| |
| |||||||
Log-Analyse und Auswertung: Virus tr/psw.zbotWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
27.01.2013, 20:33
| #31 |
| /// TB-Ausbilder   |  Virus tr/psw.zbot Servus, wie läuft dein Rechner derzeit? Gibt es noch Probleme, die auf Malware hindeuten? Wenn ja, welche? Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop. Download Mirror # 1
|
|
28.01.2013, 14:18
| #32 |
 | Virus tr/psw.zbot Hallo,
__________________der Internet Explorer funktioniert immer noch nicht. Gehe weiterhin über InPrivate ins Net. Hast Du eventuell dazu eine Lösung? SystemLook 30.07.11 by jpshortstuff Log created at 14:12 on 28/01/2013 by mkoch Administrator - Elevation successful ========== filefind ========== Searching for "*softonic*" C:\Users\mkoch\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\TCDZBJDG\norton-internet-security.softonic[1].xml --a---- 21305 bytes [12:35 14/02/2012] [12:35 14/02/2012] DA9D1EAE19E5857EE7AF6517B252E866 C:\Users\mkoch\AppData\Roaming\Microsoft\Windows\Cookies\Low\mkoch@adobe-photoshop.softonic[1].txt --a---- 101 bytes [11:06 07/10/2010] [11:06 07/10/2010] B57BD06E22933A583009123C51019EF7 Searching for "*yontoo*" No files found. ========== folderfind ========== Searching for "*softonic*" No folders found. Searching for "*yontoo*" No folders found. ========== regfind ========== Searching for "softonic" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.de] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_photoscape_RASAPI32] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_photoscape_RASMANCS] [HKEY_USERS\S-1-5-21-3561543971-3825309237-1598318265-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.de] Searching for "yontoo" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}] @="YontooIEClient" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\InProcServer32] @="C:\Program Files (x86)\Yontoo\YontooIEClient.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] @="Yontoo Api" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\InprocServer32] @="C:\Program Files (x86)\Yontoo\YontooIEClient.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\ProgID] @="YontooIEClient.Api.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\VersionIndependentProgID] @="YontooIEClient.Api" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}] @="YontooIEClient" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}] "InstallLocation"="C:\Program Files (x86)\Yontoo" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}] "DisplayName"="Yontoo 1.10.02" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}] "Publisher"="Yontoo LLC" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}] "URLInfoAbout"="hxxp://www.yontoo.com" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}] "Contact"="support@yontoo.com" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-Silent-0C90_RASAPI32] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-Silent-0C90_RASMANCS] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\InProcServer32] @="C:\Program Files (x86)\Yontoo\YontooIEClient.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}] @="Yontoo Api" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\InprocServer32] @="C:\Program Files (x86)\Yontoo\YontooIEClient.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\ProgID] @="YontooIEClient.Api.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\VersionIndependentProgID] @="YontooIEClient.Api" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}] @="YontooIEClient" Searching for " " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell] "ConfigXML"=" <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" > <InitializationParameters> <Param Name="PSVersion" Value="2.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/> <Capability Type="Shell"/> </Resource> </Res [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32] "ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" Architecture="32" > <InitializationParameters> <Param Name="PSVersion" Value="2.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/> [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#08092312F0E739&0#] "DeviceDesc"=" " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#09041810B590DE&0#] "DeviceDesc"=" " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_2.70#000A270011FA6 F57&0#] "DeviceDesc"="iPod " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_MICROSD&REV_0.00#7&293F87 7D&0&00000000000006&1#] "DeviceDesc"="microSD " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_SD#MMC&REV_0.00#7&293F877 D&0&00000000000006&0#] "DeviceDesc"="SD/MMC " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_IMATION&PROD_PIVOT&REV_1.20#1004290000 0641&0#] "DeviceDesc"="Pivot " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#08092312F0E739&0#] "DeviceDesc"=" " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#09041810B590DE&0#] "DeviceDesc"=" " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_2.70#000A270011FA6 F57&0#] "DeviceDesc"="iPod " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_MICROSD&REV_0.00#7&293F87 7D&0&00000000000006&1#] "DeviceDesc"="microSD " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_SD#MMC&REV_0.00#7&293F877 D&0&00000000000006&0#] "DeviceDesc"="SD/MMC " [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_IMATION&PROD_PIVOT&REV_1.20#1004290000 0641&0#] "DeviceDesc"="Pivot " [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#08092312F0E739&0#] "DeviceDesc"=" " [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#09041810B590DE&0#] "DeviceDesc"=" " [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_2.70#000A27001 1FA6F57&0#] "DeviceDesc"="iPod " [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_MICROSD&REV_0.00#7&29 3F877D&0&00000000000006&1#] "DeviceDesc"="microSD " [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_SD#MMC&REV_0.00#7&293 F877D&0&00000000000006&0#] "DeviceDesc"="SD/MMC " [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_IMATION&PROD_PIVOT&REV_1.20#100429 00000641&0#] "DeviceDesc"="Pivot " -= EOF =- Vielen Dank!!! |
|
28.01.2013, 17:31
| #33 |
| /// TB-Ausbilder | Virus tr/psw.zbot Servus,
__________________eventuell hilft nur eine erneute Installation des Internet Explorers. Aber zuvor machen wir uns nochmal auf die Suche. Sollten Schritt 2 und 3 im normalen Modus nicht laufen, führe die Tools im abgesicherten Modus aus. Schritt 1 Fixen mit OTL
Code:
ATTFilter :reg
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.de]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_photoscape_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_photoscape_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-Silent-0C90_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-Silent-0C90_RASMANCS]
:Commands
[emptytemp]
Schritt 2 Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
Schritt 3
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit. Bitte poste mit deiner nächsten Antwort
|
|
29.01.2013, 18:38
| #36 |
| | Virus tr/psw.zbot hallo, hier die logdateien 18:07:11.0770 2200 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 18:07:12.0332 2200 ============================================================ 18:07:12.0332 2200 Current date / time: 2013/01/29 18:07:12.0332 18:07:12.0332 2200 SystemInfo: 18:07:12.0332 2200 18:07:12.0332 2200 OS Version: 6.1.7601 ServicePack: 1.0 18:07:12.0332 2200 Product type: Workstation 18:07:12.0332 2200 ComputerName: MKOCH-PC 18:07:12.0348 2200 UserName: mkoch 18:07:12.0348 2200 Windows directory: C:\Windows 18:07:12.0348 2200 System windows directory: C:\Windows 18:07:12.0348 2200 Running under WOW64 18:07:12.0348 2200 Processor architecture: Intel x64 18:07:12.0348 2200 Number of processors: 2 18:07:12.0348 2200 Page size: 0x1000 18:07:12.0348 2200 Boot type: Normal boot 18:07:12.0348 2200 ============================================================ 18:07:13.0096 2200 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 18:07:13.0112 2200 ============================================================ 18:07:13.0112 2200 \Device\Harddisk0\DR0: 18:07:13.0112 2200 MBR partitions: 18:07:13.0112 2200 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x32000 18:07:13.0112 2200 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x17A2800, BlocksNum 0x23C8BAB0 18:07:13.0112 2200 ============================================================ 18:07:13.0159 2200 C: <-> \Device\Harddisk0\DR0\Partition2 18:07:13.0159 2200 ============================================================ 18:07:13.0159 2200 Initialize success 18:07:13.0159 2200 ============================================================ 18:07:18.0697 3544 ============================================================ 18:07:18.0697 3544 Scan started 18:07:18.0697 3544 Mode: Manual; 18:07:18.0697 3544 ============================================================ 18:07:19.0071 3544 ================ Scan system memory ======================== 18:07:19.0071 3544 System memory - ok 18:07:19.0071 3544 ================ Scan services ============================= 18:07:19.0243 3544 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 18:07:19.0243 3544 1394ohci - ok 18:07:19.0305 3544 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 18:07:19.0321 3544 ACPI - ok 18:07:19.0352 3544 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 18:07:19.0352 3544 AcpiPmi - ok 18:07:19.0414 3544 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 18:07:19.0430 3544 adp94xx - ok 18:07:19.0492 3544 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 18:07:19.0508 3544 adpahci - ok 18:07:19.0555 3544 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 18:07:19.0555 3544 adpu320 - ok 18:07:19.0586 3544 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 18:07:19.0586 3544 AeLookupSvc - ok 18:07:19.0648 3544 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 18:07:19.0664 3544 AFD - ok 18:07:19.0726 3544 [ B65F8DBA54F251906BBE8611B5A0E7AB ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe 18:07:19.0726 3544 AgereModemAudio - ok 18:07:19.0758 3544 [ AF4748EF93416159459769A24A0053AF ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys 18:07:19.0820 3544 AgereSoftModem - ok 18:07:19.0867 3544 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 18:07:19.0867 3544 agp440 - ok 18:07:19.0898 3544 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 18:07:19.0914 3544 ALG - ok 18:07:19.0976 3544 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 18:07:19.0976 3544 aliide - ok 18:07:19.0976 3544 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 18:07:19.0992 3544 amdide - ok 18:07:20.0038 3544 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 18:07:20.0038 3544 AmdK8 - ok 18:07:20.0054 3544 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 18:07:20.0070 3544 AmdPPM - ok 18:07:20.0101 3544 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 18:07:20.0116 3544 amdsata - ok 18:07:20.0148 3544 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 18:07:20.0163 3544 amdsbs - ok 18:07:20.0163 3544 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 18:07:20.0179 3544 amdxata - ok 18:07:20.0304 3544 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 18:07:20.0319 3544 AntiVirSchedulerService - ok 18:07:20.0366 3544 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 18:07:20.0382 3544 AntiVirService - ok 18:07:20.0428 3544 [ 676894FA57B671FEC5C3F05F8929E03B ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE 18:07:20.0444 3544 AntiVirWebService - ok 18:07:20.0506 3544 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 18:07:20.0506 3544 AppID - ok 18:07:20.0538 3544 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 18:07:20.0538 3544 AppIDSvc - ok 18:07:20.0600 3544 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 18:07:20.0600 3544 Appinfo - ok 18:07:20.0709 3544 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 18:07:20.0709 3544 Apple Mobile Device - ok 18:07:20.0787 3544 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 18:07:20.0787 3544 arc - ok 18:07:20.0803 3544 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 18:07:20.0818 3544 arcsas - ok 18:07:20.0834 3544 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 18:07:20.0834 3544 AsyncMac - ok 18:07:20.0881 3544 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 18:07:20.0881 3544 atapi - ok 18:07:20.0959 3544 [ 88A02B6046356E6BE4E387FAA7451439 ] athr C:\Windows\system32\DRIVERS\athrx.sys 18:07:21.0037 3544 athr - ok 18:07:21.0099 3544 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 18:07:21.0130 3544 AudioEndpointBuilder - ok 18:07:21.0146 3544 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 18:07:21.0146 3544 AudioSrv - ok 18:07:21.0193 3544 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 18:07:21.0208 3544 avgntflt - ok 18:07:21.0240 3544 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 18:07:21.0240 3544 avipbb - ok 18:07:21.0255 3544 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 18:07:21.0255 3544 avkmgr - ok 18:07:21.0302 3544 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 18:07:21.0318 3544 AxInstSV - ok 18:07:21.0364 3544 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 18:07:21.0380 3544 b06bdrv - ok 18:07:21.0442 3544 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 18:07:21.0458 3544 b57nd60a - ok 18:07:21.0520 3544 [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys 18:07:21.0583 3544 BCM43XX - ok 18:07:21.0630 3544 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 18:07:21.0630 3544 BDESVC - ok 18:07:21.0661 3544 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 18:07:21.0661 3544 Beep - ok 18:07:21.0739 3544 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 18:07:21.0770 3544 BFE - ok 18:07:21.0832 3544 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll 18:07:21.0848 3544 BITS - ok 18:07:21.0879 3544 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 18:07:21.0879 3544 blbdrive - ok 18:07:21.0926 3544 [ DAA72C9154459E613EED88502624C340 ] BlueletAudio C:\Windows\system32\DRIVERS\blueletaudio.sys 18:07:21.0926 3544 BlueletAudio - ok 18:07:21.0942 3544 [ 8AF05BCB15D846E1E8B34AF0635879C9 ] BlueletSCOAudio C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys 18:07:21.0942 3544 BlueletSCOAudio - ok 18:07:21.0988 3544 [ 2072720F0848312C40E01C2AEC8ED439 ] BlueSoleil Hid Service C:\Program Files (x86)\IVT Corporation\BlueSoleil\BTNtService.exe 18:07:22.0004 3544 BlueSoleil Hid Service - ok 18:07:22.0082 3544 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 18:07:22.0082 3544 Bonjour Service - ok 18:07:22.0144 3544 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 18:07:22.0144 3544 bowser - ok 18:07:22.0176 3544 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 18:07:22.0176 3544 BrFiltLo - ok 18:07:22.0191 3544 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 18:07:22.0191 3544 BrFiltUp - ok 18:07:22.0222 3544 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys 18:07:22.0238 3544 BridgeMP - ok 18:07:22.0285 3544 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 18:07:22.0285 3544 Browser - ok 18:07:22.0316 3544 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 18:07:22.0332 3544 Brserid - ok 18:07:22.0363 3544 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 18:07:22.0363 3544 BrSerWdm - ok 18:07:22.0378 3544 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 18:07:22.0378 3544 BrUsbMdm - ok 18:07:22.0394 3544 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 18:07:22.0394 3544 BrUsbSer - ok 18:07:22.0425 3544 [ 0F890E854FCBE98F4574ACC6423FCCEF ] BT C:\Windows\system32\DRIVERS\btnetdrv.sys 18:07:22.0441 3544 BT - ok 18:07:22.0456 3544 [ 7C5893EA5AA483E051B8311BDB36E19A ] Btcsrusb C:\Windows\system32\Drivers\btcusb.sys 18:07:22.0472 3544 Btcsrusb - ok 18:07:22.0519 3544 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys 18:07:22.0534 3544 BthEnum - ok 18:07:22.0550 3544 [ E49A371185D5E79C103765DA93856EE1 ] BTHidEnum C:\Windows\system32\Drivers\vbtenum.sys 18:07:22.0581 3544 BTHidEnum - ok 18:07:22.0628 3544 [ 8FA060B557C7DE309D2D5C16C3DA2EF6 ] BTHidMgr C:\Windows\system32\Drivers\BTHidMgr.sys 18:07:22.0628 3544 BTHidMgr - ok 18:07:22.0659 3544 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 18:07:22.0659 3544 BTHMODEM - ok 18:07:22.0690 3544 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 18:07:22.0706 3544 BthPan - ok 18:07:22.0768 3544 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys 18:07:22.0800 3544 BTHPORT - ok 18:07:22.0846 3544 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 18:07:22.0846 3544 bthserv - ok 18:07:22.0878 3544 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys 18:07:22.0893 3544 BTHUSB - ok 18:07:22.0924 3544 catchme - ok 18:07:22.0956 3544 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 18:07:22.0956 3544 cdfs - ok 18:07:23.0002 3544 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys 18:07:23.0018 3544 cdrom - ok 18:07:23.0065 3544 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 18:07:23.0065 3544 CertPropSvc - ok 18:07:23.0096 3544 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 18:07:23.0112 3544 circlass - ok 18:07:23.0143 3544 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 18:07:23.0174 3544 CLFS - ok 18:07:23.0236 3544 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 18:07:23.0252 3544 clr_optimization_v2.0.50727_32 - ok 18:07:23.0314 3544 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 18:07:23.0330 3544 clr_optimization_v2.0.50727_64 - ok 18:07:23.0424 3544 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 18:07:23.0486 3544 clr_optimization_v4.0.30319_32 - ok 18:07:23.0548 3544 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 18:07:23.0548 3544 clr_optimization_v4.0.30319_64 - ok 18:07:23.0564 3544 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 18:07:23.0580 3544 CmBatt - ok 18:07:23.0595 3544 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 18:07:23.0595 3544 cmdide - ok 18:07:23.0642 3544 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys 18:07:23.0658 3544 CNG - ok 18:07:23.0704 3544 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 18:07:23.0704 3544 Compbatt - ok 18:07:23.0751 3544 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 18:07:23.0751 3544 CompositeBus - ok 18:07:23.0767 3544 COMSysApp - ok 18:07:23.0782 3544 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 18:07:23.0798 3544 crcdisk - ok 18:07:23.0845 3544 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 18:07:23.0860 3544 CryptSvc - ok 18:07:23.0923 3544 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 18:07:23.0923 3544 DcomLaunch - ok 18:07:23.0954 3544 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 18:07:23.0985 3544 defragsvc - ok 18:07:24.0016 3544 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 18:07:24.0016 3544 DfsC - ok 18:07:24.0063 3544 [ B9430166FEB246F6070A62B3554932C9 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys 18:07:24.0063 3544 dg_ssudbus - ok 18:07:24.0110 3544 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 18:07:24.0141 3544 Dhcp - ok 18:07:24.0172 3544 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 18:07:24.0172 3544 discache - ok 18:07:24.0204 3544 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 18:07:24.0219 3544 Disk - ok 18:07:24.0313 3544 [ D5BCB77BE83CF99F508943945D46343D ] DKbFltr C:\Windows\syswow64\Drivers\DKbFltr.sys 18:07:24.0313 3544 DKbFltr - ok 18:07:24.0360 3544 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 18:07:24.0360 3544 Dnscache - ok 18:07:24.0422 3544 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 18:07:24.0453 3544 dot3svc - ok 18:07:24.0484 3544 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys 18:07:24.0484 3544 Dot4 - ok 18:07:24.0531 3544 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys 18:07:24.0531 3544 Dot4Print - ok 18:07:24.0547 3544 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys 18:07:24.0562 3544 dot4usb - ok 18:07:24.0594 3544 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 18:07:24.0594 3544 DPS - ok 18:07:24.0625 3544 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 18:07:24.0625 3544 drmkaud - ok 18:07:24.0687 3544 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 18:07:24.0703 3544 DXGKrnl - ok 18:07:24.0734 3544 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 18:07:24.0734 3544 EapHost - ok 18:07:24.0843 3544 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 18:07:24.0937 3544 ebdrv - ok 18:07:24.0968 3544 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 18:07:24.0984 3544 EFS - ok 18:07:25.0046 3544 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 18:07:25.0077 3544 ehRecvr - ok 18:07:25.0108 3544 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 18:07:25.0108 3544 ehSched - ok 18:07:25.0155 3544 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 18:07:25.0171 3544 elxstor - ok 18:07:25.0249 3544 [ FB67AA8AC61B9365ADD546139A21BED6 ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe 18:07:25.0280 3544 ePowerSvc - ok 18:07:25.0296 3544 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 18:07:25.0311 3544 ErrDev - ok 18:07:25.0358 3544 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 18:07:25.0374 3544 EventSystem - ok 18:07:25.0405 3544 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 18:07:25.0420 3544 exfat - ok 18:07:25.0436 3544 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 18:07:25.0452 3544 fastfat - ok 18:07:25.0498 3544 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 18:07:25.0514 3544 Fax - ok 18:07:25.0545 3544 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 18:07:25.0561 3544 fdc - ok 18:07:25.0608 3544 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 18:07:25.0623 3544 fdPHost - ok 18:07:25.0639 3544 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 18:07:25.0639 3544 FDResPub - ok 18:07:25.0639 3544 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 18:07:25.0654 3544 FileInfo - ok 18:07:25.0670 3544 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 18:07:25.0670 3544 Filetrace - ok 18:07:25.0701 3544 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 18:07:25.0701 3544 flpydisk - ok 18:07:25.0748 3544 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 18:07:25.0779 3544 FltMgr - ok 18:07:25.0842 3544 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 18:07:25.0873 3544 FontCache - ok 18:07:25.0951 3544 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 18:07:25.0951 3544 FontCache3.0.0.0 - ok 18:07:25.0982 3544 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 18:07:25.0998 3544 FsDepends - ok 18:07:26.0044 3544 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 18:07:26.0044 3544 Fs_Rec - ok 18:07:26.0091 3544 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 18:07:26.0122 3544 fvevol - ok 18:07:26.0138 3544 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 18:07:26.0154 3544 gagp30kx - ok 18:07:26.0185 3544 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 18:07:26.0200 3544 GEARAspiWDM - ok 18:07:26.0247 3544 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 18:07:26.0278 3544 gpsvc - ok 18:07:26.0356 3544 [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service C:\Program Files (x86)\Acer\Registration\GregHSRW.exe 18:07:26.0403 3544 Greg_Service - ok 18:07:26.0512 3544 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 18:07:26.0512 3544 gupdate - ok 18:07:26.0559 3544 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 18:07:26.0559 3544 gupdatem - ok 18:07:26.0590 3544 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 18:07:26.0606 3544 gusvc - ok 18:07:26.0653 3544 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 18:07:26.0668 3544 hcw85cir - ok 18:07:26.0715 3544 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 18:07:26.0731 3544 HdAudAddService - ok 18:07:26.0778 3544 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 18:07:26.0778 3544 HDAudBus - ok 18:07:26.0809 3544 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 18:07:26.0809 3544 HidBatt - ok 18:07:26.0824 3544 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 18:07:26.0824 3544 HidBth - ok 18:07:26.0856 3544 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 18:07:26.0856 3544 HidIr - ok 18:07:26.0887 3544 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll 18:07:26.0902 3544 hidserv - ok 18:07:26.0934 3544 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 18:07:26.0949 3544 HidUsb - ok 18:07:26.0980 3544 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 18:07:26.0996 3544 hkmsvc - ok 18:07:27.0012 3544 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 18:07:27.0027 3544 HomeGroupListener - ok 18:07:27.0058 3544 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 18:07:27.0074 3544 HomeGroupProvider - ok 18:07:27.0121 3544 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 18:07:27.0121 3544 HpSAMD - ok 18:07:27.0183 3544 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 18:07:27.0214 3544 HTTP - ok 18:07:27.0261 3544 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 18:07:27.0261 3544 hwpolicy - ok 18:07:27.0324 3544 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 18:07:27.0339 3544 i8042prt - ok 18:07:27.0402 3544 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe 18:07:27.0417 3544 IAANTMON - ok 18:07:27.0448 3544 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 18:07:27.0448 3544 iaStor - ok 18:07:27.0511 3544 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 18:07:27.0526 3544 iaStorV - ok 18:07:27.0636 3544 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 18:07:27.0667 3544 idsvc - ok 18:07:27.0854 3544 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 18:07:28.0041 3544 igfx - ok 18:07:28.0088 3544 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 18:07:28.0104 3544 iirsp - ok 18:07:28.0150 3544 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 18:07:28.0182 3544 IKEEXT - ok 18:07:28.0275 3544 [ 9AA6A93852E36FE76C3F7FC2904F3B01 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 18:07:28.0306 3544 IntcAzAudAddService - ok 18:07:28.0338 3544 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 18:07:28.0353 3544 intelide - ok 18:07:28.0384 3544 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 18:07:28.0384 3544 intelppm - ok 18:07:28.0416 3544 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 18:07:28.0431 3544 IPBusEnum - ok 18:07:28.0478 3544 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 18:07:28.0478 3544 IpFilterDriver - ok 18:07:28.0540 3544 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 18:07:28.0556 3544 iphlpsvc - ok 18:07:28.0650 3544 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 18:07:28.0665 3544 IPMIDRV - ok 18:07:28.0712 3544 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 18:07:28.0712 3544 IPNAT - ok 18:07:28.0806 3544 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 18:07:28.0806 3544 iPod Service - ok 18:07:28.0837 3544 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 18:07:28.0837 3544 IRENUM - ok 18:07:28.0868 3544 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 18:07:28.0884 3544 isapnp - ok 18:07:28.0915 3544 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 18:07:28.0930 3544 iScsiPrt - ok 18:07:28.0977 3544 [ 249EE2D26CB1530F3BEDE0AC8B9E3099 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys 18:07:28.0977 3544 k57nd60a - ok 18:07:28.0993 3544 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 18:07:29.0008 3544 kbdclass - ok 18:07:29.0055 3544 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 18:07:29.0055 3544 kbdhid - ok 18:07:29.0071 3544 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 18:07:29.0071 3544 KeyIso - ok 18:07:29.0118 3544 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 18:07:29.0118 3544 KSecDD - ok 18:07:29.0164 3544 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 18:07:29.0164 3544 KSecPkg - ok 18:07:29.0196 3544 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 18:07:29.0196 3544 ksthunk - ok 18:07:29.0242 3544 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 18:07:29.0258 3544 KtmRm - ok 18:07:29.0305 3544 [ 2AC603C3188C704CFCE353659AA7AD71 ] L1E C:\Windows\system32\DRIVERS\L1E62x64.sys 18:07:29.0305 3544 L1E - ok 18:07:29.0352 3544 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll 18:07:29.0383 3544 LanmanServer - ok 18:07:29.0414 3544 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 18:07:29.0430 3544 LanmanWorkstation - ok 18:07:29.0476 3544 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 18:07:29.0492 3544 lltdio - ok 18:07:29.0523 3544 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 18:07:29.0539 3544 lltdsvc - ok 18:07:29.0570 3544 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 18:07:29.0570 3544 lmhosts - ok 18:07:29.0617 3544 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 18:07:29.0617 3544 LSI_FC - ok 18:07:29.0617 3544 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 18:07:29.0632 3544 LSI_SAS - ok 18:07:29.0648 3544 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 18:07:29.0648 3544 LSI_SAS2 - ok 18:07:29.0695 3544 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 18:07:29.0695 3544 LSI_SCSI - ok 18:07:29.0726 3544 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 18:07:29.0726 3544 luafv - ok 18:07:29.0773 3544 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 18:07:29.0788 3544 MBAMProtector - ok 18:07:29.0835 3544 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe 18:07:29.0851 3544 MBAMScheduler - ok 18:07:29.0898 3544 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 18:07:29.0913 3544 MBAMService - ok 18:07:29.0960 3544 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 18:07:29.0976 3544 Mcx2Svc - ok 18:07:29.0991 3544 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 18:07:29.0991 3544 megasas - ok 18:07:30.0022 3544 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 18:07:30.0038 3544 MegaSR - ok 18:07:30.0100 3544 [ E805A347AB28AD569C5CED370A966D80 ] MHIKEY10 C:\Windows\system32\Drivers\MHIKEY10x64.sys 18:07:30.0100 3544 MHIKEY10 - ok 18:07:30.0132 3544 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 18:07:30.0147 3544 MMCSS - ok 18:07:30.0147 3544 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 18:07:30.0147 3544 Modem - ok 18:07:30.0178 3544 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 18:07:30.0178 3544 monitor - ok 18:07:30.0225 3544 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 18:07:30.0225 3544 mouclass - ok 18:07:30.0241 3544 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 18:07:30.0256 3544 mouhid - ok 18:07:30.0288 3544 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 18:07:30.0288 3544 mountmgr - ok 18:07:30.0334 3544 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 18:07:30.0350 3544 mpio - ok 18:07:30.0381 3544 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 18:07:30.0381 3544 mpsdrv - ok 18:07:30.0428 3544 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 18:07:30.0459 3544 MpsSvc - ok 18:07:30.0506 3544 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 18:07:30.0506 3544 MRxDAV - ok 18:07:30.0537 3544 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 18:07:30.0553 3544 mrxsmb - ok 18:07:30.0615 3544 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 18:07:30.0646 3544 mrxsmb10 - ok 18:07:30.0678 3544 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 18:07:30.0678 3544 mrxsmb20 - ok 18:07:30.0724 3544 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 18:07:30.0724 3544 msahci - ok 18:07:30.0756 3544 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 18:07:30.0771 3544 msdsm - ok 18:07:30.0787 3544 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 18:07:30.0802 3544 MSDTC - ok 18:07:30.0849 3544 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 18:07:30.0849 3544 Msfs - ok 18:07:30.0865 3544 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 18:07:30.0865 3544 mshidkmdf - ok 18:07:30.0912 3544 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 18:07:30.0912 3544 msisadrv - ok 18:07:30.0958 3544 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 18:07:30.0958 3544 MSiSCSI - ok 18:07:30.0974 3544 msiserver - ok 18:07:31.0005 3544 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 18:07:31.0005 3544 MSKSSRV - ok 18:07:31.0021 3544 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 18:07:31.0021 3544 MSPCLOCK - ok 18:07:31.0021 3544 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 18:07:31.0036 3544 MSPQM - ok 18:07:31.0083 3544 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 18:07:31.0114 3544 MsRPC - ok 18:07:31.0146 3544 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 18:07:31.0146 3544 mssmbios - ok 18:07:31.0161 3544 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 18:07:31.0177 3544 MSTEE - ok 18:07:31.0177 3544 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 18:07:31.0192 3544 MTConfig - ok 18:07:31.0208 3544 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 18:07:31.0224 3544 Mup - ok 18:07:31.0239 3544 [ 6FFECC25B39DC7652A0CEC0ADA9DB589 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys 18:07:31.0255 3544 mwlPSDFilter - ok 18:07:31.0270 3544 [ 0BEFE32CA56D6EE89D58175725596A85 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys 18:07:31.0270 3544 mwlPSDNServ - ok 18:07:31.0286 3544 [ D43BC633B8660463E446E28E14A51262 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys 18:07:31.0286 3544 mwlPSDVDisk - ok 18:07:31.0348 3544 [ 2F139207F618EC2933830227EEFFDDB4 ] MWLService C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe 18:07:31.0380 3544 MWLService - ok 18:07:31.0426 3544 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 18:07:31.0426 3544 napagent - ok 18:07:31.0473 3544 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 18:07:31.0504 3544 NativeWifiP - ok 18:07:31.0551 3544 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 18:07:31.0567 3544 NDIS - ok 18:07:31.0598 3544 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 18:07:31.0614 3544 NdisCap - ok 18:07:31.0629 3544 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 18:07:31.0645 3544 NdisTapi - ok 18:07:31.0676 3544 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 18:07:31.0692 3544 Ndisuio - ok 18:07:31.0738 3544 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 18:07:31.0754 3544 NdisWan - ok 18:07:31.0785 3544 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 18:07:31.0785 3544 NDProxy - ok 18:07:31.0848 3544 [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll 18:07:31.0848 3544 Net Driver HPZ12 - ok 18:07:31.0879 3544 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 18:07:31.0894 3544 NetBIOS - ok 18:07:31.0926 3544 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 18:07:31.0941 3544 NetBT - ok 18:07:31.0972 3544 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 18:07:31.0972 3544 Netlogon - ok 18:07:32.0019 3544 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 18:07:32.0050 3544 Netman - ok 18:07:32.0066 3544 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 18:07:32.0082 3544 netprofm - ok 18:07:32.0113 3544 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 18:07:32.0113 3544 NetTcpPortSharing - ok 18:07:32.0160 3544 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 18:07:32.0160 3544 nfrd960 - ok 18:07:32.0222 3544 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 18:07:32.0238 3544 NlaSvc - ok 18:07:32.0316 3544 [ 2C761CC067ACF0FB4EA13930B09BFEEA ] nmwcdcx64 C:\Windows\system32\drivers\ccdcmbox64.sys 18:07:32.0316 3544 nmwcdcx64 - ok 18:07:32.0394 3544 [ 63051819D5CAC0FA49C425FC5E1A2B5C ] nmwcdx64 C:\Windows\system32\drivers\ccdcmbx64.sys 18:07:32.0409 3544 nmwcdx64 - ok 18:07:32.0425 3544 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 18:07:32.0425 3544 Npfs - ok 18:07:32.0456 3544 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 18:07:32.0456 3544 nsi - ok 18:07:32.0472 3544 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 18:07:32.0472 3544 nsiproxy - ok 18:07:32.0565 3544 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 18:07:32.0612 3544 Ntfs - ok 18:07:32.0706 3544 [ 14E66F603FB187713AEB02AD3B0390CF ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe 18:07:32.0721 3544 NTI IScheduleSvc - ok 18:07:32.0784 3544 [ FD324CCE1D4D5BB5AF65F8E55B462C7E ] NTIBackupSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe 18:07:32.0784 3544 NTIBackupSvc - ok 18:07:32.0830 3544 [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys 18:07:32.0830 3544 NTIDrvr - ok 18:07:32.0846 3544 [ 3F6268A2EC33CD38CF75C880AF8DED42 ] NTISchedulerSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe 18:07:32.0877 3544 NTISchedulerSvc - ok 18:07:32.0908 3544 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 18:07:32.0924 3544 Null - ok 18:07:32.0955 3544 [ AD37248BD442D41C9A896E53EB8A85EE ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys 18:07:32.0955 3544 NVHDA - ok 18:07:33.0252 3544 [ FD39B98FF1BB8ED3848781497E9D02E0 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 18:07:33.0330 3544 nvlddmkm - ok 18:07:33.0423 3544 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 18:07:33.0439 3544 nvraid - ok 18:07:33.0470 3544 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 18:07:33.0470 3544 nvstor - ok 18:07:33.0517 3544 [ C1668D58547DD0C4A0FBD6AFA20D5890 ] nvsvc C:\Windows\system32\nvvsvc.exe 18:07:33.0517 3544 nvsvc - ok 18:07:33.0579 3544 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 18:07:33.0579 3544 nv_agp - ok 18:07:33.0688 3544 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 18:07:33.0720 3544 odserv - ok 18:07:33.0751 3544 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 18:07:33.0766 3544 ohci1394 - ok 18:07:33.0798 3544 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 18:07:33.0798 3544 ose - ok 18:07:33.0844 3544 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 18:07:33.0844 3544 p2pimsvc - ok 18:07:33.0876 3544 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 18:07:33.0876 3544 p2psvc - ok 18:07:33.0922 3544 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 18:07:33.0922 3544 Parport - ok 18:07:33.0954 3544 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 18:07:33.0969 3544 partmgr - ok 18:07:33.0985 3544 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 18:07:34.0000 3544 PcaSvc - ok 18:07:34.0032 3544 [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys 18:07:34.0047 3544 pccsmcfd - ok 18:07:34.0078 3544 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 18:07:34.0094 3544 pci - ok 18:07:34.0141 3544 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 18:07:34.0141 3544 pciide - ok 18:07:34.0156 3544 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 18:07:34.0172 3544 pcmcia - ok 18:07:34.0188 3544 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 18:07:34.0188 3544 pcw - ok 18:07:34.0219 3544 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 18:07:34.0266 3544 PEAUTH - ok 18:07:34.0344 3544 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 18:07:34.0344 3544 PerfHost - ok 18:07:34.0422 3544 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 18:07:34.0500 3544 pla - ok 18:07:34.0546 3544 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 18:07:34.0624 3544 PlugPlay - ok 18:07:34.0671 3544 [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll 18:07:34.0687 3544 Pml Driver HPZ12 - ok 18:07:34.0687 3544 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 18:07:34.0702 3544 PNRPAutoReg - ok 18:07:34.0718 3544 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 18:07:34.0718 3544 PNRPsvc - ok 18:07:34.0780 3544 [ 5BC4D480DD527EB0CF33A67A090A130E ] Point64 C:\Windows\system32\DRIVERS\point64.sys 18:07:34.0796 3544 Point64 - ok 18:07:34.0827 3544 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 18:07:34.0874 3544 PolicyAgent - ok 18:07:34.0905 3544 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 18:07:34.0921 3544 Power - ok 18:07:34.0952 3544 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 18:07:34.0968 3544 PptpMiniport - ok 18:07:34.0999 3544 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 18:07:34.0999 3544 Processor - ok 18:07:35.0046 3544 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 18:07:35.0061 3544 ProfSvc - ok 18:07:35.0061 3544 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 18:07:35.0077 3544 ProtectedStorage - ok 18:07:35.0155 3544 [ F115AF58ABE5605D7D709CBFBD83F418 ] ProtexisLicensing C:\Windows\SysWOW64\PSIService.exe 18:07:35.0155 3544 ProtexisLicensing - ok 18:07:35.0202 3544 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 18:07:35.0202 3544 Psched - ok 18:07:35.0264 3544 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 18:07:35.0311 3544 ql2300 - ok 18:07:35.0342 3544 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 18:07:35.0342 3544 ql40xx - ok 18:07:35.0389 3544 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 18:07:35.0404 3544 QWAVE - ok 18:07:35.0451 3544 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 18:07:35.0451 3544 QWAVEdrv - ok 18:07:35.0467 3544 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 18:07:35.0482 3544 RasAcd - ok 18:07:35.0498 3544 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 18:07:35.0514 3544 RasAgileVpn - ok 18:07:35.0529 3544 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 18:07:35.0529 3544 RasAuto - ok 18:07:35.0576 3544 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 18:07:35.0607 3544 Rasl2tp - ok 18:07:35.0638 3544 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 18:07:35.0670 3544 RasMan - ok 18:07:35.0670 3544 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 18:07:35.0685 3544 RasPppoe - ok 18:07:35.0701 3544 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 18:07:35.0701 3544 RasSstp - ok 18:07:35.0732 3544 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 18:07:35.0763 3544 rdbss - ok 18:07:35.0794 3544 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 18:07:35.0794 3544 rdpbus - ok 18:07:35.0810 3544 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 18:07:35.0810 3544 RDPCDD - ok 18:07:35.0841 3544 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 18:07:35.0841 3544 RDPENCDD - ok 18:07:35.0857 3544 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 18:07:35.0857 3544 RDPREFMP - ok 18:07:35.0919 3544 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 18:07:35.0935 3544 RdpVideoMiniport - ok 18:07:35.0966 3544 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 18:07:35.0982 3544 RDPWD - ok 18:07:36.0044 3544 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 18:07:36.0060 3544 rdyboost - ok 18:07:36.0091 3544 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 18:07:36.0091 3544 RemoteAccess - ok 18:07:36.0122 3544 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 18:07:36.0138 3544 RemoteRegistry - ok 18:07:36.0169 3544 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 18:07:36.0169 3544 RFCOMM - ok 18:07:36.0200 3544 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys 18:07:36.0200 3544 ROOTMODEM - ok 18:07:36.0216 3544 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 18:07:36.0231 3544 RpcEptMapper - ok 18:07:36.0247 3544 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 18:07:36.0247 3544 RpcLocator - ok 18:07:36.0309 3544 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 18:07:36.0309 3544 RpcSs - ok 18:07:36.0340 3544 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 18:07:36.0340 3544 rspndr - ok 18:07:36.0403 3544 [ 2DB8116D52B19216812C4E6D5D837810 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys 18:07:36.0403 3544 RSUSBSTOR - ok 18:07:36.0418 3544 RtsUIR - ok 18:07:36.0434 3544 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 18:07:36.0434 3544 SamSs - ok 18:07:36.0481 3544 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 18:07:36.0481 3544 sbp2port - ok 18:07:36.0512 3544 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 18:07:36.0528 3544 SCardSvr - ok 18:07:36.0559 3544 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 18:07:36.0574 3544 scfilter - ok 18:07:36.0637 3544 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 18:07:36.0684 3544 Schedule - ok 18:07:36.0715 3544 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 18:07:36.0715 3544 SCPolicySvc - ok 18:07:36.0762 3544 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 18:07:36.0777 3544 SDRSVC - ok 18:07:36.0824 3544 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 18:07:36.0824 3544 secdrv - ok 18:07:36.0855 3544 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 18:07:36.0871 3544 seclogon - ok 18:07:36.0886 3544 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll 18:07:36.0886 3544 SENS - ok 18:07:36.0902 3544 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 18:07:36.0918 3544 SensrSvc - ok 18:07:36.0933 3544 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 18:07:36.0933 3544 Serenum - ok 18:07:36.0964 3544 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 18:07:36.0964 3544 Serial - ok 18:07:37.0011 3544 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 18:07:37.0011 3544 sermouse - ok 18:07:37.0120 3544 [ 2D841B7B7F6DEC32162EDFCC69D61F42 ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe 18:07:37.0120 3544 ServiceLayer - ok 18:07:37.0167 3544 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 18:07:37.0183 3544 SessionEnv - ok 18:07:37.0214 3544 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 18:07:37.0214 3544 sffdisk - ok 18:07:37.0245 3544 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 18:07:37.0245 3544 sffp_mmc - ok 18:07:37.0261 3544 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 18:07:37.0276 3544 sffp_sd - ok 18:07:37.0292 3544 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 18:07:37.0308 3544 sfloppy - ok 18:07:37.0339 3544 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 18:07:37.0354 3544 SharedAccess - ok 18:07:37.0401 3544 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 18:07:37.0432 3544 ShellHWDetection - ok 18:07:37.0479 3544 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 18:07:37.0495 3544 SiSRaid2 - ok 18:07:37.0510 3544 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 18:07:37.0510 3544 SiSRaid4 - ok 18:07:37.0573 3544 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 18:07:37.0620 3544 SkypeUpdate - ok 18:07:37.0651 3544 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 18:07:37.0651 3544 Smb - ok 18:07:37.0698 3544 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 18:07:37.0698 3544 SNMPTRAP - ok 18:07:37.0713 3544 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 18:07:37.0713 3544 spldr - ok 18:07:37.0760 3544 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 18:07:37.0776 3544 Spooler - ok 18:07:37.0885 3544 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 18:07:37.0947 3544 sppsvc - ok 18:07:37.0978 3544 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 18:07:37.0978 3544 sppuinotify - ok 18:07:38.0025 3544 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 18:07:38.0041 3544 srv - ok 18:07:38.0072 3544 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 18:07:38.0103 3544 srv2 - ok 18:07:38.0119 3544 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 18:07:38.0134 3544 srvnet - ok 18:07:38.0150 3544 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 18:07:38.0150 3544 SSDPSRV - ok 18:07:38.0166 3544 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 18:07:38.0181 3544 SstpSvc - ok 18:07:38.0228 3544 [ C692C94FE55CAD0633440236022C27B3 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys 18:07:38.0244 3544 ssudmdm - ok 18:07:38.0275 3544 [ 329EBFCE6BA46C29EA1B8624E7823CAD ] Start BT in service C:\Program Files (x86)\IVT Corporation\BlueSoleil\StartSkysolSvc.exe 18:07:38.0290 3544 Start BT in service - ok 18:07:38.0306 3544 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 18:07:38.0322 3544 stexstor - ok 18:07:38.0368 3544 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 18:07:38.0400 3544 stisvc - ok 18:07:38.0431 3544 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 18:07:38.0431 3544 swenum - ok 18:07:38.0462 3544 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 18:07:38.0493 3544 swprv - ok 18:07:38.0540 3544 [ ED6D1424E5B0C21A57B28DD8508D6843 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 18:07:38.0540 3544 SynTP - ok 18:07:38.0618 3544 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 18:07:38.0665 3544 SysMain - ok 18:07:38.0712 3544 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 18:07:38.0712 3544 TabletInputService - ok 18:07:38.0758 3544 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 18:07:38.0774 3544 TapiSrv - ok 18:07:38.0805 3544 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 18:07:38.0821 3544 TBS - ok 18:07:38.0899 3544 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 18:07:38.0914 3544 Tcpip - ok 18:07:38.0977 3544 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 18:07:38.0992 3544 TCPIP6 - ok 18:07:39.0039 3544 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 18:07:39.0039 3544 tcpipreg - ok 18:07:39.0086 3544 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 18:07:39.0086 3544 TDPIPE - ok 18:07:39.0117 3544 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 18:07:39.0117 3544 TDTCP - ok 18:07:39.0148 3544 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 18:07:39.0164 3544 tdx - ok 18:07:39.0226 3544 [ 213723E1A736910C644B457DE6D095E2 ] TeamViewer5 C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe 18:07:39.0226 3544 TeamViewer5 - ok 18:07:39.0273 3544 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 18:07:39.0273 3544 TermDD - ok 18:07:39.0320 3544 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 18:07:39.0351 3544 TermService - ok 18:07:39.0382 3544 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 18:07:39.0398 3544 Themes - ok 18:07:39.0445 3544 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 18:07:39.0445 3544 THREADORDER - ok 18:07:39.0460 3544 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 18:07:39.0476 3544 TrkWks - ok 18:07:39.0538 3544 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 18:07:39.0554 3544 TrustedInstaller - ok 18:07:39.0616 3544 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 18:07:39.0616 3544 tssecsrv - ok 18:07:39.0663 3544 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 18:07:39.0663 3544 TsUsbFlt - ok 18:07:39.0710 3544 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 18:07:39.0710 3544 tunnel - ok 18:07:39.0741 3544 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 18:07:39.0741 3544 uagp35 - ok 18:07:39.0788 3544 [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys 18:07:39.0788 3544 UBHelper - ok 18:07:39.0835 3544 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 18:07:39.0850 3544 udfs - ok 18:07:39.0882 3544 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 18:07:39.0882 3544 UI0Detect - ok 18:07:39.0928 3544 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 18:07:39.0928 3544 uliagpkx - ok 18:07:39.0975 3544 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys 18:07:39.0975 3544 umbus - ok 18:07:40.0006 3544 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 18:07:40.0022 3544 UmPass - ok 18:07:40.0100 3544 [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe 18:07:40.0100 3544 Updater Service - ok 18:07:40.0131 3544 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 18:07:40.0162 3544 upnphost - ok 18:07:40.0225 3544 [ BCD611D240604CEEE7F90805361FAB50 ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys 18:07:40.0225 3544 upperdev - ok 18:07:40.0256 3544 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 18:07:40.0256 3544 usbccgp - ok 18:07:40.0272 3544 USBCCID - ok 18:07:40.0303 3544 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 18:07:40.0318 3544 usbcir - ok 18:07:40.0365 3544 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 18:07:40.0365 3544 usbehci - ok 18:07:40.0396 3544 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 18:07:40.0428 3544 usbhub - ok 18:07:40.0443 3544 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 18:07:40.0443 3544 usbohci - ok 18:07:40.0474 3544 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 18:07:40.0490 3544 usbprint - ok 18:07:40.0506 3544 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 18:07:40.0521 3544 usbscan - ok 18:07:40.0552 3544 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\Windows\system32\drivers\usbser.sys 18:07:40.0552 3544 usbser - ok 18:07:40.0599 3544 [ D91BE2644B18B4E3C69982FE0E1E97D6 ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys 18:07:40.0599 3544 UsbserFilt - ok 18:07:40.0615 3544 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 18:07:40.0615 3544 USBSTOR - ok 18:07:40.0630 3544 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 18:07:40.0646 3544 usbuhci - ok 18:07:40.0693 3544 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 18:07:40.0708 3544 usbvideo - ok 18:07:40.0740 3544 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 18:07:40.0755 3544 UxSms - ok 18:07:40.0755 3544 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 18:07:40.0755 3544 VaultSvc - ok 18:07:40.0802 3544 [ B9B0A0B9232A51BBDE9F28CA41716D61 ] VComm C:\Windows\system32\DRIVERS\VComm.sys 18:07:40.0802 3544 VComm - ok 18:07:40.0818 3544 [ F1B2D9AC422F8B72BF417C8D77C85A3B ] VcommMgr C:\Windows\system32\Drivers\VcommMgr.sys 18:07:40.0818 3544 VcommMgr - ok 18:07:40.0864 3544 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 18:07:40.0880 3544 vdrvroot - ok 18:07:40.0911 3544 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 18:07:40.0942 3544 vds - ok 18:07:40.0974 3544 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 18:07:40.0974 3544 vga - ok 18:07:40.0989 3544 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 18:07:40.0989 3544 VgaSave - ok 18:07:41.0020 3544 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 18:07:41.0036 3544 vhdmp - ok 18:07:41.0052 3544 [ 6E6FD2FBF204A36E4C85B123C1C32372 ] VHidMinidrv C:\Windows\system32\drivers\VHIDMini.sys 18:07:41.0067 3544 VHidMinidrv - ok 18:07:41.0098 3544 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 18:07:41.0098 3544 viaide - ok 18:07:41.0114 3544 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 18:07:41.0130 3544 volmgr - ok 18:07:41.0161 3544 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 18:07:41.0176 3544 volmgrx - ok 18:07:41.0192 3544 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 18:07:41.0223 3544 volsnap - ok 18:07:41.0255 3544 [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys 18:07:41.0255 3544 vpcbus - ok 18:07:41.0301 3544 [ E675FB2B48C54F09895482E2253B289C ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys 18:07:41.0301 3544 vpcnfltr - ok 18:07:41.0317 3544 [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys 18:07:41.0317 3544 vpcusb - ok 18:07:41.0379 3544 [ 207B6539799CC1C112661A9B620DD233 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys 18:07:41.0379 3544 vpcvmm - ok 18:07:41.0411 3544 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 18:07:41.0426 3544 vsmraid - ok 18:07:41.0489 3544 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 18:07:41.0567 3544 VSS - ok 18:07:41.0598 3544 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 18:07:41.0598 3544 vwifibus - ok 18:07:41.0613 3544 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 18:07:41.0629 3544 vwififlt - ok 18:07:41.0645 3544 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 18:07:41.0645 3544 vwifimp - ok 18:07:41.0676 3544 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 18:07:41.0707 3544 W32Time - ok 18:07:41.0738 3544 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 18:07:41.0738 3544 WacomPen - ok 18:07:41.0785 3544 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 18:07:41.0785 3544 WANARP - ok 18:07:41.0785 3544 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 18:07:41.0785 3544 Wanarpv6 - ok 18:07:41.0879 3544 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 18:07:41.0957 3544 wbengine - ok 18:07:41.0972 3544 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 18:07:41.0988 3544 WbioSrvc - ok 18:07:42.0035 3544 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 18:07:42.0066 3544 wcncsvc - ok 18:07:42.0081 3544 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 18:07:42.0081 3544 WcsPlugInService - ok 18:07:42.0113 3544 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 18:07:42.0113 3544 Wd - ok 18:07:42.0159 3544 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 18:07:42.0206 3544 Wdf01000 - ok 18:07:42.0222 3544 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 18:07:42.0222 3544 WdiServiceHost - ok 18:07:42.0237 3544 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 18:07:42.0237 3544 WdiSystemHost - ok 18:07:42.0269 3544 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 18:07:42.0284 3544 WebClient - ok 18:07:42.0300 3544 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 18:07:42.0331 3544 Wecsvc - ok 18:07:42.0347 3544 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 18:07:42.0347 3544 wercplsupport - ok 18:07:42.0378 3544 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 18:07:42.0378 3544 WerSvc - ok 18:07:42.0425 3544 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 18:07:42.0425 3544 WfpLwf - ok 18:07:42.0440 3544 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 18:07:42.0440 3544 WIMMount - ok 18:07:42.0471 3544 WinDefend - ok 18:07:42.0471 3544 WinHttpAutoProxySvc - ok 18:07:42.0549 3544 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 18:07:42.0612 3544 Winmgmt - ok 18:07:42.0674 3544 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 18:07:42.0752 3544 WinRM - ok 18:07:42.0815 3544 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 18:07:42.0815 3544 WinUsb - ok 18:07:42.0877 3544 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 18:07:42.0893 3544 Wlansvc - ok 18:07:42.0924 3544 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 18:07:42.0924 3544 WmiAcpi - ok 18:07:42.0971 3544 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 18:07:42.0986 3544 wmiApSrv - ok 18:07:43.0017 3544 WMPNetworkSvc - ok 18:07:43.0017 3544 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 18:07:43.0033 3544 WPCSvc - ok 18:07:43.0064 3544 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 18:07:43.0064 3544 WPDBusEnum - ok 18:07:43.0142 3544 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 18:07:43.0142 3544 ws2ifsl - ok 18:07:43.0220 3544 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll 18:07:43.0220 3544 wscsvc - ok 18:07:43.0236 3544 WSearch - ok 18:07:43.0329 3544 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 18:07:43.0392 3544 wuauserv - ok 18:07:43.0423 3544 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 18:07:43.0439 3544 WudfPf - ok 18:07:43.0485 3544 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 18:07:43.0501 3544 WUDFRd - ok 18:07:43.0532 3544 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 18:07:43.0548 3544 wudfsvc - ok 18:07:43.0657 3544 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 18:07:43.0673 3544 WwanSvc - ok 18:07:43.0704 3544 ================ Scan global =============================== 18:07:43.0719 3544 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 18:07:43.0782 3544 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll 18:07:43.0844 3544 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll 18:07:43.0875 3544 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 18:07:43.0907 3544 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 18:07:43.0922 3544 [Global] - ok 18:07:43.0922 3544 ================ Scan MBR ================================== 18:07:43.0953 3544 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0 18:07:44.0172 3544 \Device\Harddisk0\DR0 - ok 18:07:44.0172 3544 ================ Scan VBR ================================== 18:07:44.0172 3544 [ C10D8DF043E22EAAB467E8444C6325D9 ] \Device\Harddisk0\DR0\Partition1 18:07:44.0172 3544 \Device\Harddisk0\DR0\Partition1 - ok 18:07:44.0203 3544 [ 7EF2143B88DEE86F76E92BD27F44A7D2 ] \Device\Harddisk0\DR0\Partition2 18:07:44.0203 3544 \Device\Harddisk0\DR0\Partition2 - ok 18:07:44.0203 3544 ============================================================ 18:07:44.0203 3544 Scan finished 18:07:44.0203 3544 ============================================================ 18:07:44.0219 4776 Detected object count: 0 18:07:44.0219 4776 Actual detected object count: 0 18:08:52.0547 5316 Deinitialize success jetzt on OTL All processes killed ========== REGISTRY ========== Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.de\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_photoscape_RASAPI32\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_photoscape_RASMANCS\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-Silent-0C90_RASAPI32\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-Silent-0C90_RASMANCS\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: mkoch ->Temp folder emptied: 2173929 bytes ->Temporary Internet Files folder emptied: 17062284 bytes ->Java cache emptied: 10795050 bytes ->Google Chrome cache emptied: 6443511 bytes ->Apple Safari cache emptied: 3240960 bytes ->Flash cache emptied: 8830933 bytes User: Public ->Temp folder emptied: 0 bytes User: tlang ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 11928798 bytes ->Google Chrome cache emptied: 25782585 bytes ->Flash cache emptied: 845 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 20923670 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 102360 bytes RecycleBin emptied: 42128 bytes Total Files Cleaned = 102,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 01292013_180003 Files\Folders moved on Reboot... C:\Users\mkoch\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... und zum Schluss von aswMBR aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2013-01-29 18:10:00 ----------------------------- 18:10:00.342 OS Version: Windows x64 6.1.7601 Service Pack 1 18:10:00.342 Number of processors: 2 586 0x170A 18:10:00.342 ComputerName: MKOCH-PC UserName: mkoch 18:10:01.090 Initialize success 18:15:30.290 AVAST engine defs: 13012901 18:16:17.949 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 18:16:17.949 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3 18:16:17.980 Disk 0 MBR read successfully 18:16:17.980 Disk 0 MBR scan 18:16:17.980 Disk 0 Windows VISTA default MBR code 18:16:18.011 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12000 MB offset 2048 18:16:18.027 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 24578048 18:16:18.043 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 293143 MB offset 24782848 18:16:18.058 Disk 0 scanning C:\Windows\system32\drivers 18:16:34.143 Service scanning 18:17:01.897 Modules scanning 18:17:01.897 Disk 0 trace - called modules: 18:17:01.944 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 18:17:01.944 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004979700] 18:17:01.960 3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80046d7050] 18:17:03.145 AVAST engine scan C:\Windows 18:17:08.886 AVAST engine scan C:\Windows\system32 18:21:34.030 AVAST engine scan C:\Windows\system32\drivers 18:21:54.419 AVAST engine scan C:\Users\mkoch 18:29:44.762 AVAST engine scan C:\ProgramData 18:32:00.033 Scan finished successfully 18:34:07.376 Disk 0 MBR has been saved successfully to "C:\Users\mkoch\Desktop\MBR.dat" 18:34:07.376 The log file has been saved successfully to "C:\Users\mkoch\Desktop\aswMBR.txt" |
|
30.01.2013, 09:13
| #38 |
| | Virus tr/psw.zbot Hi, hier die Logdatei von OTLOTL Logfile: Code:
ATTFilter OTL logfile created on: 30.01.2013 08:59:46 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\mkoch\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,75 Gb Available Physical Memory | 68,81% Memory free 7,99 Gb Paging File | 6,45 Gb Available in Paging File | 80,81% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 286,27 Gb Total Space | 220,76 Gb Free Space | 77,11% Space Free | Partition Type: NTFS Computer Name: MKOCH-PC | User Name: mkoch | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.29 17:55:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mkoch\Desktop\OTL.exe PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.08.08 18:52:51 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.09 11:55:54 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.09 11:55:49 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2012.05.09 11:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2010.07.06 16:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe PRC - [2010.06.15 14:07:12 | 000,231,888 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe PRC - [2010.06.14 14:07:14 | 000,615,936 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe PRC - [2010.05.14 09:32:30 | 001,479,680 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe PRC - [2009.11.20 15:34:08 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2009.11.02 00:39:48 | 001,094,736 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2009.10.27 09:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe PRC - [2009.10.06 14:18:26 | 000,419,112 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe PRC - [2009.10.05 19:15:10 | 000,181,480 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe PRC - [2009.09.24 23:42:32 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe PRC - [2009.09.24 23:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2009.09.11 06:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe PRC - [2009.08.28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe PRC - [2009.08.04 22:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe PRC - [2009.07.04 02:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2009.06.05 03:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.06.05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2007.12.27 15:39:30 | 000,166,520 | ---- | M] () -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BTNtService.exe PRC - [2007.12.27 15:39:28 | 000,706,056 | ---- | M] (IVT Corporation.) -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleil.exe PRC - [2007.12.27 15:39:20 | 000,051,816 | ---- | M] () -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\StartSkysolSvc.exe PRC - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\SysWOW64\PSIService.exe ========== Modules (No Company Name) ========== MOD - [2011.11.01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.11.01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009.11.20 15:34:08 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe MOD - [2009.02.03 01:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll MOD - [2008.08.12 10:16:16 | 002,023,424 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtCore4.dll MOD - [2008.07.29 13:47:56 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll MOD - [2008.07.29 13:47:38 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll MOD - [2008.07.29 13:11:18 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtSvg4.dll MOD - [2008.07.29 13:01:12 | 007,331,840 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtGui4.dll MOD - [2008.07.29 12:50:26 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtXml4.dll MOD - [2007.08.06 17:58:48 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsVistaCommon.dll ========== Services (SafeList) ========== SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.09 11:55:54 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.09 11:55:49 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012.05.09 11:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.07.06 16:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2010.06.14 14:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.09.30 14:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2009.09.24 23:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2009.09.11 06:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2009.08.28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service) SRV - [2009.07.04 02:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) SRV - [2009.03.28 03:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Programme\LSI SoftModem\agr64svc.exe -- (AgereModemAudio) SRV - [2007.12.27 15:39:30 | 000,166,520 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service) SRV - [2007.12.27 15:39:20 | 000,051,816 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\StartSkysolSvc.exe -- (Start BT in service) SRV - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.11.02 15:38:32 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2012.09.19 10:02:08 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2012.09.19 10:02:06 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.05.09 11:55:55 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.09 11:55:55 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.09.16 15:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2010.11.20 14:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2010.11.20 12:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2010.11.20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010.04.09 03:24:48 | 000,059,392 | ---- | M] (Generic USB smartcard reader) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MHIKEY10x64.sys -- (MHIKEY10) DRV:64bit: - [2010.02.26 13:33:40 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt) DRV:64bit: - [2010.02.26 13:33:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2010.02.26 13:33:22 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64) DRV:64bit: - [2010.02.26 13:33:22 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64) DRV:64bit: - [2009.09.21 20:00:44 | 001,537,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.09.18 05:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.08.21 22:24:04 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM) DRV:64bit: - [2009.06.20 12:35:00 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) DRV:64bit: - [2009.06.20 03:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 21:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.05 02:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.06.05 01:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009.06.03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009.06.03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009.06.03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2009.05.06 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009.05.06 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2009.04.07 02:31:08 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2008.08.28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2007.06.24 21:56:56 | 000,047,368 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btcusb.sys -- (Btcsrusb) DRV:64bit: - [2007.06.24 21:56:42 | 000,037,384 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio) DRV:64bit: - [2007.06.24 21:56:36 | 000,037,896 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\blueletaudio.sys -- (BlueletAudio) DRV:64bit: - [2007.03.05 20:47:08 | 000,025,360 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BtNetDrv.sys -- (BT) DRV:64bit: - [2007.03.05 20:44:00 | 000,023,184 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VHIDMini.sys -- (VHidMinidrv) DRV:64bit: - [2007.03.05 20:42:54 | 000,049,680 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BTHidMgr.sys -- (BTHidMgr) DRV:64bit: - [2007.03.05 20:41:34 | 000,024,976 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\VBTEnum.sys -- (BTHidEnum) DRV:64bit: - [2007.03.05 20:39:28 | 000,063,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VcommMgr.sys -- (VcommMgr) DRV:64bit: - [2007.03.05 20:38:20 | 000,047,120 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VComm.sys -- (VComm) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2007.06.24 21:56:56 | 000,047,368 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\btcusb.sys -- (Btcsrusb) DRV - [2007.06.24 21:56:42 | 000,037,384 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio) DRV - [2007.06.24 21:56:36 | 000,037,896 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\blueletaudio.sys -- (BlueletAudio) DRV - [2007.03.05 20:47:08 | 000,025,360 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\btnetdrv.sys -- (BT) DRV - [2007.03.05 20:44:00 | 000,023,184 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\VHIDMini.sys -- (VHidMinidrv) DRV - [2007.03.05 20:42:54 | 000,049,680 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\BtHidMgr.sys -- (BTHidMgr) DRV - [2007.03.05 20:41:34 | 000,024,976 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\VBTEnum.sys -- (BTHidEnum) DRV - [2007.03.05 20:39:28 | 000,063,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\VCommMgr.sys -- (VcommMgr) DRV - [2007.03.05 20:38:20 | 000,047,120 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\VComm.sys -- (VComm) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7736&r=27360110g106l03f8z1j5t5921a02o IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7736&r=27360110g106l03f8z1j5t5921a02o IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7736&r=27360110g106l03f8z1j5t5921a02o IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/tb2/ie_startpage IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{15FCC159-3EDF-4443-9283-D110C0B80167}: "URL" = hxxp://go.web.de/tb2/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{28817DD8-5F08-482A-84B5-D4F11B1ACE9C}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{49ADBA36-5634-41F8-86E7-A78FD7480B05}: "URL" = hxxp://go.web.de/tb/ie_lastminute_sp/?searchText={searchTerms} IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE361 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{9BD51410-BAF3-42A8-AC29-51A582DFA833}: "URL" = hxxp://go.web.de/tb/ie_amazon_sp/?field-keywords={searchTerms} IE - HKCU\..\SearchScopes\{A48FA5E8-3C16-44D0-B5A0-ACF7D661BED3}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie IE - HKCU\..\SearchScopes\{A56074C1-A7E3-42B5-B4CC-AF473E3CADCD}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{D1FB190B-35DC-4586-B478-F23832F33BF2}: "URL" = hxxp://go.web.de/tb/ie_ebay_sp/?su={searchTerms} IE - HKCU\..\SearchScopes\{E88F03F5-0D5E-4524-BBEF-0317FF0459FC}: "URL" = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?su={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Users\mkoch\Downloads\mp3 amazon\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.) ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - Extension: SiteAdvisor = C:\Users\mkoch\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\ O1 HOSTS File: ([2013.01.23 20:39:28 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\mskapbho.dll File not found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [Corel Photo Downloader] "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup File not found O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [pdfw] C:\Program Files (x86)\Amic Utilities\PDF Writer Pro\pdfwload.exe (Bastea, Inc.) O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20110331053538 (PhotoboxPhotowaysUploader5 Control) O16 - DPF: {37A8A17B-2DDC-4600-BBC6-538C10AED8C0} hxxp://htmlupload.silverwire.de/upload/JavaActiveX/ImageUploader4.cab (Silverwire Image Uploader Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE3FEB77-5F62-46F7-A218-E9295E362423}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC11A37B-0DA5-4D82-A54E-490123FC15D8}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\webde - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\webde - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.29 17:55:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\mkoch\Desktop\OTL.exe [2013.01.29 17:42:28 | 000,000,000 | ---D | C] -- C:\_OTL [2013.01.29 11:29:45 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\mkoch\Desktop\tdsskiller.exe [2013.01.26 20:41:37 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.01.26 20:41:28 | 000,000,000 | ---D | C] -- C:\JRT [2013.01.26 20:34:16 | 000,499,147 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\mkoch\Desktop\JRT.exe [2013.01.23 20:43:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.01.23 20:41:48 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.01.23 20:18:16 | 005,026,296 | R--- | C] (Swearware) -- C:\Users\mkoch\Desktop\ComboFix.exe [2013.01.22 19:35:38 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2013.01.21 19:10:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.01.21 19:10:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.01.21 19:10:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.01.21 19:10:46 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.01.21 19:10:31 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.01.21 08:37:07 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\mkoch\Desktop\aswMBR.exe [2013.01.18 17:48:04 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\mkoch\Desktop\dds.exe [2013.01.18 17:47:14 | 000,688,992 | ---- | C] (Swearware) -- C:\Users\mkoch\Desktop\dds.com [2013.01.18 14:10:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center [2013.01.18 14:08:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center [2013.01.18 09:07:50 | 000,000,000 | ---D | C] -- C:\Users\mkoch\AppData\Roaming\Malwarebytes [2013.01.18 09:07:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.18 09:07:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.18 09:07:20 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.01.18 09:07:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.01.18 09:06:56 | 000,000,000 | ---D | C] -- C:\Users\mkoch\AppData\Local\Programs [2013.01.18 08:00:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2013.01.18 07:20:35 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.01.04 16:17:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.01.04 16:17:09 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.01.04 16:17:08 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.01.04 16:17:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013.01.04 16:17:08 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2009.10.29 06:58:47 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe ========== Files - Modified Within 30 Days ========== [2013.01.30 08:26:45 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.30 08:26:45 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.30 08:24:34 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.30 08:19:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.30 08:18:51 | 3217,231,872 | -HS- | M] () -- C:\hiberfil.sys [2013.01.29 18:34:07 | 000,000,512 | ---- | M] () -- C:\Users\mkoch\Desktop\MBR.dat [2013.01.29 18:17:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.29 17:55:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mkoch\Desktop\OTL.exe [2013.01.29 11:44:48 | 427,068,480 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.01.29 11:29:45 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\mkoch\Desktop\tdsskiller.exe [2013.01.29 11:11:29 | 001,526,094 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.29 11:11:29 | 000,665,970 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.29 11:11:29 | 000,625,084 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.29 11:11:29 | 000,135,966 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.29 11:11:29 | 000,111,068 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.28 14:11:18 | 000,165,376 | ---- | M] () -- C:\Users\mkoch\Desktop\SystemLook_x64.exe [2013.01.26 20:34:16 | 000,499,147 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\mkoch\Desktop\JRT.exe [2013.01.23 20:50:58 | 000,574,315 | ---- | M] () -- C:\Users\mkoch\Desktop\adwcleaner.exe [2013.01.23 20:39:28 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.01.23 20:18:37 | 005,026,296 | R--- | M] (Swearware) -- C:\Users\mkoch\Desktop\ComboFix.exe [2013.01.23 13:22:44 | 000,011,264 | -H-- | M] () -- C:\Users\mkoch\photothumb.db [2013.01.21 18:09:38 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2013.01.21 08:38:06 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\mkoch\Desktop\aswMBR.exe [2013.01.18 18:51:09 | 000,344,496 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.18 18:48:29 | 000,000,000 | ---- | M] () -- C:\Users\mkoch\defogger_reenable [2013.01.18 18:05:02 | 000,365,568 | ---- | M] () -- C:\Users\mkoch\Desktop\gozthehw.exe [2013.01.18 18:02:54 | 000,050,477 | ---- | M] () -- C:\Users\mkoch\Desktop\Defogger.exe [2013.01.18 17:48:04 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\mkoch\Desktop\dds.exe [2013.01.18 17:47:14 | 000,688,992 | ---- | M] (Swearware) -- C:\Users\mkoch\Desktop\dds.com [2013.01.18 14:12:50 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf [2013.01.18 13:03:08 | 000,002,828 | -HS- | M] () -- C:\Windows\SysWow64\KGyGaAvL.sys [2013.01.18 13:03:01 | 000,000,088 | RHS- | M] () -- C:\Windows\SysWow64\71243AA61A.sys [2013.01.18 09:07:38 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.04 16:17:57 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk ========== Files Created - No Company Name ========== [2013.01.29 18:34:07 | 000,000,512 | ---- | C] () -- C:\Users\mkoch\Desktop\MBR.dat [2013.01.28 14:11:18 | 000,165,376 | ---- | C] () -- C:\Users\mkoch\Desktop\SystemLook_x64.exe [2013.01.23 20:50:58 | 000,574,315 | ---- | C] () -- C:\Users\mkoch\Desktop\adwcleaner.exe [2013.01.23 13:22:43 | 000,011,264 | -H-- | C] () -- C:\Users\mkoch\photothumb.db [2013.01.21 19:10:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.01.21 19:10:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.01.21 19:10:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.01.21 19:10:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.01.21 19:10:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.01.18 18:48:29 | 000,000,000 | ---- | C] () -- C:\Users\mkoch\defogger_reenable [2013.01.18 18:04:58 | 000,365,568 | ---- | C] () -- C:\Users\mkoch\Desktop\gozthehw.exe [2013.01.18 18:02:53 | 000,050,477 | ---- | C] () -- C:\Users\mkoch\Desktop\Defogger.exe [2013.01.18 14:12:50 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf [2013.01.18 09:07:38 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.18 07:25:03 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif [2013.01.04 16:17:57 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.05.30 20:25:46 | 000,118,877 | ---- | C] () -- C:\Users\mkoch\Feuerwerk.jpg [2011.05.30 20:25:46 | 000,025,487 | ---- | C] () -- C:\Users\mkoch\JBJ Logo.jpg [2010.08.28 18:30:10 | 000,005,632 | ---- | C] () -- C:\Users\mkoch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.01.09 23:47:20 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.12.19 20:33:36 | 000,000,000 | ---D | M] -- C:\Users\mkoch\AppData\Roaming\1&1 Mail & Media GmbH [2010.02.24 15:56:10 | 000,000,000 | ---D | M] -- C:\Users\mkoch\AppData\Roaming\Amazon [2010.02.26 14:16:08 | 000,000,000 | ---D | M] -- C:\Users\mkoch\AppData\Roaming\CocoonSoftware [2011.12.18 20:41:00 | 000,000,000 | ---D | M] -- C:\Users\mkoch\AppData\Roaming\elsterformular [2011.10.02 15:49:39 | 000,000,000 | ---D | M] -- C:\Users\mkoch\AppData\Roaming\Fotobuchexpress24 [2010.01.10 00:03:20 | 000,000,000 | ---D | M] -- C:\Users\mkoch\AppData\Roaming\GameConsole [2012.01.04 21:57:00 | 000,000,000 | ---D | M] -- C:\Users\mkoch\AppData\Roaming\MICHELsoft9Easy [2010.09.28 13:47:13 | 000,000,000 | ---D | M] -- C:\Users\mkoch\AppData\Roaming\Nokia [2010.08.28 18:27:40 | 000,000,000 | ---D | M] -- C:\Users\mkoch\AppData\Roaming\PC Suite [2012.02.14 14:03:30 | 000,000,000 | ---D | M] -- C:\Users\mkoch\AppData\Roaming\PhotoScape [2010.03.22 08:05:36 | 000,000,000 | ---D | M] -- C:\Users\mkoch\AppData\Roaming\PowerCinema [2011.12.26 13:25:11 | 000,000,000 | ---D | M] -- C:\Users\mkoch\AppData\Roaming\RavensburgerTipToi [2010.03.22 08:12:02 | 000,000,000 | ---D | M] -- C:\Users\mkoch\AppData\Roaming\SoftDMA [2010.07.08 20:05:13 | 000,000,000 | ---D | M] -- C:\Users\mkoch\AppData\Roaming\TeamViewer ========== Purity Check ========== < End of report > Soweit läuft der PC wieder gut bzw. nichts weiter aufgefallen. Nur wie können wir das mit dem Internet Explorer lösen? |
|
30.01.2013, 19:14
| #39 | |
| /// TB-Ausbilder | Virus tr/psw.zbot Servus, Zitat:
Schritt 1
Schritt 2
Schritt 3 ESET Online Scanner
Schritt 4 Downloade Dir bitte SecurityCheck von einem der folgenden Links: LINK1 LINK2
Bitte poste mit deiner nächsten Antwort
|
|
02.02.2013, 18:07
| #40 |
| /// TB-Ausbilder | Virus tr/psw.zbot Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen! |
|
| Themen zu Virus tr/psw.zbot |
| administrator, aktion, appdata, autostart, dateien, explorer, folge, folgende, hallo zusammen, hilfe!, infizierte, laptop, logdatei, malwarebytes, microsoft, registrierung, roaming, service, software, speicher, temp, version, virus, zusammen |
Textbox. 
Linear-Darstellung
