom [2012.06.22 18:57:16 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Ubisoft [2012.01.07 01:56:39 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Unity [2010.10.16 19:33:10 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Wormux [2012.05.15 06:47:39 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:AB689DEA @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:05EE1EEF @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:444C53BA @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0 < End of report > Code:
ATTFilter OTL Extras logfile created on: 22.06.2012 19:49:46 - Run 1
OTL by OldTimer - Version 3.2.51.0 Folder = C:\Users\Benni\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,86 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 45,15% Memory free
7,73 Gb Paging File | 5,41 Gb Available in Paging File | 69,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453,94 Gb Total Space | 329,60 Gb Free Space | 72,61% Space Free | Partition Type: NTFS
Computer Name: BENNI´S-PC | User Name: Benni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416030FF}" = Java(TM) 6 Update 30 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
"{49033FF4-8C1C-0EB9-C0A6-4691CB18D0A4}" = ccc-utility64
"{499CBE65-4E07-B40A-624A-B5B7BD6F9A9C}" = AMD Media Foundation Decoders
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0EFB716-085B-4564-8060-212E41F5CE50}" = Windows Live ID-Anmelde-Assistent
"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom Gigabit NetLink Controller
"{CE42CFF5-F477-D440-6CFB-6CBAE0008B91}" = AMD Catalyst Install Manager
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3932CA781A7894D20116FDF60F878301800EA8AB" = Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407)
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00A53800-BA75-3E9E-BD52-10171E5640B6}" = CCC Help Greek
"{04098274-E98C-86E3-1B2C-50E32E561DF5}" = CCC Help Korean
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0502C9CA-D1A3-B741-2F0B-A4E6CDDFEF0E}" = CCC Help Norwegian
"{0CA2063D-D43F-41F2-A8AC-A3C4A4C722D2}" = Qualcomm Atheros Fast Reconnect
"{0E33EC53-22CE-426C-A88B-2AAC231BAC85}" = Catalyst Control Center - Branding
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D0FE9A-816F-4218-9F5E-67B4198052FF}" = MOUSE Editor
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28B14C2C-B62F-E50C-EECD-97FF3C1ED3CE}" = CCC Help French
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2D049D1D-CA58-9652-B7C6-19CB98649923}" = CCC Help Dutch
"{33DFAA69-9EF2-F12B-C6F5-4AF9FD445CF6}" = CCC Help Swedish
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{480DCAD1-8670-66EA-8EBA-178047059A13}" = CCC Help German
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA540A5-03BD-9B22-A3DD-E7BDCD879D70}" = CCC Help Finnish
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{55BFC356-5A7B-482F-A213-9ACFDDFF6037}" = Mouse Driver
"{5E58CCDF-4A36-453F-A091-DA8F8D1643B5}" = CCC Help Danish
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60070423-DE0B-59FF-D4B7-16BDB8957864}" = CCC Help Portuguese
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{74FBB537-8915-329D-393E-FDB7DC69A339}" = CCC Help Japanese
"{755F4903-030D-B017-30F2-4D5BE92C8D38}" = CCC Help Italian
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Qualcomm Atheros WiFi Driver Installation
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{896C4E12-4857-9715-9F9D-249561D2D7EE}" = CCC Help Thai
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{968298EC-86D4-8F84-5ABC-E976C5CDA417}" = CCC Help Spanish
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A79024ED-1969-334A-1ED6-16753F9DE377}" = CCC Help English
"{A9094B7E-7221-4FDD-8F22-340003F4BDC2}" = Overwolf
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{BA12FD6D-169A-11D7-A6A9-00C026281E5A}" = Twin USB Vibration Gamepad
"{BBDD3C95-E069-E346-6D1B-CC76AE448550}" = CCC Help Chinese Standard
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C57C21C0-CE1B-26D5-1215-B26862051F6F}" = Catalyst Control Center
"{C86CB1B1-4BD0-7BFB-88CF-76762C8CE1D3}" = Catalyst Control Center Graphics Previews Common
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD05F1BC-FC63-1E93-4094-82BC33662E76}" = Catalyst Control Center Localization All
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.124.1120
"{D61F78AF-A111-9DAE-8368-E3230B168F03}" = CCC Help Polish
"{D629D8F0-CA96-11ED-FEAC-38C95F24F4E3}" = CCC Help Russian
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D8CABEA0-CAFB-9320-5F46-EAF31535203F}" = CCC Help Turkish
"{DBCE1208-433D-4D3E-A26A-CB1B5E71A8F5}" = Alcor Micro USB Card Reader
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6B7BF58-36D0-A76E-53E2-F65DBD4A6A52}" = Catalyst Control Center InstallProxy
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9941E63-AB58-1382-BC5D-545C4A2AA9B1}" = CCC Help Hungarian
"{FC3FEC23-8BBB-CA39-DD99-C981F25A5D39}" = CCC Help Chinese Traditional
"{FC8292ED-7E61-4370-15D1-60171263AA1D}" = CCC Help Czech
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter_is1" = AC3Filter 1.63b
"Acer Registration" = Acer Registration
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"DivX Setup" = DivX-Setup
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"Game Booster_is1" = Game Booster 3
"InstallShield_{20D0FE9A-816F-4218-9F5E-67B4198052FF}" = Mouse Editor
"InstallShield_{55BFC356-5A7B-482F-A213-9ACFDDFF6037}" = Mouse Driver
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{DBCE1208-433D-4D3E-A26A-CB1B5E71A8F5}" = Alcor Micro USB Card Reader
"JDownloader" = JDownloader
"League of Legends_is1" = League of Legends
"LManager" = Launch Manager
"LogMeIn Hamachi" = LogMeIn Hamachi
"LOLReplay" = LOLReplay
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenAL" = OpenAL
"PokerStars" = PokerStars
"Rainmeter" = Rainmeter
"StarCraft II" = StarCraft II
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.0
"WinLiveSuite_Wave3" = Windows Live Essentials
"Xvid Video Codec 1.3.2" = Xvid Video Codec
"YTdetect" = Yahoo! Detect
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 21.06.2012 15:32:23 | Computer Name = Benni´s-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 21.06.2012 15:41:00 | Computer Name = Benni´s-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 21.06.2012 15:41:00 | Computer Name = Benni´s-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 21.06.2012 15:41:00 | Computer Name = Benni´s-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 21.06.2012 15:41:00 | Computer Name = Benni´s-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 21.06.2012 15:41:00 | Computer Name = Benni´s-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 21.06.2012 15:41:00 | Computer Name = Benni´s-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 21.06.2012 15:41:00 | Computer Name = Benni´s-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 21.06.2012 15:41:00 | Computer Name = Benni´s-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 21.06.2012 15:41:02 | Computer Name = Benni´s-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 21.06.2012 15:41:02 | Computer Name = Benni´s-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 22.06.2012 07:17:12 | Computer Name = Benni´s-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 22.06.2012 07:18:03 | Computer Name = Benni´s-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
[ Media Center Events ]
Error - 01.04.2012 16:38:53 | Computer Name = Benni´s-PC | Source = MCUpdate | ID = 0
Description = 22:38:53 - Fehler beim Herstellen der Internetverbindung. 22:38:53
- Serververbindung konnte nicht hergestellt werden..
Error - 01.04.2012 16:39:01 | Computer Name = Benni´s-PC | Source = MCUpdate | ID = 0
Description = 22:38:58 - Fehler beim Herstellen der Internetverbindung. 22:38:58
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 17.06.2012 19:55:47 | Computer Name = Benni´s-PC | Source = DCOM | ID = 10010
Description =
Error - 18.06.2012 09:40:13 | Computer Name = Benni´s-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 18.06.2012 09:40:13 | Computer Name = Benni´s-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 18.06.2012 21:04:24 | Computer Name = Benni´s-PC | Source = DCOM | ID = 10010
Description =
Error - 19.06.2012 05:49:29 | Computer Name = Benni´s-PC | Source = DCOM | ID = 10010
Description =
Error - 19.06.2012 21:34:44 | Computer Name = Benni´s-PC | Source = DCOM | ID = 10010
Description =
Error - 20.06.2012 08:29:34 | Computer Name = Benni´s-PC | Source = DCOM | ID = 10010
Description =
Error - 21.06.2012 00:06:31 | Computer Name = Benni´s-PC | Source = DCOM | ID = 10010
Description =
Error - 21.06.2012 00:12:32 | Computer Name = Benni´s-PC | Source = DCOM | ID = 10010
Description =
Error - 21.06.2012 15:53:50 | Computer Name = Benni´s-PC | Source = DCOM | ID = 10010
Description =
< End of report >
Kurz EM gucken ... |
|
22.06.2012, 20:19
| #2 |
  | TR/ATRAPAS.GEN, GEN2 und TR/Small.F1 mit ständigen Meldungen Hi,
__________________rootkit vom typ tdss... Mal schauen, der Killer sollte einen infizierten Treiber finden (und nur der ist interessant) u. das tdss-filesystem TDSS-Killer Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft? Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)! Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe. Stelle den Killer wir folgt ein:  Dann den Scan starten durch (Start Scan). Wenn der Scan fertig ist bitte "Report" anwählen (eventuelle Funde erstmal mit Skip übergehen). Es öffnet sich ein Fenster, den Text abkopieren und hier posten... chris
__________________ |
|
22.06.2012, 20:54
| #3 |
| | TR/ATRAPAS.GEN, GEN2 und TR/Small.F1 mit ständigen Meldungen Hey,
__________________erstmal danke für die schnelle Antwort ; ) Also TDSSKiller hat 2 Funde gehabt und hier is der Report: Code:
ATTFilter 21:49:14.0208 5700 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
21:49:14.0461 5700 ============================================================
21:49:14.0461 5700 Current date / time: 2012/06/22 21:49:14.0461
21:49:14.0461 5700 SystemInfo:
21:49:14.0461 5700
21:49:14.0461 5700 OS Version: 6.1.7601 ServicePack: 1.0
21:49:14.0461 5700 Product type: Workstation
21:49:14.0461 5700 ComputerName: BENNI´S-PC
21:49:14.0461 5700 UserName: Benni
21:49:14.0461 5700 Windows directory: C:\Windows
21:49:14.0461 5700 System windows directory: C:\Windows
21:49:14.0462 5700 Running under WOW64
21:49:14.0462 5700 Processor architecture: Intel x64
21:49:14.0462 5700 Number of processors: 4
21:49:14.0462 5700 Page size: 0x1000
21:49:14.0462 5700 Boot type: Normal boot
21:49:14.0462 5700 ============================================================
21:49:15.0460 5700 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:49:15.0476 5700 ============================================================
21:49:15.0476 5700 \Device\Harddisk0\DR0:
21:49:15.0476 5700 MBR partitions:
21:49:15.0476 5700 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x32000
21:49:15.0476 5700 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17A2800, BlocksNum 0x38BE3030
21:49:15.0476 5700 ============================================================
21:49:15.0600 5700 C: <-> \Device\Harddisk0\DR0\Partition1
21:49:15.0600 5700 ============================================================
21:49:15.0600 5700 Initialize success
21:49:15.0600 5700 ============================================================
21:49:44.0342 5852 ============================================================
21:49:44.0343 5852 Scan started
21:49:44.0343 5852 Mode: Manual; SigCheck; TDLFS;
21:49:44.0343 5852 ============================================================
21:49:45.0256 5852 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:49:46.0024 5852 1394ohci - ok
21:49:46.0098 5852 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:49:46.0115 5852 ACPI - ok
21:49:46.0228 5852 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:49:46.0367 5852 AcpiPmi - ok
21:49:46.0640 5852 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:49:46.0683 5852 AdobeARMservice - ok
21:49:46.0790 5852 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:49:46.0809 5852 adp94xx - ok
21:49:46.0882 5852 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:49:46.0899 5852 adpahci - ok
21:49:46.0946 5852 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:49:46.0960 5852 adpu320 - ok
21:49:47.0048 5852 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:49:47.0191 5852 AeLookupSvc - ok
21:49:47.0374 5852 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
21:49:47.0441 5852 AFD - ok
21:49:47.0544 5852 AgereModemAudio (b65f8dba54f251906bbe8611b5a0e7ab) C:\Program Files\LSI SoftModem\agr64svc.exe
21:49:47.0589 5852 AgereModemAudio - ok
21:49:47.0761 5852 AgereSoftModem (a6ab6f0ace87da76b4c401813d18be95) C:\Windows\system32\DRIVERS\agrsm64.sys
21:49:47.0908 5852 AgereSoftModem - ok
21:49:47.0981 5852 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:49:47.0992 5852 agp440 - ok
21:49:48.0084 5852 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:49:48.0164 5852 ALG - ok
21:49:48.0289 5852 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:49:48.0299 5852 aliide - ok
21:49:48.0412 5852 AMD External Events Utility (a2f5bea5b45a8e7c4776f39c25e8699d) C:\Windows\system32\atiesrxx.exe
21:49:48.0531 5852 AMD External Events Utility - ok
21:49:48.0591 5852 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:49:48.0601 5852 amdide - ok
21:49:48.0741 5852 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:49:48.0808 5852 AmdK8 - ok
21:49:51.0109 5852 amdkmdag (5b03217859b014b090cb5060c1d96875) C:\Windows\system32\DRIVERS\atikmdag.sys
21:49:51.0467 5852 amdkmdag - ok
21:49:51.0805 5852 amdkmdap (35d2184a99ad4cd5d17284d6c9f382c9) C:\Windows\system32\DRIVERS\atikmpag.sys
21:49:51.0872 5852 amdkmdap - ok
21:49:51.0946 5852 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:49:52.0008 5852 AmdPPM - ok
21:49:52.0094 5852 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:49:52.0108 5852 amdsata - ok
21:49:52.0144 5852 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:49:52.0159 5852 amdsbs - ok
21:49:52.0180 5852 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:49:52.0189 5852 amdxata - ok
21:49:52.0282 5852 AmUStor (391887990cdaa83de5c56c3fde966da1) C:\Windows\system32\drivers\AmUStor.SYS
21:49:52.0379 5852 AmUStor - ok
21:49:52.0530 5852 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
21:49:52.0572 5852 AntiVirSchedulerService - ok
21:49:52.0679 5852 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
21:49:52.0687 5852 AntiVirService - ok
21:49:52.0790 5852 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:49:53.0026 5852 AppID - ok
21:49:53.0073 5852 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:49:53.0140 5852 AppIDSvc - ok
21:49:53.0196 5852 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:49:53.0259 5852 Appinfo - ok
21:49:53.0345 5852 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:49:53.0361 5852 arc - ok
21:49:53.0393 5852 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:49:53.0410 5852 arcsas - ok
21:49:53.0445 5852 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:49:53.0526 5852 AsyncMac - ok
21:49:53.0581 5852 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:49:53.0592 5852 atapi - ok
21:49:54.0465 5852 athr (7d0398396727195cc73d703001d3cff4) C:\Windows\system32\DRIVERS\athrx.sys
21:49:54.0633 5852 athr - ok
21:49:57.0716 5852 atikmdag (5b03217859b014b090cb5060c1d96875) C:\Windows\system32\DRIVERS\atikmdag.sys
21:49:57.0852 5852 atikmdag - ok
21:49:58.0175 5852 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:49:58.0269 5852 AudioEndpointBuilder - ok
21:49:58.0281 5852 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:49:58.0347 5852 AudioSrv - ok
21:49:58.0614 5852 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
21:49:58.0919 5852 avgntflt - ok
21:49:59.0042 5852 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
21:49:59.0052 5852 avipbb - ok
21:49:59.0116 5852 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
21:49:59.0135 5852 avkmgr - ok
21:49:59.0241 5852 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:49:59.0302 5852 AxInstSV - ok
21:49:59.0427 5852 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:49:59.0487 5852 b06bdrv - ok
21:49:59.0555 5852 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:49:59.0592 5852 b57nd60a - ok
21:49:59.0892 5852 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
21:49:59.0978 5852 BCM43XX - ok
21:50:00.0073 5852 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:50:00.0179 5852 BDESVC - ok
21:50:00.0271 5852 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:50:00.0340 5852 Beep - ok
21:50:00.0500 5852 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
21:50:00.0563 5852 BFE - ok
21:50:00.0684 5852 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
21:50:00.0790 5852 BITS - ok
21:50:00.0869 5852 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:50:00.0929 5852 blbdrive - ok
21:50:00.0987 5852 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:50:01.0096 5852 bowser - ok
21:50:01.0147 5852 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:50:01.0184 5852 BrFiltLo - ok
21:50:01.0225 5852 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:50:01.0293 5852 BrFiltUp - ok
21:50:01.0337 5852 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:50:01.0427 5852 Browser - ok
21:50:01.0495 5852 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:50:01.0566 5852 Brserid - ok
21:50:01.0588 5852 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:50:01.0612 5852 BrSerWdm - ok
21:50:01.0635 5852 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:50:01.0660 5852 BrUsbMdm - ok
21:50:01.0673 5852 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:50:01.0698 5852 BrUsbSer - ok
21:50:01.0773 5852 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:50:01.0818 5852 BTHMODEM - ok
21:50:01.0876 5852 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:50:01.0950 5852 bthserv - ok
21:50:02.0014 5852 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:50:02.0066 5852 cdfs - ok
21:50:02.0211 5852 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
21:50:02.0252 5852 cdrom - ok
21:50:02.0296 5852 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:50:02.0383 5852 CertPropSvc - ok
21:50:02.0410 5852 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:50:02.0448 5852 circlass - ok
21:50:02.0580 5852 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:50:02.0608 5852 CLFS - ok
21:50:02.0780 5852 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:50:02.0794 5852 clr_optimization_v2.0.50727_32 - ok
21:50:02.0987 5852 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:50:03.0005 5852 clr_optimization_v2.0.50727_64 - ok
21:50:03.0125 5852 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:50:03.0139 5852 clr_optimization_v4.0.30319_32 - ok
21:50:03.0192 5852 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:50:03.0206 5852 clr_optimization_v4.0.30319_64 - ok
21:50:03.0261 5852 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:50:03.0298 5852 CmBatt - ok
21:50:03.0362 5852 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:50:03.0385 5852 cmdide - ok
21:50:03.0613 5852 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
21:50:03.0659 5852 CNG - ok
21:50:03.0752 5852 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:50:03.0763 5852 Compbatt - ok
21:50:03.0838 5852 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:50:03.0935 5852 CompositeBus - ok
21:50:03.0964 5852 COMSysApp - ok
21:50:04.0268 5852 cpuz130 - ok
21:50:04.0309 5852 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:50:04.0319 5852 crcdisk - ok
21:50:04.0533 5852 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
21:50:04.0632 5852 CryptSvc - ok
21:50:04.0896 5852 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:50:05.0003 5852 DcomLaunch - ok
21:50:05.0145 5852 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:50:05.0230 5852 defragsvc - ok
21:50:05.0388 5852 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:50:05.0458 5852 DfsC - ok
21:50:05.0600 5852 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:50:05.0684 5852 Dhcp - ok
21:50:05.0750 5852 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:50:05.0850 5852 discache - ok
21:50:06.0003 5852 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:50:06.0015 5852 Disk - ok
21:50:06.0288 5852 DKbFltr (d5bcb77be83cf99f508943945d46343d) C:\Windows\syswow64\Drivers\DKbFltr.sys
21:50:06.0295 5852 DKbFltr - ok
21:50:06.0401 5852 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:50:06.0520 5852 Dnscache - ok
21:50:06.0666 5852 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:50:06.0745 5852 dot3svc - ok
21:50:06.0830 5852 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:50:06.0929 5852 DPS - ok
21:50:07.0052 5852 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:50:07.0123 5852 drmkaud - ok
21:50:07.0380 5852 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:50:07.0423 5852 DXGKrnl - ok
21:50:07.0515 5852 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:50:07.0600 5852 EapHost - ok
21:50:08.0106 5852 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:50:08.0236 5852 ebdrv - ok
21:50:08.0487 5852 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
21:50:08.0520 5852 EFS - ok
21:50:08.0802 5852 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
21:50:08.0898 5852 ehRecvr - ok
21:50:09.0010 5852 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:50:09.0071 5852 ehSched - ok
21:50:09.0348 5852 ElbyCDIO (9a47ac3dfcf81d30922cdaaf1c2d579f) C:\Windows\system32\Drivers\ElbyCDIO.sys
21:50:09.0357 5852 ElbyCDIO - ok
21:50:09.0489 5852 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:50:09.0509 5852 elxstor - ok
21:50:09.0755 5852 ePowerSvc (fb67aa8ac61b9365add546139a21bed6) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
21:50:09.0797 5852 ePowerSvc - ok
21:50:09.0968 5852 EPSON_PM_RPCV4_01 (1e345f2a2d95da3190596e691cde9342) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
21:50:11.0300 5852 EPSON_PM_RPCV4_01 - ok
21:50:11.0597 5852 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:50:11.0644 5852 ErrDev - ok
21:50:11.0731 5852 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:50:11.0809 5852 EventSystem - ok
21:50:11.0916 5852 EverestDriver - ok
21:50:11.0955 5852 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:50:12.0025 5852 exfat - ok
21:50:12.0131 5852 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:50:12.0215 5852 fastfat - ok
21:50:12.0296 5852 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
21:50:12.0394 5852 Fax - ok
21:50:12.0428 5852 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:50:12.0468 5852 fdc - ok
21:50:12.0508 5852 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:50:12.0564 5852 fdPHost - ok
21:50:12.0576 5852 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:50:12.0632 5852 FDResPub - ok
21:50:12.0735 5852 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:50:12.0745 5852 FileInfo - ok
21:50:12.0773 5852 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:50:12.0880 5852 Filetrace - ok
21:50:12.0912 5852 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:50:12.0941 5852 flpydisk - ok
21:50:13.0095 5852 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:50:13.0117 5852 FltMgr - ok
21:50:13.0352 5852 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
21:50:13.0452 5852 FontCache - ok
21:50:13.0607 5852 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:50:13.0625 5852 FontCache3.0.0.0 - ok
21:50:13.0695 5852 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:50:13.0705 5852 FsDepends - ok
21:50:13.0817 5852 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:50:13.0827 5852 Fs_Rec - ok
21:50:13.0951 5852 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:50:13.0966 5852 fvevol - ok
21:50:14.0044 5852 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:50:14.0055 5852 gagp30kx - ok
21:50:14.0130 5852 GGSAFERDriver - ok
21:50:14.0224 5852 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
21:50:14.0275 5852 gpsvc - ok
21:50:14.0675 5852 Greg_Service (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
21:50:14.0773 5852 Greg_Service - ok
21:50:14.0951 5852 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:50:14.0962 5852 gupdate - ok
21:50:14.0999 5852 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:50:15.0007 5852 gupdatem - ok
21:50:15.0372 5852 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
21:50:15.0380 5852 hamachi - ok
21:50:15.0981 5852 Hamachi2Svc (d483dbaef409e8ab7477c28615fcd853) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
21:50:16.0091 5852 Hamachi2Svc - ok
21:50:16.0296 5852 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:50:16.0337 5852 hcw85cir - ok
21:50:16.0508 5852 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:50:16.0593 5852 HdAudAddService - ok
21:50:16.0652 5852 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:50:16.0685 5852 HDAudBus - ok
21:50:16.0742 5852 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
21:50:16.0752 5852 HECIx64 - ok
21:50:16.0782 5852 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:50:16.0803 5852 HidBatt - ok
21:50:16.0826 5852 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:50:16.0859 5852 HidBth - ok
21:50:16.0875 5852 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:50:16.0906 5852 HidIr - ok
21:50:16.0981 5852 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
21:50:17.0067 5852 hidserv - ok
21:50:17.0181 5852 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:50:17.0199 5852 HidUsb - ok
21:50:17.0273 5852 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
21:50:17.0326 5852 hkmsvc - ok
21:50:17.0524 5852 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
21:50:17.0592 5852 HomeGroupListener - ok
21:50:17.0685 5852 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
21:50:17.0751 5852 HomeGroupProvider - ok
21:50:17.0806 5852 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:50:17.0823 5852 HpSAMD - ok
21:50:17.0915 5852 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:50:17.0990 5852 HTTP - ok
21:50:18.0027 5852 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:50:18.0040 5852 hwpolicy - ok
21:50:18.0174 5852 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:50:18.0190 5852 i8042prt - ok
21:50:18.0332 5852 iaStor (8180a2392e732e8871589b54fab6991f) C:\Windows\system32\DRIVERS\iaStor.sys
21:50:18.0349 5852 iaStor - ok
21:50:18.0482 5852 IAStorDataMgrSvc (17125b7d2f56b4b35441561c780c2ccb) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
21:50:18.0490 5852 IAStorDataMgrSvc - ok
21:50:18.0557 5852 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:50:18.0583 5852 iaStorV - ok
21:50:18.0926 5852 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:50:18.0969 5852 idsvc - ok
21:50:20.0304 5852 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
21:50:20.0600 5852 igfx - ok
21:50:20.0932 5852 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:50:20.0943 5852 iirsp - ok
21:50:21.0175 5852 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
21:50:21.0272 5852 IKEEXT - ok
21:50:21.0358 5852 Impcd (4b6363cd4610bb848531bb260b15dfcc) C:\Windows\system32\DRIVERS\Impcd.sys
21:50:21.0419 5852 Impcd - ok
21:50:22.0211 5852 IntcAzAudAddService (150ac23f21dbdbf8488408ba944b0d65) C:\Windows\system32\drivers\RTKVHD64.sys
21:50:22.0504 5852 IntcAzAudAddService - ok
21:50:22.0835 5852 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:50:22.0845 5852 intelide - ok
21:50:22.0901 5852 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:50:22.0965 5852 intelppm - ok
21:50:23.0038 5852 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:50:23.0098 5852 IPBusEnum - ok
21:50:23.0240 5852 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:50:23.0301 5852 IpFilterDriver - ok
21:50:23.0338 5852 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:50:23.0390 5852 IPMIDRV - ok
21:50:23.0468 5852 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:50:23.0521 5852 IPNAT - ok
21:50:23.0550 5852 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:50:23.0600 5852 IRENUM - ok
21:50:23.0624 5852 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:50:23.0634 5852 isapnp - ok
21:50:23.0711 5852 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:50:23.0729 5852 iScsiPrt - ok
21:50:24.0032 5852 k57nd60a (376bc8e5f4a0ea0f0f16818bb1a95d4b) C:\Windows\system32\DRIVERS\k57nd60a.sys
21:50:24.0048 5852 k57nd60a - ok
21:50:24.0161 5852 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:50:24.0177 5852 kbdclass - ok
21:50:24.0226 5852 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
21:50:24.0262 5852 kbdhid - ok
21:50:24.0317 5852 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
21:50:24.0353 5852 KeyIso - ok
21:50:24.0458 5852 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
21:50:24.0469 5852 KSecDD - ok
21:50:24.0539 5852 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
21:50:24.0554 5852 KSecPkg - ok
21:50:24.0587 5852 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:50:24.0659 5852 ksthunk - ok
21:50:24.0727 5852 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:50:24.0808 5852 KtmRm - ok
21:50:24.0835 5852 L1E (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
21:50:24.0859 5852 L1E - ok
21:50:24.0913 5852 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
21:50:24.0992 5852 LanmanServer - ok
21:50:25.0114 5852 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
21:50:25.0188 5852 LanmanWorkstation - ok
21:50:25.0230 5852 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:50:25.0289 5852 lltdio - ok
21:50:25.0353 5852 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:50:25.0408 5852 lltdsvc - ok
21:50:25.0422 5852 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:50:25.0471 5852 lmhosts - ok
21:50:25.0744 5852 LMS (7485fbcef9136f530953575e2977859d) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:50:25.0756 5852 LMS - ok
21:50:25.0862 5852 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:50:25.0874 5852 LSI_FC - ok
21:50:25.0905 5852 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:50:25.0918 5852 LSI_SAS - ok
21:50:25.0967 5852 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:50:25.0979 5852 LSI_SAS2 - ok
21:50:26.0051 5852 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:50:26.0065 5852 LSI_SCSI - ok
21:50:26.0098 5852 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:50:26.0165 5852 luafv - ok
21:50:26.0244 5852 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
21:50:26.0253 5852 MBAMProtector - ok
21:50:26.0344 5852 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:50:26.0365 5852 MBAMService - ok
21:50:26.0486 5852 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
21:50:26.0517 5852 Mcx2Svc - ok
21:50:26.0557 5852 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:50:26.0571 5852 megasas - ok
21:50:26.0599 5852 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:50:26.0614 5852 MegaSR - ok
21:50:26.0668 5852 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:50:26.0790 5852 MMCSS - ok
21:50:26.0872 5852 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:50:26.0944 5852 Modem - ok
21:50:26.0980 5852 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:50:27.0008 5852 monitor - ok
21:50:27.0064 5852 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:50:27.0078 5852 mouclass - ok
21:50:27.0112 5852 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:50:27.0150 5852 mouhid - ok
21:50:27.0214 5852 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:50:27.0225 5852 mountmgr - ok
21:50:27.0361 5852 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:50:27.0373 5852 MozillaMaintenance - ok
21:50:27.0439 5852 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:50:27.0455 5852 mpio - ok
21:50:27.0510 5852 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:50:27.0557 5852 mpsdrv - ok
21:50:27.0630 5852 MQAC (cd22d2563039dda6793f7624719363a7) C:\Windows\system32\drivers\mqac.sys
21:50:27.0722 5852 MQAC - ok
21:50:27.0825 5852 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:50:27.0851 5852 MRxDAV - ok
21:50:27.0928 5852 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:50:27.0993 5852 mrxsmb - ok
21:50:28.0109 5852 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:50:28.0137 5852 mrxsmb10 - ok
21:50:28.0237 5852 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:50:28.0249 5852 mrxsmb20 - ok
21:50:28.0312 5852 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:50:28.0324 5852 msahci - ok
21:50:28.0437 5852 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:50:28.0455 5852 msdsm - ok
21:50:28.0536 5852 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:50:28.0588 5852 MSDTC - ok
21:50:28.0659 5852 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:50:28.0701 5852 Msfs - ok
21:50:28.0723 5852 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:50:28.0798 5852 mshidkmdf - ok
21:50:28.0892 5852 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:50:28.0907 5852 msisadrv - ok
21:50:29.0003 5852 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:50:29.0097 5852 MSiSCSI - ok
21:50:29.0100 5852 msiserver - ok
21:50:29.0163 5852 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:50:29.0207 5852 MSKSSRV - ok
21:50:29.0275 5852 MSMQ (faaeaef99e53561beee58f946ca56f0d) C:\Windows\system32\mqsvc.exe
21:50:29.0332 5852 MSMQ - ok
21:50:29.0404 5852 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:50:29.0477 5852 MSPCLOCK - ok
21:50:29.0514 5852 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:50:29.0577 5852 MSPQM - ok
21:50:29.0641 5852 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:50:29.0664 5852 MsRPC - ok
21:50:29.0749 5852 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:50:29.0778 5852 mssmbios - ok
21:50:29.0843 5852 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:50:29.0897 5852 MSTEE - ok
21:50:29.0918 5852 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:50:29.0941 5852 MTConfig - ok
21:50:29.0989 5852 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:50:30.0000 5852 Mup - ok
21:50:30.0046 5852 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
21:50:30.0056 5852 mwlPSDFilter - ok
21:50:30.0218 5852 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
21:50:30.0226 5852 mwlPSDNServ - ok
21:50:30.0309 5852 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
21:50:30.0326 5852 mwlPSDVDisk - ok
21:50:30.0475 5852 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
21:50:30.0550 5852 napagent - ok
21:50:30.0608 5852 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:50:30.0663 5852 NativeWifiP - ok
21:50:30.0923 5852 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:50:30.0956 5852 NDIS - ok
21:50:31.0034 5852 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:50:31.0097 5852 NdisCap - ok
21:50:31.0120 5852 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:50:31.0184 5852 NdisTapi - ok
21:50:31.0331 5852 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:50:31.0393 5852 Ndisuio - ok
21:50:31.0446 5852 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:50:31.0507 5852 NdisWan - ok
21:50:31.0602 5852 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:50:31.0692 5852 NDProxy - ok
21:50:31.0763 5852 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:50:31.0805 5852 NetBIOS - ok
21:50:31.0896 5852 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:50:31.0955 5852 NetBT - ok
21:50:32.0031 5852 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
21:50:32.0052 5852 Netlogon - ok
21:50:32.0164 5852 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:50:32.0259 5852 Netman - ok
21:50:32.0361 5852 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:50:32.0453 5852 netprofm - ok
21:50:32.0578 5852 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:50:32.0591 5852 NetTcpPortSharing - ok
21:50:32.0628 5852 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:50:32.0639 5852 nfrd960 - ok
21:50:32.0726 5852 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
21:50:32.0803 5852 NlaSvc - ok
21:50:32.0829 5852 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:50:32.0884 5852 Npfs - ok
21:50:32.0995 5852 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:50:33.0038 5852 nsi - ok
21:50:33.0095 5852 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:50:33.0153 5852 nsiproxy - ok
21:50:33.0614 5852 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:50:33.0716 5852 Ntfs - ok
21:50:33.0953 5852 NTI IScheduleSvc (14e66f603fb187713aeb02ad3b0390cf) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
21:50:33.0962 5852 NTI IScheduleSvc - ok
21:50:34.0245 5852 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
21:50:34.0268 5852 NTIDrvr - ok
21:50:34.0316 5852 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:50:34.0367 5852 Null - ok
21:50:34.0432 5852 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:50:34.0445 5852 nvraid - ok
21:50:34.0798 5852 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:50:34.0835 5852 nvstor - ok
21:50:35.0003 5852 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:50:35.0015 5852 nv_agp - ok
21:50:35.0057 5852 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:50:35.0113 5852 ohci1394 - ok
21:50:35.0178 5852 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:50:35.0263 5852 p2pimsvc - ok
21:50:35.0345 5852 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:50:35.0363 5852 p2psvc - ok
21:50:35.0456 5852 PAC207 (3a6dceb1848470320e4a3c12d7a35b1c) C:\Windows\system32\DRIVERS\PFC027.SYS
21:50:35.0546 5852 PAC207 - ok
21:50:35.0578 5852 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:50:35.0600 5852 Parport - ok
21:50:35.0650 5852 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
21:50:35.0663 5852 partmgr - ok
21:50:35.0720 5852 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:50:35.0769 5852 PcaSvc - ok
21:50:35.0834 5852 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:50:35.0850 5852 pci - ok
21:50:35.0865 5852 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:50:35.0876 5852 pciide - ok
21:50:36.0018 5852 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:50:36.0031 5852 pcmcia - ok
21:50:36.0082 5852 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:50:36.0092 5852 pcw - ok
21:50:36.0172 5852 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:50:36.0243 5852 PEAUTH - ok
21:50:36.0396 5852 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:50:36.0421 5852 PerfHost - ok
21:50:37.0042 5852 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
21:50:37.0177 5852 pla - ok
21:50:37.0341 5852 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
21:50:37.0461 5852 PlugPlay - ok
21:50:37.0550 5852 PnkBstrA - ok
21:50:37.0603 5852 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:50:37.0632 5852 PNRPAutoReg - ok
21:50:37.0688 5852 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:50:37.0706 5852 PNRPsvc - ok
21:50:37.0935 5852 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
21:50:38.0032 5852 PolicyAgent - ok
21:50:38.0071 5852 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:50:38.0155 5852 Power - ok
21:50:38.0279 5852 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:50:38.0333 5852 PptpMiniport - ok
21:50:38.0380 5852 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:50:38.0395 5852 Processor - ok
21:50:38.0468 5852 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
21:50:38.0545 5852 ProfSvc - ok
21:50:38.0632 5852 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
21:50:38.0649 5852 ProtectedStorage - ok
21:50:38.0760 5852 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:50:38.0841 5852 Psched - ok
21:50:39.0035 5852 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:50:39.0119 5852 ql2300 - ok
21:50:39.0461 5852 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:50:39.0478 5852 ql40xx - ok
21:50:39.0584 5852 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:50:39.0606 5852 QWAVE - ok
21:50:39.0645 5852 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:50:39.0715 5852 QWAVEdrv - ok
21:50:39.0778 5852 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:50:39.0868 5852 RasAcd - ok
21:50:39.0930 5852 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:50:40.0029 5852 RasAgileVpn - ok
21:50:40.0121 5852 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:50:40.0188 5852 RasAuto - ok
21:50:40.0253 5852 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:50:40.0352 5852 Rasl2tp - ok
21:50:40.0614 5852 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
21:50:40.0716 5852 RasMan - ok
21:50:40.0803 5852 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:50:40.0862 5852 RasPppoe - ok
21:50:40.0899 5852 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:50:40.0958 5852 RasSstp - ok
21:50:41.0096 5852 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:50:41.0175 5852 rdbss - ok
21:50:41.0243 5852 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:50:41.0287 5852 rdpbus - ok
21:50:41.0311 5852 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:50:41.0404 5852 RDPCDD - ok
21:50:41.0443 5852 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:50:41.0487 5852 RDPENCDD - ok
21:50:41.0522 5852 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:50:41.0579 5852 RDPREFMP - ok
21:50:41.0710 5852 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
21:50:41.0754 5852 RDPWD - ok
21:50:41.0831 5852 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:50:41.0844 5852 rdyboost - ok
21:50:41.0903 5852 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:50:41.0997 5852 RemoteAccess - ok
21:50:42.0053 5852 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:50:42.0105 5852 RemoteRegistry - ok
21:50:42.0178 5852 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:50:42.0243 5852 RpcEptMapper - ok
21:50:42.0284 5852 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:50:42.0298 5852 RpcLocator - ok
21:50:42.0470 5852 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:50:42.0525 5852 RpcSs - ok
21:50:42.0598 5852 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:50:42.0669 5852 rspndr - ok
21:50:42.0811 5852 RS_Service (b5a4b7d779cf4070df408de18bd33b02) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
21:50:42.0851 5852 RS_Service ( UnsignedFile.Multi.Generic ) - warning
21:50:42.0851 5852 RS_Service - detected UnsignedFile.Multi.Generic (1)
21:50:42.0976 5852 RTHDMIAzAudService (c20f64fcd5e2b40310a1774495877acd) C:\Windows\system32\drivers\RtHDMIVX.sys
21:50:42.0987 5852 RTHDMIAzAudService - ok
21:50:43.0132 5852 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
21:50:43.0160 5852 SamSs - ok
21:50:43.0231 5852 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:50:43.0248 5852 sbp2port - ok
21:50:43.0409 5852 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:50:43.0462 5852 SCardSvr - ok
21:50:43.0559 5852 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:50:43.0631 5852 scfilter - ok
21:50:43.0913 5852 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
21:50:44.0007 5852 Schedule - ok
21:50:44.0331 5852 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:50:44.0372 5852 SCPolicySvc - ok
21:50:45.0062 5852 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
21:50:45.0138 5852 SDRSVC - ok
21:50:45.0212 5852 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:50:45.0267 5852 secdrv - ok
21:50:45.0484 5852 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
21:50:45.0572 5852 seclogon - ok
21:50:45.0730 5852 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
21:50:45.0830 5852 SENS - ok
21:50:45.0920 5852 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:50:45.0998 5852 SensrSvc - ok
21:50:46.0114 5852 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:50:46.0127 5852 Serenum - ok
21:50:46.0168 5852 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:50:46.0182 5852 Serial - ok
21:50:46.0257 5852 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:50:46.0292 5852 sermouse - ok
21:50:46.0354 5852 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
21:50:46.0396 5852 SessionEnv - ok
21:50:46.0467 5852 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:50:46.0491 5852 sffdisk - ok
21:50:46.0518 5852 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:50:46.0582 5852 sffp_mmc - ok
21:50:46.0637 5852 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:50:46.0670 5852 sffp_sd - ok
21:50:46.0711 5852 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:50:46.0765 5852 sfloppy - ok
21:50:47.0358 5852 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
21:50:47.0441 5852 ShellHWDetection - ok
21:50:47.0478 5852 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:50:47.0492 5852 SiSRaid2 - ok
21:50:47.0765 5852 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:50:47.0795 5852 SiSRaid4 - ok
21:50:47.0906 5852 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
21:50:47.0946 5852 SkypeUpdate - ok
21:50:47.0997 5852 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:50:48.0100 5852 Smb - ok
21:50:48.0141 5852 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:50:48.0171 5852 SNMPTRAP - ok
21:50:48.0197 5852 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:50:48.0210 5852 spldr - ok
21:50:48.0653 5852 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
21:50:48.0753 5852 Spooler - ok
21:50:50.0115 5852 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
21:50:50.0323 5852 sppsvc - ok
21:50:50.0533 5852 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:50:50.0618 5852 sppuinotify - ok
21:50:50.0740 5852 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:50:50.0811 5852 srv - ok
21:50:50.0855 5852 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:50:50.0896 5852 srv2 - ok
21:50:50.0914 5852 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:50:50.0950 5852 srvnet - ok
21:50:50.0996 5852 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:50:51.0072 5852 SSDPSRV - ok
21:50:51.0089 5852 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:50:51.0155 5852 SstpSvc - ok
21:50:51.0261 5852 Steam Client Service - ok
21:50:51.0317 5852 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:50:51.0346 5852 stexstor - ok
21:50:51.0478 5852 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
21:50:51.0567 5852 stisvc - ok
21:50:51.0612 5852 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:50:51.0626 5852 swenum - ok
21:50:51.0691 5852 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:50:51.0786 5852 swprv - ok
21:50:51.0832 5852 SynTP (ed6d1424e5b0c21a57b28dd8508d6843) C:\Windows\system32\DRIVERS\SynTP.sys
21:50:51.0850 5852 SynTP - ok
21:50:52.0223 5852 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
21:50:52.0357 5852 SysMain - ok
21:50:52.0843 5852 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
21:50:52.0912 5852 TabletInputService - ok
21:50:52.0951 5852 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
21:50:53.0026 5852 TapiSrv - ok
21:50:53.0074 5852 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:50:53.0137 5852 TBS - ok
21:50:54.0207 5852 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
21:50:54.0309 5852 Tcpip - ok
21:50:55.0419 5852 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
21:50:55.0463 5852 TCPIP6 - ok
21:50:56.0215 5852 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:50:56.0279 5852 tcpipreg - ok
21:50:56.0331 5852 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:50:56.0409 5852 TDPIPE - ok
21:50:56.0434 5852 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:50:56.0499 5852 TDTCP - ok
21:50:56.0654 5852 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:50:56.0706 5852 tdx - ok
21:50:56.0812 5852 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:50:56.0823 5852 TermDD - ok
21:50:57.0261 5852 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
21:50:57.0384 5852 TermService - ok
21:50:57.0454 5852 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:50:57.0491 5852 Themes - ok
21:50:57.0541 5852 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:50:57.0595 5852 THREADORDER - ok
21:50:57.0687 5852 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:50:57.0773 5852 TrkWks - ok
21:50:57.0843 5852 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
21:50:57.0942 5852 TrustedInstaller - ok
21:50:57.0991 5852 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:50:58.0038 5852 tssecsrv - ok
21:50:58.0075 5852 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:50:58.0139 5852 TsUsbFlt - ok
21:50:58.0736 5852 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:50:58.0809 5852 tunnel - ok
21:50:59.0106 5852 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:50:59.0129 5852 uagp35 - ok
21:50:59.0184 5852 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
21:50:59.0191 5852 UBHelper - ok
21:50:59.0255 5852 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:50:59.0353 5852 udfs - ok
21:50:59.0430 5852 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:50:59.0444 5852 UI0Detect - ok
21:50:59.0516 5852 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:50:59.0540 5852 uliagpkx - ok
21:50:59.0588 5852 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
21:50:59.0616 5852 umbus - ok
21:50:59.0679 5852 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:50:59.0706 5852 UmPass - ok
21:51:00.0878 5852 UNS (765f2dd351ba064f657751d8d75e58c0) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
21:51:01.0007 5852 UNS - ok
21:51:01.0121 5852 Updater Service (70dde3a86dbeb1d6c3c30ad687b1877a) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
21:51:01.0132 5852 Updater Service - ok
21:51:01.0262 5852 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:51:01.0363 5852 upnphost - ok
21:51:01.0455 5852 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
21:51:01.0472 5852 usbaudio - ok
21:51:01.0605 5852 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:51:01.0686 5852 usbccgp - ok
21:51:01.0748 5852 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:51:01.0775 5852 usbcir - ok
21:51:01.0802 5852 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
21:51:01.0826 5852 usbehci - ok
21:51:01.0858 5852 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:51:01.0889 5852 usbhub - ok
21:51:01.0909 5852 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
21:51:01.0936 5852 usbohci - ok
21:51:01.0979 5852 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:51:02.0003 5852 usbprint - ok
21:51:02.0077 5852 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:51:02.0106 5852 usbscan - ok
21:51:02.0213 5852 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:51:02.0283 5852 USBSTOR - ok
21:51:02.0366 5852 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:51:02.0385 5852 usbuhci - ok
21:51:02.0541 5852 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
21:51:02.0559 5852 usbvideo - ok
21:51:02.0624 5852 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:51:02.0701 5852 UxSms - ok
21:51:02.0781 5852 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
21:51:02.0798 5852 VaultSvc - ok
21:51:02.0843 5852 VClone (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys
21:51:02.0884 5852 VClone - ok
21:51:02.0953 5852 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:51:02.0963 5852 vdrvroot - ok
21:51:03.0051 5852 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
21:51:03.0104 5852 vds - ok
21:51:03.0143 5852 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:51:03.0159 5852 vga - ok
21:51:03.0164 5852 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:51:03.0230 5852 VgaSave - ok
21:51:03.0329 5852 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:51:03.0342 5852 vhdmp - ok
21:51:03.0398 5852 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:51:03.0408 5852 viaide - ok
21:51:03.0442 5852 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:51:03.0453 5852 volmgr - ok
21:51:03.0664 5852 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:51:03.0688 5852 volmgrx - ok
21:51:03.0879 5852 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:51:03.0906 5852 volsnap - ok
21:51:03.0985 5852 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:51:04.0004 5852 vsmraid - ok
21:51:04.0748 5852 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
21:51:04.0907 5852 VSS - ok
21:51:05.0503 5852 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:51:05.0568 5852 vwifibus - ok
21:51:05.0604 5852 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:51:05.0623 5852 vwififlt - ok
21:51:05.0686 5852 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:51:05.0733 5852 W32Time - ok
21:51:05.0776 5852 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:51:05.0805 5852 WacomPen - ok
21:51:05.0895 5852 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:51:05.0977 5852 WANARP - ok
21:51:05.0998 5852 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:51:06.0047 5852 Wanarpv6 - ok
21:51:06.0453 5852 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
21:51:06.0598 5852 wbengine - ok
21:51:06.0931 5852 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:51:06.0953 5852 WbioSrvc - ok
21:51:06.0995 5852 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
21:51:07.0050 5852 wcncsvc - ok
21:51:07.0065 5852 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:51:07.0111 5852 WcsPlugInService - ok
21:51:07.0169 5852 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:51:07.0179 5852 Wd - ok
21:51:07.0553 5852 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:51:07.0592 5852 Wdf01000 - ok
21:51:07.0693 5852 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:51:07.0814 5852 WdiServiceHost - ok
21:51:07.0818 5852 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:51:07.0839 5852 WdiSystemHost - ok
21:51:07.0903 5852 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
21:51:07.0977 5852 WebClient - ok
21:51:08.0011 5852 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:51:08.0118 5852 Wecsvc - ok
21:51:08.0141 5852 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:51:08.0186 5852 wercplsupport - ok
21:51:08.0228 5852 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:51:08.0321 5852 WerSvc - ok
21:51:08.0373 5852 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:51:08.0421 5852 WfpLwf - ok
21:51:08.0484 5852 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:51:08.0497 5852 WIMMount - ok
21:51:08.0502 5852 WinHttpAutoProxySvc - ok
21:51:08.0562 5852 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:51:08.0643 5852 Winmgmt - ok
21:51:08.0798 5852 WinRing0_1_2_0 (0c0195c48b6b8582fa6f6373032118da) C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys
21:51:08.0809 5852 WinRing0_1_2_0 - ok
21:51:09.0262 5852 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
21:51:09.0386 5852 WinRM - ok
21:51:09.0726 5852 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:51:09.0801 5852 Wlansvc - ok
21:51:10.0128 5852 wlidsvc (e23a257a54fa12c2aef8ad51e6556357) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:51:10.0241 5852 wlidsvc - ok
21:51:10.0487 5852 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:51:10.0517 5852 WmiAcpi - ok
21:51:10.0653 5852 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:51:10.0684 5852 wmiApSrv - ok
21:51:10.0753 5852 WMPNetworkSvc - ok
21:51:10.0788 5852 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:51:10.0837 5852 WPCSvc - ok
21:51:10.0878 5852 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
21:51:10.0977 5852 WPDBusEnum - ok
21:51:11.0005 5852 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:51:11.0051 5852 ws2ifsl - ok
21:51:11.0055 5852 WSearch - ok
21:51:11.0358 5852 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
21:51:11.0483 5852 wuauserv - ok
21:51:11.0738 5852 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:51:11.0794 5852 WudfPf - ok
21:51:11.0882 5852 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:51:11.0978 5852 WUDFRd - ok
21:51:12.0027 5852 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
21:51:12.0078 5852 wudfsvc - ok
21:51:12.0126 5852 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:51:12.0158 5852 WwanSvc - ok
21:51:12.0320 5852 X6va002 - ok
21:51:12.0392 5852 X6va003 - ok
21:51:12.0592 5852 ZAtheros Wlan Agent (1ca8ac00abde45a4fe360aea515f844b) C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe
21:51:12.0597 5852 ZAtheros Wlan Agent ( UnsignedFile.Multi.Generic ) - warning
21:51:12.0597 5852 ZAtheros Wlan Agent - detected UnsignedFile.Multi.Generic (1)
21:51:12.0626 5852 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
21:51:13.0110 5852 \Device\Harddisk0\DR0 - ok
21:51:13.0144 5852 Boot (0x1200) (851861819a0282d2d600ac8029e9b3e7) \Device\Harddisk0\DR0\Partition0
21:51:13.0145 5852 \Device\Harddisk0\DR0\Partition0 - ok
21:51:13.0161 5852 Boot (0x1200) (f21262666ef44e626d25f4df17c0488a) \Device\Harddisk0\DR0\Partition1
21:51:13.0162 5852 \Device\Harddisk0\DR0\Partition1 - ok
21:51:13.0162 5852 ============================================================
21:51:13.0162 5852 Scan finished
21:51:13.0162 5852 ============================================================
21:51:13.0172 2596 Detected object count: 2
21:51:13.0172 2596 Actual detected object count: 2
21:51:23.0175 2596 RS_Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:23.0176 2596 RS_Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:23.0176 2596 ZAtheros Wlan Agent ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:23.0176 2596 ZAtheros Wlan Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:45.0532 3928 ============================================================
21:51:45.0532 3928 Scan started
21:51:45.0532 3928 Mode: Manual; SigCheck; TDLFS;
21:51:45.0532 3928 ============================================================
21:51:46.0602 3928 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:51:46.0624 3928 1394ohci - ok
21:51:46.0668 3928 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:51:46.0683 3928 ACPI - ok
21:51:46.0696 3928 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:51:46.0711 3928 AcpiPmi - ok
21:51:46.0843 3928 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:51:46.0851 3928 AdobeARMservice - ok
21:51:46.0992 3928 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:51:47.0010 3928 adp94xx - ok
21:51:47.0048 3928 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:51:47.0062 3928 adpahci - ok
21:51:47.0115 3928 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:51:47.0128 3928 adpu320 - ok
21:51:47.0167 3928 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:51:47.0209 3928 AeLookupSvc - ok
21:51:47.0316 3928 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
21:51:47.0333 3928 AFD - ok
21:51:47.0388 3928 AgereModemAudio (b65f8dba54f251906bbe8611b5a0e7ab) C:\Program Files\LSI SoftModem\agr64svc.exe
21:51:47.0399 3928 AgereModemAudio - ok
21:51:47.0473 3928 AgereSoftModem (a6ab6f0ace87da76b4c401813d18be95) C:\Windows\system32\DRIVERS\agrsm64.sys
21:51:47.0505 3928 AgereSoftModem - ok
21:51:47.0544 3928 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:51:47.0554 3928 agp440 - ok
21:51:47.0608 3928 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:51:47.0621 3928 ALG - ok
21:51:47.0674 3928 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:51:47.0683 3928 aliide - ok
21:51:47.0710 3928 AMD External Events Utility (a2f5bea5b45a8e7c4776f39c25e8699d) C:\Windows\system32\atiesrxx.exe
21:51:47.0727 3928 AMD External Events Utility - ok
21:51:47.0746 3928 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:51:47.0760 3928 amdide - ok
21:51:47.0805 3928 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:51:47.0818 3928 AmdK8 - ok
21:51:48.0501 3928 amdkmdag (5b03217859b014b090cb5060c1d96875) C:\Windows\system32\DRIVERS\atikmdag.sys
21:51:48.0792 3928 amdkmdag - ok
21:51:49.0060 3928 amdkmdap (35d2184a99ad4cd5d17284d6c9f382c9) C:\Windows\system32\DRIVERS\atikmpag.sys
21:51:49.0087 3928 amdkmdap - ok
21:51:49.0110 3928 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:51:49.0126 3928 AmdPPM - ok
21:51:49.0157 3928 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:51:49.0173 3928 amdsata - ok
21:51:49.0228 3928 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:51:49.0254 3928 amdsbs - ok
21:51:49.0267 3928 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:51:49.0277 3928 amdxata - ok
21:51:49.0306 3928 AmUStor (391887990cdaa83de5c56c3fde966da1) C:\Windows\system32\drivers\AmUStor.SYS
21:51:49.0320 3928 AmUStor - ok
21:51:49.0402 3928 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
21:51:49.0411 3928 AntiVirSchedulerService - ok
21:51:49.0492 3928 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
21:51:49.0500 3928 AntiVirService - ok
21:51:49.0533 3928 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:51:49.0575 3928 AppID - ok
21:51:49.0603 3928 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:51:49.0646 3928 AppIDSvc - ok
21:51:49.0735 3928 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:51:49.0787 3928 Appinfo - ok
21:51:49.0835 3928 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:51:49.0846 3928 arc - ok
21:51:49.0858 3928 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:51:49.0871 3928 arcsas - ok
21:51:49.0888 3928 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:51:49.0930 3928 AsyncMac - ok
21:51:49.0979 3928 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:51:49.0989 3928 atapi - ok
21:51:50.0202 3928 athr (7d0398396727195cc73d703001d3cff4) C:\Windows\system32\DRIVERS\athrx.sys
21:51:50.0287 3928 athr - ok
21:51:51.0264 3928 atikmdag (5b03217859b014b090cb5060c1d96875) C:\Windows\system32\DRIVERS\atikmdag.sys
21:51:51.0538 3928 atikmdag - ok
21:51:51.0673 3928 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:51:51.0723 3928 AudioEndpointBuilder - ok
21:51:51.0730 3928 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:51:51.0780 3928 AudioSrv - ok
21:51:51.0857 3928 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
21:51:51.0866 3928 avgntflt - ok
21:51:51.0883 3928 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
21:51:51.0894 3928 avipbb - ok
21:51:51.0914 3928 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
21:51:51.0922 3928 avkmgr - ok
21:51:51.0993 3928 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:51:52.0011 3928 AxInstSV - ok
21:51:52.0093 3928 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:51:52.0124 3928 b06bdrv - ok
21:51:52.0150 3928 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:51:52.0167 3928 b57nd60a - ok
21:51:52.0360 3928 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
21:51:52.0414 3928 BCM43XX - ok
21:51:52.0450 3928 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:51:52.0464 3928 BDESVC - ok
21:51:52.0524 3928 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:51:52.0578 3928 Beep - ok
21:51:52.0643 3928 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
21:51:52.0726 3928 BFE - ok
21:51:52.0866 3928 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
21:51:52.0929 3928 BITS - ok
21:51:52.0978 3928 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:51:52.0992 3928 blbdrive - ok
21:51:53.0054 3928 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:51:53.0067 3928 bowser - ok
21:51:53.0098 3928 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:51:53.0117 3928 BrFiltLo - ok
21:51:53.0171 3928 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:51:53.0187 3928 BrFiltUp - ok
21:51:53.0225 3928 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:51:53.0269 3928 Browser - ok
21:51:53.0295 3928 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:51:53.0312 3928 Brserid - ok
21:51:53.0330 3928 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:51:53.0346 3928 BrSerWdm - ok
21:51:53.0355 3928 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:51:53.0370 3928 BrUsbMdm - ok
21:51:53.0392 3928 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:51:53.0405 3928 BrUsbSer - ok
21:51:53.0439 3928 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:51:53.0456 3928 BTHMODEM - ok
21:51:53.0484 3928 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:51:53.0536 3928 bthserv - ok
21:51:53.0556 3928 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:51:53.0623 3928 cdfs - ok
21:51:53.0694 3928 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
21:51:53.0711 3928 cdrom - ok
21:51:53.0737 3928 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:51:53.0783 3928 CertPropSvc - ok
21:51:53.0831 3928 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:51:53.0861 3928 circlass - ok
21:51:53.0937 3928 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:51:53.0953 3928 CLFS - ok
21:51:54.0019 3928 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:51:54.0028 3928 clr_optimization_v2.0.50727_32 - ok
21:51:54.0091 3928 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:51:54.0103 3928 clr_optimization_v2.0.50727_64 - ok
21:51:54.0202 3928 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:51:54.0213 3928 clr_optimization_v4.0.30319_32 - ok
21:51:54.0246 3928 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:51:54.0259 3928 clr_optimization_v4.0.30319_64 - ok
21:51:54.0277 3928 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:51:54.0292 3928 CmBatt - ok
21:51:54.0346 3928 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:51:54.0357 3928 cmdide - ok
21:51:54.0438 3928 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
21:51:54.0462 3928 CNG - ok
21:51:54.0494 3928 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:51:54.0505 3928 Compbatt - ok
21:51:54.0535 3928 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:51:54.0552 3928 CompositeBus - ok
21:51:54.0555 3928 COMSysApp - ok
21:51:54.0773 3928 cpuz130 - ok
21:51:54.0807 3928 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:51:54.0817 3928 crcdisk - ok
21:51:54.0865 3928 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
21:51:54.0908 3928 CryptSvc - ok
21:51:54.0981 3928 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:51:55.0028 3928 DcomLaunch - ok
21:51:55.0060 3928 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:51:55.0111 3928 defragsvc - ok
21:51:55.0170 3928 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:51:55.0210 3928 DfsC - ok
21:51:55.0253 3928 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:51:55.0301 3928 Dhcp - ok
21:51:55.0353 3928 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:51:55.0411 3928 discache - ok
21:51:55.0437 3928 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:51:55.0448 3928 Disk - ok
21:51:55.0528 3928 DKbFltr (d5bcb77be83cf99f508943945d46343d) C:\Windows\syswow64\Drivers\DKbFltr.sys
21:51:55.0537 3928 DKbFltr - ok
21:51:55.0581 3928 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:51:55.0597 3928 Dnscache - ok
21:51:55.0628 3928 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:51:55.0671 3928 dot3svc - ok
21:51:55.0734 3928 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:51:55.0780 3928 DPS - ok
21:51:55.0875 3928 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:51:55.0891 3928 drmkaud - ok
21:51:55.0946 3928 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:51:55.0978 3928 DXGKrnl - ok
21:51:56.0030 3928 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:51:56.0074 3928 EapHost - ok
21:51:56.0255 3928 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:51:56.0321 3928 ebdrv - ok
21:51:56.0446 3928 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
21:51:56.0463 3928 EFS - ok
21:51:56.0637 3928 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
21:51:56.0659 3928 ehRecvr - ok
21:51:56.0696 3928 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:51:56.0711 3928 ehSched - ok
21:51:56.0825 3928 ElbyCDIO (9a47ac3dfcf81d30922cdaaf1c2d579f) C:\Windows\system32\Drivers\ElbyCDIO.sys
21:51:56.0834 3928 ElbyCDIO - ok
21:51:56.0904 3928 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:51:56.0925 3928 elxstor - ok
21:51:57.0114 3928 ePowerSvc (fb67aa8ac61b9365add546139a21bed6) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
21:51:57.0139 3928 ePowerSvc - ok
21:51:57.0196 3928 EPSON_PM_RPCV4_01 (1e345f2a2d95da3190596e691cde9342) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
21:51:57.0206 3928 EPSON_PM_RPCV4_01 - ok
21:51:57.0405 3928 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:51:57.0417 3928 ErrDev - ok
21:51:57.0503 3928 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:51:57.0574 3928 EventSystem - ok
21:51:57.0591 3928 EverestDriver - ok
21:51:57.0618 3928 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:51:57.0661 3928 exfat - ok
21:51:57.0729 3928 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:51:57.0787 3928 fastfat - ok
21:51:57.0844 3928 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
21:51:57.0868 3928 Fax - ok
21:51:57.0902 3928 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:51:57.0915 3928 fdc - ok
21:51:57.0963 3928 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:51:58.0007 3928 fdPHost - ok
21:51:58.0018 3928 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:51:58.0061 3928 FDResPub - ok
21:51:58.0074 3928 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:51:58.0084 3928 FileInfo - ok
21:51:58.0134 3928 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:51:58.0178 3928 Filetrace - ok
21:51:58.0194 3928 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:51:58.0208 3928 flpydisk - ok
21:51:58.0249 3928 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:51:58.0264 3928 FltMgr - ok
21:51:58.0412 3928 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
21:51:58.0451 3928 FontCache - ok
21:51:58.0527 3928 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:51:58.0535 3928 FontCache3.0.0.0 - ok
21:51:58.0593 3928 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:51:58.0603 3928 FsDepends - ok
21:51:58.0626 3928 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:51:58.0636 3928 Fs_Rec - ok
21:51:58.0727 3928 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:51:58.0743 3928 fvevol - ok
21:51:58.0786 3928 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:51:58.0797 3928 gagp30kx - ok
21:51:58.0814 3928 GGSAFERDriver - ok
21:51:58.0879 3928 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
21:51:58.0939 3928 gpsvc - ok
21:51:59.0070 3928 Greg_Service (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
21:51:59.0097 3928 Greg_Service - ok
21:51:59.0205 3928 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:51:59.0215 3928 gupdate - ok
21:51:59.0221 3928 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:51:59.0230 3928 gupdatem - ok
21:51:59.0341 3928 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
21:51:59.0349 3928 hamachi - ok
21:51:59.0614 3928 Hamachi2Svc (d483dbaef409e8ab7477c28615fcd853) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
21:51:59.0698 3928 Hamachi2Svc - ok
21:51:59.0872 3928 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:51:59.0884 3928 hcw85cir - ok
21:51:59.0922 3928 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:51:59.0943 3928 HdAudAddService - ok
21:51:59.0984 3928 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:52:00.0001 3928 HDAudBus - ok
21:52:00.0039 3928 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
21:52:00.0051 3928 HECIx64 - ok
21:52:00.0082 3928 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:52:00.0095 3928 HidBatt - ok
21:52:00.0112 3928 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:52:00.0128 3928 HidBth - ok
21:52:00.0139 3928 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:52:00.0159 3928 HidIr - ok
21:52:00.0188 3928 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
21:52:00.0240 3928 hidserv - ok
21:52:00.0285 3928 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:52:00.0303 3928 HidUsb - ok
21:52:00.0371 3928 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
21:52:00.0428 3928 hkmsvc - ok
21:52:00.0471 3928 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
21:52:00.0487 3928 HomeGroupListener - ok
21:52:00.0545 3928 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
21:52:00.0563 3928 HomeGroupProvider - ok
21:52:00.0603 3928 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:52:00.0618 3928 HpSAMD - ok
21:52:00.0713 3928 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:52:00.0763 3928 HTTP - ok
21:52:00.0814 3928 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:52:00.0824 3928 hwpolicy - ok
21:52:00.0861 3928 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:52:00.0877 3928 i8042prt - ok
21:52:00.0954 3928 iaStor (8180a2392e732e8871589b54fab6991f) C:\Windows\system32\DRIVERS\iaStor.sys
21:52:00.0973 3928 iaStor - ok
21:52:01.0050 3928 IAStorDataMgrSvc (17125b7d2f56b4b35441561c780c2ccb) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
21:52:01.0058 3928 IAStorDataMgrSvc - ok
21:52:01.0099 3928 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:52:01.0118 3928 iaStorV - ok
21:52:01.0272 3928 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:52:01.0301 3928 idsvc - ok
21:52:02.0194 3928 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
21:52:02.0400 3928 igfx - ok
21:52:02.0539 3928 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:52:02.0551 3928 iirsp - ok
21:52:02.0735 3928 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
21:52:02.0819 3928 IKEEXT - ok
21:52:02.0856 3928 Impcd (4b6363cd4610bb848531bb260b15dfcc) C:\Windows\system32\DRIVERS\Impcd.sys
21:52:02.0871 3928 Impcd - ok
21:52:03.0278 3928 IntcAzAudAddService (150ac23f21dbdbf8488408ba944b0d65) C:\Windows\system32\drivers\RTKVHD64.sys
21:52:03.0449 3928 IntcAzAudAddService - ok
21:52:03.0632 3928 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:52:03.0642 3928 intelide - ok
21:52:03.0677 3928 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:52:03.0695 3928 intelppm - ok
21:52:03.0837 3928 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:52:03.0891 3928 IPBusEnum - ok
21:52:03.0950 3928 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:52:03.0991 3928 IpFilterDriver - ok
21:52:04.0047 3928 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:52:04.0063 3928 IPMIDRV - ok
21:52:04.0121 3928 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:52:04.0167 3928 IPNAT - ok
21:52:04.0180 3928 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:52:04.0199 3928 IRENUM - ok
21:52:04.0231 3928 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:52:04.0242 3928 isapnp - ok
21:52:04.0264 3928 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:52:04.0296 3928 iScsiPrt - ok
21:52:04.0402 3928 k57nd60a (376bc8e5f4a0ea0f0f16818bb1a95d4b) C:\Windows\system32\DRIVERS\k57nd60a.sys
21:52:04.0419 3928 k57nd60a - ok
21:52:04.0470 3928 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:52:04.0483 3928 kbdclass - ok
21:52:04.0523 3928 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
21:52:04.0536 3928 kbdhid - ok
21:52:04.0569 3928 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
21:52:04.0587 3928 KeyIso - ok
21:52:04.0615 3928 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
21:52:04.0640 3928 KSecDD - ok
21:52:04.0693 3928 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
21:52:04.0705 3928 KSecPkg - ok
21:52:04.0750 3928 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:52:04.0793 3928 ksthunk - ok
21:52:04.0874 3928 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:52:04.0920 3928 KtmRm - ok
21:52:04.0933 3928 L1E (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
21:52:04.0946 3928 L1E - ok
21:52:05.0037 3928 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
21:52:05.0085 3928 LanmanServer - ok
21:52:05.0128 3928 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
21:52:05.0171 3928 LanmanWorkstation - ok
21:52:05.0183 3928 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:52:05.0231 3928 lltdio - ok
21:52:05.0262 3928 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:52:05.0308 3928 lltdsvc - ok
21:52:05.0341 3928 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:52:05.0399 3928 lmhosts - ok
21:52:05.0522 3928 LMS (7485fbcef9136f530953575e2977859d) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:52:05.0535 3928 LMS - ok
21:52:05.0576 3928 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:52:05.0588 3928 LSI_FC - ok
21:52:05.0608 3928 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:52:05.0620 3928 LSI_SAS - ok
21:52:05.0638 3928 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:52:05.0651 3928 LSI_SAS2 - ok
21:52:05.0689 3928 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:52:05.0701 3928 LSI_SCSI - ok
21:52:05.0732 3928 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:52:05.0776 3928 luafv - ok
21:52:05.0806 3928 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
21:52:05.0816 3928 MBAMProtector - ok
21:52:05.0860 3928 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:52:05.0882 3928 MBAMService - ok
21:52:05.0946 3928 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
21:52:05.0962 3928 Mcx2Svc - ok
21:52:05.0999 3928 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:52:06.0014 3928 megasas - ok
21:52:06.0072 3928 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:52:06.0089 3928 MegaSR - ok
21:52:06.0134 3928 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:52:06.0178 3928 MMCSS - ok
21:52:06.0204 3928 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:52:06.0250 3928 Modem - ok
21:52:06.0280 3928 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:52:06.0296 3928 monitor - ok
21:52:06.0374 3928 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:52:06.0385 3928 mouclass - ok
21:52:06.0411 3928 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:52:06.0423 3928 mouhid - ok
21:52:06.0499 3928 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:52:06.0510 3928 mountmgr - ok
21:52:06.0647 3928 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:52:06.0659 3928 MozillaMaintenance - ok
21:52:06.0702 3928 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:52:06.0721 3928 mpio - ok
21:52:06.0775 3928 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:52:06.0839 3928 mpsdrv - ok
21:52:06.0925 3928 MQAC (cd22d2563039dda6793f7624719363a7) C:\Windows\system32\drivers\mqac.sys
21:52:06.0939 3928 MQAC - ok
21:52:06.0971 3928 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:52:06.0996 3928 MRxDAV - ok
21:52:07.0064 3928 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:52:07.0080 3928 mrxsmb - ok
21:52:07.0140 3928 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:52:07.0160 3928 mrxsmb10 - ok
21:52:07.0244 3928 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:52:07.0275 3928 mrxsmb20 - ok
21:52:07.0354 3928 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:52:07.0364 3928 msahci - ok
21:52:07.0402 3928 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:52:07.0415 3928 msdsm - ok
21:52:07.0473 3928 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:52:07.0489 3928 MSDTC - ok
21:52:07.0542 3928 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:52:07.0590 3928 Msfs - ok
21:52:07.0604 3928 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:52:07.0656 3928 mshidkmdf - ok
21:52:07.0778 3928 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:52:07.0788 3928 msisadrv - ok
21:52:07.0835 3928 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:52:07.0890 3928 MSiSCSI - ok
21:52:07.0894 3928 msiserver - ok
21:52:07.0927 3928 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:52:07.0970 3928 MSKSSRV - ok
21:52:08.0024 3928 MSMQ (faaeaef99e53561beee58f946ca56f0d) C:\Windows\system32\mqsvc.exe
21:52:08.0046 3928 MSMQ - ok
21:52:08.0101 3928 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:52:08.0145 3928 MSPCLOCK - ok
21:52:08.0156 3928 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:52:08.0213 3928 MSPQM - ok
21:52:08.0296 3928 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:52:08.0318 3928 MsRPC - ok
21:52:08.0381 3928 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:52:08.0391 3928 mssmbios - ok
21:52:08.0434 3928 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:52:08.0480 3928 MSTEE - ok
21:52:08.0505 3928 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:52:08.0519 3928 MTConfig - ok
21:52:08.0552 3928 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:52:08.0563 3928 Mup - ok
21:52:08.0588 3928 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
21:52:08.0597 3928 mwlPSDFilter - ok
21:52:08.0606 3928 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
21:52:08.0613 3928 mwlPSDNServ - ok
21:52:08.0647 3928 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
21:52:08.0656 3928 mwlPSDVDisk - ok
21:52:08.0766 3928 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
21:52:08.0814 3928 napagent - ok
21:52:08.0871 3928 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:52:08.0906 3928 NativeWifiP - ok
21:52:08.0964 3928 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:52:08.0995 3928 NDIS - ok
21:52:09.0014 3928 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:52:09.0063 3928 NdisCap - ok
21:52:09.0097 3928 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:52:09.0143 3928 NdisTapi - ok
21:52:09.0200 3928 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:52:09.0247 3928 Ndisuio - ok
21:52:09.0288 3928 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:52:09.0361 3928 NdisWan - ok
21:52:09.0399 3928 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:52:09.0451 3928 NDProxy - ok
21:52:09.0596 3928 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:52:09.0642 3928 NetBIOS - ok
21:52:09.0745 3928 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:52:09.0805 3928 NetBT - ok
21:52:09.0870 3928 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
21:52:09.0884 3928 Netlogon - ok
21:52:09.0906 3928 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:52:09.0963 3928 Netman - ok
21:52:10.0021 3928 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:52:10.0102 3928 netprofm - ok
21:52:10.0241 3928 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:52:10.0251 3928 NetTcpPortSharing - ok
21:52:10.0280 3928 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:52:10.0292 3928 nfrd960 - ok
21:52:10.0334 3928 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
21:52:10.0389 3928 NlaSvc - ok
21:52:10.0411 3928 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:52:10.0462 3928 Npfs - ok
21:52:10.0515 3928 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:52:10.0558 3928 nsi - ok
21:52:10.0625 3928 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:52:10.0670 3928 nsiproxy - ok
21:52:10.0899 3928 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:52:10.0976 3928 Ntfs - ok
21:52:11.0149 3928 NTI IScheduleSvc (14e66f603fb187713aeb02ad3b0390cf) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
21:52:11.0156 3928 NTI IScheduleSvc - ok
21:52:11.0238 3928 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
21:52:11.0245 3928 NTIDrvr - ok
21:52:11.0285 3928 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:52:11.0331 3928 Null - ok
21:52:11.0388 3928 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:52:11.0401 3928 nvraid - ok
21:52:11.0441 3928 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:52:11.0454 3928 nvstor - ok
21:52:11.0510 3928 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:52:11.0530 3928 nv_agp - ok
21:52:11.0562 3928 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:52:11.0575 3928 ohci1394 - ok
21:52:11.0607 3928 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:52:11.0632 3928 p2pimsvc - ok
21:52:11.0654 3928 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:52:11.0673 3928 p2psvc - ok
21:52:11.0781 3928 PAC207 (3a6dceb1848470320e4a3c12d7a35b1c) C:\Windows\system32\DRIVERS\PFC027.SYS
21:52:11.0801 3928 PAC207 - ok
21:52:11.0840 3928 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:52:11.0855 3928 Parport - ok
21:52:11.0910 3928 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
21:52:11.0933 3928 partmgr - ok
21:52:11.0984 3928 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:52:12.0008 3928 PcaSvc - ok
21:52:12.0045 3928 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:52:12.0060 3928 pci - ok
21:52:12.0073 3928 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:52:12.0083 3928 pciide - ok
21:52:12.0187 3928 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:52:12.0201 3928 pcmcia - ok
21:52:12.0230 3928 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:52:12.0241 3928 pcw - ok
21:52:12.0309 3928 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:52:12.0381 3928 PEAUTH - ok
21:52:12.0553 3928 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:52:12.0571 3928 PerfHost - ok
21:52:12.0746 3928 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
21:52:12.0813 3928 pla - ok
21:52:12.0871 3928 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
21:52:12.0889 3928 PlugPlay - ok
21:52:12.0893 3928 PnkBstrA - ok
21:52:12.0921 3928 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:52:12.0945 3928 PNRPAutoReg - ok
21:52:12.0963 3928 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:52:12.0978 3928 PNRPsvc - ok
21:52:13.0109 3928 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
21:52:13.0157 3928 PolicyAgent - ok
21:52:13.0181 3928 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:52:13.0242 3928 Power - ok
21:52:13.0308 3928 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:52:13.0350 3928 PptpMiniport - ok
21:52:13.0370 3928 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:52:13.0384 3928 Processor - ok
21:52:13.0451 3928 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
21:52:13.0498 3928 ProfSvc - ok
21:52:13.0575 3928 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
21:52:13.0588 3928 ProtectedStorage - ok
21:52:13.0629 3928 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:52:13.0673 3928 Psched - ok
21:52:13.0850 3928 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:52:13.0915 3928 ql2300 - ok
21:52:14.0169 3928 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:52:14.0182 3928 ql40xx - ok
21:52:14.0216 3928 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:52:14.0240 3928 QWAVE - ok
21:52:14.0258 3928 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:52:14.0277 3928 QWAVEdrv - ok
21:52:14.0289 3928 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:52:14.0333 3928 RasAcd - ok
21:52:14.0359 3928 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:52:14.0400 3928 RasAgileVpn - ok
21:52:14.0418 3928 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:52:14.0478 3928 RasAuto - ok
21:52:14.0541 3928 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:52:14.0592 3928 Rasl2tp - ok
21:52:14.0660 3928 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
21:52:14.0706 3928 RasMan - ok
21:52:14.0747 3928 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:52:14.0792 3928 RasPppoe - ok
21:52:14.0833 3928 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:52:14.0894 3928 RasSstp - ok
21:52:14.0958 3928 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:52:15.0004 3928 rdbss - ok
21:52:15.0028 3928 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:52:15.0044 3928 rdpbus - ok
21:52:15.0063 3928 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:52:15.0110 3928 RDPCDD - ok
21:52:15.0115 3928 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:52:15.0172 3928 RDPENCDD - ok
21:52:15.0180 3928 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:52:15.0236 3928 RDPREFMP - ok
21:52:15.0269 3928 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
21:52:15.0315 3928 RDPWD - ok
21:52:15.0353 3928 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:52:15.0368 3928 rdyboost - ok
21:52:15.0388 3928 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:52:15.0439 3928 RemoteAccess - ok
21:52:15.0471 3928 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:52:15.0517 3928 RemoteRegistry - ok
21:52:15.0530 3928 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:52:15.0575 3928 RpcEptMapper - ok
21:52:15.0591 3928 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:52:15.0607 3928 RpcLocator - ok
21:52:15.0671 3928 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:52:15.0718 3928 RpcSs - ok
21:52:15.0738 3928 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:52:15.0788 3928 rspndr - ok
21:52:15.0861 3928 RS_Service (b5a4b7d779cf4070df408de18bd33b02) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
21:52:15.0868 3928 RS_Service ( UnsignedFile.Multi.Generic ) - warning
21:52:15.0868 3928 RS_Service - detected UnsignedFile.Multi.Generic (1)
21:52:15.0903 3928 RTHDMIAzAudService (c20f64fcd5e2b40310a1774495877acd) C:\Windows\system32\drivers\RtHDMIVX.sys
21:52:15.0915 3928 RTHDMIAzAudService - ok
21:52:15.0959 3928 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
21:52:15.0973 3928 SamSs - ok
21:52:16.0010 3928 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:52:16.0022 3928 sbp2port - ok
21:52:16.0062 3928 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:52:16.0108 3928 SCardSvr - ok
21:52:16.0143 3928 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:52:16.0185 3928 scfilter - ok
21:52:16.0254 3928 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
21:52:16.0318 3928 Schedule - ok
21:52:16.0376 3928 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:52:16.0418 3928 SCPolicySvc - ok
21:52:16.0456 3928 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
21:52:16.0470 3928 SDRSVC - ok
21:52:16.0539 3928 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:52:16.0586 3928 secdrv - ok
21:52:16.0637 3928 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
21:52:16.0690 3928 seclogon - ok
21:52:16.0709 3928 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
21:52:16.0753 3928 SENS - ok
21:52:16.0762 3928 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:52:16.0775 3928 SensrSvc - ok
21:52:16.0799 3928 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:52:16.0818 3928 Serenum - ok
21:52:16.0832 3928 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:52:16.0846 3928 Serial - ok
21:52:16.0886 3928 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:52:16.0898 3928 sermouse - ok
21:52:16.0952 3928 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
21:52:16.0995 3928 SessionEnv - ok
21:52:17.0020 3928 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:52:17.0036 3928 sffdisk - ok
21:52:17.0047 3928 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:52:17.0070 3928 sffp_mmc - ok
21:52:17.0087 3928 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:52:17.0103 3928 sffp_sd - ok
21:52:17.0126 3928 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:52:17.0138 3928 sfloppy - ok
21:52:17.0212 3928 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
21:52:17.0261 3928 ShellHWDetection - ok
21:52:17.0298 3928 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:52:17.0315 3928 SiSRaid2 - ok
21:52:17.0346 3928 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:52:17.0357 3928 SiSRaid4 - ok
21:52:17.0479 3928 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
21:52:17.0489 3928 SkypeUpdate - ok
21:52:17.0506 3928 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:52:17.0551 3928 Smb - ok
21:52:17.0583 3928 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:52:17.0600 3928 SNMPTRAP - ok
21:52:17.0672 3928 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:52:17.0685 3928 spldr - ok
21:52:17.0805 3928 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
21:52:17.0861 3928 Spooler - ok
21:52:18.0167 3928 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
21:52:18.0298 3928 sppsvc - ok
21:52:18.0468 3928 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:52:18.0511 3928 sppuinotify - ok
21:52:18.0616 3928 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:52:18.0634 3928 srv - ok
21:52:18.0677 3928 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:52:18.0694 3928 srv2 - ok
21:52:18.0712 3928 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:52:18.0737 3928 srvnet - ok
21:52:18.0852 3928 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:52:18.0904 3928 SSDPSRV - ok
21:52:18.0941 3928 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:52:18.0993 3928 SstpSvc - ok
21:52:19.0101 3928 Steam Client Service - ok
21:52:19.0125 3928 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:52:19.0135 3928 stexstor - ok
21:52:19.0253 3928 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
21:52:19.0281 3928 stisvc - ok
21:52:19.0308 3928 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:52:19.0322 3928 swenum - ok
21:52:19.0372 3928 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:52:19.0423 3928 swprv - ok
21:52:19.0457 3928 SynTP (ed6d1424e5b0c21a57b28dd8508d6843) C:\Windows\system32\DRIVERS\SynTP.sys
21:52:19.0471 3928 SynTP - ok
21:52:19.0727 3928 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
21:52:19.0815 3928 SysMain - ok
21:52:20.0128 3928 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
21:52:20.0149 3928 TabletInputService - ok
21:52:20.0180 3928 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
21:52:20.0226 3928 TapiSrv - ok
21:52:20.0279 3928 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:52:20.0340 3928 TBS - ok
21:52:20.0504 3928 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
21:52:20.0557 3928 Tcpip - ok
21:52:20.0955 3928 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
21:52:21.0025 3928 TCPIP6 - ok
21:52:21.0120 3928 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:52:21.0164 3928 tcpipreg - ok
21:52:21.0213 3928 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:52:21.0256 3928 TDPIPE - ok
21:52:21.0283 3928 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:52:21.0331 3928 TDTCP - ok
21:52:21.0363 3928 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:52:21.0405 3928 tdx - ok
21:52:21.0469 3928 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:52:21.0480 3928 TermDD - ok
21:52:21.0604 3928 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
21:52:21.0657 3928 TermService - ok
21:52:21.0678 3928 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:52:21.0705 3928 Themes - ok
21:52:21.0755 3928 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:52:21.0813 3928 THREADORDER - ok
21:52:21.0861 3928 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:52:21.0907 3928 TrkWks - ok
21:52:22.0029 3928 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
21:52:22.0096 3928 TrustedInstaller - ok
21:52:22.0131 3928 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:52:22.0180 3928 tssecsrv - ok
21:52:22.0205 3928 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:52:22.0222 3928 TsUsbFlt - ok
21:52:22.0282 3928 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:52:22.0349 3928 tunnel - ok
21:52:22.0369 3928 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:52:22.0383 3928 uagp35 - ok
21:52:22.0402 3928 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
21:52:22.0409 3928 UBHelper - ok
21:52:22.0476 3928 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:52:22.0535 3928 udfs - ok
21:52:22.0637 3928 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:52:22.0651 3928 UI0Detect - ok
21:52:22.0695 3928 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:52:22.0706 3928 uliagpkx - ok
21:52:22.0730 3928 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
21:52:22.0743 3928 umbus - ok
21:52:22.0781 3928 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:52:22.0794 3928 UmPass - ok
21:52:23.0112 3928 UNS (765f2dd351ba064f657751d8d75e58c0) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
21:52:23.0160 3928 UNS - ok
21:52:23.0249 3928 Updater Service (70dde3a86dbeb1d6c3c30ad687b1877a) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
21:52:23.0261 3928 Updater Service - ok
21:52:23.0528 3928 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:52:23.0576 3928 upnphost - ok
21:52:23.0682 3928 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
21:52:23.0708 3928 usbaudio - ok
21:52:23.0766 3928 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:52:23.0779 3928 usbccgp - ok
21:52:23.0810 3928 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:52:23.0832 3928 usbcir - ok
21:52:23.0854 3928 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
21:52:23.0866 3928 usbehci - ok
21:52:23.0964 3928 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:52:23.0983 3928 usbhub - ok
21:52:24.0033 3928 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
21:52:24.0045 3928 usbohci - ok
21:52:24.0075 3928 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:52:24.0091 3928 usbprint - ok
21:52:24.0125 3928 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:52:24.0140 3928 usbscan - ok
21:52:24.0214 3928 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:52:24.0227 3928 USBSTOR - ok
21:52:24.0283 3928 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:52:24.0295 3928 usbuhci - ok
21:52:24.0343 3928 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
21:52:24.0361 3928 usbvideo - ok
21:52:24.0386 3928 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:52:24.0430 3928 UxSms - ok
21:52:24.0502 3928 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
21:52:24.0516 3928 VaultSvc - ok
21:52:24.0586 3928 VClone (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys
21:52:24.0596 3928 VClone - ok
21:52:24.0643 3928 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:52:24.0653 3928 vdrvroot - ok
21:52:24.0703 3928 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
21:52:24.0752 3928 vds - ok
21:52:24.0832 3928 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:52:24.0849 3928 vga - ok
21:52:24.0886 3928 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:52:24.0932 3928 VgaSave - ok
21:52:24.0970 3928 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:52:24.0984 3928 vhdmp - ok
21:52:25.0012 3928 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:52:25.0022 3928 viaide - ok
21:52:25.0049 3928 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:52:25.0061 3928 volmgr - ok
21:52:25.0107 3928 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:52:25.0123 3928 volmgrx - ok
21:52:25.0143 3928 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:52:25.0159 3928 volsnap - ok
21:52:25.0190 3928 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:52:25.0203 3928 vsmraid - ok
21:52:25.0549 3928 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
21:52:25.0643 3928 VSS - ok
21:52:25.0800 3928 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:52:25.0818 3928 vwifibus - ok
21:52:25.0834 3928 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:52:25.0853 3928 vwififlt - ok
21:52:25.0885 3928 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:52:25.0933 3928 W32Time - ok
21:52:25.0953 3928 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:52:25.0966 3928 WacomPen - ok
21:52:25.0994 3928 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:52:26.0035 3928 WANARP - ok
21:52:26.0038 3928 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:52:26.0083 3928 Wanarpv6 - ok
21:52:26.0160 3928 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
21:52:26.0206 3928 wbengine - ok
21:52:26.0304 3928 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:52:26.0326 3928 WbioSrvc - ok
21:52:26.0369 3928 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
21:52:26.0394 3928 wcncsvc - ok
21:52:26.0404 3928 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:52:26.0418 3928 WcsPlugInService - ok
21:52:26.0452 3928 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:52:26.0463 3928 Wd - ok
21:52:26.0494 3928 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:52:26.0519 3928 Wdf01000 - ok
21:52:26.0531 3928 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:52:26.0553 3928 WdiServiceHost - ok
21:52:26.0556 3928 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:52:26.0582 3928 WdiSystemHost - ok
21:52:26.0618 3928 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
21:52:26.0641 3928 WebClient - ok
21:52:26.0671 3928 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:52:26.0717 3928 Wecsvc - ok
21:52:26.0735 3928 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:52:26.0779 3928 wercplsupport - ok
21:52:26.0789 3928 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:52:26.0838 3928 WerSvc - ok
21:52:26.0946 3928 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:52:26.0990 3928 WfpLwf - ok
21:52:27.0001 3928 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:52:27.0011 3928 WIMMount - ok
21:52:27.0017 3928 WinHttpAutoProxySvc - ok
21:52:27.0066 3928 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:52:27.0112 3928 Winmgmt - ok
21:52:27.0181 3928 WinRing0_1_2_0 (0c0195c48b6b8582fa6f6373032118da) C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys
21:52:27.0191 3928 WinRing0_1_2_0 - ok
21:52:27.0274 3928 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
21:52:27.0349 3928 WinRM - ok
21:52:27.0470 3928 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:52:27.0508 3928 Wlansvc - ok
21:52:27.0641 3928 wlidsvc (e23a257a54fa12c2aef8ad51e6556357) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:52:27.0705 3928 wlidsvc - ok
21:52:27.0793 3928 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:52:27.0806 3928 WmiAcpi - ok
21:52:27.0862 3928 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:52:27.0878 3928 wmiApSrv - ok
21:52:27.0914 3928 WMPNetworkSvc - ok
21:52:27.0941 3928 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:52:27.0953 3928 WPCSvc - ok
21:52:27.0983 3928 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
21:52:28.0000 3928 WPDBusEnum - ok
21:52:28.0022 3928 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:52:28.0067 3928 ws2ifsl - ok
21:52:28.0071 3928 WSearch - ok
21:52:28.0194 3928 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
21:52:28.0274 3928 wuauserv - ok
21:52:28.0388 3928 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:52:28.0430 3928 WudfPf - ok
21:52:28.0455 3928 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:52:28.0497 3928 WUDFRd - ok
21:52:28.0544 3928 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
21:52:28.0588 3928 wudfsvc - ok
21:52:28.0610 3928 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:52:28.0633 3928 WwanSvc - ok
21:52:28.0710 3928 X6va002 - ok
21:52:28.0714 3928 X6va003 - ok
21:52:28.0809 3928 ZAtheros Wlan Agent (1ca8ac00abde45a4fe360aea515f844b) C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe
21:52:28.0813 3928 ZAtheros Wlan Agent ( UnsignedFile.Multi.Generic ) - warning
21:52:28.0813 3928 ZAtheros Wlan Agent - detected UnsignedFile.Multi.Generic (1)
21:52:28.0843 3928 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
21:52:29.0073 3928 \Device\Harddisk0\DR0 - ok
21:52:29.0099 3928 Boot (0x1200) (851861819a0282d2d600ac8029e9b3e7) \Device\Harddisk0\DR0\Partition0
21:52:29.0100 3928 \Device\Harddisk0\DR0\Partition0 - ok
21:52:29.0122 3928 Boot (0x1200) (f21262666ef44e626d25f4df17c0488a) \Device\Harddisk0\DR0\Partition1
21:52:29.0124 3928 \Device\Harddisk0\DR0\Partition1 - ok
21:52:29.0127 3928 ============================================================
21:52:29.0127 3928 Scan finished
21:52:29.0127 3928 ============================================================
21:52:29.0134 2116 Detected object count: 2
21:52:29.0134 2116 Actual detected object count: 2
21:52:34.0430 2116 RS_Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:52:34.0430 2116 RS_Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:52:34.0431 2116 ZAtheros Wlan Agent ( UnsignedFile.Multi.Generic ) - skipped by user
21:52:34.0431 2116 ZAtheros Wlan Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
22.06.2012, 21:02
| #4 |
| | TR/ATRAPAS.GEN, GEN2 und TR/Small.F1 mit ständigen Meldungen Hi, hmm, neue Variante... CF sollte das können... Combofix Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop. Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß! Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter. Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird. Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen. Das Log solltest Du unter C:\ComboFix.txt finden... Danach bitte gleich MAM: Malwarebytes Antimalware (MAM) Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen: http://filepony.de/download-chameleon/ Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen") Fullscan und alles bereinigen lassen! Log posten. chris Ps: Wie stehts (EM)? chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
22.06.2012, 21:03
| #5 |
| | TR/ATRAPAS.GEN, GEN2 und TR/Small.F1 mit ständigen Meldungen 4:1 grad ... Verdammte ***** Laptop bootet nicht mehr -.- da Avira schon ewig nen Suchlaufbalken was auch immer hatte wollt ich Laptop eben neu starten und jetzt ... naja Wenn ich jetzt meine Festplatte formatiere und dann Win 7 neu drauf mache, ist dann der TDSS immernoch drauf? Benni Geändert von H4rdDiskDriv (22.06.2012 um 21:27 Uhr) |
|
22.06.2012, 21:47
| #6 |
| | TR/ATRAPAS.GEN, GEN2 und TR/Small.F1 mit ständigen Meldungen Hi, schlecht... Lief gerade CF oder hast Du den Suchlauf von Avira unterbrochen? Nach einem Vollständigen format sollte TDSS weg sein, unbedingt allerdings die Partitionen genau überprüfen (es sollte da eine kleine zustätzliche, sehr kleine geben die Tdss für sich nutzt sieht man z.B. mit gpartet. Ist aber nicht schlimm wenn die stehen bleibt, wichtig ist dass die nicht als "boot" markiert ist!) Hast Du eine Installations-CD? Reparatur unter der Recovery-Konsole Win 7 -> siehe weiter unten Wie im Link beschrieben vorgehen und dann in der Konsole bootrec.exe /FixMbr eingeben. Tipparchiv - MBR unter Vista oder Windows 7 reparieren - WinTotal.de Falls keine WIN7-Boot-DVD vorhanden: Lade folgendes Abbild runter und brenne es via Nero etc. (ImageBurn:ImgBurn Download - ImgBurn 2.5.6.0) auf DVD (64 Bit): Windows_7_64 (32 Bit):Windows_7_32-bit Dann von dieser DVD starten und wie beschrieben vorgehen! chris
__________________ --> TR/ATRAPAS.GEN, GEN2 und TR/Small.F1 mit ständigen Meldungen |
|
22.06.2012, 21:58
| #7 |
| | TR/ATRAPAS.GEN, GEN2 und TR/Small.F1 mit ständigen Meldungen Naja bei den ganzen Meldungen hab ich dann einmal auf Details gedrückt und dann kam son kleiner Balken, der dann nicht wegging. Der wollte nicht weggehen und dann hab ich neugestartet. CF lief nicht, nein. Also was genau passiert ist: Neustart halt, Windows war mitn Ladebalken am hochfahren und dann fängt er wieder an, dann kam ein blauhintergrundige Warnmeldung. sollte zw Normal starten und Sicherheitsmodus. Normal funktioniert nicht und bei sicherheit will Windows Systemreperatur machen, meint auch Systemwiederherstellungspunkt zu benutzen. Naja soll ich den benutzen? |
|
22.06.2012, 22:12
| #8 |
| | TR/ATRAPAS.GEN, GEN2 und TR/Small.F1 mit ständigen Meldungen Hi, ja, mache eine Systemwiederherstellung und dann poste nochmal neue Logs... (OTL, TDSS)... chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
22.06.2012, 23:51
| #9 |
| | TR/ATRAPAS.GEN, GEN2 und TR/Small.F1 mit ständigen Meldungen OTL.txt Code:
ATTFilter OTL logfile created on: 23.06.2012 00:38:04 - Run 2 OTL by OldTimer - Version 3.2.52.0 Folder = C:\Users\Benni\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 58,98% Memory free 7,73 Gb Paging File | 5,83 Gb Available in Paging File | 75,52% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 453,94 Gb Total Space | 328,17 Gb Free Space | 72,29% Space Free | Partition Type: NTFS Computer Name: BENNI´S-PC | User Name: Benni | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.23 00:26:16 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Benni\Downloads\OTL.exe PRC - [2012.06.04 13:59:11 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.06.04 13:59:11 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.06.04 13:59:11 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.02.28 18:38:56 | 001,987,976 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.10.21 20:40:38 | 000,073,728 | ---- | M] (Atheros) -- C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe PRC - [2011.10.17 16:12:52 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.08.30 18:53:46 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2009.12.28 05:37:10 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2009.11.02 01:40:52 | 001,100,368 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2009.10.01 06:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.10.01 06:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.09.25 01:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe PRC - [2009.07.10 03:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe PRC - [2009.07.04 04:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2006.11.03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe ========== Modules (No Company Name) ========== MOD - [2009.12.28 05:37:10 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.07.28 23:35:34 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 03:39:20 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ) SRV - [2012.06.17 13:40:52 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.06.04 13:59:11 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.06.04 13:59:11 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.06.01 19:17:59 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.02.28 18:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.10.21 20:40:38 | 000,073,728 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe -- (ZAtheros Wlan Agent) SRV - [2011.10.17 16:12:52 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2011.08.30 18:53:46 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.10.01 06:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2009.10.01 06:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2009.09.30 15:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2009.09.25 01:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service) SRV - [2009.07.10 03:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2009.07.04 04:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.30 18:19:56 | 002,297,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.03.28 04:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Programme\LSI SoftModem\agr64svc.exe -- (AgereModemAudio) SRV - [2007.01.11 04:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.06.04 13:59:11 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.06.04 13:59:11 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.12.02 19:38:08 | 000,239,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2011.11.23 16:13:10 | 002,796,544 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011.10.17 15:55:32 | 000,559,384 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.09.16 17:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.07.29 00:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2011.07.29 00:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.07.28 22:54:10 | 000,309,248 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.03.31 20:08:06 | 000,412,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.02.10 22:02:00 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009.12.18 00:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2009.09.18 06:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.09.17 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009.08.13 21:20:46 | 001,209,856 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009.08.09 23:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2009.07.23 00:06:26 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:26:13 | 000,189,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC) DRV:64bit: - [2009.06.20 04:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 22:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.03 05:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009.06.03 05:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009.06.03 05:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2009.05.06 02:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009.05.06 02:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2006.12.05 11:34:26 | 000,572,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207) DRV - [2010.11.01 06:08:46 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys -- (WinRing0_1_2_0) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27360110d016l03d8z105t4971e441 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27360110d016l03d8z105t4971e441 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27360110d016l03d8z105t4971e441 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27360110d016l03d8z105t4971e441 IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27360110d016l03d8z105t4971e441 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={FB1FD20E-1ECB-4FD8-A1AE-1A3F96887A29}&mid=dc161533aa3947d0a2a8d16f6b68595f-410f23d519b479a34fceb40994758e119ed9e140&lang=de&ds=od011&pr=sa&d=2012-03-22 15:23:38&v=10.2.0.3&sap=hp IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE363 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={FB1FD20E-1ECB-4FD8-A1AE-1A3F96887A29}&mid=dc161533aa3947d0a2a8d16f6b68595f-410f23d519b479a34fceb40994758e119ed9e140&lang=de&ds=od011&pr=sa&d=2012-03-22 15:23:38&v=10.2.0.3&sap=dsp&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/|hxxp://ts6.travian.de/dorf1.php" FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledItems: {e2c58150-9d72-11dd-ad8b-0800200c9a66}:1.3.1 FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7B3789daa5-d450-42db-ab92-525375a232f9%7D&mid=dc161533aa3947d0a2a8d16f6b68595f-410f23d519b479a34fceb40994758e119ed9e140&ds=od011&v=10.2.0.3&lang=de&pr=sa&d=2012-03-22%2015%3A23%3A38&sap=ku&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll File not found FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Benni\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.24 23:55:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 13:40:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.21 16:24:39 | 000,000,000 | ---D | M] [2011.10.18 14:26:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benni\AppData\Roaming\mozilla\Extensions [2010.09.30 16:36:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benni\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2011.10.18 14:26:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benni\AppData\Roaming\mozilla\Extensions\prism@developer.mozilla.org [2012.06.02 23:32:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benni\AppData\Roaming\mozilla\Firefox\Profiles\e9koplpd.default\extensions [2011.03.19 19:26:51 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Benni\AppData\Roaming\mozilla\Firefox\Profiles\e9koplpd.default\extensions\personas@christopher.beard [2012.03.17 22:29:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.01.24 23:55:07 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012.06.17 13:40:52 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.10.01 20:28:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.22 16:23:27 | 000,003,749 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2011.10.01 20:28:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.10.01 20:28:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.10.01 20:28:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.01 20:28:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.01 20:28:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found. O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.) O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [ccleaner] C:\Program Files (x86)\CCleaner\CCleaner64.exe (Piriform Ltd) O4 - HKCU..\Run: [OscarEditor] C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe () O4 - HKCU..\Run: [Xvid] C:\Program Files (x86)\XviD\CheckUpdate.exe () O4 - Startup: C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.exe - Verknüpfung.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.4.0) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.4.0) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.4.1) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.4.1) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B568ABAA-7280-411C-B11F-85168FC4DE44}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C05802F8-E6BF-4286-B352-97A9C53E16F2}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{01ef7b56-43f0-11df-ab52-00262d7912b4}\Shell - "" = AutoRun O33 - MountPoints2\{01ef7b56-43f0-11df-ab52-00262d7912b4}\Shell\AutoRun\command - "" = E:\Setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.22 17:17:00 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Roaming\Malwarebytes [2012.06.22 17:16:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.22 17:16:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.21 19:55:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Regnum Online [2012.06.21 19:53:32 | 000,000,000 | ---D | C] -- C:\Games [2012.06.21 12:03:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2012.06.21 12:03:31 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Roaming\pdfforge [2012.06.21 12:03:29 | 000,095,232 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll [2012.06.21 12:03:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator [2012.06.12 00:17:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid [2012.06.11 13:46:43 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Local\Macromedia [2012.06.06 17:43:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net [2012.06.02 19:37:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow [2012.06.02 19:37:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ffdshow [2012.05.27 14:47:29 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Roaming\LolClient2 [2009.11.05 05:33:04 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.23 00:13:55 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.23 00:13:55 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.23 00:05:29 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.23 00:05:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.23 00:05:00 | 3111,518,208 | -HS- | M] () -- C:\hiberfil.sys [2012.06.22 19:44:25 | 000,000,000 | ---- | M] () -- C:\Users\Benni\defogger_reenable [2012.06.21 19:44:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.21 12:03:32 | 000,001,204 | ---- | M] () -- C:\Users\Public\Desktop\PDFArchitect.lnk [2012.06.21 12:03:32 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2012.06.19 02:35:18 | 000,007,604 | ---- | M] () -- C:\Users\Benni\AppData\Local\Resmon.ResmonCfg [2012.06.17 19:53:09 | 000,249,275 | ---- | M] () -- C:\Users\Benni\Desktop\Skyrim add on.jpg [2012.06.16 23:16:06 | 000,143,514 | ---- | M] () -- C:\Users\Benni\Desktop\181414_437905312910103_280672572_n.jpg [2012.06.15 06:51:42 | 000,095,232 | ---- | M] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll [2012.06.05 17:09:56 | 001,527,614 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.05 17:09:56 | 000,664,868 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.05 17:09:56 | 000,625,010 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.05 17:09:56 | 000,135,004 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.05 17:09:56 | 000,110,648 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.04 13:59:11 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.06.04 13:59:11 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.06.02 19:37:53 | 000,001,186 | ---- | M] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk [2012.06.02 19:37:53 | 000,001,174 | ---- | M] () -- C:\Users\Public\Desktop\Game Booster 3.lnk [2012.05.29 17:15:45 | 000,001,021 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.05.25 07:46:53 | 000,031,915 | ---- | M] () -- C:\Users\Benni\Desktop\WismarAlterSchwede.jpg [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.22 19:44:25 | 000,000,000 | ---- | C] () -- C:\Users\Benni\defogger_reenable [2012.06.21 12:03:32 | 000,001,204 | ---- | C] () -- C:\Users\Public\Desktop\PDFArchitect.lnk [2012.06.21 12:03:32 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2012.06.17 19:52:46 | 000,249,275 | ---- | C] () -- C:\Users\Benni\Desktop\Skyrim add on.jpg [2012.06.16 23:15:46 | 000,143,514 | ---- | C] () -- C:\Users\Benni\Desktop\181414_437905312910103_280672572_n.jpg [2012.06.12 00:17:32 | 000,696,832 | ---- | C] () -- C:\Windows\SysNative\xvidcore.dll [2012.06.12 00:17:32 | 000,255,488 | ---- | C] () -- C:\Windows\SysNative\xvidvfw.dll [2012.06.12 00:17:32 | 000,173,568 | ---- | C] () -- C:\Windows\SysNative\xvid.ax [2012.06.12 00:17:31 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2012.06.12 00:17:31 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2012.06.12 00:17:31 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax [2012.06.02 19:37:53 | 000,001,186 | ---- | C] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk [2012.06.02 19:37:53 | 000,001,174 | ---- | C] () -- C:\Users\Public\Desktop\Game Booster 3.lnk [2012.06.02 19:37:49 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2012.05.25 07:46:52 | 000,031,915 | ---- | C] () -- C:\Users\Benni\Desktop\WismarAlterSchwede.jpg [2011.12.20 23:36:50 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat [2011.10.02 13:00:09 | 000,004,614 | ---- | C] () -- C:\Users\Benni\.recently-used.xbel [2011.09.28 06:58:31 | 000,000,000 | ---- | C] () -- C:\Users\Benni\AppData\Local\{2A266CAB-D9B5-41DD-BEED-6B492DC72B8A} [2011.07.28 17:49:12 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.06.18 17:22:28 | 000,000,705 | ---- | C] () -- C:\Windows\kaillera.ini [2011.04.09 03:13:52 | 000,002,048 | -HS- | C] () -- C:\Users\Benni\AppData\Local\{1a010c53-5aa6-5c59-2759-42e47dea94f8}\@ [2011.03.27 01:33:27 | 000,041,974 | ---- | C] () -- C:\Users\Benni\AppData\Roaming\room.dat [2011.03.25 19:50:32 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini [2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.03.08 16:31:39 | 000,000,093 | ---- | C] () -- C:\Users\Benni\AppData\Local\fusioncache.dat [2011.03.08 16:29:57 | 001,554,122 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.11.09 16:06:48 | 003,360,624 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2010.10.07 19:30:16 | 000,121,052 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2010.04.10 21:55:34 | 000,000,000 | ---- | C] () -- C:\Users\Benni\__ng3d.lock [2010.03.04 22:29:38 | 000,004,608 | ---- | C] () -- C:\Users\Benni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.01.18 22:49:40 | 000,007,604 | ---- | C] () -- C:\Users\Benni\AppData\Local\Resmon.ResmonCfg ========== LOP Check ========== [2010.10.13 22:55:09 | 000,000,000 | -HSD | M] -- C:\Users\Benni\AppData\Roaming\.# [2010.01.18 13:46:25 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\GameConsole [2011.09.29 19:36:57 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\gtk-2.0 [2010.03.26 23:15:00 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\HLSW [2010.07.21 07:39:46 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\LolClient [2012.05.27 14:47:29 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\LolClient2 [2012.01.23 07:46:01 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\OnLive App [2010.10.16 21:03:55 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\OpenArena [2012.03.22 16:13:08 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\OpenCandy [2010.09.02 18:22:02 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\OpenOffice.org [2012.06.21 12:11:51 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\pdfforge [2011.10.18 14:26:16 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Prism [2011.03.19 20:26:58 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\PunkBuster [2012.06.23 10:03:49 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Rainmeter [2012.03.04 15:44:55 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\RotMG.Production [2010.04.01 05:16:13 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\SoftDMA [2010.09.30 16:36:26 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\TomTom [2012.06.23 00:18:34 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Ubisoft [2012.01.07 01:56:39 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Unity [2012.05.15 06:47:39 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:AB689DEA @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:05EE1EEF @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:444C53BA @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0 < End of report > TDSS Killer Code:
ATTFilter 00:46:55.0197 1868 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
00:46:55.0476 1868 ============================================================
00:46:55.0477 1868 Current date / time: 2012/06/23 00:46:55.0476
00:46:55.0477 1868 SystemInfo:
00:46:55.0477 1868
00:46:55.0477 1868 OS Version: 6.1.7601 ServicePack: 1.0
00:46:55.0477 1868 Product type: Workstation
00:46:55.0477 1868 ComputerName: BENNI´S-PC
00:46:55.0477 1868 UserName: Benni
00:46:55.0477 1868 Windows directory: C:\Windows
00:46:55.0477 1868 System windows directory: C:\Windows
00:46:55.0477 1868 Running under WOW64
00:46:55.0477 1868 Processor architecture: Intel x64
00:46:55.0477 1868 Number of processors: 4
00:46:55.0477 1868 Page size: 0x1000
00:46:55.0477 1868 Boot type: Normal boot
00:46:55.0477 1868 ============================================================
00:46:56.0044 1868 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:46:56.0049 1868 ============================================================
00:46:56.0049 1868 \Device\Harddisk0\DR0:
00:46:56.0049 1868 MBR partitions:
00:46:56.0049 1868 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x32000
00:46:56.0049 1868 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17A2800, BlocksNum 0x38BE3030
00:46:56.0049 1868 ============================================================
00:46:56.0073 1868 C: <-> \Device\Harddisk0\DR0\Partition1
00:46:56.0073 1868 ============================================================
00:46:56.0073 1868 Initialize success
00:46:56.0073 1868 ============================================================
00:47:02.0792 2944 ============================================================
00:47:02.0792 2944 Scan started
00:47:02.0792 2944 Mode: Manual; SigCheck; TDLFS;
00:47:02.0792 2944 ============================================================
00:47:03.0998 2944 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
00:47:04.0089 2944 1394ohci - ok
00:47:04.0149 2944 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
00:47:04.0183 2944 ACPI - ok
00:47:04.0235 2944 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
00:47:04.0293 2944 AcpiPmi - ok
00:47:04.0423 2944 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
00:47:04.0442 2944 AdobeARMservice - ok
00:47:04.0534 2944 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
00:47:04.0565 2944 adp94xx - ok
00:47:04.0630 2944 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
00:47:04.0663 2944 adpahci - ok
00:47:04.0688 2944 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
00:47:04.0702 2944 adpu320 - ok
00:47:04.0730 2944 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
00:47:04.0804 2944 AeLookupSvc - ok
00:47:04.0891 2944 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
00:47:04.0954 2944 AFD - ok
00:47:05.0038 2944 AgereModemAudio (b65f8dba54f251906bbe8611b5a0e7ab) C:\Program Files\LSI SoftModem\agr64svc.exe
00:47:05.0095 2944 AgereModemAudio - ok
00:47:05.0210 2944 AgereSoftModem (a6ab6f0ace87da76b4c401813d18be95) C:\Windows\system32\DRIVERS\agrsm64.sys
00:47:05.0280 2944 AgereSoftModem - ok
00:47:05.0341 2944 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
00:47:05.0364 2944 agp440 - ok
00:47:05.0412 2944 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
00:47:05.0488 2944 ALG - ok
00:47:05.0561 2944 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
00:47:05.0581 2944 aliide - ok
00:47:05.0642 2944 AMD External Events Utility (a2f5bea5b45a8e7c4776f39c25e8699d) C:\Windows\system32\atiesrxx.exe
00:47:05.0712 2944 AMD External Events Utility - ok
00:47:05.0730 2944 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
00:47:05.0740 2944 amdide - ok
00:47:05.0799 2944 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
00:47:05.0844 2944 AmdK8 - ok
00:47:06.0466 2944 amdkmdag (5b03217859b014b090cb5060c1d96875) C:\Windows\system32\DRIVERS\atikmdag.sys
00:47:06.0774 2944 amdkmdag - ok
00:47:06.0950 2944 amdkmdap (35d2184a99ad4cd5d17284d6c9f382c9) C:\Windows\system32\DRIVERS\atikmpag.sys
00:47:07.0005 2944 amdkmdap - ok
00:47:07.0072 2944 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
00:47:07.0113 2944 AmdPPM - ok
00:47:07.0177 2944 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
00:47:07.0194 2944 amdsata - ok
00:47:07.0219 2944 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
00:47:07.0238 2944 amdsbs - ok
00:47:07.0252 2944 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
00:47:07.0263 2944 amdxata - ok
00:47:07.0324 2944 AmUStor (391887990cdaa83de5c56c3fde966da1) C:\Windows\system32\drivers\AmUStor.SYS
00:47:07.0389 2944 AmUStor - ok
00:47:07.0493 2944 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
00:47:07.0519 2944 AntiVirSchedulerService - ok
00:47:07.0608 2944 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
00:47:07.0624 2944 AntiVirService - ok
00:47:07.0697 2944 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
00:47:07.0777 2944 AppID - ok
00:47:07.0810 2944 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
00:47:07.0872 2944 AppIDSvc - ok
00:47:07.0905 2944 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
00:47:07.0965 2944 Appinfo - ok
00:47:08.0003 2944 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
00:47:08.0028 2944 arc - ok
00:47:08.0045 2944 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
00:47:08.0057 2944 arcsas - ok
00:47:08.0117 2944 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
00:47:08.0200 2944 AsyncMac - ok
00:47:08.0252 2944 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
00:47:08.0273 2944 atapi - ok
00:47:08.0470 2944 athr (7d0398396727195cc73d703001d3cff4) C:\Windows\system32\DRIVERS\athrx.sys
00:47:08.0570 2944 athr - ok
00:47:09.0244 2944 atikmdag (5b03217859b014b090cb5060c1d96875) C:\Windows\system32\DRIVERS\atikmdag.sys
00:47:09.0385 2944 atikmdag - ok
00:47:09.0643 2944 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:47:09.0745 2944 AudioEndpointBuilder - ok
00:47:09.0752 2944 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:47:09.0801 2944 AudioSrv - ok
00:47:09.0911 2944 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
00:47:10.0001 2944 avgntflt - ok
00:47:10.0081 2944 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
00:47:10.0097 2944 avipbb - ok
00:47:10.0165 2944 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
00:47:10.0179 2944 avkmgr - ok
00:47:10.0249 2944 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
00:47:10.0314 2944 AxInstSV - ok
00:47:10.0389 2944 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
00:47:10.0448 2944 b06bdrv - ok
00:47:10.0508 2944 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
00:47:10.0540 2944 b57nd60a - ok
00:47:10.0659 2944 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
00:47:10.0732 2944 BCM43XX - ok
00:47:10.0790 2944 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
00:47:10.0841 2944 BDESVC - ok
00:47:10.0918 2944 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
00:47:10.0982 2944 Beep - ok
00:47:11.0067 2944 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
00:47:11.0133 2944 BFE - ok
00:47:11.0191 2944 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
00:47:11.0259 2944 BITS - ok
00:47:11.0318 2944 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
00:47:11.0364 2944 blbdrive - ok
00:47:11.0414 2944 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
00:47:11.0438 2944 bowser - ok
00:47:11.0484 2944 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:47:11.0532 2944 BrFiltLo - ok
00:47:11.0563 2944 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:47:11.0591 2944 BrFiltUp - ok
00:47:11.0655 2944 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
00:47:11.0736 2944 Browser - ok
00:47:11.0772 2944 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
00:47:11.0848 2944 Brserid - ok
00:47:11.0860 2944 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
00:47:11.0901 2944 BrSerWdm - ok
00:47:11.0950 2944 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:47:11.0994 2944 BrUsbMdm - ok
00:47:12.0032 2944 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
00:47:12.0070 2944 BrUsbSer - ok
00:47:12.0094 2944 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
00:47:12.0135 2944 BTHMODEM - ok
00:47:12.0192 2944 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
00:47:12.0259 2944 bthserv - ok
00:47:12.0308 2944 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
00:47:12.0374 2944 cdfs - ok
00:47:12.0421 2944 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
00:47:12.0461 2944 cdrom - ok
00:47:12.0512 2944 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:47:12.0579 2944 CertPropSvc - ok
00:47:12.0637 2944 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
00:47:12.0684 2944 circlass - ok
00:47:12.0731 2944 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
00:47:12.0754 2944 CLFS - ok
00:47:12.0827 2944 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:47:12.0843 2944 clr_optimization_v2.0.50727_32 - ok
00:47:12.0888 2944 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:47:12.0904 2944 clr_optimization_v2.0.50727_64 - ok
00:47:13.0010 2944 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:47:13.0031 2944 clr_optimization_v4.0.30319_32 - ok
00:47:13.0063 2944 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:47:13.0075 2944 clr_optimization_v4.0.30319_64 - ok
00:47:13.0089 2944 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
00:47:13.0121 2944 CmBatt - ok
00:47:13.0152 2944 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
00:47:13.0163 2944 cmdide - ok
00:47:13.0242 2944 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
00:47:13.0305 2944 CNG - ok
00:47:13.0378 2944 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
00:47:13.0400 2944 Compbatt - ok
00:47:13.0453 2944 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
00:47:13.0515 2944 CompositeBus - ok
00:47:13.0536 2944 COMSysApp - ok
00:47:13.0671 2944 cpuz130 - ok
00:47:13.0692 2944 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
00:47:13.0713 2944 crcdisk - ok
00:47:13.0775 2944 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
00:47:13.0868 2944 CryptSvc - ok
00:47:13.0956 2944 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
00:47:14.0049 2944 DcomLaunch - ok
00:47:14.0127 2944 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
00:47:14.0214 2944 defragsvc - ok
00:47:14.0274 2944 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
00:47:14.0361 2944 DfsC - ok
00:47:14.0447 2944 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
00:47:14.0528 2944 Dhcp - ok
00:47:14.0562 2944 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
00:47:14.0633 2944 discache - ok
00:47:14.0689 2944 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
00:47:14.0714 2944 Disk - ok
00:47:14.0835 2944 DKbFltr (d5bcb77be83cf99f508943945d46343d) C:\Windows\syswow64\Drivers\DKbFltr.sys
00:47:14.0850 2944 DKbFltr - ok
00:47:14.0883 2944 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
00:47:14.0956 2944 Dnscache - ok
00:47:15.0006 2944 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
00:47:15.0099 2944 dot3svc - ok
00:47:15.0133 2944 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
00:47:15.0203 2944 DPS - ok
00:47:15.0281 2944 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
00:47:15.0333 2944 drmkaud - ok
00:47:15.0409 2944 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
00:47:15.0453 2944 DXGKrnl - ok
00:47:15.0480 2944 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
00:47:15.0549 2944 EapHost - ok
00:47:15.0750 2944 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
00:47:15.0826 2944 ebdrv - ok
00:47:15.0964 2944 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
00:47:16.0003 2944 EFS - ok
00:47:16.0133 2944 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
00:47:16.0205 2944 ehRecvr - ok
00:47:16.0237 2944 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
00:47:16.0272 2944 ehSched - ok
00:47:16.0375 2944 ElbyCDIO (9a47ac3dfcf81d30922cdaaf1c2d579f) C:\Windows\system32\Drivers\ElbyCDIO.sys
00:47:16.0394 2944 ElbyCDIO - ok
00:47:16.0445 2944 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
00:47:16.0471 2944 elxstor - ok
00:47:16.0629 2944 ePowerSvc (fb67aa8ac61b9365add546139a21bed6) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
00:47:16.0674 2944 ePowerSvc - ok
00:47:16.0738 2944 EPSON_PM_RPCV4_01 (1e345f2a2d95da3190596e691cde9342) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
00:47:16.0807 2944 EPSON_PM_RPCV4_01 - ok
00:47:16.0923 2944 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
00:47:16.0967 2944 ErrDev - ok
00:47:17.0048 2944 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
00:47:17.0135 2944 EventSystem - ok
00:47:17.0203 2944 EverestDriver - ok
00:47:17.0273 2944 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
00:47:17.0366 2944 exfat - ok
00:47:17.0387 2944 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
00:47:17.0451 2944 fastfat - ok
00:47:17.0542 2944 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
00:47:17.0621 2944 Fax - ok
00:47:17.0689 2944 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
00:47:17.0728 2944 fdc - ok
00:47:17.0781 2944 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
00:47:17.0863 2944 fdPHost - ok
00:47:17.0881 2944 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
00:47:17.0949 2944 FDResPub - ok
00:47:17.0982 2944 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
00:47:17.0993 2944 FileInfo - ok
00:47:18.0017 2944 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
00:47:18.0084 2944 Filetrace - ok
00:47:18.0129 2944 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
00:47:18.0163 2944 flpydisk - ok
00:47:18.0208 2944 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
00:47:18.0237 2944 FltMgr - ok
00:47:18.0332 2944 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
00:47:18.0416 2944 FontCache - ok
00:47:18.0512 2944 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:47:18.0529 2944 FontCache3.0.0.0 - ok
00:47:18.0567 2944 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
00:47:18.0592 2944 FsDepends - ok
00:47:18.0633 2944 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
00:47:18.0646 2944 Fs_Rec - ok
00:47:18.0715 2944 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
00:47:18.0732 2944 fvevol - ok
00:47:18.0749 2944 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
00:47:18.0761 2944 gagp30kx - ok
00:47:18.0821 2944 GGSAFERDriver - ok
00:47:18.0925 2944 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
00:47:19.0001 2944 gpsvc - ok
00:47:19.0153 2944 Greg_Service (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
00:47:19.0189 2944 Greg_Service - ok
00:47:19.0304 2944 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:47:19.0321 2944 gupdate - ok
00:47:19.0351 2944 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:47:19.0362 2944 gupdatem - ok
00:47:19.0481 2944 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
00:47:19.0497 2944 hamachi - ok
00:47:19.0743 2944 Hamachi2Svc (d483dbaef409e8ab7477c28615fcd853) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
00:47:19.0815 2944 Hamachi2Svc - ok
00:47:19.0967 2944 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
00:47:20.0040 2944 hcw85cir - ok
00:47:20.0125 2944 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
00:47:20.0166 2944 HdAudAddService - ok
00:47:20.0190 2944 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
00:47:20.0224 2944 HDAudBus - ok
00:47:20.0280 2944 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
00:47:20.0298 2944 HECIx64 - ok
00:47:20.0322 2944 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
00:47:20.0360 2944 HidBatt - ok
00:47:20.0387 2944 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
00:47:20.0435 2944 HidBth - ok
00:47:20.0480 2944 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
00:47:20.0528 2944 HidIr - ok
00:47:20.0557 2944 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
00:47:20.0618 2944 hidserv - ok
00:47:20.0688 2944 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
00:47:20.0712 2944 HidUsb - ok
00:47:20.0780 2944 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
00:47:20.0855 2944 hkmsvc - ok
00:47:20.0925 2944 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
00:47:20.0995 2944 HomeGroupListener - ok
00:47:21.0037 2944 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
00:47:21.0079 2944 HomeGroupProvider - ok
00:47:21.0112 2944 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
00:47:21.0131 2944 HpSAMD - ok
00:47:21.0229 2944 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
00:47:21.0304 2944 HTTP - ok
00:47:21.0331 2944 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
00:47:21.0342 2944 hwpolicy - ok
00:47:21.0402 2944 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
00:47:21.0429 2944 i8042prt - ok
00:47:21.0495 2944 iaStor (8180a2392e732e8871589b54fab6991f) C:\Windows\system32\DRIVERS\iaStor.sys
00:47:21.0532 2944 iaStor - ok
00:47:21.0645 2944 IAStorDataMgrSvc (17125b7d2f56b4b35441561c780c2ccb) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
00:47:21.0659 2944 IAStorDataMgrSvc - ok
00:47:21.0738 2944 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
00:47:21.0773 2944 iaStorV - ok
00:47:21.0889 2944 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:47:21.0932 2944 idsvc - ok
00:47:22.0311 2944 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
00:47:22.0517 2944 igfx - ok
00:47:22.0635 2944 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
00:47:22.0654 2944 iirsp - ok
00:47:22.0742 2944 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
00:47:22.0827 2944 IKEEXT - ok
00:47:22.0908 2944 Impcd (4b6363cd4610bb848531bb260b15dfcc) C:\Windows\system32\DRIVERS\Impcd.sys
00:47:22.0961 2944 Impcd - ok
00:47:23.0304 2944 IntcAzAudAddService (150ac23f21dbdbf8488408ba944b0d65) C:\Windows\system32\drivers\RTKVHD64.sys
00:47:23.0418 2944 IntcAzAudAddService - ok
00:47:23.0572 2944 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
00:47:23.0593 2944 intelide - ok
00:47:23.0639 2944 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
00:47:23.0687 2944 intelppm - ok
00:47:23.0746 2944 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
00:47:23.0807 2944 IPBusEnum - ok
00:47:23.0858 2944 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:47:23.0940 2944 IpFilterDriver - ok
00:47:24.0013 2944 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
00:47:24.0120 2944 iphlpsvc - ok
00:47:24.0155 2944 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
00:47:24.0188 2944 IPMIDRV - ok
00:47:24.0241 2944 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
00:47:24.0324 2944 IPNAT - ok
00:47:24.0364 2944 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
00:47:24.0414 2944 IRENUM - ok
00:47:24.0438 2944 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
00:47:24.0449 2944 isapnp - ok
00:47:24.0475 2944 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
00:47:24.0492 2944 iScsiPrt - ok
00:47:24.0575 2944 k57nd60a (376bc8e5f4a0ea0f0f16818bb1a95d4b) C:\Windows\system32\DRIVERS\k57nd60a.sys
00:47:24.0601 2944 k57nd60a - ok
00:47:24.0644 2944 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
00:47:24.0657 2944 kbdclass - ok
00:47:24.0719 2944 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
00:47:24.0759 2944 kbdhid - ok
00:47:24.0832 2944 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
00:47:24.0863 2944 KeyIso - ok
00:47:24.0901 2944 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
00:47:24.0921 2944 KSecDD - ok
00:47:24.0969 2944 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
00:47:24.0982 2944 KSecPkg - ok
00:47:25.0013 2944 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
00:47:25.0077 2944 ksthunk - ok
00:47:25.0125 2944 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
00:47:25.0190 2944 KtmRm - ok
00:47:25.0240 2944 L1E (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
00:47:25.0278 2944 L1E - ok
00:47:25.0321 2944 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
00:47:25.0391 2944 LanmanServer - ok
00:47:25.0426 2944 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
00:47:25.0493 2944 LanmanWorkstation - ok
00:47:25.0557 2944 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
00:47:25.0639 2944 lltdio - ok
00:47:25.0710 2944 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
00:47:25.0793 2944 lltdsvc - ok
00:47:25.0815 2944 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
00:47:25.0861 2944 lmhosts - ok
00:47:25.0986 2944 LMS (7485fbcef9136f530953575e2977859d) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
00:47:26.0008 2944 LMS - ok
00:47:26.0074 2944 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
00:47:26.0098 2944 LSI_FC - ok
00:47:26.0116 2944 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
00:47:26.0132 2944 LSI_SAS - ok
00:47:26.0147 2944 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:47:26.0159 2944 LSI_SAS2 - ok
00:47:26.0179 2944 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:47:26.0192 2944 LSI_SCSI - ok
00:47:26.0214 2944 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
00:47:26.0276 2944 luafv - ok
00:47:26.0332 2944 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
00:47:26.0360 2944 Mcx2Svc - ok
00:47:26.0384 2944 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
00:47:26.0395 2944 megasas - ok
00:47:26.0419 2944 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
00:47:26.0438 2944 MegaSR - ok
00:47:26.0464 2944 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:47:26.0529 2944 MMCSS - ok
00:47:26.0545 2944 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
00:47:26.0611 2944 Modem - ok
00:47:26.0651 2944 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
00:47:26.0685 2944 monitor - ok
00:47:26.0747 2944 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
00:47:26.0768 2944 mouclass - ok
00:47:26.0817 2944 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
00:47:26.0844 2944 mouhid - ok
00:47:26.0908 2944 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
00:47:26.0932 2944 mountmgr - ok
00:47:27.0045 2944 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
00:47:27.0066 2944 MozillaMaintenance - ok
00:47:27.0099 2944 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
00:47:27.0114 2944 mpio - ok
00:47:27.0149 2944 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
00:47:27.0198 2944 mpsdrv - ok
00:47:27.0285 2944 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
00:47:27.0382 2944 MpsSvc - ok
00:47:27.0470 2944 MQAC (cd22d2563039dda6793f7624719363a7) C:\Windows\system32\drivers\mqac.sys
00:47:27.0511 2944 MQAC - ok
00:47:27.0547 2944 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
00:47:27.0579 2944 MRxDAV - ok
00:47:27.0618 2944 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:47:27.0647 2944 mrxsmb - ok
00:47:27.0689 2944 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:47:27.0740 2944 mrxsmb10 - ok
00:47:27.0771 2944 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:47:27.0796 2944 mrxsmb20 - ok
00:47:27.0827 2944 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
00:47:27.0845 2944 msahci - ok
00:47:27.0888 2944 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
00:47:27.0903 2944 msdsm - ok
00:47:27.0931 2944 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
00:47:27.0962 2944 MSDTC - ok
00:47:28.0003 2944 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
00:47:28.0054 2944 Msfs - ok
00:47:28.0099 2944 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
00:47:28.0178 2944 mshidkmdf - ok
00:47:28.0196 2944 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
00:47:28.0207 2944 msisadrv - ok
00:47:28.0243 2944 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
00:47:28.0310 2944 MSiSCSI - ok
00:47:28.0313 2944 msiserver - ok
00:47:28.0343 2944 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
00:47:28.0387 2944 MSKSSRV - ok
00:47:28.0445 2944 MSMQ (faaeaef99e53561beee58f946ca56f0d) C:\Windows\system32\mqsvc.exe
00:47:28.0485 2944 MSMQ - ok
00:47:28.0538 2944 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
00:47:28.0605 2944 MSPCLOCK - ok
00:47:28.0629 2944 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
00:47:28.0689 2944 MSPQM - ok
00:47:28.0737 2944 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
00:47:28.0770 2944 MsRPC - ok
00:47:28.0816 2944 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
00:47:28.0828 2944 mssmbios - ok
00:47:28.0879 2944 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
00:47:28.0959 2944 MSTEE - ok
00:47:28.0977 2944 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
00:47:28.0993 2944 MTConfig - ok
00:47:29.0015 2944 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
00:47:29.0027 2944 Mup - ok
00:47:29.0083 2944 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
00:47:29.0098 2944 mwlPSDFilter - ok
00:47:29.0146 2944 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
00:47:29.0158 2944 mwlPSDNServ - ok
00:47:29.0170 2944 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
00:47:29.0182 2944 mwlPSDVDisk - ok
00:47:29.0238 2944 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
00:47:29.0320 2944 napagent - ok
00:47:29.0382 2944 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
00:47:29.0427 2944 NativeWifiP - ok
00:47:29.0528 2944 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
00:47:29.0574 2944 NDIS - ok
00:47:29.0599 2944 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
00:47:29.0664 2944 NdisCap - ok
00:47:29.0701 2944 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
00:47:29.0769 2944 NdisTapi - ok
00:47:29.0830 2944 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
00:47:29.0918 2944 Ndisuio - ok
00:47:29.0964 2944 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
00:47:30.0043 2944 NdisWan - ok
00:47:30.0073 2944 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
00:47:30.0140 2944 NDProxy - ok
00:47:30.0189 2944 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
00:47:30.0251 2944 NetBIOS - ok
00:47:30.0305 2944 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
00:47:30.0400 2944 NetBT - ok
00:47:30.0454 2944 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
00:47:30.0480 2944 Netlogon - ok
00:47:30.0553 2944 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
00:47:30.0643 2944 Netman - ok
00:47:30.0690 2944 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
00:47:30.0779 2944 netprofm - ok
00:47:30.0860 2944 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:47:30.0897 2944 NetTcpPortSharing - ok
00:47:30.0921 2944 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
00:47:30.0932 2944 nfrd960 - ok
00:47:31.0005 2944 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
00:47:31.0091 2944 NlaSvc - ok
00:47:31.0109 2944 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
00:47:31.0154 2944 Npfs - ok
00:47:31.0175 2944 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
00:47:31.0220 2944 nsi - ok
00:47:31.0231 2944 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
00:47:31.0296 2944 nsiproxy - ok
00:47:31.0420 2944 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
00:47:31.0475 2944 Ntfs - ok
00:47:31.0590 2944 NTI IScheduleSvc (14e66f603fb187713aeb02ad3b0390cf) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
00:47:31.0606 2944 NTI IScheduleSvc - ok
00:47:31.0756 2944 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
00:47:31.0770 2944 NTIDrvr - ok
00:47:31.0802 2944 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
00:47:31.0870 2944 Null - ok
00:47:31.0927 2944 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
00:47:31.0940 2944 nvraid - ok
00:47:31.0966 2944 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
00:47:31.0981 2944 nvstor - ok
00:47:32.0042 2944 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
00:47:32.0065 2944 nv_agp - ok
00:47:32.0084 2944 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
00:47:32.0116 2944 ohci1394 - ok
00:47:32.0168 2944 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:47:32.0227 2944 p2pimsvc - ok
00:47:32.0260 2944 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
00:47:32.0283 2944 p2psvc - ok
00:47:32.0364 2944 PAC207 (3a6dceb1848470320e4a3c12d7a35b1c) C:\Windows\system32\DRIVERS\PFC027.SYS
00:47:32.0421 2944 PAC207 - ok
00:47:32.0448 2944 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
00:47:32.0466 2944 Parport - ok
00:47:32.0499 2944 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
00:47:32.0513 2944 partmgr - ok
00:47:32.0548 2944 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
00:47:32.0595 2944 PcaSvc - ok
00:47:32.0632 2944 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
00:47:32.0662 2944 pci - ok
00:47:32.0701 2944 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
00:47:32.0722 2944 pciide - ok
00:47:32.0759 2944 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
00:47:32.0776 2944 pcmcia - ok
00:47:32.0795 2944 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
00:47:32.0806 2944 pcw - ok
00:47:32.0856 2944 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
00:47:32.0938 2944 PEAUTH - ok
00:47:33.0026 2944 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
00:47:33.0062 2944 PerfHost - ok
00:47:33.0240 2944 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
00:47:33.0327 2944 pla - ok
00:47:33.0407 2944 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
00:47:33.0457 2944 PlugPlay - ok
00:47:33.0500 2944 PnkBstrA - ok
00:47:33.0539 2944 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
00:47:33.0572 2944 PNRPAutoReg - ok
00:47:33.0612 2944 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:47:33.0640 2944 PNRPsvc - ok
00:47:33.0697 2944 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
00:47:33.0767 2944 PolicyAgent - ok
00:47:33.0801 2944 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
00:47:33.0866 2944 Power - ok
00:47:33.0951 2944 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
00:47:34.0028 2944 PptpMiniport - ok
00:47:34.0056 2944 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
00:47:34.0070 2944 Processor - ok
00:47:34.0108 2944 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
00:47:34.0191 2944 ProfSvc - ok
00:47:34.0233 2944 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
00:47:34.0249 2944 ProtectedStorage - ok
00:47:34.0296 2944 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
00:47:34.0363 2944 Psched - ok
00:47:34.0492 2944 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
00:47:34.0545 2944 ql2300 - ok
00:47:34.0677 2944 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
00:47:34.0698 2944 ql40xx - ok
00:47:34.0739 2944 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
00:47:34.0787 2944 QWAVE - ok
00:47:34.0810 2944 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
00:47:34.0853 2944 QWAVEdrv - ok
00:47:34.0874 2944 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
00:47:34.0936 2944 RasAcd - ok
00:47:34.0990 2944 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:47:35.0068 2944 RasAgileVpn - ok
00:47:35.0094 2944 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
00:47:35.0141 2944 RasAuto - ok
00:47:35.0181 2944 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:47:35.0264 2944 Rasl2tp - ok
00:47:35.0324 2944 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
00:47:35.0401 2944 RasMan - ok
00:47:35.0457 2944 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
00:47:35.0525 2944 RasPppoe - ok
00:47:35.0550 2944 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
00:47:35.0622 2944 RasSstp - ok
00:47:35.0660 2944 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
00:47:35.0723 2944 rdbss - ok
00:47:35.0747 2944 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
00:47:35.0776 2944 rdpbus - ok
00:47:35.0815 2944 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:47:35.0893 2944 RDPCDD - ok
00:47:35.0899 2944 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
00:47:35.0943 2944 RDPENCDD - ok
00:47:35.0948 2944 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
00:47:35.0991 2944 RDPREFMP - ok
00:47:36.0026 2944 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
00:47:36.0093 2944 RDPWD - ok
00:47:36.0131 2944 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
00:47:36.0145 2944 rdyboost - ok
00:47:36.0209 2944 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
00:47:36.0291 2944 RemoteAccess - ok
00:47:36.0327 2944 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
00:47:36.0406 2944 RemoteRegistry - ok
00:47:36.0428 2944 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
00:47:36.0495 2944 RpcEptMapper - ok
00:47:36.0510 2944 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
00:47:36.0526 2944 RpcLocator - ok
00:47:36.0581 2944 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
00:47:36.0653 2944 RpcSs - ok
00:47:36.0714 2944 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
00:47:36.0797 2944 rspndr - ok
00:47:36.0908 2944 RS_Service (b5a4b7d779cf4070df408de18bd33b02) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
00:47:36.0942 2944 RS_Service ( UnsignedFile.Multi.Generic ) - warning
00:47:36.0942 2944 RS_Service - detected UnsignedFile.Multi.Generic (1)
00:47:37.0016 2944 RTHDMIAzAudService (c20f64fcd5e2b40310a1774495877acd) C:\Windows\system32\drivers\RtHDMIVX.sys
00:47:37.0040 2944 RTHDMIAzAudService - ok
00:47:37.0067 2944 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
00:47:37.0084 2944 SamSs - ok
00:47:37.0120 2944 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
00:47:37.0134 2944 sbp2port - ok
00:47:37.0167 2944 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
00:47:37.0219 2944 SCardSvr - ok
00:47:37.0251 2944 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
00:47:37.0323 2944 scfilter - ok
00:47:37.0404 2944 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
00:47:37.0502 2944 Schedule - ok
00:47:37.0537 2944 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:47:37.0579 2944 SCPolicySvc - ok
00:47:37.0621 2944 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
00:47:37.0689 2944 SDRSVC - ok
00:47:37.0780 2944 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:47:37.0846 2944 secdrv - ok
00:47:37.0877 2944 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
00:47:37.0934 2944 seclogon - ok
00:47:37.0995 2944 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
00:47:38.0077 2944 SENS - ok
00:47:38.0113 2944 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
00:47:38.0173 2944 SensrSvc - ok
00:47:38.0239 2944 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
00:47:38.0266 2944 Serenum - ok
00:47:38.0285 2944 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
00:47:38.0304 2944 Serial - ok
00:47:38.0359 2944 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
00:47:38.0400 2944 sermouse - ok
00:47:38.0449 2944 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
00:47:38.0499 2944 SessionEnv - ok
00:47:38.0526 2944 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
00:47:38.0576 2944 sffdisk - ok
00:47:38.0598 2944 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
00:47:38.0638 2944 sffp_mmc - ok
00:47:38.0661 2944 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
00:47:38.0696 2944 sffp_sd - ok
00:47:38.0744 2944 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
00:47:38.0772 2944 sfloppy - ok
00:47:38.0820 2944 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
00:47:38.0893 2944 SharedAccess - ok
00:47:38.0968 2944 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
00:47:39.0046 2944 ShellHWDetection - ok
00:47:39.0071 2944 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:47:39.0082 2944 SiSRaid2 - ok
00:47:39.0108 2944 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
00:47:39.0120 2944 SiSRaid4 - ok
00:47:39.0241 2944 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
00:47:39.0262 2944 SkypeUpdate - ok
00:47:39.0281 2944 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
00:47:39.0364 2944 Smb - ok
00:47:39.0412 2944 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
00:47:39.0447 2944 SNMPTRAP - ok
00:47:39.0478 2944 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
00:47:39.0489 2944 spldr - ok
00:47:39.0564 2944 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
00:47:39.0626 2944 Spooler - ok
00:47:39.0860 2944 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
00:47:39.0980 2944 sppsvc - ok
00:47:40.0075 2944 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
00:47:40.0153 2944 sppuinotify - ok
00:47:40.0232 2944 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
00:47:40.0281 2944 srv - ok
00:47:40.0324 2944 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
00:47:40.0361 2944 srv2 - ok
00:47:40.0387 2944 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
00:47:40.0418 2944 srvnet - ok
00:47:40.0470 2944 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
00:47:40.0551 2944 SSDPSRV - ok
00:47:40.0570 2944 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
00:47:40.0618 2944 SstpSvc - ok
00:47:40.0729 2944 Steam Client Service - ok
00:47:40.0755 2944 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
00:47:40.0775 2944 stexstor - ok
00:47:40.0874 2944 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
00:47:40.0934 2944 stisvc - ok
00:47:40.0970 2944 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
00:47:40.0991 2944 swenum - ok
00:47:41.0038 2944 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
00:47:41.0108 2944 swprv - ok
00:47:41.0181 2944 SynTP (ed6d1424e5b0c21a57b28dd8508d6843) C:\Windows\system32\DRIVERS\SynTP.sys
00:47:41.0205 2944 SynTP - ok
00:47:41.0338 2944 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
00:47:41.0410 2944 SysMain - ok
00:47:41.0535 2944 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
00:47:41.0576 2944 TabletInputService - ok
00:47:41.0617 2944 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
00:47:41.0690 2944 TapiSrv - ok
00:47:41.0723 2944 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
00:47:41.0791 2944 TBS - ok
00:47:41.0954 2944 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
00:47:42.0012 2944 Tcpip - ok
00:47:42.0280 2944 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
00:47:42.0331 2944 TCPIP6 - ok
00:47:42.0450 2944 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
00:47:42.0519 2944 tcpipreg - ok
00:47:42.0549 2944 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
00:47:42.0604 2944 TDPIPE - ok
00:47:42.0625 2944 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
00:47:42.0668 2944 TDTCP - ok
00:47:42.0705 2944 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
00:47:42.0763 2944 tdx - ok
00:47:42.0823 2944 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
00:47:42.0845 2944 TermDD - ok
00:47:42.0904 2944 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
00:47:42.0979 2944 TermService - ok
00:47:42.0997 2944 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
00:47:43.0035 2944 Themes - ok
00:47:43.0066 2944 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:47:43.0114 2944 THREADORDER - ok
00:47:43.0126 2944 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
00:47:43.0186 2944 TrkWks - ok
00:47:43.0260 2944 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
00:47:43.0335 2944 TrustedInstaller - ok
00:47:43.0372 2944 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:47:43.0447 2944 tssecsrv - ok
00:47:43.0512 2944 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
00:47:43.0575 2944 TsUsbFlt - ok
00:47:43.0643 2944 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
00:47:43.0727 2944 tunnel - ok
00:47:43.0755 2944 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
00:47:43.0766 2944 uagp35 - ok
00:47:43.0819 2944 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
00:47:43.0832 2944 UBHelper - ok
00:47:43.0889 2944 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
00:47:43.0963 2944 udfs - ok
00:47:44.0000 2944 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
00:47:44.0017 2944 UI0Detect - ok
00:47:44.0080 2944 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
00:47:44.0102 2944 uliagpkx - ok
00:47:44.0148 2944 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
00:47:44.0190 2944 umbus - ok
00:47:44.0237 2944 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
00:47:44.0274 2944 UmPass - ok
00:47:44.0486 2944 UNS (765f2dd351ba064f657751d8d75e58c0) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
00:47:44.0552 2944 UNS - ok
00:47:44.0660 2944 Updater Service (70dde3a86dbeb1d6c3c30ad687b1877a) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
00:47:44.0681 2944 Updater Service - ok
00:47:44.0794 2944 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
00:47:44.0864 2944 upnphost - ok
00:47:44.0937 2944 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
00:47:44.0968 2944 usbaudio - ok
00:47:45.0028 2944 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
00:47:45.0063 2944 usbccgp - ok
00:47:45.0097 2944 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
00:47:45.0141 2944 usbcir - ok
00:47:45.0161 2944 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
00:47:45.0191 2944 usbehci - ok
00:47:45.0277 2944 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
00:47:45.0331 2944 usbhub - ok
00:47:45.0356 2944 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
00:47:45.0389 2944 usbohci - ok
00:47:45.0437 2944 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
00:47:45.0477 2944 usbprint - ok
00:47:45.0499 2944 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
00:47:45.0518 2944 usbscan - ok
00:47:45.0559 2944 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:47:45.0619 2944 USBSTOR - ok
00:47:45.0672 2944 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
00:47:45.0713 2944 usbuhci - ok
00:47:45.0776 2944 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
00:47:45.0808 2944 usbvideo - ok
00:47:45.0837 2944 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
00:47:45.0907 2944 UxSms - ok
00:47:45.0945 2944 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
00:47:45.0962 2944 VaultSvc - ok
00:47:46.0013 2944 VClone (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys
00:47:46.0057 2944 VClone - ok
00:47:46.0111 2944 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
00:47:46.0131 2944 vdrvroot - ok
00:47:46.0197 2944 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
00:47:46.0259 2944 vds - ok
00:47:46.0279 2944 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
00:47:46.0297 2944 vga - ok
00:47:46.0300 2944 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
00:47:46.0363 2944 VgaSave - ok
00:47:46.0391 2944 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
00:47:46.0406 2944 vhdmp - ok
00:47:46.0451 2944 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
00:47:46.0462 2944 viaide - ok
00:47:46.0479 2944 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
00:47:46.0492 2944 volmgr - ok
00:47:46.0545 2944 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
00:47:46.0569 2944 volmgrx - ok
00:47:46.0609 2944 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
00:47:46.0627 2944 volsnap - ok
00:47:46.0655 2944 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
00:47:46.0668 2944 vsmraid - ok
00:47:46.0790 2944 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
00:47:46.0883 2944 VSS - ok
00:47:47.0017 2944 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
00:47:47.0056 2944 vwifibus - ok
00:47:47.0074 2944 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
00:47:47.0096 2944 vwififlt - ok
00:47:47.0135 2944 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
00:47:47.0189 2944 W32Time - ok
00:47:47.0205 2944 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
00:47:47.0232 2944 WacomPen - ok
00:47:47.0258 2944 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:47:47.0323 2944 WANARP - ok
00:47:47.0343 2944 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:47:47.0388 2944 Wanarpv6 - ok
00:47:47.0500 2944 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
00:47:47.0563 2944 wbengine - ok
00:47:47.0682 2944 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
00:47:47.0724 2944 WbioSrvc - ok
00:47:47.0772 2944 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
00:47:47.0824 2944 wcncsvc - ok
00:47:47.0845 2944 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
00:47:47.0881 2944 WcsPlugInService - ok
00:47:47.0926 2944 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
00:47:47.0940 2944 Wd - ok
00:47:47.0992 2944 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
00:47:48.0026 2944 Wdf01000 - ok
00:47:48.0039 2944 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:47:48.0160 2944 WdiServiceHost - ok
00:47:48.0164 2944 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:47:48.0190 2944 WdiSystemHost - ok
00:47:48.0230 2944 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
00:47:48.0270 2944 WebClient - ok
00:47:48.0316 2944 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
00:47:48.0394 2944 Wecsvc - ok
00:47:48.0421 2944 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
00:47:48.0466 2944 wercplsupport - ok
00:47:48.0508 2944 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
00:47:48.0596 2944 WerSvc - ok
00:47:48.0652 2944 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
00:47:48.0700 2944 WfpLwf - ok
00:47:48.0718 2944 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
00:47:48.0730 2944 WIMMount - ok
00:47:48.0749 2944 WinDefend - ok
00:47:48.0755 2944 WinHttpAutoProxySvc - ok
00:47:48.0823 2944 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
00:47:48.0912 2944 Winmgmt - ok
00:47:49.0010 2944 WinRing0_1_2_0 (0c0195c48b6b8582fa6f6373032118da) C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys
00:47:49.0031 2944 WinRing0_1_2_0 - ok
00:47:49.0176 2944 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
00:47:49.0261 2944 WinRM - ok
00:47:49.0453 2944 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
00:47:49.0514 2944 Wlansvc - ok
00:47:49.0748 2944 wlidsvc (e23a257a54fa12c2aef8ad51e6556357) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:47:49.0816 2944 wlidsvc - ok
00:47:49.0965 2944 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
00:47:50.0006 2944 WmiAcpi - ok
00:47:50.0073 2944 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
00:47:50.0114 2944 wmiApSrv - ok
00:47:50.0154 2944 WMPNetworkSvc - ok
00:47:50.0213 2944 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
00:47:50.0247 2944 WPCSvc - ok
00:47:50.0280 2944 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
00:47:50.0301 2944 WPDBusEnum - ok
00:47:50.0329 2944 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
00:47:50.0378 2944 ws2ifsl - ok
00:47:50.0394 2944 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
00:47:50.0430 2944 wscsvc - ok
00:47:50.0433 2944 WSearch - ok
00:47:50.0595 2944 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
00:47:50.0697 2944 wuauserv - ok
00:47:50.0820 2944 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
00:47:50.0897 2944 WudfPf - ok
00:47:50.0977 2944 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:47:51.0062 2944 WUDFRd - ok
00:47:51.0107 2944 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
00:47:51.0153 2944 wudfsvc - ok
00:47:51.0177 2944 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
00:47:51.0213 2944 WwanSvc - ok
00:47:51.0351 2944 X6va002 - ok
00:47:51.0404 2944 X6va003 - ok
00:47:51.0516 2944 ZAtheros Wlan Agent (1ca8ac00abde45a4fe360aea515f844b) C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe
00:47:51.0524 2944 ZAtheros Wlan Agent ( UnsignedFile.Multi.Generic ) - warning
00:47:51.0525 2944 ZAtheros Wlan Agent - detected UnsignedFile.Multi.Generic (1)
00:47:51.0549 2944 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
00:47:51.0867 2944 \Device\Harddisk0\DR0 - ok
00:47:51.0872 2944 Boot (0x1200) (851861819a0282d2d600ac8029e9b3e7) \Device\Harddisk0\DR0\Partition0
00:47:51.0874 2944 \Device\Harddisk0\DR0\Partition0 - ok
00:47:51.0907 2944 Boot (0x1200) (f21262666ef44e626d25f4df17c0488a) \Device\Harddisk0\DR0\Partition1
00:47:51.0909 2944 \Device\Harddisk0\DR0\Partition1 - ok
00:47:51.0909 2944 ============================================================
00:47:51.0909 2944 Scan finished
00:47:51.0909 2944 ============================================================
00:47:51.0924 0984 Detected object count: 2
00:47:51.0924 0984 Actual detected object count: 2
00:48:08.0997 0984 RS_Service ( UnsignedFile.Multi.Generic ) - skipped by user
00:48:08.0997 0984 RS_Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:48:08.0997 0984 ZAtheros Wlan Agent ( UnsignedFile.Multi.Generic ) - skipped by user
00:48:08.0997 0984 ZAtheros Wlan Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
25.06.2012, 06:52
| #10 |
| | TR/ATRAPAS.GEN, GEN2 und TR/Small.F1 mit ständigen Meldungen Hi, bitte neuen ComboFix runterladen (wird immer wieder neu zusammengestellt), aber noch nicht ausführen. Dann offline gehen... Fix für OTL:
 Code:
ATTFilter
:OTL
[2011.04.09 03:13:52 | 000,002,048 | -HS- | C] () -- C:\Users\Benni\AppData\Local\{1a010c53-5aa6-5c59-2759-42e47dea94f8}\@
[2010.10.13 22:55:09 | 000,000,000 | -HSD | M] -- C:\Users\Benni\AppData\Roaming\.#
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:05EE1EEF
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:444C53BA
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2:64bit: - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
:Commands
[emptytemp]
[Reboot]
Dann in den abgesicherten Modus booten (F8 beim Booten drücken), ComboFix wie bereits gepostet laufen lassen, Log posten... chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
25.06.2012, 10:23
| #11 |
| | TR/ATRAPAS.GEN, GEN2 und TR/Small.F1 mit ständigen Meldungen Also OTL will nicht o.O Administrator, Neu Downloaden, Kompalibitätsmodus funktioniert alles nicht. Und CF meinte das Avira an ist aber ich hab nachgeschaut war eigentlich nicht an(im taskmanager). Code:
ATTFilter All processes killed
========== OTL ==========
C:\Users\Benni\AppData\Local\{1a010c53-5aa6-5c59-2759-42e47dea94f8}\@ moved successfully.
C:\Users\Benni\AppData\Roaming\.# folder moved successfully.
ADS C:\ProgramData\Temp:AB689DEA deleted successfully.
ADS C:\ProgramData\Temp:05EE1EEF deleted successfully.
ADS C:\ProgramData\Temp:444C53BA deleted successfully.
ADS C:\ProgramData\Temp:0B9176C0 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Benni
->Temp folder emptied: 70320 bytes
->Temporary Internet Files folder emptied: 3394686 bytes
->Java cache emptied: 20102165 bytes
->FireFox cache emptied: 90252857 bytes
->Flash cache emptied: 42066 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 401408 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 840 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50300 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 109,00 mb
OTL by OldTimer - Version 3.2.52.0 log created on 06252012_100716
Files\Folders moved on Reboot...
C:\Users\Benni\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
Code:
ATTFilter ComboFix 12-06-25.01 - Benni 25.06.2012 10:33:03.1.4 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3956.2806 [GMT 2:00]
ausgeführt von:: c:\users\Benni\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\program files (x86)\Common Files\Acer GameZone online.ico
c:\windows\IsUn0407.exe
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-25 bis 2012-06-25 ))))))))))))))))))))))))))))))
.
.
2012-06-25 08:41 . 2012-06-25 08:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-25 08:07 . 2012-06-25 08:07 -------- dc----w- C:\_OTL
2012-06-22 22:46 . 2012-06-22 22:46 -------- dc----w- C:\TDSS
2012-06-22 15:17 . 2012-06-22 15:17 -------- d-----w- c:\users\Benni\AppData\Roaming\Malwarebytes
2012-06-22 15:16 . 2012-06-22 15:16 -------- d-----w- c:\programdata\Malwarebytes
2012-06-22 15:16 . 2012-06-23 08:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-21 17:53 . 2012-06-23 08:03 -------- dc----w- C:\Games
2012-06-21 10:03 . 2012-06-21 10:11 -------- d-----w- c:\users\Benni\AppData\Roaming\pdfforge
2012-06-21 10:03 . 2012-06-15 04:51 95232 ----a-w- c:\windows\system32\pdfcmon.dll
2012-06-21 10:03 . 2005-04-15 18:58 1071088 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-21 10:03 . 2004-03-08 23:00 662288 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX
2012-06-21 10:03 . 1998-06-23 23:00 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX
2012-06-21 10:03 . 2012-06-21 10:03 -------- d-----w- c:\program files (x86)\PDFCreator
2012-06-21 10:03 . 1998-07-06 16:56 125712 ----a-w- c:\windows\SysWow64\VB6DE.DLL
2012-06-21 10:03 . 1998-07-06 16:55 158208 ----a-w- c:\windows\SysWow64\MSCMCDE.DLL
2012-06-21 10:03 . 1998-07-06 16:55 64512 ----a-w- c:\windows\SysWow64\MSCC2DE.DLL
2012-06-21 10:03 . 1998-07-05 23:00 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL
2012-06-11 22:17 . 2011-05-30 13:42 255488 ----a-w- c:\windows\system32\xvidvfw.dll
2012-06-11 22:17 . 2011-05-23 07:49 173568 ----a-w- c:\windows\system32\xvid.ax
2012-06-11 22:17 . 2011-05-23 07:45 696832 ----a-w- c:\windows\system32\xvidcore.dll
2012-06-11 22:17 . 2011-05-30 13:42 240640 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2012-06-11 22:17 . 2011-05-23 09:52 153088 ----a-w- c:\windows\SysWow64\xvid.ax
2012-06-11 22:17 . 2011-05-23 07:46 645632 ----a-w- c:\windows\SysWow64\xvidcore.dll
2012-06-11 11:46 . 2012-06-11 11:46 -------- d-----w- c:\users\Benni\AppData\Local\Macromedia
2012-06-08 17:52 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7CF7CD86-7F5D-478B-806F-3BB74D1C682B}\mpengine.dll
2012-06-07 14:25 . 2012-06-07 14:25 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-07 14:25 . 2012-06-07 14:25 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-06 15:43 . 2012-06-06 15:43 -------- d-----w- c:\programdata\Battle.net
2012-06-02 17:37 . 2009-12-05 17:42 85504 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2012-06-02 17:37 . 2012-06-02 17:37 -------- d-----w- c:\program files (x86)\ffdshow
2012-05-27 12:47 . 2012-05-27 12:47 -------- d-----w- c:\users\Benni\AppData\Roaming\LolClient2
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-25 08:23 . 2010-08-19 16:46 131072 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2012-06-11 11:45 . 2012-04-02 19:00 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-11 11:45 . 2011-06-08 16:49 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-04 11:59 . 2012-03-08 14:05 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-06-04 11:59 . 2012-03-08 14:05 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-23 23:29 . 2012-05-23 23:29 955848 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-23 23:29 . 2012-01-14 08:28 839112 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-04 21:48 . 2012-04-02 19:48 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-06 20:34 . 2012-04-06 20:34 275360 ----a-w- c:\windows\system32\DreamScene.dll
2012-04-04 16:47 . 2012-05-21 14:24 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-04-04 16:47 . 2011-08-27 16:15 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-01 21:40 . 2012-04-01 21:40 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-04-01 21:39 . 2012-04-01 21:39 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OscarEditor"="c:\program files (x86)\MOUSE Editor\MouseEditor.exe" [2010-12-23 3344384]
"ccleaner"="c:\program files (x86)\CCleaner\CCleaner64.exe" [2012-05-23 5208928]
"Xvid"="c:\program files (x86)\XviD\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1100368]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-28 336384]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-06-04 348624]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\Benni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.exe - Verknüpfung.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-8 107720]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DSL-Manager.lnk - c:\program files (x86)\DSL-Manager\DslMgr.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-06-04 86224]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320]
R2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-15 136176]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-17 13592]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-09-24 62720]
R2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [2011-10-21 73728]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 cpuz130;cpuz130;c:\users\Benni\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files (x86)\EVEREST Ultimate Edition\kerneld.amd64 [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-15 136176]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2010-11-01 14544]
R3 X6va002;X6va002;c:\users\Benni\AppData\Local\Temp\002B700.tmp [x]
R3 X6va003;X6va003;c:\users\Benni\AppData\Local\Temp\003B156.tmp [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-15 17:38]
.
2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-15 17:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-07-22 323072]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-12-28 200704]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://isearch.avg.com/?cid={FB1FD20E-1ECB-4FD8-A1AE-1A3F96887A29}&mid=dc161533aa3947d0a2a8d16f6b68595f-410f23d519b479a34fceb40994758e119ed9e140&lang=de&ds=od011&pr=sa&d=2012-03-22 15:23&v=10.2.0.3&sap=hp
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27360110d016l03d8z105t4971e441
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Benni\AppData\Roaming\Mozilla\Firefox\Profiles\e9koplpd.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/|hxxp://ts6.travian.de/dorf1.php
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B3789daa5-d450-42db-ab92-525375a232f9%7D&mid=dc161533aa3947d0a2a8d16f6b68595f-410f23d519b479a34fceb40994758e119ed9e140&ds=od011&v=10.2.0.3&lang=de&pr=sa&d=2012-03-22%2015%3A23%3A38&sap=ku&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
ShellIconOverlayIdentifiers-{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{43B74FAB-FB58-447D-8D3A-5F638AF36FD1} - c:\programdata\{9F3E013D-5CC0-40CE-82C2-47A599C1BC72}\Netzmanager1.041b_091125a.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files (x86)\EVEREST Ultimate Edition\kerneld.amd64"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va002]
"ImagePath"="\??\c:\users\Benni\AppData\Local\Temp\002B700.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\Benni\AppData\Local\Temp\003B156.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-598987727-3280365519-1545562274-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:ba,cc,d6,33,5d,6d,c2,9b,20,2e,2f,32,9a,52,cd,eb,5f,58,35,46,99,a2,32,
7a,bc,ca,ef,66,6e,7e,8c,77,82,5f,4f,f0,a3,a6,70,2e,c9,33,69,ec,49,4c,ea,c5,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-598987727-3280365519-1545562274-1001\Software\SecuROM\License information*]
"datasecu"=hex:11,86,7a,b0,b7,81,06,bc,e8,7a,ef,aa,47,ec,f7,ec,87,4c,be,de,8c,
d6,90,59,e4,94,07,f4,3a,82,ae,20,90,7e,29,75,82,d0,f8,2e,8f,e2,2d,82,59,75,\
"rkeysecu"=hex:5e,77,cf,8f,e9,3c,8e,63,76,b9,f2,ef,ec,45,bd,78
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-06-25 10:46:51 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-06-25 08:46
.
Vor Suchlauf: 16 Verzeichnis(se), 349.707.870.208 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 349.594.447.872 Bytes frei
.
- - End Of File - - 9FF178EE0492932EBBAB298AEFFE88A9
|
|
25.06.2012, 10:54
| #12 |
| | TR/ATRAPAS.GEN, GEN2 und TR/Small.F1 mit ständigen Meldungen Hi, ok, lade dir den neuen CF auf einem anderen Rechner runter und kopiere ihn dann per USB auf den verseuchten Rechner (Desktop)... ComboFix-Script Die nachfolgenden Zeilen (ohne Zitat!) abkopieren und in den Windows-Editor(start->Programme->zubehör->edior) kopieren und auf dem Desktop unter dem Namen "CFScript.txt" speichern (ohne Anführungszeichen!). Code:
ATTFilter
File::
c:\users\Benni\AppData\Local\Temp\002B700.tmp
c:\users\Benni\AppData\Local\Temp\003B156.tmp
c:\users\Benni\AppData\Local\Temp\cpuz130\cpuz_x64.sys
Driver::
cpuz_x64
X6va002
X6va003
(Maustaste loslassen, nennt man "Drag-and-Drop";o). Jetzt sollte combofix starten und das script ausführen, poste das combofix-Log! Geht der Browser, kannst Du surfen... Ist der Admin-Account gesperrt oder hängt er sich beim Laden auf? Fix-It von MS: Microsoft Fix it Center Online Damit können verschiedene Fehler bereinigt werden... Insgesamt sieht das nach einer beschädigten Registry aus... chris chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
25.06.2012, 15:18
| #13 |
| | TR/ATRAPAS.GEN, GEN2 und TR/Small.F1 mit ständigen Meldungen Ist eigentlich alles Normal bis das er etwas langsam ist. Ich habe eigentlich keine Probleme beim starten. Ahw, mir fällt grad auf das Avira garkeine Meldungen mehr macht. CF Log kommt gleich. Code:
ATTFilter ComboFix 12-06-25.03 - Benni 25.06.2012 16:28:23.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3956.2429 [GMT 2:00]
ausgeführt von:: c:\users\Benni\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Benni\Desktop\CFScript.txt.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-25 bis 2012-06-25 ))))))))))))))))))))))))))))))
.
.
2012-06-25 14:37 . 2012-06-25 14:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-25 08:07 . 2012-06-25 08:07 -------- dc----w- C:\_OTL
2012-06-22 22:46 . 2012-06-22 22:46 -------- dc----w- C:\TDSS
2012-06-22 15:17 . 2012-06-22 15:17 -------- d-----w- c:\users\Benni\AppData\Roaming\Malwarebytes
2012-06-22 15:16 . 2012-06-22 15:16 -------- d-----w- c:\programdata\Malwarebytes
2012-06-22 15:16 . 2012-06-23 08:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-21 17:53 . 2012-06-23 08:03 -------- dc----w- C:\Games
2012-06-21 10:03 . 2012-06-21 10:11 -------- d-----w- c:\users\Benni\AppData\Roaming\pdfforge
2012-06-21 10:03 . 2012-06-15 04:51 95232 ----a-w- c:\windows\system32\pdfcmon.dll
2012-06-21 10:03 . 2005-04-15 18:58 1071088 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-21 10:03 . 2004-03-08 23:00 662288 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX
2012-06-21 10:03 . 1998-06-23 23:00 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX
2012-06-21 10:03 . 2012-06-21 10:03 -------- d-----w- c:\program files (x86)\PDFCreator
2012-06-21 10:03 . 1998-07-06 16:56 125712 ----a-w- c:\windows\SysWow64\VB6DE.DLL
2012-06-21 10:03 . 1998-07-06 16:55 158208 ----a-w- c:\windows\SysWow64\MSCMCDE.DLL
2012-06-21 10:03 . 1998-07-06 16:55 64512 ----a-w- c:\windows\SysWow64\MSCC2DE.DLL
2012-06-21 10:03 . 1998-07-05 23:00 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL
2012-06-11 22:17 . 2011-05-30 13:42 255488 ----a-w- c:\windows\system32\xvidvfw.dll
2012-06-11 22:17 . 2011-05-23 07:49 173568 ----a-w- c:\windows\system32\xvid.ax
2012-06-11 22:17 . 2011-05-23 07:45 696832 ----a-w- c:\windows\system32\xvidcore.dll
2012-06-11 22:17 . 2011-05-30 13:42 240640 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2012-06-11 22:17 . 2011-05-23 09:52 153088 ----a-w- c:\windows\SysWow64\xvid.ax
2012-06-11 22:17 . 2011-05-23 07:46 645632 ----a-w- c:\windows\SysWow64\xvidcore.dll
2012-06-11 11:46 . 2012-06-11 11:46 -------- d-----w- c:\users\Benni\AppData\Local\Macromedia
2012-06-08 17:52 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7CF7CD86-7F5D-478B-806F-3BB74D1C682B}\mpengine.dll
2012-06-07 14:25 . 2012-06-07 14:25 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-07 14:25 . 2012-06-07 14:25 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-06 15:43 . 2012-06-06 15:43 -------- d-----w- c:\programdata\Battle.net
2012-06-02 17:37 . 2009-12-05 17:42 85504 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2012-06-02 17:37 . 2012-06-02 17:37 -------- d-----w- c:\program files (x86)\ffdshow
2012-05-27 12:47 . 2012-05-27 12:47 -------- d-----w- c:\users\Benni\AppData\Roaming\LolClient2
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-25 14:39 . 2010-08-19 16:46 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2012-06-11 11:45 . 2012-04-02 19:00 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-11 11:45 . 2011-06-08 16:49 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-04 11:59 . 2012-03-08 14:05 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-06-04 11:59 . 2012-03-08 14:05 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-23 23:29 . 2012-05-23 23:29 955848 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-23 23:29 . 2012-01-14 08:28 839112 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-04 21:48 . 2012-04-02 19:48 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-06 20:34 . 2012-04-06 20:34 275360 ----a-w- c:\windows\system32\DreamScene.dll
2012-04-04 16:47 . 2012-05-21 14:24 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-04-04 16:47 . 2011-08-27 16:15 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-01 21:40 . 2012-04-01 21:40 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-04-01 21:39 . 2012-04-01 21:39 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-25_08.41.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-05 00:35 . 2012-06-25 09:05 91436 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-25 09:05 40404 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-18 11:44 . 2012-06-25 09:05 16306 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-598987727-3280365519-1545562274-1001_UserData.bin
- 2010-01-18 11:44 . 2012-06-25 08:18 16306 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-598987727-3280365519-1545562274-1001_UserData.bin
+ 2012-06-25 14:38 . 2012-06-25 14:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-25 08:41 . 2012-06-25 08:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-25 08:41 . 2012-06-25 08:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-25 14:38 . 2012-06-25 14:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-06-25 14:14 625010 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-05 15:09 625010 c:\windows\system32\perfh009.dat
- 2009-12-28 12:26 . 2012-06-05 15:09 664868 c:\windows\system32\perfh007.dat
+ 2009-12-28 12:26 . 2012-06-25 14:14 664868 c:\windows\system32\perfh007.dat
+ 2009-07-14 02:36 . 2012-06-25 14:14 110648 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-05 15:09 110648 c:\windows\system32\perfc009.dat
- 2009-12-28 12:26 . 2012-06-05 15:09 135004 c:\windows\system32\perfc007.dat
+ 2009-12-28 12:26 . 2012-06-25 14:14 135004 c:\windows\system32\perfc007.dat
+ 2012-06-10 03:20 . 2012-06-25 14:37 877808 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-06-10 03:20 . 2012-06-25 08:23 877808 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2012-06-25 08:23 351644 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-25 14:37 351644 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-04-29 20:41 . 2012-06-25 08:23 61858768 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-598987727-3280365519-1545562274-1001-12288.dat
+ 2010-04-29 20:41 . 2012-06-25 14:38 61858768 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-598987727-3280365519-1545562274-1001-12288.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OscarEditor"="c:\program files (x86)\MOUSE Editor\MouseEditor.exe" [2010-12-23 3344384]
"ccleaner"="c:\program files (x86)\CCleaner\CCleaner64.exe" [2012-05-23 5208928]
"Xvid"="c:\program files (x86)\XviD\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1100368]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-28 336384]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-06-04 348624]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\Benni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.exe - Verknüpfung.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-8 107720]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DSL-Manager.lnk - c:\program files (x86)\DSL-Manager\DslMgr.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-15 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 cpuz130;cpuz130;c:\users\Benni\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files (x86)\EVEREST Ultimate Edition\kerneld.amd64 [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-15 136176]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2010-11-01 14544]
R3 X6va002;X6va002;c:\users\Benni\AppData\Local\Temp\002B700.tmp [x]
R3 X6va003;X6va003;c:\users\Benni\AppData\Local\Temp\003B156.tmp [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-06-04 86224]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-17 13592]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-09-24 62720]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [2011-10-21 73728]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-15 17:38]
.
2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-15 17:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-07-22 323072]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-12-28 200704]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://isearch.avg.com/?cid={FB1FD20E-1ECB-4FD8-A1AE-1A3F96887A29}&mid=dc161533aa3947d0a2a8d16f6b68595f-410f23d519b479a34fceb40994758e119ed9e140&lang=de&ds=od011&pr=sa&d=2012-03-22 15:23&v=10.2.0.3&sap=hp
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27360110d016l03d8z105t4971e441
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Benni\AppData\Roaming\Mozilla\Firefox\Profiles\e9koplpd.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/|hxxp://ts6.travian.de/dorf1.php
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B3789daa5-d450-42db-ab92-525375a232f9%7D&mid=dc161533aa3947d0a2a8d16f6b68595f-410f23d519b479a34fceb40994758e119ed9e140&ds=od011&v=10.2.0.3&lang=de&pr=sa&d=2012-03-22%2015%3A23%3A38&sap=ku&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files (x86)\EVEREST Ultimate Edition\kerneld.amd64"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va002]
"ImagePath"="\??\c:\users\Benni\AppData\Local\Temp\002B700.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\Benni\AppData\Local\Temp\003B156.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-598987727-3280365519-1545562274-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:ba,cc,d6,33,5d,6d,c2,9b,20,2e,2f,32,9a,52,cd,eb,5f,58,35,46,99,a2,32,
7a,bc,ca,ef,66,6e,7e,8c,77,82,5f,4f,f0,a3,a6,70,2e,c9,33,69,ec,49,4c,ea,c5,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-598987727-3280365519-1545562274-1001\Software\SecuROM\License information*]
"datasecu"=hex:11,86,7a,b0,b7,81,06,bc,e8,7a,ef,aa,47,ec,f7,ec,87,4c,be,de,8c,
d6,90,59,e4,94,07,f4,3a,82,ae,20,90,7e,29,75,82,d0,f8,2e,8f,e2,2d,82,59,75,\
"rkeysecu"=hex:5e,77,cf,8f,e9,3c,8e,63,76,b9,f2,ef,ec,45,bd,78
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-25 16:52:26 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-06-25 14:52
ComboFix2.txt 2012-06-25 08:46
.
Vor Suchlauf: 18 Verzeichnis(se), 354.564.161.536 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 354.955.718.656 Bytes frei
.
- - End Of File - - 77BECB1C20D487EB509C9006693CC80F
Geändert von H4rdDiskDriv (25.06.2012 um 16:13 Uhr) |
|
25.06.2012, 17:00
| #14 |
| | TR/ATRAPAS.GEN, GEN2 und TR/Small.F1 mit ständigen Meldungen Hi, das Script wurde nicht gestartet, die Treiber sind noch da... Bitte nochmal probieren: 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter
KILLALL::
File::
c:\users\Benni\AppData\Local\Temp\002B700.tmp
c:\users\Benni\AppData\Local\Temp\003B156.tmp
c:\users\Benni\AppData\Local\Temp\cpuz130\cpuz_x64.sys
Driver::
cpuz_x64
X6va002
X6va003
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer!) 5. Dann ziehe die CFScript.txt auf die ComboFix.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
25.06.2012, 21:04
| #15 |
| | TR/ATRAPAS.GEN, GEN2 und TR/Small.F1 mit ständigen MeldungenCode:
ATTFilter ComboFix 12-06-25.03 - Benni 25.06.2012 21:41:22.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3956.2633 [GMT 2:00]
ausgeführt von:: c:\users\Benni\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Benni\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Benni\AppData\Local\Temp\002B700.tmp"
"c:\users\Benni\AppData\Local\Temp\003B156.tmp"
"c:\users\Benni\AppData\Local\Temp\cpuz130\cpuz_x64.sys"
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_X6VA002
-------\Legacy_X6VA003
-------\Service_X6va002
-------\Service_X6va003
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-25 bis 2012-06-25 ))))))))))))))))))))))))))))))
.
.
2012-06-25 08:07 . 2012-06-25 08:07 -------- dc----w- C:\_OTL
2012-06-22 22:46 . 2012-06-22 22:46 -------- dc----w- C:\TDSS
2012-06-22 15:17 . 2012-06-22 15:17 -------- d-----w- c:\users\Benni\AppData\Roaming\Malwarebytes
2012-06-22 15:16 . 2012-06-22 15:16 -------- d-----w- c:\programdata\Malwarebytes
2012-06-22 15:16 . 2012-06-23 08:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-21 17:53 . 2012-06-23 08:03 -------- dc----w- C:\Games
2012-06-21 10:03 . 2012-06-21 10:11 -------- d-----w- c:\users\Benni\AppData\Roaming\pdfforge
2012-06-21 10:03 . 2012-06-15 04:51 95232 ----a-w- c:\windows\system32\pdfcmon.dll
2012-06-21 10:03 . 2005-04-15 18:58 1071088 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-21 10:03 . 2004-03-08 23:00 662288 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX
2012-06-21 10:03 . 1998-06-23 23:00 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX
2012-06-21 10:03 . 2012-06-21 10:03 -------- d-----w- c:\program files (x86)\PDFCreator
2012-06-21 10:03 . 1998-07-06 16:56 125712 ----a-w- c:\windows\SysWow64\VB6DE.DLL
2012-06-21 10:03 . 1998-07-06 16:55 158208 ----a-w- c:\windows\SysWow64\MSCMCDE.DLL
2012-06-21 10:03 . 1998-07-06 16:55 64512 ----a-w- c:\windows\SysWow64\MSCC2DE.DLL
2012-06-21 10:03 . 1998-07-05 23:00 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL
2012-06-11 22:17 . 2011-05-30 13:42 255488 ----a-w- c:\windows\system32\xvidvfw.dll
2012-06-11 22:17 . 2011-05-23 07:49 173568 ----a-w- c:\windows\system32\xvid.ax
2012-06-11 22:17 . 2011-05-23 07:45 696832 ----a-w- c:\windows\system32\xvidcore.dll
2012-06-11 22:17 . 2011-05-30 13:42 240640 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2012-06-11 22:17 . 2011-05-23 09:52 153088 ----a-w- c:\windows\SysWow64\xvid.ax
2012-06-11 22:17 . 2011-05-23 07:46 645632 ----a-w- c:\windows\SysWow64\xvidcore.dll
2012-06-11 11:46 . 2012-06-11 11:46 -------- d-----w- c:\users\Benni\AppData\Local\Macromedia
2012-06-08 17:52 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7CF7CD86-7F5D-478B-806F-3BB74D1C682B}\mpengine.dll
2012-06-07 14:25 . 2012-06-07 14:25 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-07 14:25 . 2012-06-07 14:25 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-06 15:43 . 2012-06-06 15:43 -------- d-----w- c:\programdata\Battle.net
2012-06-02 17:37 . 2009-12-05 17:42 85504 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2012-06-02 17:37 . 2012-06-02 17:37 -------- d-----w- c:\program files (x86)\ffdshow
2012-05-27 12:47 . 2012-05-27 12:47 -------- d-----w- c:\users\Benni\AppData\Roaming\LolClient2
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-25 19:50 . 2010-08-19 16:46 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2012-06-11 11:45 . 2012-04-02 19:00 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-11 11:45 . 2011-06-08 16:49 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-04 11:59 . 2012-03-08 14:05 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-06-04 11:59 . 2012-03-08 14:05 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-23 23:29 . 2012-05-23 23:29 955848 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-23 23:29 . 2012-01-14 08:28 839112 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-04 21:48 . 2012-04-02 19:48 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-06 20:34 . 2012-04-06 20:34 275360 ----a-w- c:\windows\system32\DreamScene.dll
2012-04-04 16:47 . 2012-05-21 14:24 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-04-04 16:47 . 2011-08-27 16:15 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-01 21:40 . 2012-04-01 21:40 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-04-01 21:39 . 2012-04-01 21:39 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-25_08.41.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-05 00:35 . 2012-06-25 14:42 91680 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-25 14:42 40420 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-18 11:44 . 2012-06-25 14:42 16424 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-598987727-3280365519-1545562274-1001_UserData.bin
- 2012-06-25 08:41 . 2012-06-25 08:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-25 19:50 . 2012-06-25 19:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-25 19:50 . 2012-06-25 19:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-25 08:41 . 2012-06-25 08:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-06-25 14:14 625010 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-05 15:09 625010 c:\windows\system32\perfh009.dat
- 2009-12-28 12:26 . 2012-06-05 15:09 664868 c:\windows\system32\perfh007.dat
+ 2009-12-28 12:26 . 2012-06-25 14:14 664868 c:\windows\system32\perfh007.dat
- 2009-07-14 02:36 . 2012-06-05 15:09 110648 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-06-25 14:14 110648 c:\windows\system32\perfc009.dat
- 2009-12-28 12:26 . 2012-06-05 15:09 135004 c:\windows\system32\perfc007.dat
+ 2009-12-28 12:26 . 2012-06-25 14:14 135004 c:\windows\system32\perfc007.dat
+ 2012-06-10 03:20 . 2012-06-25 14:37 877808 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-06-10 03:20 . 2012-06-25 08:23 877808 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2012-06-25 08:23 351644 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-25 19:49 351644 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-04-29 20:41 . 2012-06-25 19:49 61862340 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-598987727-3280365519-1545562274-1001-12288.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OscarEditor"="c:\program files (x86)\MOUSE Editor\MouseEditor.exe" [2010-12-23 3344384]
"ccleaner"="c:\program files (x86)\CCleaner\CCleaner64.exe" [2012-05-23 5208928]
"Xvid"="c:\program files (x86)\XviD\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1100368]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-28 336384]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-06-04 348624]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\Benni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.exe - Verknüpfung.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-8 107720]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DSL-Manager.lnk - c:\program files (x86)\DSL-Manager\DslMgr.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-15 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 cpuz130;cpuz130;c:\users\Benni\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files (x86)\EVEREST Ultimate Edition\kerneld.amd64 [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-15 136176]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2010-11-01 14544]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-06-04 86224]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-17 13592]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-09-24 62720]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [2011-10-21 73728]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-15 17:38]
.
2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-15 17:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-07-22 323072]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-12-28 200704]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://isearch.avg.com/?cid={FB1FD20E-1ECB-4FD8-A1AE-1A3F96887A29}&mid=dc161533aa3947d0a2a8d16f6b68595f-410f23d519b479a34fceb40994758e119ed9e140&lang=de&ds=od011&pr=sa&d=2012-03-22 15:23&v=10.2.0.3&sap=hp
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7740&r=27360110d016l03d8z105t4971e441
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Benni\AppData\Roaming\Mozilla\Firefox\Profiles\e9koplpd.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/|hxxp://ts6.travian.de/dorf1.php
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B3789daa5-d450-42db-ab92-525375a232f9%7D&mid=dc161533aa3947d0a2a8d16f6b68595f-410f23d519b479a34fceb40994758e119ed9e140&ds=od011&v=10.2.0.3&lang=de&pr=sa&d=2012-03-22%2015%3A23%3A38&sap=ku&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files (x86)\EVEREST Ultimate Edition\kerneld.amd64"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-598987727-3280365519-1545562274-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:ba,cc,d6,33,5d,6d,c2,9b,20,2e,2f,32,9a,52,cd,eb,5f,58,35,46,99,a2,32,
7a,bc,ca,ef,66,6e,7e,8c,77,82,5f,4f,f0,a3,a6,70,2e,c9,33,69,ec,49,4c,ea,c5,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-598987727-3280365519-1545562274-1001\Software\SecuROM\License information*]
"datasecu"=hex:11,86,7a,b0,b7,81,06,bc,e8,7a,ef,aa,47,ec,f7,ec,87,4c,be,de,8c,
d6,90,59,e4,94,07,f4,3a,82,ae,20,90,7e,29,75,82,d0,f8,2e,8f,e2,2d,82,59,75,\
"rkeysecu"=hex:5e,77,cf,8f,e9,3c,8e,63,76,b9,f2,ef,ec,45,bd,78
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-25 21:56:45 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-06-25 19:56
ComboFix2.txt 2012-06-25 14:52
ComboFix3.txt 2012-06-25 08:46
.
Vor Suchlauf: 19 Verzeichnis(se), 354.694.369.280 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 354.299.482.112 Bytes frei
.
- - End Of File - - A8604EB5D8A80C8A54F6F4A4F8879762
|
|
| Themen zu TR/ATRAPAS.GEN, GEN2 und TR/Small.F1 mit ständigen Meldungen |
| 7-zip, alternate, antivir, avg secure search, avira, bho, black, call of duty, cid, desktop, driver genius, error, excel, fehler, firefox, firefox 13.0.1, flash player, format, google earth, home, install.exe, installation, iobit, jdownloader, launch, league of legends, logfile, mozilla, plug-in, problem, realtek, registry, richtlinie, rundll, scan, searchscopes, secure search, security, software, svchost.exe, teamspeak, windows |
Linear-Darstellung
