Malware.Packer.GenX bei Alcohol 120% Testversion

meheeco · 12.09.2012, 21:24

Hallo Trojaner-Team,

ich hoffe, ihr könnt mir helfen. Heute meldet sich plötzlich avast, im Ordner C:\Windows\system32\mpenginestore\... würde sich ein Rootkit befinden. Den Ordner konnte ich aber gar nicht finden (obwohl alle Dateien und Ordner eingeblendet). Als einzige Möglichkeit gab es löschen, was ich auch gemacht habe. Anschließend wurde eine Startzeitprüfung durchgeführt, es wurden jedoch keine Bedrohungen gefunden. Allerdings finde ich auch in keinem Report oder keiner Statistik irgendetwas von diesem gefundenen Rootkit.

Also führte ich einen vollständigen Scan mit Malwarebytes durch (runtergeladen bei chip.de) und hier ist das Ergebnis:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.12.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: **** [Administrator]

12.09.2012 21:09:24
mbam-log-2012-09-12 (21-09-24).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P
Deaktivierte Suchlaufeinstellungen: 
Durchsuchte Objekte: 402295
Laufzeit: 53 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\Langs\AX_RU.dll (Malware.Packer.GenX) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Muss ich mir hier Sorgen machen? Ja, ich habe mir Alcohol 120% runtergeladen, allerdings nur eine 30Tage-Testversion von (so dachte ich) zuverlässiger Quelle. Ich bin da normalerweise sehr vorsichtig und würde mich sehr ärgern, mir dadurch jetzt einen Virus eingefangen zu haben.

Vielen Dank schon mal.

meheeco

Habe jetzt nochmal geprüft im abgesicherten Modus mit Malwarebytes: Keine Funde. Avast findet bei einer Komplettprüfung auch nichts mehr.
Aber ich weiß nicht, ob ich mich in Sicherheit wiegen kann. Zum Einen Frage ich mich, welcher Downloadquelle (zb für malwarebytes) man überhaupt noch trauen kann, zum Anderen weiß ich nicht, ob durch dieses Rootkit vielleicht schon Schaden entstanden ist, den Virenprogramme gar nicht mehr finden

Danke schon mal.

meheeco

cosinus · 14.09.2012, 21:49

Zitat:

Heute meldet sich plötzlich avast, im Ordner C:\Windows\system32\mpenginestore\... würde sich ein Rootkit befinden.

Das Log von Avast dazu bitte vollständig posten, solche halben Angaben sind sinnfrei und wenig hilfreich

meheeco · 14.09.2012, 22:05

Wie bereits erwähnt hat avast kein Log erstellt oder gespeichert. Es kam die Meldung, dass in dem Ordner ein Virus gefunden wurde. Ich hab nach dem Ordner gesucht, diesen aber nicht gefunden. Avast hat mir nur die Möglichkeit geboten, das Rootkit zu löschen, was ich getan hab. Dann hat avast eine Startzeitprüfung empfohlen, die ich auch sofort durchgeführt habe. Dabei wurde aber nichts gefunden.

Seit ich mit Malwarebytes diesen Malware.Packer.GenX in die Quarantäne verschoben hab, scheint kein Virus mehr auf dem Rechner zu sein. Weder avast, Malwarebytes oder ESET findet eine Bedrohung.

Alcohol hab ich zwischenzeitlich auch deinstalliert - war mir dann doch nicht so wichtig.

Ich denke (oder zumindest hoffe ich), dass die Sache damit erledigt sein dürfte. Außer du hast noch einen Vorschlag, was ich noch machen könnte.

cosinus · 15.09.2012, 12:41

Die Logs von Avast sind nur gut versteckt => Hinweis avast! 7 / 6 / 5 / 4 - Häufig gestelle Fragen und Wissensdatenbank

meheeco · 15.09.2012, 13:09

Hab ich gefunden. Da ist aber nur eine Datei, die von Datum und Uhrzeit her hinkommt, und die heißt AshWebSv.ws und hat die Größe von 0 KB. Die Log-Dateien haben alle das Datum 14.9. oder 15.9., können also mit dem Fund vom 12.9. eigentlich nichts zu tun haben.

cosinus · 16.09.2012, 14:21

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

meheeco · 16.09.2012, 15:55

Hier das Ergebnis des Scans:

Code:

ATTFilter

# AdwCleaner v2.001 - Datei am 09/16/2012 um 16:51:06 erstellt
# Aktualisiert am 09/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : *** - *****
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Conduit

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v14.0.1 (de)

Profilname : default 
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\kqnr87ue.default\prefs.js

[OK] Die Datei ist sauber.

Profilname : default 
Datei : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\7wvkzg9l.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [946 octets] - [16/09/2012 16:51:06]

########## EOF - C:\AdwCleaner[R1].txt - [1005 octets] ##########

Ist das normal, dass der Scan so schnell erledigt ist? Dauerte grad mal ein paar Sekunden.

cosinus · 16.09.2012, 18:54

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

meheeco · 17.09.2012, 18:27

Hier das Ergebnis des Lösch-Vorgangs:

Code:

ATTFilter

# AdwCleaner v2.001 - Datei am 09/17/2012 um 19:21:04 erstellt
# Aktualisiert am 09/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : *** - ****
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Conduit

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-21-1562693020-2495873740-2754528668-1005\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v14.0.1 (de)

Profilname : default 
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\kqnr87ue.default\prefs.js

[OK] Die Datei ist sauber.

Profilname : default 
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\7wvkzg9l.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1074 octets] - [16/09/2012 16:51:06]
AdwCleaner[R2].txt - [1135 octets] - [16/09/2012 16:54:33]
AdwCleaner[S1].txt - [1569 octets] - [17/09/2012 19:21:04]

########## EOF - C:\AdwCleaner[S1].txt - [1629 octets] ##########

Besten Dank schon mal - wieder.

cosinus · 18.09.2012, 13:33

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

meheeco · 18.09.2012, 18:37

OTL.exe meldet wie folgt:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 18.09.2012 19:14:01 - Run 1
OTL by OldTimer - Version 3.2.63.0     Folder = C:\Users\m***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,38 Gb Available Physical Memory | 61,65% Memory free
7,71 Gb Paging File | 6,09 Gb Available in Paging File | 79,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 447,66 Gb Total Space | 328,58 Gb Free Space | 73,40% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: m*** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.18 19:11:11 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\m***\Desktop\OTL.exe
PRC - [2012.08.21 11:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.07.27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.07 12:47:46 | 000,160,840 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe
PRC - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.02.18 19:33:02 | 001,130,496 | ---- | M] (Zhorn Software) -- C:\Program Files (x86)\Stickies\stickies.exe
PRC - [2012.01.05 15:22:10 | 000,256,536 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2012.01.05 15:21:44 | 000,296,984 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
PRC - [2011.09.08 11:16:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.07.01 04:51:14 | 000,418,896 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2011.07.01 04:51:14 | 000,343,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2011.07.01 04:51:12 | 001,103,440 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2011.07.01 04:51:12 | 000,353,360 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2011.05.30 04:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2011.04.30 09:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.04.22 18:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2011.02.01 23:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.01 23:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2005.04.01 12:12:26 | 000,425,984 | ---- | M] (ThinPrint GmbH) -- C:\Program Files (x86)\ThinPrint Client\Thnclnt32.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.02.18 19:33:02 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Stickies\shook70.dll
MOD - [2012.01.05 15:22:36 | 000,465,344 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
MOD - [2011.09.27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.08.30 19:02:07 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.07.27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.01.05 15:22:10 | 000,256,536 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2011.11.06 10:46:20 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.09.08 11:16:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.08.02 12:59:46 | 000,872,552 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2011.07.01 04:51:12 | 000,353,360 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011.06.21 21:55:04 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2011.05.30 04:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2011.04.30 09:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.04.22 18:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV - [2011.03.29 06:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.02.01 23:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.02.01 23:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.11.29 16:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.11.15 20:31:04 | 000,050,688 | ---- | M] () [Auto | Running] -- C:\Programme\ShrewSoft\VPN Client\dtpd.exe -- (dtpd)
SRV - [2009.11.15 20:28:44 | 000,948,224 | ---- | M] () [Auto | Running] -- C:\Programme\ShrewSoft\VPN Client\iked.exe -- (iked)
SRV - [2009.11.15 20:26:26 | 000,690,688 | ---- | M] () [Auto | Running] -- C:\Programme\ShrewSoft\VPN Client\ipsecd.exe -- (ipsecd)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.09.14 20:41:38 | 000,530,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012.08.21 11:13:13 | 000,969,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.08.21 11:13:13 | 000,359,464 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.08.21 11:13:13 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.08.21 11:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.08.21 11:13:12 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.08.21 11:13:11 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.09.08 11:16:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011.08.12 09:28:40 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2011.08.12 09:28:40 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2011.08.12 09:28:40 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2011.07.14 07:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.07.14 07:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.06.10 20:16:10 | 012,230,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.05.16 15:57:32 | 000,051,240 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiMSa.sys -- (bScsiMSa)
DRV:64bit: - [2011.05.10 05:42:16 | 000,425,000 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2011.05.06 11:11:12 | 000,086,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa)
DRV:64bit: - [2011.04.26 20:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.04.05 13:26:26 | 000,142,632 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2011.03.10 06:01:45 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2011.03.10 06:01:45 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2011.01.20 19:15:30 | 000,019,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdmp.sys -- (b57xdmp)
DRV:64bit: - [2011.01.20 19:15:28 | 000,067,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdbd.sys -- (b57xdbd)
DRV:64bit: - [2010.11.29 16:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.09 12:26:46 | 002,377,216 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.15 10:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009.11.19 02:06:22 | 000,020,992 | ---- | M] (Shrew Soft Inc) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vfilter.sys -- (vflt)
DRV:64bit: - [2009.11.19 02:06:20 | 000,012,800 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\virtualnet.sys -- (vnet)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-1562693020-2495873740-2754528668-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKU\S-1-5-21-1562693020-2495873740-2754528668-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKU\S-1-5-21-1562693020-2495873740-2754528668-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1562693020-2495873740-2754528668-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1562693020-2495873740-2754528668-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-1562693020-2495873740-2754528668-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1466
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.08.29 09:34:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.30 19:02:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.11 17:37:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.30 19:02:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.11.07 20:59:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\m***\AppData\Roaming\mozilla\Extensions
[2012.08.11 08:15:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\m***\AppData\Roaming\mozilla\Firefox\Profiles\kqnr87ue.default\extensions
[2012.08.11 08:15:27 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\m***\AppData\Roaming\mozilla\firefox\profiles\kqnr87ue.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.03.17 19:28:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.08.29 09:34:31 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012.08.30 19:02:07 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.24 16:58:05 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.24 16:58:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.24 16:58:05 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.24 16:58:05 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.24 16:58:05 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.24 16:58:05 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.12.09 19:19:45 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1562693020-2495873740-2754528668-1005..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1562693020-2495873740-2754528668-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1562693020-2495873740-2754528668-1005..\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe ()
O4 - Startup: C:\Users\m***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk = C:\Program Files (x86)\Stickies\stickies.exe (Zhorn Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D354F33-412B-4746-916B-D93389455A7C}: DhcpNameServer = 192.168.1.200
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E1C1A62-9A72-42B3-A365-0962C55E9133}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: MCODS - Reg Error: Value error.
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.18 19:11:09 | 000,600,576 | ---- | C] (OldTimer Tools) -- C:\Users\m***\Desktop\OTL.exe
[2012.09.14 22:34:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.09.14 21:43:16 | 000,000,000 | ---D | C] -- C:\Users\m***\Documents\MAGIX Downloads
[2012.09.14 21:43:16 | 000,000,000 | ---D | C] -- C:\Users\m***\Documents\MAGIX
[2012.09.14 21:41:52 | 000,000,000 | ---D | C] -- C:\Users\m***\AppData\Local\Xara
[2012.09.14 21:41:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Shared
[2012.09.14 20:44:42 | 000,000,000 | ---D | C] -- C:\Users\m***\AppData\Roaming\AquaSoft
[2012.09.14 20:41:02 | 000,000,000 | ---D | C] -- C:\Users\m***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AquaSoft
[2012.09.14 20:39:11 | 000,000,000 | ---D | C] -- C:\Users\m***\AppData\Local\PackageAware
[2012.09.12 22:53:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.09.12 21:06:48 | 000,000,000 | ---D | C] -- C:\Users\m***\AppData\Roaming\Malwarebytes
[2012.09.12 21:06:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.12 21:06:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.12 21:06:40 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.12 21:06:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.30 13:53:38 | 000,000,000 | ---D | C] -- C:\Users\m***\Documents\Alcohol 120%
[2012.08.30 13:51:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alcohol Soft
[2012.08.28 22:40:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.18 19:11:11 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\m***\Desktop\OTL.exe
[2012.09.18 19:09:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.18 15:31:06 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.18 15:31:06 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.18 15:23:17 | 3104,722,944 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.17 20:36:29 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.17 20:36:29 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.17 20:36:29 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.17 20:36:29 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.17 20:36:29 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.16 16:50:15 | 000,512,399 | ---- | M] () -- C:\Users\m***\Desktop\adwcleaner.exe
[2012.09.14 22:44:46 | 002,321,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.09.14 20:41:38 | 000,530,488 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2012.09.14 20:38:29 | 000,000,156 | ---- | M] () -- C:\Users\m***\Documents\cc_20120914_203822.reg
[2012.09.12 22:56:18 | 000,031,680 | ---- | M] () -- C:\Users\m***\Documents\cc_20120912_225607.reg
[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.30 19:00:22 | 000,001,421 | ---- | M] () -- C:\Users\m***\Desktop\ChannelListPCEditor.exe - Verknüpfung.lnk
[2012.08.29 09:34:32 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.08.21 11:13:13 | 000,969,200 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012.08.21 11:13:13 | 000,359,464 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012.08.21 11:13:13 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012.08.21 11:13:12 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.08.21 11:13:12 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012.08.21 11:13:11 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012.08.21 11:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.08.21 11:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.08.21 11:12:02 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
 
========== Files Created - No Company Name ==========
 
[2012.09.16 16:50:09 | 000,512,399 | ---- | C] () -- C:\Users\m***\Desktop\adwcleaner.exe
[2012.09.14 20:38:24 | 000,000,156 | ---- | C] () -- C:\Users\m***\Documents\cc_20120914_203822.reg
[2012.09.12 22:56:11 | 000,031,680 | ---- | C] () -- C:\Users\m***\Documents\cc_20120912_225607.reg
[2012.08.30 19:00:22 | 000,001,421 | ---- | C] () -- C:\Users\m***\Desktop\ChannelListPCEditor.exe - Verknüpfung.lnk
[2012.08.30 13:47:40 | 000,530,488 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
[2012.01.03 20:24:06 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2011.08.12 09:37:09 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.08.12 09:37:07 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.08.12 09:37:05 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.08.12 09:37:04 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.08.12 09:37:03 | 013,906,944 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
========== LOP Check ==========
 
[2012.03.14 21:08:50 | 000,000,000 | ---D | M] -- C:\Users\d***\AppData\Roaming\Alien Skin
[2012.05.21 21:02:32 | 000,000,000 | ---D | M] -- C:\Users\d***\AppData\Roaming\Amazon
[2012.03.14 22:02:47 | 000,000,000 | ---D | M] -- C:\Users\d***\AppData\Roaming\MAGIX
[2011.11.08 21:02:57 | 000,000,000 | ---D | M] -- C:\Users\d***\AppData\Roaming\Thunderbird
[2011.11.15 12:16:23 | 000,000,000 | ---D | M] -- C:\Users\d***\AppData\Roaming\Windows Live Writer
[2011.12.10 14:28:31 | 000,000,000 | ---D | M] -- C:\Users\m***\AppData\Roaming\Alien Skin
[2012.09.14 20:44:42 | 000,000,000 | ---D | M] -- C:\Users\m***\AppData\Roaming\AquaSoft
[2012.01.03 20:24:00 | 000,000,000 | ---D | M] -- C:\Users\m***\AppData\Roaming\DesktopIconForAmazon
[2012.09.12 22:55:07 | 000,000,000 | ---D | M] -- C:\Users\m***\AppData\Roaming\Free Download Manager
[2012.04.15 08:19:23 | 000,000,000 | ---D | M] -- C:\Users\m***\AppData\Roaming\ImTOO
[2012.09.14 21:43:19 | 000,000,000 | ---D | M] -- C:\Users\m***\AppData\Roaming\MAGIX
[2011.11.08 21:56:28 | 000,000,000 | ---D | M] -- C:\Users\m***\AppData\Roaming\newsXpresso
[2012.05.28 10:49:11 | 000,000,000 | ---D | M] -- C:\Users\m***\AppData\Roaming\redsn0w
[2012.09.18 19:10:11 | 000,000,000 | ---D | M] -- C:\Users\m***\AppData\Roaming\stickies
[2012.01.19 20:40:15 | 000,000,000 | ---D | M] -- C:\Users\m***\AppData\Roaming\TeamViewer
[2011.11.08 20:28:50 | 000,000,000 | ---D | M] -- C:\Users\m***\AppData\Roaming\Thunderbird
[2012.04.15 08:29:45 | 000,000,000 | ---D | M] -- C:\Users\m***\AppData\Roaming\Xilisoft
[2012.07.18 16:29:53 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.12.19 20:59:54 | 000,000,000 | ---D | M] -- C:\Users\m***\AppData\Roaming\Adobe
[2011.12.10 14:28:31 | 000,000,000 | ---D | M] -- C:\Users\m***\AppData\Roaming\Alien Skin
[2012.03.16 20:15:09 | 000,000,000 | ---D | M] -- C:\Users\m***\AppData\Roaming\Apple Computer
[2012.09.14 20:44:42 | 000,000,000 | ---D | M] -- C:\Users\m***\AppData\Roaming\AquaSoft
[2011.11.06 11:18:46 | 000,000,000 | ---D | M] -- C:\Users\m***\AppData\Roaming\CyberLink
[2012.01.03 20:24:00 | 000,000,000 | ---D | M] -- C:\Users\m***\AppData\Roaming\DesktopIconForAmazon
[2012.04.14 08:35:03 | 000,000,000 | ---D | M] -- C:\Users\m***\AppData\Roaming\dvdcss
[2012.09.12 22:55:07 | 000,000,000 | ---D | M] -- C:\Users\m***\AppData\Roaming\Free Download Manager
[2011.11.06 11:20:51 | 000,000,000 | ---D | M] -- C:\Users\m***\AppData\Roaming\Identities
[2012.04.15 08:19:23 | 000,000,000 | ---D | M] -- C:\Users\m***\AppData\Roaming\ImTOO
[2011.11.06 11:21:07 | 000,000,000 | ---D | M] -- C:\Users\m***\AppData\Roaming\Macromedia
[2012.09.14 21:43:19 | 000,000,000 | ---D | M] -- C:\Users\m***\AppData\Roaming\MAGIX
[2012.09.12 21:06:48 | 000,000,000 | ---D | M] -- C:\Users\m***\AppData\Roaming\Malwarebytes
[2010.11.21 09:16:41 | 000,000,000 | ---D | M] -- C:\Users\m***\AppData\Roaming\Media Center Programs
[2012.09.14 20:41:08 | 000,000,000 | --SD | M] -- C:\Users\m***\AppData\Roaming\Microsoft
[2011.11.07 20:59:26 | 000,000,000 | ---D | M] -- C:\Users\m***\AppData\Roaming\Mozilla
[2011.11.08 21:56:28 | 000,000,000 | ---D | M] -- C:\Users\m***\AppData\Roaming\newsXpresso
[2012.05.28 10:49:11 | 000,000,000 | ---D | M] -- C:\Users\m***\AppData\Roaming\redsn0w
[2012.09.12 22:55:07 | 000,000,000 | ---D | M] -- C:\Users\m***\AppData\Roaming\Skype
[2012.09.18 19:10:11 | 000,000,000 | ---D | M] -- C:\Users\m***\AppData\Roaming\stickies
[2012.01.19 20:40:15 | 000,000,000 | ---D | M] -- C:\Users\m***\AppData\Roaming\TeamViewer
[2011.11.08 20:28:50 | 000,000,000 | ---D | M] -- C:\Users\m***\AppData\Roaming\Thunderbird
[2012.09.14 22:33:19 | 000,000,000 | ---D | M] -- C:\Users\m***\AppData\Roaming\vlc
[2011.11.15 17:43:16 | 000,000,000 | ---D | M] -- C:\Users\m***\AppData\Roaming\WinRAR
[2012.04.15 08:29:45 | 000,000,000 | ---D | M] -- C:\Users\m***\AppData\Roaming\Xilisoft
 
< %APPDATA%\*.exe /s >
[2012.01.03 20:23:59 | 000,753,664 | ---- | M] (Microsoft) -- C:\Users\m***\AppData\Roaming\DesktopIconForAmazon\IconForAmazon.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2011.04.26 20:07:36 | 000,557,848 | ---- | M] (Intel Corporation) MD5=26CF4275034214ECEDD8EC17B0A18A99 -- C:\Windows\SysNative\drivers\iaStor.sys
[2011.04.26 20:07:36 | 000,557,848 | ---- | M] (Intel Corporation) MD5=26CF4275034214ECEDD8EC17B0A18A99 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_16d1c1de1eca8452\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.07.14 07:35:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.07.14 07:35:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.07.14 07:35:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.07.14 07:35:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.07.14 07:35:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.07.14 07:35:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.07.14 07:35:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.07.14 07:35:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

--- --- ---

Gruß, meheeco

cosinus · 19.09.2012, 14:39

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
FF - user.js - File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1562693020-2495873740-2754528668-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O32 - HKLM CDRom: AutoRun - 1
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

meheeco · 19.09.2012, 19:13

Here we go...

Code:

ATTFilter

All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1562693020-2495873740-2754528668-1005\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\m***\Desktop\cmd.bat deleted successfully.
C:\Users\m***\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: d***
->Temp folder emptied: 40556212 bytes
->Temporary Internet Files folder emptied: 274315692 bytes
->Java cache emptied: 1424125 bytes
->FireFox cache emptied: 983820044 bytes
->Flash cache emptied: 5041 bytes
 
User: m***
->Temp folder emptied: 8146725 bytes
->Temporary Internet Files folder emptied: 436019 bytes
->Java cache emptied: 10089041 bytes
->FireFox cache emptied: 55452183 bytes
->Flash cache emptied: 506 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3772841 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.314,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.63.0 log created on 09192012_200035

Files\Folders moved on Reboot...
C:\Users\m***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\m***\AppData\Local\Temp\MMDUtl.log moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\LMutilps32.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Ich weiß, es ist nicht eure Aufgabe, eure Arbeit hier zu erklären, aber mich würde wirklich interessieren, was genau durch diese Schritte gemacht wurde. Vielleicht kannst du mir das ja in ein paar wenigen Worten erklären oder kannst mir eine Seite oder Anleitung empfehlen, damit ich das ein bisschen nachvollziehen kann. Wenn nicht, ist auch nicht schlimm ;-)

Gruß
meheeco

cosinus · 20.09.2012, 10:52

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

meheeco · 20.09.2012, 19:44

Ich weiß nicht sicher, ob ich das richtig gemacht habe. Der Scan hat keine zwei Minuten gedauert und nach dem ersten Fund war sofort Schluss. Aber hier das Ergebnis:

Code:

ATTFilter

20:35:20.0102 1408  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
20:35:20.0273 1408  ============================================================
20:35:20.0273 1408  Current date / time: 2012/09/20 20:35:20.0273
20:35:20.0273 1408  SystemInfo:
20:35:20.0273 1408  
20:35:20.0273 1408  OS Version: 6.1.7601 ServicePack: 1.0
20:35:20.0273 1408  Product type: Workstation
20:35:20.0273 1408  ComputerName: ****
20:35:20.0273 1408  UserName: M***
20:35:20.0273 1408  Windows directory: C:\Windows
20:35:20.0273 1408  System windows directory: C:\Windows
20:35:20.0273 1408  Running under WOW64
20:35:20.0273 1408  Processor architecture: Intel x64
20:35:20.0273 1408  Number of processors: 4
20:35:20.0273 1408  Page size: 0x1000
20:35:20.0273 1408  Boot type: Normal boot
20:35:20.0273 1408  ============================================================
20:35:20.0694 1408  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:35:20.0694 1408  ============================================================
20:35:20.0694 1408  \Device\Harddisk0\DR0:
20:35:20.0694 1408  MBR partitions:
20:35:20.0694 1408  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2400800, BlocksNum 0x32000
20:35:20.0694 1408  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2432800, BlocksNum 0x37F53000
20:35:20.0694 1408  ============================================================
20:35:20.0726 1408  C: <-> \Device\Harddisk0\DR0\Partition2
20:35:20.0726 1408  ============================================================
20:35:20.0726 1408  Initialize success
20:35:20.0726 1408  ============================================================
20:36:10.0016 6064  ============================================================
20:36:10.0016 6064  Scan started
20:36:10.0016 6064  Mode: Manual; SigCheck; TDLFS; 
20:36:10.0016 6064  ============================================================
20:36:10.0156 6064  ================ Scan system memory ========================
20:36:10.0156 6064  System memory - ok
20:36:10.0156 6064  ================ Scan services =============================
20:36:10.0375 6064  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
20:36:10.0531 6064  1394ohci - ok
20:36:10.0562 6064  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:36:10.0577 6064  ACPI - ok
20:36:10.0593 6064  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:36:10.0687 6064  AcpiPmi - ok
20:36:10.0796 6064  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:36:10.0827 6064  AdobeARMservice - ok
20:36:10.0858 6064  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
20:36:10.0889 6064  adp94xx - ok
20:36:10.0921 6064  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
20:36:10.0936 6064  adpahci - ok
20:36:10.0952 6064  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
20:36:10.0967 6064  adpu320 - ok
20:36:10.0983 6064  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:36:11.0155 6064  AeLookupSvc - ok
20:36:11.0201 6064  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
20:36:11.0264 6064  AFD - ok
20:36:11.0295 6064  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
20:36:11.0311 6064  agp440 - ok
20:36:11.0326 6064  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
20:36:11.0404 6064  ALG - ok
20:36:11.0420 6064  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:36:11.0435 6064  aliide - ok
20:36:11.0467 6064  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
20:36:11.0482 6064  amdide - ok
20:36:11.0498 6064  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
20:36:11.0529 6064  AmdK8 - ok
20:36:11.0529 6064  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
20:36:11.0560 6064  AmdPPM - ok
20:36:11.0576 6064  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:36:11.0576 6064  amdsata - ok
20:36:11.0591 6064  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
20:36:11.0607 6064  amdsbs - ok
20:36:11.0623 6064  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:36:11.0623 6064  amdxata - ok
20:36:11.0654 6064  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
20:36:11.0841 6064  AppID - ok
20:36:11.0872 6064  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:36:11.0903 6064  AppIDSvc - ok
20:36:11.0919 6064  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
20:36:11.0981 6064  Appinfo - ok
20:36:12.0059 6064  [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:36:12.0075 6064  Apple Mobile Device - ok
20:36:12.0122 6064  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
20:36:12.0153 6064  arc - ok
20:36:12.0169 6064  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
20:36:12.0200 6064  arcsas - ok
20:36:12.0215 6064  [ 55142B4F7A7E4C9C151C6000A6BF7809 ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
20:36:12.0262 6064  aswFsBlk - ok
20:36:12.0309 6064  [ AA9FDE3D630160B47DAB21BF8250111C ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
20:36:12.0340 6064  aswMonFlt - ok
20:36:12.0387 6064  [ 2A6675C24DF5159A9506CD13ECE5ABE9 ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
20:36:12.0418 6064  aswRdr - ok
20:36:12.0481 6064  [ 4E38475BDB51A867CCBA7D5DF7FDFC0C ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
20:36:12.0543 6064  aswSnx - ok
20:36:12.0574 6064  [ 9A49D80D65451AF22913AEF772CC3DA9 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
20:36:12.0590 6064  aswSP - ok
20:36:12.0605 6064  [ C3EC420451AC5300A22190AE38418FBA ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
20:36:12.0621 6064  aswTdi - ok
20:36:12.0652 6064  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:36:12.0730 6064  AsyncMac - ok
20:36:12.0761 6064  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
20:36:12.0793 6064  atapi - ok
20:36:12.0886 6064  [ C8679A07267F030704168E45E27C3D43 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
20:36:13.0011 6064  athr - ok
20:36:13.0058 6064  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:36:13.0136 6064  AudioEndpointBuilder - ok
20:36:13.0136 6064  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:36:13.0183 6064  AudioSrv - ok
20:36:13.0276 6064  [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
20:36:13.0292 6064  avast! Antivirus - ok
20:36:13.0339 6064  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:36:13.0370 6064  AxInstSV - ok
20:36:13.0417 6064  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
20:36:13.0479 6064  b06bdrv - ok
20:36:13.0495 6064  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:36:13.0557 6064  b57nd60a - ok
20:36:13.0588 6064  [ A424CB46A145E5AABF15621550976DF2 ] b57xdbd         C:\Windows\system32\DRIVERS\b57xdbd.sys
20:36:13.0604 6064  b57xdbd - ok
20:36:13.0619 6064  [ BE4E6FD5A898812B85D5817AD9754A9F ] b57xdmp         C:\Windows\system32\DRIVERS\b57xdmp.sys
20:36:13.0635 6064  b57xdmp - ok
20:36:13.0666 6064  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:36:13.0713 6064  BDESVC - ok
20:36:13.0729 6064  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:36:13.0807 6064  Beep - ok
20:36:13.0869 6064  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
20:36:13.0947 6064  BFE - ok
20:36:13.0978 6064  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
20:36:14.0025 6064  BITS - ok
20:36:14.0056 6064  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
20:36:14.0087 6064  blbdrive - ok
20:36:14.0150 6064  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:36:14.0181 6064  Bonjour Service - ok
20:36:14.0197 6064  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:36:14.0243 6064  bowser - ok
20:36:14.0275 6064  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
20:36:14.0306 6064  BrFiltLo - ok
20:36:14.0337 6064  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
20:36:14.0353 6064  BrFiltUp - ok
20:36:14.0399 6064  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
20:36:14.0446 6064  Browser - ok
20:36:14.0477 6064  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:36:14.0555 6064  Brserid - ok
20:36:14.0571 6064  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:36:14.0602 6064  BrSerWdm - ok
20:36:14.0602 6064  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:36:14.0649 6064  BrUsbMdm - ok
20:36:14.0649 6064  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:36:14.0665 6064  BrUsbSer - ok
20:36:14.0711 6064  [ 0970D8B7151E9113BF8D44CE2E954DF7 ] bScsiMSa        C:\Windows\system32\DRIVERS\bScsiMSa.sys
20:36:14.0727 6064  bScsiMSa - ok
20:36:14.0758 6064  [ 0C1EEE5AF32402D306874B110DE237EC ] bScsiSDa        C:\Windows\system32\DRIVERS\bScsiSDa.sys
20:36:14.0774 6064  bScsiSDa - ok
20:36:14.0789 6064  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
20:36:14.0821 6064  BTHMODEM - ok
20:36:14.0852 6064  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
20:36:14.0914 6064  bthserv - ok
20:36:14.0945 6064  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:36:15.0023 6064  cdfs - ok
20:36:15.0055 6064  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:36:15.0070 6064  cdrom - ok
20:36:15.0117 6064  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
20:36:15.0195 6064  CertPropSvc - ok
20:36:15.0242 6064  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
20:36:15.0304 6064  circlass - ok
20:36:15.0304 6064  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
20:36:15.0335 6064  CLFS - ok
20:36:15.0398 6064  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:36:15.0429 6064  clr_optimization_v2.0.50727_32 - ok
20:36:15.0445 6064  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:36:15.0460 6064  clr_optimization_v2.0.50727_64 - ok
20:36:15.0538 6064  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:36:15.0569 6064  clr_optimization_v4.0.30319_32 - ok
20:36:15.0585 6064  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:36:15.0601 6064  clr_optimization_v4.0.30319_64 - ok
20:36:15.0632 6064  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
20:36:15.0663 6064  CmBatt - ok
20:36:15.0663 6064  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:36:15.0679 6064  cmdide - ok
20:36:15.0725 6064  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
20:36:15.0772 6064  CNG - ok
20:36:15.0803 6064  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
20:36:15.0819 6064  Compbatt - ok
20:36:15.0850 6064  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
20:36:15.0866 6064  CompositeBus - ok
20:36:15.0881 6064  COMSysApp - ok
20:36:15.0897 6064  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
20:36:15.0913 6064  crcdisk - ok
20:36:15.0944 6064  [ 4F5414602E2544A4554D95517948B705 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:36:15.0991 6064  CryptSvc - ok
20:36:16.0022 6064  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:36:16.0084 6064  DcomLaunch - ok
20:36:16.0100 6064  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
20:36:16.0147 6064  defragsvc - ok
20:36:16.0178 6064  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:36:16.0209 6064  DfsC - ok
20:36:16.0240 6064  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:36:16.0287 6064  Dhcp - ok
20:36:16.0318 6064  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
20:36:16.0365 6064  discache - ok
20:36:16.0396 6064  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
20:36:16.0412 6064  Disk - ok
20:36:16.0427 6064  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:36:16.0459 6064  Dnscache - ok
20:36:16.0505 6064  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:36:16.0599 6064  dot3svc - ok
20:36:16.0599 6064  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
20:36:16.0630 6064  DPS - ok
20:36:16.0661 6064  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:36:16.0677 6064  drmkaud - ok
20:36:16.0724 6064  [ 9DD3A22F804697606C2B7FF9E912FF6B ] DsiWMIService   C:\Program Files (x86)\Launch Manager\dsiwmis.exe
20:36:16.0739 6064  DsiWMIService - ok
20:36:16.0771 6064  dtpd - ok
20:36:16.0817 6064  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:36:16.0864 6064  DXGKrnl - ok
20:36:16.0895 6064  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
20:36:16.0942 6064  EapHost - ok
20:36:17.0020 6064  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
20:36:17.0161 6064  ebdrv - ok
20:36:17.0192 6064  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
20:36:17.0239 6064  EFS - ok
20:36:17.0285 6064  [ 5332EC2BA1C112BD4BB1F38127848FEF ] EgisTec Ticket Service C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
20:36:17.0317 6064  EgisTec Ticket Service - ok
20:36:17.0363 6064  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:36:17.0426 6064  ehRecvr - ok
20:36:17.0441 6064  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
20:36:17.0473 6064  ehSched - ok
20:36:17.0535 6064  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
20:36:17.0582 6064  elxstor - ok
20:36:17.0644 6064  [ 48425C93B6F36529707206E4FA680CF3 ] ePowerSvc       C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
20:36:17.0707 6064  ePowerSvc - ok
20:36:17.0707 6064  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:36:17.0738 6064  ErrDev - ok
20:36:17.0785 6064  [ DBAA0C650C9549DC5C599D1E81DEDAAD ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
20:36:17.0816 6064  ETD - ok
20:36:17.0847 6064  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
20:36:17.0894 6064  EventSystem - ok
20:36:17.0909 6064  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
20:36:17.0941 6064  exfat - ok
20:36:17.0972 6064  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:36:18.0003 6064  fastfat - ok
20:36:18.0034 6064  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
20:36:18.0097 6064  Fax - ok
20:36:18.0112 6064  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
20:36:18.0128 6064  fdc - ok
20:36:18.0143 6064  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
20:36:18.0190 6064  fdPHost - ok
20:36:18.0190 6064  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:36:18.0221 6064  FDResPub - ok
20:36:18.0253 6064  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:36:18.0253 6064  FileInfo - ok
20:36:18.0268 6064  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:36:18.0346 6064  Filetrace - ok
20:36:18.0409 6064  [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:36:18.0455 6064  FLEXnet Licensing Service - ok
20:36:18.0471 6064  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
20:36:18.0487 6064  flpydisk - ok
20:36:18.0487 6064  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:36:18.0502 6064  FltMgr - ok
20:36:18.0533 6064  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
20:36:18.0596 6064  FontCache - ok
20:36:18.0627 6064  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:36:18.0658 6064  FontCache3.0.0.0 - ok
20:36:18.0674 6064  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:36:18.0689 6064  FsDepends - ok
20:36:18.0721 6064  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:36:18.0721 6064  Fs_Rec - ok
20:36:18.0752 6064  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:36:18.0767 6064  fvevol - ok
20:36:18.0799 6064  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
20:36:18.0799 6064  gagp30kx - ok
20:36:18.0845 6064  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:36:18.0877 6064  GEARAspiWDM - ok
20:36:18.0939 6064  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
20:36:19.0017 6064  gpsvc - ok
20:36:19.0111 6064  [ C9B2D1D3F86FD3673EF847DEF73B6F9E ] GREGService     C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
20:36:19.0142 6064  GREGService - ok
20:36:19.0251 6064  [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
20:36:19.0282 6064  gusvc - ok
20:36:19.0329 6064  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:36:19.0391 6064  hcw85cir - ok
20:36:19.0407 6064  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:36:19.0438 6064  HdAudAddService - ok
20:36:19.0469 6064  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
20:36:19.0516 6064  HDAudBus - ok
20:36:19.0516 6064  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
20:36:19.0532 6064  HidBatt - ok
20:36:19.0532 6064  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
20:36:19.0547 6064  HidBth - ok
20:36:19.0563 6064  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
20:36:19.0579 6064  HidIr - ok
20:36:19.0610 6064  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
20:36:19.0688 6064  hidserv - ok
20:36:19.0703 6064  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:36:19.0719 6064  HidUsb - ok
20:36:19.0750 6064  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:36:19.0797 6064  hkmsvc - ok
20:36:19.0813 6064  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:36:19.0859 6064  HomeGroupListener - ok
20:36:19.0891 6064  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:36:19.0953 6064  HomeGroupProvider - ok
20:36:19.0984 6064  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:36:20.0000 6064  HpSAMD - ok
20:36:20.0015 6064  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:36:20.0109 6064  HTTP - ok
20:36:20.0140 6064  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:36:20.0156 6064  hwpolicy - ok
20:36:20.0171 6064  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
20:36:20.0187 6064  i8042prt - ok
20:36:20.0218 6064  [ 26CF4275034214ECEDD8EC17B0A18A99 ] iaStor          C:\Windows\system32\drivers\iaStor.sys
20:36:20.0234 6064  iaStor - ok
20:36:20.0296 6064  [ E79A8E33BD136D14BAE1FA20EB2EF124 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
20:36:20.0327 6064  IAStorDataMgrSvc - ok
20:36:20.0359 6064  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:36:20.0390 6064  iaStorV - ok
20:36:20.0437 6064  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:36:20.0499 6064  idsvc - ok
20:36:20.0749 6064  [ 9937600A1584FF00565D5379EB4C9EDB ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
20:36:21.0061 6064  igfx - ok
20:36:21.0076 6064  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
20:36:21.0092 6064  iirsp - ok
20:36:21.0107 6064  iked - ok
20:36:21.0139 6064  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
20:36:21.0201 6064  IKEEXT - ok
20:36:21.0310 6064  [ 1CE438B31551746AB450D8FFA403BDB5 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:36:21.0388 6064  IntcAzAudAddService - ok
20:36:21.0435 6064  [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
20:36:21.0451 6064  IntcDAud - ok
20:36:21.0466 6064  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
20:36:21.0482 6064  intelide - ok
20:36:21.0513 6064  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:36:21.0529 6064  intelppm - ok
20:36:21.0560 6064  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:36:21.0638 6064  IPBusEnum - ok
20:36:21.0653 6064  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:36:21.0685 6064  IpFilterDriver - ok
20:36:21.0700 6064  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:36:21.0747 6064  iphlpsvc - ok
20:36:21.0747 6064  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:36:21.0763 6064  IPMIDRV - ok
20:36:21.0763 6064  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:36:21.0794 6064  IPNAT - ok
20:36:21.0872 6064  [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
20:36:21.0934 6064  iPod Service - ok
20:36:21.0950 6064  ipsecd - ok
20:36:21.0981 6064  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:36:22.0012 6064  IRENUM - ok
20:36:22.0028 6064  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:36:22.0043 6064  isapnp - ok
20:36:22.0075 6064  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:36:22.0090 6064  iScsiPrt - ok
20:36:22.0137 6064  [ 455B75C19BF3F1F2EE3AC10E1169826C ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
20:36:22.0168 6064  k57nd60a - ok
20:36:22.0199 6064  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
20:36:22.0199 6064  kbdclass - ok
20:36:22.0215 6064  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
20:36:22.0246 6064  kbdhid - ok
20:36:22.0246 6064  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
20:36:22.0262 6064  KeyIso - ok
20:36:22.0277 6064  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:36:22.0293 6064  KSecDD - ok
20:36:22.0309 6064  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:36:22.0309 6064  KSecPkg - ok
20:36:22.0340 6064  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:36:22.0433 6064  ksthunk - ok
20:36:22.0465 6064  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:36:22.0511 6064  KtmRm - ok
20:36:22.0558 6064  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:36:22.0636 6064  LanmanServer - ok
20:36:22.0652 6064  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:36:22.0699 6064  LanmanWorkstation - ok
20:36:22.0745 6064  [ B705C7097F9A0EC941D02DCE7C7D426C ] Live Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
20:36:22.0777 6064  Live Updater Service - ok
20:36:22.0823 6064  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:36:22.0855 6064  lltdio - ok
20:36:22.0886 6064  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:36:22.0948 6064  lltdsvc - ok
20:36:22.0964 6064  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:36:22.0995 6064  lmhosts - ok
20:36:23.0042 6064  [ 50C7CE53EF461870410355F1F2E7D515 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
20:36:23.0073 6064  LMS - ok
20:36:23.0104 6064  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
20:36:23.0120 6064  LSI_FC - ok
20:36:23.0135 6064  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
20:36:23.0135 6064  LSI_SAS - ok
20:36:23.0151 6064  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
20:36:23.0167 6064  LSI_SAS2 - ok
20:36:23.0167 6064  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
20:36:23.0167 6064  LSI_SCSI - ok
20:36:23.0198 6064  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
20:36:23.0229 6064  luafv - ok
20:36:23.0260 6064  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:36:23.0276 6064  Mcx2Svc - ok
20:36:23.0291 6064  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
20:36:23.0291 6064  megasas - ok
20:36:23.0307 6064  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
20:36:23.0323 6064  MegaSR - ok
20:36:23.0369 6064  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
20:36:23.0401 6064  MEIx64 - ok
20:36:23.0416 6064  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
20:36:23.0463 6064  MMCSS - ok
20:36:23.0479 6064  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
20:36:23.0525 6064  Modem - ok
20:36:23.0557 6064  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:36:23.0572 6064  monitor - ok
20:36:23.0603 6064  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:36:23.0619 6064  mouclass - ok
20:36:23.0635 6064  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:36:23.0650 6064  mouhid - ok
20:36:23.0666 6064  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:36:23.0681 6064  mountmgr - ok
20:36:23.0775 6064  [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:36:23.0791 6064  MozillaMaintenance - ok
20:36:23.0822 6064  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:36:23.0837 6064  mpio - ok
20:36:23.0837 6064  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:36:23.0869 6064  mpsdrv - ok
20:36:23.0900 6064  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:36:23.0947 6064  MpsSvc - ok
20:36:23.0962 6064  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:36:23.0978 6064  MRxDAV - ok
20:36:23.0993 6064  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:36:24.0025 6064  mrxsmb - ok
20:36:24.0040 6064  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:36:24.0071 6064  mrxsmb10 - ok
20:36:24.0071 6064  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:36:24.0087 6064  mrxsmb20 - ok
20:36:24.0103 6064  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:36:24.0103 6064  msahci - ok
20:36:24.0118 6064  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:36:24.0134 6064  msdsm - ok
20:36:24.0149 6064  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
20:36:24.0165 6064  MSDTC - ok
20:36:24.0196 6064  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:36:24.0212 6064  Msfs - ok
20:36:24.0227 6064  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:36:24.0259 6064  mshidkmdf - ok
20:36:24.0274 6064  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:36:24.0290 6064  msisadrv - ok
20:36:24.0321 6064  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:36:24.0352 6064  MSiSCSI - ok
20:36:24.0352 6064  msiserver - ok
20:36:24.0368 6064  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:36:24.0415 6064  MSKSSRV - ok
20:36:24.0430 6064  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:36:24.0461 6064  MSPCLOCK - ok
20:36:24.0477 6064  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:36:24.0524 6064  MSPQM - ok
20:36:24.0539 6064  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:36:24.0555 6064  MsRPC - ok
20:36:24.0571 6064  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
20:36:24.0571 6064  mssmbios - ok
20:36:24.0571 6064  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:36:24.0617 6064  MSTEE - ok
20:36:24.0633 6064  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
20:36:24.0680 6064  MTConfig - ok
20:36:24.0695 6064  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
20:36:24.0711 6064  Mup - ok
20:36:24.0727 6064  [ C009123B206C56854F4E88596035231D ] mwlPSDFilter    C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
20:36:24.0727 6064  mwlPSDFilter - ok
20:36:24.0742 6064  [ BF3739EEB9F008B1DEBAC115089A53F8 ] mwlPSDNServ     C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
20:36:24.0758 6064  mwlPSDNServ - ok
20:36:24.0758 6064  [ 38DD143D95E7A01B86F219DDA9C28779 ] mwlPSDVDisk     C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
20:36:24.0773 6064  mwlPSDVDisk - ok
20:36:24.0789 6064  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
20:36:24.0851 6064  napagent - ok
20:36:24.0898 6064  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:36:24.0945 6064  NativeWifiP - ok
20:36:25.0007 6064  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:36:25.0070 6064  NDIS - ok
20:36:25.0117 6064  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:36:25.0148 6064  NdisCap - ok
20:36:25.0179 6064  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:36:25.0195 6064  NdisTapi - ok
20:36:25.0241 6064  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:36:25.0304 6064  Ndisuio - ok
20:36:25.0335 6064  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:36:25.0397 6064  NdisWan - ok
20:36:25.0413 6064  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:36:25.0429 6064  NDProxy - ok
20:36:25.0444 6064  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:36:25.0491 6064  NetBIOS - ok
20:36:25.0507 6064  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:36:25.0522 6064  NetBT - ok
20:36:25.0538 6064  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
20:36:25.0553 6064  Netlogon - ok
20:36:25.0585 6064  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
20:36:25.0631 6064  Netman - ok
20:36:25.0631 6064  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
20:36:25.0678 6064  netprofm - ok
20:36:25.0709 6064  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:36:25.0741 6064  NetTcpPortSharing - ok
20:36:25.0756 6064  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
20:36:25.0772 6064  nfrd960 - ok
20:36:25.0803 6064  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:36:25.0865 6064  NlaSvc - ok
20:36:25.0881 6064  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:36:25.0897 6064  Npfs - ok
20:36:25.0912 6064  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
20:36:25.0959 6064  nsi - ok
20:36:25.0975 6064  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:36:26.0006 6064  nsiproxy - ok
20:36:26.0037 6064  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:36:26.0084 6064  Ntfs - ok
20:36:26.0177 6064  [ D27A4546417ED7C4AEA7B3420D4F1F50 ] NTI IScheduleSvc C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
20:36:26.0209 6064  NTI IScheduleSvc - ok
20:36:26.0240 6064  [ EE3BA1024594D5D09E314F206B94069E ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
20:36:26.0240 6064  NTIDrvr - ok
20:36:26.0255 6064  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
20:36:26.0287 6064  Null - ok
20:36:26.0536 6064  [ 45DA83C70A95E35AF2BD0E9A7E7C2E85 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:36:26.0879 6064  nvlddmkm - ok
20:36:26.0911 6064  [ BF74A50ABA7F3396B33FEF9CD039601E ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
20:36:26.0911 6064  nvpciflt - ok
20:36:26.0942 6064  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:36:26.0957 6064  nvraid - ok
20:36:26.0973 6064  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:36:26.0973 6064  nvstor - ok
20:36:27.0035 6064  [ 2F8DD53A00131F9DCDC8FFFD6BB67DB0 ] nvsvc           C:\Windows\system32\nvvsvc.exe
20:36:27.0067 6064  nvsvc - ok
20:36:27.0176 6064  [ C97CC4B1A00E94494093C08A39BC33FC ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
20:36:27.0238 6064  nvUpdatusService - ok
20:36:27.0254 6064  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:36:27.0269 6064  nv_agp - ok
20:36:27.0347 6064  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:36:27.0394 6064  odserv - ok
20:36:27.0425 6064  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:36:27.0441 6064  ohci1394 - ok
20:36:27.0488 6064  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:36:27.0519 6064  ose - ok
20:36:27.0550 6064  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:36:27.0597 6064  p2pimsvc - ok
20:36:27.0613 6064  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
20:36:27.0644 6064  p2psvc - ok
20:36:27.0644 6064  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
20:36:27.0659 6064  Parport - ok
20:36:27.0691 6064  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:36:27.0691 6064  partmgr - ok
20:36:27.0706 6064  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:36:27.0737 6064  PcaSvc - ok
20:36:27.0753 6064  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
20:36:27.0769 6064  pci - ok
20:36:27.0800 6064  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
20:36:27.0800 6064  pciide - ok
20:36:27.0815 6064  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
20:36:27.0831 6064  pcmcia - ok
20:36:27.0847 6064  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:36:27.0847 6064  pcw - ok
20:36:27.0878 6064  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:36:27.0925 6064  PEAUTH - ok
20:36:28.0018 6064  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:36:28.0065 6064  PerfHost - ok
20:36:28.0112 6064  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
20:36:28.0205 6064  pla - ok
20:36:28.0221 6064  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:36:28.0268 6064  PlugPlay - ok
20:36:28.0283 6064  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:36:28.0299 6064  PNRPAutoReg - ok
20:36:28.0330 6064  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:36:28.0346 6064  PNRPsvc - ok
20:36:28.0361 6064  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:36:28.0408 6064  PolicyAgent - ok
20:36:28.0424 6064  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
20:36:28.0471 6064  Power - ok
20:36:28.0502 6064  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:36:28.0564 6064  PptpMiniport - ok
20:36:28.0580 6064  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
20:36:28.0611 6064  Processor - ok
20:36:28.0642 6064  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:36:28.0689 6064  ProfSvc - ok
20:36:28.0689 6064  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:36:28.0705 6064  ProtectedStorage - ok
20:36:28.0720 6064  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:36:28.0767 6064  Psched - ok
20:36:28.0814 6064  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
20:36:28.0876 6064  ql2300 - ok
20:36:28.0892 6064  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
20:36:28.0907 6064  ql40xx - ok
20:36:28.0923 6064  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
20:36:28.0939 6064  QWAVE - ok
20:36:28.0939 6064  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:36:28.0970 6064  QWAVEdrv - ok
20:36:28.0970 6064  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:36:29.0017 6064  RasAcd - ok
20:36:29.0048 6064  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:36:29.0063 6064  RasAgileVpn - ok
20:36:29.0095 6064  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
20:36:29.0141 6064  RasAuto - ok
20:36:29.0157 6064  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:36:29.0188 6064  Rasl2tp - ok
20:36:29.0219 6064  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
20:36:29.0251 6064  RasMan - ok
20:36:29.0251 6064  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:36:29.0297 6064  RasPppoe - ok
20:36:29.0297 6064  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:36:29.0329 6064  RasSstp - ok
20:36:29.0344 6064  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:36:29.0375 6064  rdbss - ok
20:36:29.0391 6064  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
20:36:29.0407 6064  rdpbus - ok
20:36:29.0422 6064  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:36:29.0453 6064  RDPCDD - ok
20:36:29.0469 6064  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:36:29.0485 6064  RDPENCDD - ok
20:36:29.0500 6064  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:36:29.0531 6064  RDPREFMP - ok
20:36:29.0563 6064  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:36:29.0578 6064  RDPWD - ok
20:36:29.0625 6064  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:36:29.0625 6064  rdyboost - ok
20:36:29.0656 6064  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:36:29.0687 6064  RemoteAccess - ok
20:36:29.0734 6064  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:36:29.0828 6064  RemoteRegistry - ok
20:36:29.0843 6064  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:36:29.0875 6064  RpcEptMapper - ok
20:36:29.0906 6064  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
20:36:29.0937 6064  RpcLocator - ok
20:36:29.0968 6064  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
20:36:30.0015 6064  RpcSs - ok
20:36:30.0046 6064  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:36:30.0124 6064  rspndr - ok
20:36:30.0124 6064  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
20:36:30.0155 6064  SamSs - ok
20:36:30.0171 6064  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:36:30.0171 6064  sbp2port - ok
20:36:30.0202 6064  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:36:30.0233 6064  SCardSvr - ok
20:36:30.0249 6064  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:36:30.0280 6064  scfilter - ok
20:36:30.0311 6064  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
20:36:30.0374 6064  Schedule - ok
20:36:30.0405 6064  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:36:30.0421 6064  SCPolicySvc - ok
20:36:30.0452 6064  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
20:36:30.0467 6064  sdbus - ok
20:36:30.0483 6064  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:36:30.0530 6064  SDRSVC - ok
20:36:30.0545 6064  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:36:30.0592 6064  secdrv - ok
20:36:30.0592 6064  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
20:36:30.0623 6064  seclogon - ok
20:36:30.0639 6064  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
20:36:30.0670 6064  SENS - ok
20:36:30.0670 6064  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:36:30.0701 6064  SensrSvc - ok
20:36:30.0733 6064  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
20:36:30.0764 6064  Serenum - ok
20:36:30.0795 6064  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
20:36:30.0811 6064  Serial - ok
20:36:30.0826 6064  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
20:36:30.0842 6064  sermouse - ok
20:36:30.0873 6064  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:36:30.0920 6064  SessionEnv - ok
20:36:30.0920 6064  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:36:30.0951 6064  sffdisk - ok
20:36:30.0951 6064  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:36:30.0967 6064  sffp_mmc - ok
20:36:30.0967 6064  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:36:30.0998 6064  sffp_sd - ok
20:36:31.0013 6064  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
20:36:31.0029 6064  sfloppy - ok
20:36:31.0045 6064  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:36:31.0091 6064  SharedAccess - ok
20:36:31.0107 6064  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:36:31.0154 6064  ShellHWDetection - ok
20:36:31.0185 6064  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
20:36:31.0185 6064  SiSRaid2 - ok
20:36:31.0185 6064  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
20:36:31.0201 6064  SiSRaid4 - ok
20:36:31.0263 6064  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
20:36:31.0294 6064  SkypeUpdate - ok
20:36:31.0310 6064  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:36:31.0357 6064  Smb - ok
20:36:31.0403 6064  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:36:31.0419 6064  SNMPTRAP - ok
20:36:31.0450 6064  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:36:31.0466 6064  spldr - ok
20:36:31.0497 6064  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
20:36:31.0528 6064  Spooler - ok
20:36:31.0591 6064  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
20:36:31.0700 6064  sppsvc - ok
20:36:31.0715 6064  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:36:31.0747 6064  sppuinotify - ok
20:36:31.0809 6064  [ D519AD2DE7968CD2B47FEA807C5B29B2 ] sptd            C:\Windows\System32\Drivers\sptd.sys
20:36:31.0809 6064  Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: D519AD2DE7968CD2B47FEA807C5B29B2
20:36:31.0809 6064  sptd ( LockedFile.Multi.Generic ) - warning
20:36:31.0809 6064  sptd - detected LockedFile.Multi.Generic (1)
20:36:31.0856 6064  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:36:31.0934 6064  srv - ok
20:36:31.0949 6064  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:36:31.0981 6064  srv2 - ok
20:36:31.0981 6064  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:36:31.0996 6064  srvnet - ok
20:36:32.0027 6064  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:36:32.0074 6064  SSDPSRV - ok
20:36:32.0074 6064  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:36:32.0105 6064  SstpSvc - ok
20:36:32.0121 6064  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
20:36:32.0137 6064  stexstor - ok
20:36:32.0168 6064  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
20:36:32.0199 6064  stisvc - ok
20:36:32.0215 6064  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
20:36:32.0230 6064  swenum - ok
20:36:32.0246 6064  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
20:36:32.0293 6064  swprv - ok
20:36:32.0324 6064  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
20:36:32.0402 6064  SysMain - ok
20:36:32.0417 6064  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:36:32.0433 6064  TabletInputService - ok
20:36:32.0433 6064  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:36:32.0464 6064  TapiSrv - ok
20:36:32.0464 6064  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
20:36:32.0511 6064  TBS - ok
20:36:32.0605 6064  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:36:32.0714 6064  Tcpip - ok
20:36:32.0745 6064  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:36:32.0776 6064  TCPIP6 - ok
20:36:32.0807 6064  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:36:32.0885 6064  tcpipreg - ok
20:36:32.0885 6064  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:36:32.0917 6064  TDPIPE - ok
20:36:32.0948 6064  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:36:32.0948 6064  TDTCP - ok
20:36:32.0979 6064  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:36:33.0010 6064  tdx - ok
20:36:33.0166 6064  [ A4D2CE94B028EF1E437CF4AC3D8FF26C ] TeamViewer7     C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
20:36:33.0275 6064  TeamViewer7 - ok
20:36:33.0291 6064  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
20:36:33.0291 6064  TermDD - ok
20:36:33.0338 6064  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
20:36:33.0416 6064  TermService - ok
20:36:33.0431 6064  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
20:36:33.0447 6064  Themes - ok
20:36:33.0463 6064  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
20:36:33.0494 6064  THREADORDER - ok
20:36:33.0509 6064  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
20:36:33.0541 6064  TrkWks - ok
20:36:33.0587 6064  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:36:33.0665 6064  TrustedInstaller - ok
20:36:33.0681 6064  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:36:33.0728 6064  tssecsrv - ok
20:36:33.0759 6064  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:36:33.0775 6064  TsUsbFlt - ok
20:36:33.0775 6064  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
20:36:33.0790 6064  TsUsbGD - ok
20:36:33.0821 6064  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:36:33.0868 6064  tunnel - ok
20:36:33.0899 6064  [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB          C:\Windows\system32\DRIVERS\TurboB.sys
20:36:33.0915 6064  TurboB - ok
20:36:33.0946 6064  [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
20:36:33.0946 6064  TurboBoost - ok
20:36:33.0962 6064  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
20:36:33.0977 6064  uagp35 - ok
20:36:33.0993 6064  [ A17D5E1A6DF4EAB0A480F2C490DE4C9D ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
20:36:34.0009 6064  UBHelper - ok
20:36:34.0024 6064  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:36:34.0071 6064  udfs - ok
20:36:34.0087 6064  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:36:34.0102 6064  UI0Detect - ok
20:36:34.0118 6064  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:36:34.0133 6064  uliagpkx - ok
20:36:34.0165 6064  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
20:36:34.0180 6064  umbus - ok
20:36:34.0211 6064  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
20:36:34.0243 6064  UmPass - ok
20:36:34.0352 6064  [ 374EBDA379A8F38E0CFC2211611E7167 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
20:36:34.0430 6064  UNS - ok
20:36:34.0461 6064  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
20:36:34.0508 6064  upnphost - ok
20:36:34.0539 6064  [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
20:36:34.0570 6064  USBAAPL64 - ok
20:36:34.0601 6064  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:36:34.0633 6064  usbccgp - ok
20:36:34.0648 6064  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:36:34.0664 6064  usbcir - ok
20:36:34.0679 6064  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
20:36:34.0711 6064  usbehci - ok
20:36:34.0726 6064  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\drivers\usbhub.sys
20:36:34.0742 6064  usbhub - ok
20:36:34.0742 6064  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
20:36:34.0773 6064  usbohci - ok
20:36:34.0789 6064  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:36:34.0820 6064  usbprint - ok
20:36:34.0851 6064  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
20:36:34.0898 6064  usbscan - ok
20:36:34.0898 6064  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:36:34.0929 6064  USBSTOR - ok
20:36:34.0960 6064  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
20:36:34.0976 6064  usbuhci - ok
20:36:35.0007 6064  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
20:36:35.0023 6064  usbvideo - ok
20:36:35.0038 6064  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
20:36:35.0069 6064  UxSms - ok
20:36:35.0101 6064  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
20:36:35.0101 6064  VaultSvc - ok
20:36:35.0116 6064  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:36:35.0132 6064  vdrvroot - ok
20:36:35.0147 6064  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
20:36:35.0194 6064  vds - ok
20:36:35.0241 6064  [ 70EB327D68D7CEC357B734B0BE5B4A21 ] vflt            C:\Windows\system32\DRIVERS\vfilter.sys
20:36:35.0272 6064  vflt - ok
20:36:35.0303 6064  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:36:35.0350 6064  vga - ok
20:36:35.0366 6064  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:36:35.0397 6064  VgaSave - ok
20:36:35.0413 6064  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:36:35.0413 6064  vhdmp - ok
20:36:35.0428 6064  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:36:35.0444 6064  viaide - ok
20:36:35.0459 6064  [ 71BF90872B6A7B34A26F4794DDA7AEC3 ] vnet            C:\Windows\system32\DRIVERS\virtualnet.sys
20:36:35.0475 6064  vnet - ok
20:36:35.0506 6064  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:36:35.0537 6064  volmgr - ok
20:36:35.0553 6064  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:36:35.0569 6064  volmgrx - ok
20:36:35.0569 6064  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:36:35.0584 6064  volsnap - ok
20:36:35.0615 6064  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
20:36:35.0631 6064  vsmraid - ok
20:36:35.0693 6064  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
20:36:35.0803 6064  VSS - ok
20:36:35.0818 6064  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
20:36:35.0865 6064  vwifibus - ok
20:36:35.0896 6064  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
20:36:35.0927 6064  vwififlt - ok
20:36:35.0927 6064  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
20:36:35.0959 6064  W32Time - ok
20:36:35.0974 6064  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
20:36:35.0990 6064  WacomPen - ok
20:36:36.0005 6064  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:36:36.0052 6064  WANARP - ok
20:36:36.0052 6064  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:36:36.0068 6064  Wanarpv6 - ok
20:36:36.0115 6064  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
20:36:36.0161 6064  WatAdminSvc - ok
20:36:36.0224 6064  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
20:36:36.0333 6064  wbengine - ok
20:36:36.0333 6064  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:36:36.0364 6064  WbioSrvc - ok
20:36:36.0364 6064  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:36:36.0395 6064  wcncsvc - ok
20:36:36.0395 6064  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:36:36.0427 6064  WcsPlugInService - ok
20:36:36.0458 6064  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
20:36:36.0458 6064  Wd - ok
20:36:36.0489 6064  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:36:36.0505 6064  Wdf01000 - ok
20:36:36.0520 6064  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:36:36.0629 6064  WdiServiceHost - ok
20:36:36.0629 6064  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:36:36.0661 6064  WdiSystemHost - ok
20:36:36.0676 6064  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
20:36:36.0707 6064  WebClient - ok
20:36:36.0723 6064  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:36:36.0754 6064  Wecsvc - ok
20:36:36.0754 6064  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:36:36.0785 6064  wercplsupport - ok
20:36:36.0801 6064  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:36:36.0832 6064  WerSvc - ok
20:36:36.0848 6064  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:36:36.0879 6064  WfpLwf - ok
20:36:36.0895 6064  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:36:36.0910 6064  WIMMount - ok
20:36:36.0926 6064  WinDefend - ok
20:36:36.0926 6064  WinHttpAutoProxySvc - ok
20:36:36.0973 6064  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:36:37.0035 6064  Winmgmt - ok
20:36:37.0113 6064  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
20:36:37.0191 6064  WinRM - ok
20:36:37.0222 6064  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
20:36:37.0238 6064  WinUsb - ok
20:36:37.0269 6064  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:36:37.0347 6064  Wlansvc - ok
20:36:37.0394 6064  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:36:37.0409 6064  wlcrasvc - ok
20:36:37.0472 6064  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:36:37.0565 6064  wlidsvc - ok
20:36:37.0581 6064  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
20:36:37.0628 6064  WmiAcpi - ok
20:36:37.0659 6064  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:36:37.0675 6064  wmiApSrv - ok
20:36:37.0706 6064  WMPNetworkSvc - ok
20:36:37.0753 6064  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:36:37.0768 6064  WPCSvc - ok
20:36:37.0784 6064  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:36:37.0815 6064  WPDBusEnum - ok
20:36:37.0831 6064  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:36:37.0862 6064  ws2ifsl - ok
20:36:37.0862 6064  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
20:36:37.0893 6064  wscsvc - ok
20:36:37.0893 6064  WSearch - ok
20:36:37.0955 6064  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:36:38.0002 6064  wuauserv - ok
20:36:38.0018 6064  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:36:38.0049 6064  WudfPf - ok
20:36:38.0096 6064  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:36:38.0174 6064  WUDFRd - ok
20:36:38.0205 6064  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:36:38.0236 6064  wudfsvc - ok
20:36:38.0252 6064  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:36:38.0267 6064  WwanSvc - ok
20:36:38.0299 6064  ================ Scan global ===============================
20:36:38.0330 6064  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:36:38.0361 6064  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
20:36:38.0377 6064  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
20:36:38.0408 6064  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:36:38.0439 6064  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:36:38.0455 6064  [Global] - ok
20:36:38.0455 6064  ================ Scan MBR ==================================
20:36:38.0470 6064  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:36:39.0094 6064  \Device\Harddisk0\DR0 - ok
20:36:39.0094 6064  ================ Scan VBR ==================================
20:36:39.0094 6064  [ 4851AD27DA656F8B1D52FE46DBE3EFF1 ] \Device\Harddisk0\DR0\Partition1
20:36:39.0110 6064  \Device\Harddisk0\DR0\Partition1 - ok
20:36:39.0141 6064  [ D2A65656FC4A9C053E8991782AA1C9B2 ] \Device\Harddisk0\DR0\Partition2
20:36:39.0141 6064  \Device\Harddisk0\DR0\Partition2 - ok
20:36:39.0141 6064  ============================================================
20:36:39.0141 6064  Scan finished
20:36:39.0141 6064  ============================================================
20:36:39.0172 3384  Detected object count: 1
20:36:39.0172 3384  Actual detected object count: 1
20:37:30.0294 3384  sptd ( LockedFile.Multi.Generic ) - skipped by user
20:37:30.0294 3384  sptd ( LockedFile.Multi.Generic ) - User select action: Skip

15.09.2012, 12:41	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Malware.Packer.GenX bei Alcohol 120% Testversion Die Logs von Avast sind nur gut versteckt => Hinweis avast! 7 / 6 / 5 / 4 - Häufig gestelle Fragen und Wissensdatenbank __________________ Logfiles bitte immer in CODE-Tags posten

Malware.Packer.GenX bei Alcohol 120% Testversion

Log-Analyse und Auswertung: Malware.Packer.GenX bei Alcohol 120% Testversion