Relevant Knowledge und Market Score gefunden bei Malwarebytes Quick-Scan

Realbuchilla · 25.01.2013, 11:48

Hallo zusammen,

Ich habe beim Scan die beiden Meldungen erhalten, dass ich Relevant Knowledge und Market Score drauf habe..

Habe im Windows Deinstallationsprogramm deinstalliert, aber sind logischerweise immer noch drauf.

Soll ich diese jetzt entfernen lassen oder was soll ich tun?

Hier noch der Bericht von Malwarebytes:

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.25.03

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16466
Markus :: FREAKYBABY [Administrator]

25.01.2013 11:27:18
mbam-log-2013-01-25 (11-27-18).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 231678
Laufzeit: 6 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 1
C:\Program Files (x86)\RelevantKnowledge\rlls.dll (PUP.Adware.RelevantKnowledge) -> Keine Aktion durchgeführt.

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Program Files (x86)\RelevantKnowledge (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.

Infizierte Dateien: 5
C:\Program Files (x86)\RelevantKnowledge\rlls.dll (PUP.Adware.RelevantKnowledge) -> Keine Aktion durchgeführt.
C:\Users\Markus\AppData\Local\Temp\CSM5427.tmp (PUP.Adware.RelevantKnowledge) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\rlls64.dll (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\rloci.bin (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.

(Ende)

cosinus · 25.01.2013, 14:00

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Realbuchilla · 25.01.2013, 14:34

Hey vielen Dank für die schnelle Antwort

Ich habe noch einen Scan ausgeführt und dann alle entfernen lassen, aber wie gesagt von euch ist das Problem jetzt nicht zwingendermassen weg.

Hier noch die Log von Malbytes

Code:

ATTFilter

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.25.03

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16466
Markus :: FREAKYBABY [Administrator]

25.01.2013 11:27:18
mbam-log-2013-01-25 (11-27-18).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 231678
Laufzeit: 6 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 1
C:\Program Files (x86)\RelevantKnowledge\rlls.dll (PUP.Adware.RelevantKnowledge) -> Keine Aktion durchgeführt.

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Program Files (x86)\RelevantKnowledge (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.

Infizierte Dateien: 5
C:\Program Files (x86)\RelevantKnowledge\rlls.dll (PUP.Adware.RelevantKnowledge) -> Keine Aktion durchgeführt.
C:\Users\Markus\AppData\Local\Temp\CSM5427.tmp (PUP.Adware.RelevantKnowledge) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\rlls64.dll (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\rloci.bin (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe (PUP.Spyware.MarketScore) -> Keine Aktion durchgeführt.

(Ende)

Noch ein Scan von McAffee (aber nach dem Entfernen), Gut der hat auch vorher nichts entdeckt..
Er hat nichts entdeckt und ich weiss nicht wie ich die Log Datei finde....

Hoffe es reicht so..

Gruss

cosinus · 25.01.2013, 14:36

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Erstmal eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in CODE-Tags in den Thread.

Realbuchilla · 28.01.2013, 09:12

Hi

Nochmals vielen Dank, hatte halt erst jetzt Zeit.

Habe den OTL-Scan ausgeführt, hier die Log-Files:

Code:

ATTFilter

OTL logfile created on: 28.01.2013 08:53:57 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Markus\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16453)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
7.80 Gb Total Physical Memory | 6.25 Gb Available Physical Memory | 80.17% Memory free
12.30 Gb Paging File | 10.19 Gb Available in Paging File | 82.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449.91 Gb Total Space | 333.16 Gb Free Space | 74.05% Space Free | Partition Type: NTFS
 
Computer Name: FREAKYBABY | User Name: Markus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Markus\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Markus\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe (Atheros)
PRC - C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Acer Incorporated\HID Monitor\HIDMonitor.exe ()
PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation)
PRC - C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe ()
PRC - C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Markus\AppData\Local\Temp\_MEI50962\wx._core_.pyd ()
MOD - C:\Users\Markus\AppData\Local\Temp\_MEI50962\wx._controls_.pyd ()
MOD - C:\Users\Markus\AppData\Local\Temp\_MEI50962\windows._cacheinvalidation.pyd ()
MOD - C:\Users\Markus\AppData\Local\Temp\_MEI50962\wx._windows_.pyd ()
MOD - C:\Users\Markus\AppData\Local\Temp\_MEI50962\wx._gdi_.pyd ()
MOD - C:\Users\Markus\AppData\Local\Temp\_MEI50962\wx._misc_.pyd ()
MOD - C:\Users\Markus\AppData\Local\Temp\_MEI50962\_ssl.pyd ()
MOD - C:\Users\Markus\AppData\Local\Temp\_MEI50962\unicodedata.pyd ()
MOD - C:\Users\Markus\AppData\Local\Temp\_MEI50962\pysqlite2._sqlite.pyd ()
MOD - C:\Users\Markus\AppData\Local\Temp\_MEI50962\pythoncom26.dll ()
MOD - C:\Users\Markus\AppData\Local\Temp\_MEI50962\_hashlib.pyd ()
MOD - C:\Users\Markus\AppData\Local\Temp\_MEI50962\win32com.shell.shell.pyd ()
MOD - C:\Users\Markus\AppData\Local\Temp\_MEI50962\pyexpat.pyd ()
MOD - C:\Users\Markus\AppData\Local\Temp\_MEI50962\wx._wizard.pyd ()
MOD - C:\Users\Markus\AppData\Local\Temp\_MEI50962\win32file.pyd ()
MOD - C:\Users\Markus\AppData\Local\Temp\_MEI50962\win32security.pyd ()
MOD - C:\Users\Markus\AppData\Local\Temp\_MEI50962\pywintypes26.dll ()
MOD - C:\Users\Markus\AppData\Local\Temp\_MEI50962\win32api.pyd ()
MOD - C:\Users\Markus\AppData\Local\Temp\_MEI50962\_elementtree.pyd ()
MOD - C:\Users\Markus\AppData\Local\Temp\_MEI50962\_ctypes.pyd ()
MOD - C:\Users\Markus\AppData\Local\Temp\_MEI50962\wx._html2.pyd ()
MOD - C:\Users\Markus\AppData\Local\Temp\_MEI50962\_socket.pyd ()
MOD - C:\Users\Markus\AppData\Local\Temp\_MEI50962\win32inet.pyd ()
MOD - C:\Users\Markus\AppData\Local\Temp\_MEI50962\win32process.pyd ()
MOD - C:\Users\Markus\AppData\Local\Temp\_MEI50962\win32ts.pyd ()
MOD - C:\Users\Markus\AppData\Local\Temp\_MEI50962\win32pdh.pyd ()
MOD - C:\Users\Markus\AppData\Local\Temp\_MEI50962\win32profile.pyd ()
MOD - C:\Users\Markus\AppData\Local\Temp\_MEI50962\win32event.pyd ()
MOD - C:\Users\Markus\AppData\Local\Temp\_MEI50962\win32crypt.pyd ()
MOD - C:\Users\Markus\AppData\Local\Temp\_MEI50962\select.pyd ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Acer Incorporated\HID Monitor\ElanTPAPI.dll ()
MOD - C:\Program Files (x86)\Acer Incorporated\HID Monitor\HIDMonitor.exe ()
MOD - C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe ()
MOD - C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (ETDService) -- C:\Program Files\Elantech\ETDService.exe (ELAN Microelectronics Corp.)
SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Acer Incorporated)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (McODS) -- C:\Program Files\mcafee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (RfButtonDriverService) -- C:\Windows\RfBtnSvc64.exe (Dritek System INC.)
SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Qualcomm Atheros Commnucations)
SRV - (ZAtheros Wlan Agent) -- C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe (Atheros)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (CCDMonitorService) -- C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Acer Incorporated)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (EgisTec Ticket Service) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. )
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (McAWFwk) -- c:\PROGRA~1\mcafee\msc\mcawfwk.exe (McAfee, Inc.)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\Drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\Drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\Drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (Ps2Kb2Hid) -- C:\Windows\SysNative\Drivers\aPs2Kb2Hid.sys (Dritek System Inc.)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\Drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\Drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\Drivers\btfilter.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\Drivers\btath_rcp.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\Drivers\btath_hcrp.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\Drivers\btath_lwflt.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\Drivers\btath_a2dp.sys (Qualcomm Atheros)
DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\Drivers\btath_avdt.sys (Qualcomm Atheros)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\Drivers\btath_flt.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\Drivers\btath_bus.sys (Qualcomm Atheros)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\Drivers\athw8x.sys (Qualcomm Atheros Communications, Inc.)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\Drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RSBASTOR) -- C:\Windows\SysNative\Drivers\RtsBaStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\Drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\Drivers\BthLEEnum.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\Drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\Drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\Drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\Drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\Drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\Drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\Drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\Drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\Drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (mfeelamk) -- C:\Windows\SysNative\Drivers\mfeelamk.sys (McAfee, Inc.)
DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\Drivers\Rt630x64.sys (Realtek                                            )
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\Drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (HipShieldK) -- C:\Windows\SysNative\Drivers\HipShieldK.sys (McAfee, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\Drivers\UBHelper.sys (NTI Corporation)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\Drivers\NTIDrvr.sys (NTI Corporation)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {F598EBF1-07B2-455D-906D-758CE85270D2}
IE:64bit: - HKLM\..\SearchScopes\{F598EBF1-07B2-455D-906D-758CE85270D2}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {F598EBF1-07B2-455D-906D-758CE85270D2}
IE - HKLM\..\SearchScopes\{F598EBF1-07B2-455D-906D-758CE85270D2}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.wakeboardingmag.com/
IE - HKCU\..\SearchScopes,DefaultScope = {C615A4CE-36CA-4F13-AB76-08D2E6238B30}
IE - HKCU\..\SearchScopes\{C615A4CE-36CA-4F13-AB76-08D2E6238B30}: "URL" = https://www.google.ch/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013.01.18 03:06:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2013.01.18 02:03:23 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: Beatlab = C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\alnfdikmbdfgkcbdodjcbmedanjinmkk\1.0.1_0\
CHR - Extension: Google Docs = C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.4_0\
CHR - Extension: Google Drive = C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Kalender = C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Google Maps = C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: Google Mail-Checker = C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\
CHR - Extension: Google Mail = C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.07.26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [BtPreLoad] C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [LManager]  File not found
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()
O4 - Startup: C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Markus\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.2.24.158 62.2.17.60
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30381794-6AB5-4625-897B-2AD813442B6D}: DhcpNameServer = 192.53.112.23
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DDB0DF2-BFF0-4E0B-A63D-60C00BD893BC}: DhcpNameServer = 62.2.24.158 62.2.17.60
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.28 08:30:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013.01.27 13:09:26 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\Diagnostics
[2013.01.25 16:09:03 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Need for Speed World
[2013.01.25 15:30:00 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\Electronic_Arts_Inc
[2013.01.25 15:29:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2013.01.25 15:29:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2013.01.25 14:48:33 | 000,314,880 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2013.01.25 14:47:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra
[2013.01.25 14:47:25 | 001,022,976 | ---- | C] (Cendant Software) -- C:\Windows\SysWow64\SierraNW.dll
[2013.01.25 14:47:25 | 000,231,936 | ---- | C] (Cendant Software) -- C:\Windows\SysWow64\SNWValid.dll
[2013.01.25 14:47:25 | 000,000,000 | ---D | C] -- C:\Windows\solcache
[2013.01.25 14:47:25 | 000,000,000 | ---D | C] -- C:\SIERRA
[2013.01.25 14:46:55 | 000,315,904 | ---- | C] (InstallShield Software Corporation ) -- C:\Windows\IsUn0407.exe
[2013.01.25 14:37:49 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Subversion
[2013.01.25 14:36:13 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\fltk.org
[2013.01.25 14:36:13 | 000,000,000 | ---D | C] -- C:\ProgramData\fltk.org
[2013.01.25 14:31:18 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\flightgear.org
[2013.01.25 14:31:17 | 000,000,000 | ---D | C] -- C:\ProgramData\flightgear.org
[2013.01.25 11:26:38 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Malwarebytes
[2013.01.25 11:26:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.25 11:26:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.25 11:26:19 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.01.25 11:26:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.01.25 11:26:08 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\Programs
[2013.01.25 10:36:49 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\EgisTec
[2013.01.25 10:17:08 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\CyberLink
[2013.01.25 10:16:36 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\Cyberlink
[2013.01.24 16:57:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
[2013.01.24 16:57:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xvid
[2013.01.24 16:52:38 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\tiger-k
[2013.01.24 16:52:38 | 000,000,000 | ---D | C] -- C:\Users\Markus\Documents\Leawo
[2013.01.24 16:52:38 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Leawo
[2013.01.24 16:52:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Leawo
[2013.01.24 16:51:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2013.01.24 16:51:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2013.01.24 16:51:14 | 000,139,264 | ---- | C] (hxxp://www.xvid.org) -- C:\Windows\SysWow64\xvid.ax
[2013.01.24 16:51:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leawo
[2013.01.24 16:51:13 | 000,606,208 | ---- | C] (hxxp://www.xvid.org) -- C:\Windows\SysWow64\xvidcore.dll
[2013.01.24 16:51:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Leawo
[2013.01.24 16:23:56 | 000,000,000 | ---D | C] -- C:\Users\Markus\Documents\MAGIX_MusicEditor
[2013.01.24 16:23:33 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\MAGIX
[2013.01.24 16:23:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
[2013.01.24 16:20:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Services
[2013.01.24 16:20:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013.01.24 15:49:41 | 000,969,104 | ---- | C] (BitTorrent, Inc.) -- C:\Users\Markus\Desktop\uTorrent - Kopie.exe
[2013.01.24 13:59:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\MAGIX
[2013.01.24 13:56:11 | 000,000,000 | ---D | C] -- C:\Users\Markus\Documents\MAGIX_Video_Pro_X2
[2013.01.22 19:37:48 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\GoPro
[2013.01.22 15:33:25 | 000,000,000 | ---D | C] -- C:\Users\Markus\Documents\Red Alert 3
[2013.01.22 15:31:24 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Red Alert 3
[2013.01.22 15:18:02 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2013.01.22 15:18:02 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2013.01.22 15:18:02 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2013.01.22 15:18:02 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2013.01.22 15:18:01 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2013.01.22 15:18:01 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2013.01.22 15:18:01 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2013.01.22 15:18:01 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2013.01.22 15:18:01 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2013.01.22 15:18:01 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2013.01.22 15:18:00 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2013.01.22 15:18:00 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2013.01.22 15:11:24 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2013.01.22 14:47:19 | 000,000,000 | ---D | C] -- C:\Users\Markus\Documents\MAGIX downloads
[2013.01.22 14:44:45 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\GoPro
[2013.01.22 14:37:05 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\NVIDIA
[2013.01.22 14:35:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoPro
[2013.01.22 14:35:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CineForm
[2013.01.22 14:35:54 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2013.01.22 14:35:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013.01.22 14:35:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GoPro
[2013.01.22 12:53:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.01.22 12:53:06 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013.01.22 11:18:45 | 000,000,000 | R--D | C] -- C:\Users\Markus\Dropbox
[2013.01.21 21:48:01 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2013.01.21 21:47:16 | 000,000,000 | --SD | C] -- C:\Users\Markus\Google Drive
[2013.01.21 21:46:01 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Dropbox
[2013.01.21 21:44:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013.01.20 12:50:51 | 001,172,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfnetsrc.dll
[2013.01.20 12:50:51 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfasfsrcsnk.dll
[2013.01.20 12:50:51 | 000,929,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfnetsrc.dll
[2013.01.20 12:50:51 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfasfsrcsnk.dll
[2013.01.20 12:50:51 | 000,677,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfnetcore.dll
[2013.01.20 12:50:51 | 000,673,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfmpeg2srcsnk.dll
[2013.01.20 12:50:51 | 000,568,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfnetcore.dll
[2013.01.20 12:50:51 | 000,513,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfmpeg2srcsnk.dll
[2013.01.20 12:49:08 | 001,120,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctf.dll
[2013.01.20 12:48:55 | 006,971,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.01.20 12:48:55 | 001,184,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Display.dll
[2013.01.20 12:48:55 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Display.dll
[2013.01.20 12:48:55 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2013.01.20 12:48:55 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevDispItemProvider.dll
[2013.01.20 12:48:55 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidi2c.sys
[2013.01.20 12:48:54 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevDispItemProvider.dll
[2013.01.20 12:48:54 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDKURD.DLL
[2013.01.20 12:48:54 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDKURD.DLL
[2013.01.20 12:48:52 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSShared.dll
[2013.01.20 12:48:51 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSShared.dll
[2013.01.20 12:48:51 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.ApplicationModel.Store.dll
[2013.01.20 12:48:51 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2013.01.20 12:48:51 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll
[2013.01.20 12:48:51 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2013.01.20 12:48:42 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dskquota.dll
[2013.01.20 12:48:40 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dskquota.dll
[2013.01.20 12:48:29 | 000,396,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hal.dll
[2013.01.20 12:47:46 | 003,554,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2013.01.20 12:47:38 | 002,116,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2013.01.20 12:47:37 | 002,380,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2013.01.20 12:47:37 | 002,206,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmcore.dll
[2013.01.20 12:47:37 | 002,115,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2013.01.20 12:47:36 | 001,610,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2013.01.20 12:47:36 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.UI.Immersive.dll
[2013.01.20 12:47:36 | 001,265,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013.01.20 12:47:36 | 001,226,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.UI.Immersive.dll
[2013.01.20 12:47:35 | 000,579,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2013.01.20 12:47:34 | 001,841,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dwmcore.dll
[2013.01.20 12:47:34 | 000,793,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfplat.dll
[2013.01.20 12:47:33 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SHCore.dll
[2013.01.20 12:47:32 | 001,403,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2013.01.20 12:47:32 | 000,373,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2013.01.20 12:47:31 | 000,612,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfplat.dll
[2013.01.20 12:47:31 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.dll
[2013.01.20 12:47:31 | 000,561,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfmp4srcsnk.dll
[2013.01.20 12:47:31 | 000,517,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2013.01.20 12:47:31 | 000,441,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2013.01.20 12:47:30 | 000,286,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2013.01.20 12:47:29 | 002,764,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2013.01.20 12:47:29 | 001,045,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usercpl.dll
[2013.01.20 12:47:29 | 000,503,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ci.dll
[2013.01.20 12:47:29 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.dll
[2013.01.20 12:47:29 | 000,336,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Classpnp.sys
[2013.01.20 12:47:29 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Storage.Compression.dll
[2013.01.20 12:47:28 | 000,411,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfmp4srcsnk.dll
[2013.01.20 12:47:28 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2013.01.20 12:47:28 | 000,058,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dam.sys
[2013.01.20 12:47:27 | 000,962,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\usercpl.dll
[2013.01.20 12:47:25 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SpaceControl.dll
[2013.01.20 12:47:25 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2013.01.20 12:47:25 | 000,033,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\battc.sys
[2013.01.20 12:47:24 | 000,056,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdstor.sys
[2013.01.20 12:47:23 | 001,267,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2013.01.20 12:47:23 | 001,217,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2013.01.20 12:47:23 | 001,093,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2013.01.20 12:47:22 | 000,460,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SHCore.dll
[2013.01.20 12:47:22 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Storage.Compression.dll
[2013.01.20 12:47:21 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\input.dll
[2013.01.20 12:47:20 | 001,636,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMALFXGFXDSP.dll
[2013.01.20 12:47:20 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\input.dll
[2013.01.20 12:47:18 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2013.01.20 12:47:17 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2013.01.20 12:47:16 | 000,745,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2013.01.20 12:47:16 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\microsoft-windows-pdc.dll
[2013.01.20 12:47:15 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PCPKsp.dll
[2013.01.20 12:47:14 | 001,294,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2013.01.20 12:47:13 | 000,757,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FirewallAPI.dll
[2013.01.20 12:47:13 | 000,435,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2013.01.20 12:47:13 | 000,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2013.01.20 12:47:13 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AppxSip.dll
[2013.01.20 12:47:12 | 001,836,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.01.20 12:47:12 | 000,370,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SysFxUI.dll
[2013.01.20 12:47:12 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppxSip.dll
[2013.01.20 12:47:11 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2013.01.20 12:47:10 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2013.01.20 12:47:10 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icfupgd.dll
[2013.01.20 12:47:10 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PCPKsp.dll
[2013.01.20 12:47:10 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BdeUISrv.exe
[2013.01.20 12:47:08 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssitlb.dll
[2013.01.20 12:47:08 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssitlb.dll
[2013.01.20 12:47:08 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2013.01.20 12:47:07 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssprxy.dll
[2013.01.20 12:47:06 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2013.01.20 12:47:06 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wfapigp.dll
[2013.01.20 12:47:06 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wfapigp.dll
[2013.01.20 12:47:05 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msshooks.dll
[2013.01.20 12:47:04 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2013.01.20 12:47:04 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msshooks.dll
[2013.01.20 12:47:03 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kbdhebl3.dll
[2013.01.20 12:47:02 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\kbdhebl3.dll
[2013.01.20 12:46:50 | 001,131,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppXDeploymentServer.dll
[2013.01.20 12:46:50 | 000,707,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppXDeploymentExtensions.dll
[2013.01.20 12:46:49 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TimeBrokerServer.dll
[2013.01.20 12:46:48 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll
[2013.01.20 12:46:35 | 005,974,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.01.20 12:46:35 | 005,088,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.01.20 12:46:35 | 001,096,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2013.01.20 12:46:34 | 003,245,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2013.01.20 12:46:34 | 002,302,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.01.20 12:46:34 | 001,145,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmde.dll
[2013.01.20 12:46:33 | 001,122,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Taskmgr.exe
[2013.01.20 12:46:33 | 001,027,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Taskmgr.exe
[2013.01.20 12:46:32 | 001,536,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\storagewmi.dll
[2013.01.20 12:46:31 | 000,955,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WebcamUi.dll
[2013.01.20 12:46:29 | 002,033,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.01.20 12:46:29 | 000,798,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WebcamUi.dll
[2013.01.20 12:46:29 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UserLanguagesCpl.dll
[2013.01.20 12:46:29 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usbmon.dll
[2013.01.20 12:46:28 | 000,891,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winmde.dll
[2013.01.20 12:46:28 | 000,244,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpnapps.dll
[2013.01.20 12:46:28 | 000,194,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys
[2013.01.20 12:46:27 | 000,560,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UserLanguagesCpl.dll
[2013.01.20 12:46:27 | 000,329,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2013.01.20 12:46:27 | 000,124,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpsd.sys
[2013.01.20 12:46:27 | 000,058,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2013.01.20 12:46:26 | 001,217,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\storagewmi.dll
[2013.01.20 12:46:26 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013.01.20 12:46:26 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013.01.20 12:46:26 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDMon.dll
[2013.01.20 12:46:26 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wpnapps.dll
[2013.01.20 12:46:26 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2013.01.20 12:46:26 | 000,027,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2013.01.20 12:46:25 | 000,888,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll
[2013.01.20 12:46:25 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
[2013.01.20 12:46:24 | 000,378,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
[2013.01.20 12:46:24 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[2013.01.20 12:46:24 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vdsutil.dll
[2013.01.20 12:46:24 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\storewuauth.dll
[2013.01.20 12:46:24 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rfxvmt.dll
[2013.01.20 12:46:24 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vdsldr.exe
[2013.01.20 12:46:23 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2013.01.20 12:46:23 | 000,120,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vds_ps.dll
[2013.01.20 12:46:23 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vds_ps.dll
[2013.01.20 12:46:23 | 000,031,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys
[2013.01.20 12:46:23 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BtaMPM.sys
[2013.01.20 12:46:22 | 000,029,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BthhfHid.sys
[2013.01.20 12:46:17 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppwinob.dll
[2013.01.20 12:45:39 | 011,459,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\glcndFilter.dll
[2013.01.20 12:45:38 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll
[2013.01.20 12:45:37 | 008,856,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll
[2013.01.20 12:45:35 | 008,552,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\glcndFilter.dll
[2013.01.20 12:45:30 | 001,526,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfcore.dll
[2013.01.20 12:45:29 | 001,566,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2013.01.20 12:45:29 | 001,451,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfcore.dll
[2013.01.20 12:45:29 | 000,976,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013.01.20 12:45:27 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2013.01.20 12:45:26 | 000,490,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll
[2013.01.20 12:45:26 | 000,447,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2013.01.20 12:45:25 | 000,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\HelpPane.exe
[2013.01.20 12:45:25 | 000,253,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\audiodg.exe
[2013.01.20 12:45:23 | 000,767,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2013.01.20 12:45:23 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drvstore.dll
[2013.01.20 12:45:20 | 000,549,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvstore.dll
[2013.01.20 12:45:20 | 000,069,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pdc.sys
[2013.01.20 12:45:17 | 000,291,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.Connectivity.dll
[2013.01.20 12:45:16 | 000,522,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AUDIOKSE.dll
[2013.01.20 12:45:16 | 000,501,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevicePairing.dll
[2013.01.20 12:45:16 | 000,463,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AUDIOKSE.dll
[2013.01.20 12:45:16 | 000,445,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBHUB3.SYS
[2013.01.20 12:45:16 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dafWCN.dll
[2013.01.20 12:45:15 | 001,619,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2013.01.20 12:45:15 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanmsm.dll
[2013.01.20 12:45:15 | 000,386,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanmsm.dll
[2013.01.20 12:45:15 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bthprops.cpl
[2013.01.20 12:45:15 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFCaptureEngine.dll
[2013.01.20 12:45:14 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2013.01.20 12:45:14 | 000,449,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevicePairing.dll
[2013.01.20 12:45:14 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpclip.exe
[2013.01.20 12:45:14 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2013.01.20 12:45:14 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.Connectivity.dll
[2013.01.20 12:45:14 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\bthprops.cpl
[2013.01.20 12:45:14 | 000,141,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2013.01.20 12:45:14 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2013.01.20 12:45:13 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUSettingsProvider.dll
[2013.01.20 12:45:12 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ubpm.dll
[2013.01.20 12:45:12 | 000,246,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ubpm.dll
[2013.01.20 12:45:12 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2013.01.20 12:45:12 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFCaptureEngine.dll
[2013.01.20 12:45:12 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2013.01.20 12:45:12 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2013.01.20 12:45:11 | 000,273,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanapi.dll
[2013.01.20 12:45:11 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsquirt.exe
[2013.01.20 12:45:11 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2013.01.20 12:45:10 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEndpointBuilder.dll
[2013.01.20 12:45:10 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2013.01.20 12:45:10 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013.01.20 12:45:10 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhostex.exe
[2013.01.20 12:45:09 | 000,446,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlansec.dll
[2013.01.20 12:45:09 | 000,375,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlansec.dll
[2013.01.20 12:45:09 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanapi.dll
[2013.01.20 12:45:09 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WcnApi.dll
[2013.01.20 12:45:09 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WcnApi.dll
[2013.01.20 12:45:08 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fdWCN.dll
[2013.01.20 12:45:08 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WcnEapPeerProxy.dll
[2013.01.20 12:45:08 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WcnEapAuthProxy.dll
[2013.01.20 12:45:07 | 000,267,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDump.dll
[2013.01.20 12:45:07 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wfdprov.dll
[2013.01.20 12:45:07 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wfdprov.dll
[2013.01.20 12:45:06 | 002,146,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll
[2013.01.20 12:45:06 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2013.01.20 12:45:06 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2013.01.20 12:45:06 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuaext.dll
[2013.01.20 12:45:05 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fxppm.sys
[2013.01.20 12:45:04 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iscsilog.dll
[2013.01.20 12:45:04 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanhlp.dll
[2013.01.20 12:45:04 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanhlp.dll
[2013.01.20 12:45:03 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wushareduxresources.dll
[2013.01.18 17:37:03 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\assembly
[2013.01.18 17:24:37 | 000,000,000 | R--D | C] -- C:\Windows\BrowserChoice
[2013.01.18 17:17:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2013.01.18 17:17:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013.01.18 17:16:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2013.01.18 17:14:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2013.01.18 17:14:04 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013.01.18 17:14:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2013.01.18 17:14:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2013.01.18 17:12:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2013.01.18 17:11:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2013.01.18 17:11:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2013.01.18 17:09:17 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\Microsoft Help
[2013.01.18 17:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013.01.18 17:09:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2013.01.18 17:08:59 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2013.01.18 16:54:30 | 000,000,000 | ---D | C] -- C:\Users\Markus\Documents\MAGIX
[2013.01.18 16:36:05 | 000,700,416 | ---- | C] (MAGIX AG) -- C:\Windows\SysWow64\mgxoschk.dll
[2013.01.18 16:34:02 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\MAGIX
[2013.01.18 16:33:58 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\Xara
[2013.01.18 16:33:55 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\MAGIX
[2013.01.18 16:32:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Shared
[2013.01.18 16:31:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MAGIX
[2013.01.18 16:30:40 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2013.01.18 06:27:20 | 000,000,000 | ---D | C] -- C:\Users\Markus\Documents\Uni Zürich
[2013.01.18 06:27:15 | 000,000,000 | ---D | C] -- C:\Users\Markus\Documents\privat
[2013.01.18 06:24:01 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\clear.fi
[2013.01.18 06:12:12 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Identities
[2013.01.18 06:11:29 | 000,000,000 | ---D | C] -- C:\ProgramData\NTIRegEt
[2013.01.18 04:59:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.01.18 04:54:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013.01.18 04:54:37 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\Google
[2013.01.18 04:54:13 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\Apps
[2013.01.18 04:54:12 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\Deployment
[2013.01.18 04:30:38 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013.01.18 04:01:52 | 000,017,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr100_clr0400.dll
[2013.01.18 04:00:57 | 000,017,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr100_clr0400.dll
[2013.01.18 03:36:09 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\CrashDumps
[2013.01.18 02:56:54 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2013.01.18 02:56:54 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2013.01.18 02:56:49 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncryptsslp.dll
[2013.01.18 02:56:49 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncryptsslp.dll
[2013.01.18 02:56:38 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tssdisai.dll
[2013.01.18 02:56:38 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appserverai.dll
[2013.01.18 02:56:38 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RDWebAI.dll
[2013.01.18 02:56:38 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VmHostAI.dll
[2013.01.18 02:56:36 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2013.01.18 02:56:36 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2013.01.18 02:47:42 | 001,009,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\reseteng.dll
[2013.01.18 02:47:42 | 000,945,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\resetengmig.dll
[2013.01.18 02:47:42 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ReAgent.dll
[2013.01.18 02:47:42 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgent.dll
[2013.01.18 02:47:42 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sysreset.exe
[2013.01.18 02:47:40 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ReAgentc.exe
[2013.01.18 02:47:40 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgentc.exe
[2013.01.18 02:34:06 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcadm.dll
[2013.01.18 02:34:06 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcalua.exe
[2013.01.18 02:34:06 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcaevts.dll
[2013.01.18 02:34:04 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2013.01.18 02:34:04 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2013.01.18 02:34:04 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnathlp.dll
[2013.01.18 02:34:04 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnathlp.dll
[2013.01.18 02:34:04 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnsvr.exe
[2013.01.18 02:34:04 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnsvr.exe
[2013.01.18 02:34:04 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnhupnp.dll
[2013.01.18 02:34:04 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnhpast.dll
[2013.01.18 02:34:04 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnhupnp.dll
[2013.01.18 02:34:04 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnhpast.dll
[2013.01.18 02:34:04 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnlobby.dll
[2013.01.18 02:34:04 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnaddr.dll
[2013.01.18 02:34:04 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnlobby.dll
[2013.01.18 02:34:03 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnaddr.dll
[2013.01.18 02:33:15 | 000,362,496 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013.01.18 02:33:15 | 000,300,032 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013.01.18 02:33:15 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013.01.18 02:33:15 | 000,035,328 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013.01.18 02:33:14 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2013.01.18 02:33:14 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2013.01.18 02:33:14 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2013.01.18 02:33:14 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2013.01.18 02:32:11 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
[2013.01.18 02:32:11 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.01.18 02:32:10 | 003,966,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.01.18 02:32:10 | 000,854,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.01.18 02:32:10 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.01.18 02:32:10 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.01.18 02:32:10 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.01.18 02:32:09 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.01.18 02:32:09 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.01.18 02:32:09 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll
[2013.01.18 02:32:09 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.01.18 02:32:09 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll
[2013.01.18 02:32:09 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.01.18 02:32:09 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.01.18 02:31:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml6r.dll
[2013.01.18 02:31:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6r.dll
[2013.01.18 02:31:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2013.01.18 02:31:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2013.01.18 02:17:45 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Macromedia
[2013.01.18 02:14:37 | 000,000,000 | ---D | C] -- C:\ProgramData\EgisTec
[2013.01.18 02:12:58 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\EgisTec IPS
[2013.01.18 02:06:48 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Atheros
[2013.01.18 02:05:04 | 000,000,000 | R--D | C] -- C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.01.18 02:05:04 | 000,000,000 | R--D | C] -- C:\Users\Markus\Searches
[2013.01.18 02:05:04 | 000,000,000 | R--D | C] -- C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.01.18 02:05:03 | 000,000,000 | R--D | C] -- C:\Users\Markus\Contacts
[2013.01.18 02:04:50 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Adobe
[2013.01.18 02:04:28 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\lm
[2013.01.18 02:03:05 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\Packages
[2013.01.18 02:02:57 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\VirtualStore
[2013.01.18 02:02:54 | 000,000,000 | -HSD | C] -- C:\Users\Markus\Vorlagen
[2013.01.18 02:02:54 | 000,000,000 | -HSD | C] -- C:\Users\Markus\AppData\Local\Verlauf
[2013.01.18 02:02:54 | 000,000,000 | -HSD | C] -- C:\Users\Markus\AppData\Local\Temporary Internet Files
[2013.01.18 02:02:54 | 000,000,000 | -HSD | C] -- C:\Users\Markus\Startmenü
[2013.01.18 02:02:54 | 000,000,000 | -HSD | C] -- C:\Users\Markus\SendTo
[2013.01.18 02:02:54 | 000,000,000 | -HSD | C] -- C:\Users\Markus\Recent
[2013.01.18 02:02:54 | 000,000,000 | -HSD | C] -- C:\Users\Markus\Netzwerkumgebung
[2013.01.18 02:02:54 | 000,000,000 | -HSD | C] -- C:\Users\Markus\Lokale Einstellungen
[2013.01.18 02:02:54 | 000,000,000 | -HSD | C] -- C:\Users\Markus\Documents\Eigene Videos
[2013.01.18 02:02:54 | 000,000,000 | -HSD | C] -- C:\Users\Markus\Documents\Eigene Musik
[2013.01.18 02:02:54 | 000,000,000 | -HSD | C] -- C:\Users\Markus\Eigene Dateien
[2013.01.18 02:02:54 | 000,000,000 | -HSD | C] -- C:\Users\Markus\Documents\Eigene Bilder
[2013.01.18 02:02:54 | 000,000,000 | -HSD | C] -- C:\Users\Markus\Druckumgebung
[2013.01.18 02:02:54 | 000,000,000 | -HSD | C] -- C:\Users\Markus\Cookies
[2013.01.18 02:02:54 | 000,000,000 | -HSD | C] -- C:\Users\Markus\AppData\Local\Anwendungsdaten
[2013.01.18 02:02:54 | 000,000,000 | -HSD | C] -- C:\Users\Markus\Anwendungsdaten
[2013.01.18 02:02:53 | 000,000,000 | --SD | C] -- C:\Users\Markus\AppData\Roaming\Microsoft
[2013.01.18 02:02:53 | 000,000,000 | R--D | C] -- C:\Users\Markus\Videos
[2013.01.18 02:02:53 | 000,000,000 | R--D | C] -- C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2013.01.18 02:02:53 | 000,000,000 | R--D | C] -- C:\Users\Markus\Saved Games
[2013.01.18 02:02:53 | 000,000,000 | R--D | C] -- C:\Users\Markus\Pictures
[2013.01.18 02:02:53 | 000,000,000 | R--D | C] -- C:\Users\Markus\Music
[2013.01.18 02:02:53 | 000,000,000 | R--D | C] -- C:\Users\Markus\Links
[2013.01.18 02:02:53 | 000,000,000 | R--D | C] -- C:\Users\Markus\Favorites
[2013.01.18 02:02:53 | 000,000,000 | R--D | C] -- C:\Users\Markus\Downloads
[2013.01.18 02:02:53 | 000,000,000 | R--D | C] -- C:\Users\Markus\Documents
[2013.01.18 02:02:53 | 000,000,000 | R--D | C] -- C:\Users\Markus\Desktop
[2013.01.18 02:02:53 | 000,000,000 | R--D | C] -- C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.01.18 02:02:53 | 000,000,000 | R--D | C] -- C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2013.01.18 02:02:53 | 000,000,000 | -H-D | C] -- C:\Users\Markus\AppData
[2013.01.18 02:02:53 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\Temp
[2013.01.18 02:02:53 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\Microsoft
[2013.01.18 02:02:53 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.01.17 21:08:16 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\Apple Computer
[2013.01.17 21:08:15 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Apple Computer
[2013.01.17 21:08:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.01.17 21:08:10 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2013.01.17 21:08:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2013.01.17 21:07:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.01.17 21:07:54 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.01.17 21:07:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013.01.17 21:07:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013.01.17 21:07:54 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.01.17 21:07:22 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\Apple
[2013.01.17 21:07:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013.01.17 21:07:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013.01.17 21:06:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013.01.17 21:06:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013.01.17 21:06:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013.01.17 21:06:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013.01.17 17:12:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2013.01.17 17:05:21 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\uTorrent
[2013.01.17 16:19:45 | 000,000,000 | ---D | C] -- C:\sources
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.28 08:48:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.28 08:46:01 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.28 08:28:48 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.25 15:29:22 | 000,002,181 | ---- | M] () -- C:\Users\Public\Desktop\Need For Speed World.lnk
[2013.01.25 14:47:54 | 000,000,219 | ---- | M] () -- C:\Windows\SIERRA.INI
[2013.01.25 12:13:18 | 000,542,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.25 12:12:38 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.01.25 12:12:36 | 2405,511,167 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.25 12:12:31 | 000,053,284 | ---- | M] () -- C:\Windows\SysNative\wpbbin.exe
[2013.01.25 11:26:27 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.24 21:25:40 | 001,745,416 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.24 21:25:40 | 000,753,134 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.24 21:25:40 | 000,710,244 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.24 21:25:40 | 000,155,826 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.24 21:25:40 | 000,132,614 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.24 16:51:14 | 000,001,156 | ---- | M] () -- C:\Users\Public\Desktop\Leawo Video Converter.lnk
[2013.01.24 16:50:40 | 000,001,461 | ---- | M] () -- C:\1.xml
[2013.01.24 16:23:54 | 000,120,200 | ---- | M] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2013.01.24 16:23:33 | 000,001,155 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Movie Edit Pro 2013 Premium.lnk
[2013.01.22 14:36:01 | 000,001,174 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk
[2013.01.22 14:36:01 | 000,001,117 | ---- | M] () -- C:\Users\Markus\Desktop\GoPro CineForm Studio.lnk
[2013.01.22 11:21:02 | 000,001,016 | ---- | M] () -- C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.01.22 11:20:43 | 000,000,986 | ---- | M] () -- C:\Users\Markus\Desktop\Dropbox.lnk
[2013.01.21 21:47:18 | 000,001,680 | ---- | M] () -- C:\Users\Markus\Desktop\Google Drive.lnk
[2013.01.18 06:12:07 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTIMMV9Acer.dll
[2013.01.18 06:12:07 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTILiveUpdateV9.dll
[2013.01.18 06:12:06 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTIMMV9REGET.dll
[2013.01.18 04:59:19 | 000,002,259 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.01.18 02:04:48 | 000,000,225 | ---- | M] () -- C:\Windows\User.xml
[2013.01.18 02:04:31 | 000,000,568 | ---- | M] () -- C:\Windows\WisLangCode.ini
[2013.01.18 02:04:31 | 000,000,151 | -HS- | M] () -- C:\Windows\Preload.rev
[2013.01.17 21:08:14 | 000,001,747 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.01.17 17:12:15 | 000,969,104 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Markus\Desktop\uTorrent - Kopie.exe
 
========== Files Created - No Company Name ==========
 
[2013.01.25 15:29:22 | 000,002,181 | ---- | C] () -- C:\Users\Public\Desktop\Need For Speed World.lnk
[2013.01.25 14:46:56 | 000,000,219 | ---- | C] () -- C:\Windows\SIERRA.INI
[2013.01.25 12:12:54 | 000,542,184 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.25 11:26:27 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.24 16:57:08 | 000,696,832 | ---- | C] () -- C:\Windows\SysNative\xvidcore.dll
[2013.01.24 16:57:08 | 000,255,488 | ---- | C] () -- C:\Windows\SysNative\xvidvfw.dll
[2013.01.24 16:57:08 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2013.01.24 16:57:08 | 000,173,568 | ---- | C] () -- C:\Windows\SysNative\xvid.ax
[2013.01.24 16:51:36 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013.01.24 16:51:14 | 000,001,156 | ---- | C] () -- C:\Users\Public\Desktop\Leawo Video Converter.lnk
[2013.01.24 16:50:40 | 000,001,461 | ---- | C] () -- C:\1.xml
[2013.01.24 16:23:33 | 000,001,155 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Movie Edit Pro 2013 Premium.lnk
[2013.01.24 13:59:51 | 000,007,103 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2013.01.22 14:36:01 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk
[2013.01.22 14:36:01 | 000,001,117 | ---- | C] () -- C:\Users\Markus\Desktop\GoPro CineForm Studio.lnk
[2013.01.22 11:18:45 | 000,000,986 | ---- | C] () -- C:\Users\Markus\Desktop\Dropbox.lnk
[2013.01.21 21:48:18 | 000,001,016 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.01.21 21:47:18 | 000,001,680 | ---- | C] () -- C:\Users\Markus\Desktop\Google Drive.lnk
[2013.01.20 12:45:16 | 000,385,604 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013.01.18 04:59:19 | 000,002,259 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.01.18 04:54:45 | 000,001,132 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.18 04:54:44 | 000,001,128 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.18 02:04:50 | 000,001,442 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.01.17 21:08:14 | 000,001,747 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.01.17 21:07:21 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012.11.25 01:10:58 | 000,000,280 | ---- | C] () -- C:\Windows\LaunApp.ini
[2012.11.25 01:07:22 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2012.11.25 01:01:55 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012.11.25 01:01:54 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012.11.25 01:01:54 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.11.25 01:00:27 | 000,000,166 | ---- | C] () -- C:\Windows\WISGAPas.ini
[2012.11.25 01:00:22 | 000,001,455 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2012.11.25 01:00:22 | 000,000,568 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2012.11.25 00:48:00 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2012.09.04 02:06:17 | 000,000,460 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2012.09.04 02:06:17 | 000,000,395 | ---- | C] () -- C:\Windows\WisPriority.ini
[2012.07.26 09:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012.07.26 09:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012.07.26 08:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012.07.26 02:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012.07.25 21:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012.07.25 21:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.07.25 21:22:56 | 000,267,284 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012.07.25 21:22:54 | 000,963,376 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012.06.02 15:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012.04.20 22:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.11.06 05:19:27 | 019,789,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.11.06 05:20:00 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:054203E4

< End of report >

und nächstes in der zweiten Antwort

Hoffe das Zeugs ist weg...
Momentan läuft auch alles wieder ok mit dem PC, vorher hatte die HD so komische Geräusche gemacht wenn sie angelaufen ist und das Internet hat immer wieder die Verbindung abgebrochen..

Falls der PC immer noch infiziert ist, kann ich dann einfach eine Systemwiederherstellung auf den ersten Zeitpunkt machen?

Freundliche Grüsse

Realbuchilla · 28.01.2013, 09:14

zweiter scan log file mit OTL

Code:

ATTFilter

OTL Extras logfile created on: 28.01.2013 08:53:57 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Markus\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16453)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
7.80 Gb Total Physical Memory | 6.25 Gb Available Physical Memory | 80.17% Memory free
12.30 Gb Paging File | 10.19 Gb Available in Paging File | 82.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449.91 Gb Total Space | 333.16 Gb Free Space | 74.05% Space Free | Partition Type: NTFS
 
Computer Name: FREAKYBABY | User Name: Markus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3432317C-53CF-43A3-BC41-B671E7D9CB6A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{035A2713-3071-4220-A4AE-5D47397D084A}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe | 
"{04285D0C-06F2-4889-B064-EB900D5FEEA5}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{0491F2C5-5670-48DB-BFC4-84BE85AD7E1A}" = dir=out | name=swissquote | 
"{09A0915E-8276-4152-ABDA-8A785613F466}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{110F616D-48BE-4097-B641-427D2CC0204E}" = dir=out | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{156621C2-1E72-4A6F-B925-5A2EA3C57EA6}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe | 
"{16D8B414-39B4-4C1C-9B46-CAEF7257524F}" = protocol=6 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe | 
"{17683A1F-F72E-494B-BFE4-2731E06E3573}" = dir=out | name=@{microsoft.bingtravel_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{19B03915-FABF-4A69-85FA-38E2F91BF539}" = dir=out | name=@{microsoft.zunemusic_1.1.144.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{1C0CA74A-172B-4C2A-902B-88DAEA0F35F0}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe | 
"{1E47FEC5-FB31-472D-B786-B4CDC69EF22E}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{22A3E3F2-6510-4B2D-B962-EF4603093AD4}" = dir=out | name=google search | 
"{2450D88A-9AC7-44AE-9550-A355C3CC9BAE}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{2AD851FD-2E59-46B1-B324-1706811F000A}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{3140F873-770D-4C72-9757-C69D36F1089C}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe | 
"{32F1FCAC-298A-4E91-A5C3-8A2C570A398F}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe | 
"{3394AC10-AC86-434D-A170-22CA26F224BE}" = dir=out | name=wetter.com | 
"{39A5E596-EEDA-41EC-B457-FC92D307A4D5}" = dir=out | name=evernote | 
"{3A1BDA97-5E48-4CB9-AB55-675F595C96CD}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{3C5D6366-2900-48D1-9F0C-8C436E3F5967}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{3E74DDD3-0FF1-41E0-A065-30BD91674B47}" = dir=out | name=windows_ie_ac_001 | 
"{40E48464-2429-43DF-87C4-C707D1FE6BC0}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe | 
"{44C90D5F-9636-40B8-87FA-FBDA4EC163B5}" = dir=out | name=wikipedia | 
"{49227D01-10E0-4068-960B-CF833EA663C5}" = dir=out | name=tagi-news | 
"{4EE492A5-83E1-42C7-B341-15A396771B0C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{4FE1BE43-9A19-455A-AB8F-99C242D8EA85}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe | 
"{51B681A8-8EE4-4C19-9CCC-F179FC25B537}" = protocol=6 | dir=in | app=c:\users\markus\appdata\roaming\dropbox\bin\dropbox.exe | 
"{58F7D357-B87D-46BF-A029-535102793FDB}" = dir=out | name=@{microsoft.bingnews_1.7.0.31_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{5D0391E8-681D-4BDB-83FF-204F94A3E07C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{5E0B3400-6747-4066-9BF7-E974FA711E78}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\musicplayer.exe | 
"{5E91F47E-C064-4DB0-B6BA-3284E7106CD2}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe | 
"{76F7AD0C-2C45-474C-832F-B94E38C4B582}" = dir=out | name=kindle | 
"{7BC30EC9-08B9-4636-A0A5-4E5CDD4E37F0}" = dir=out | name=@{microsoft.bingsports_1.8.0.51_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{80661F2D-C653-4D9D-A9E3-F275B8DA120A}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{8577DA8F-17F6-4FCC-9B35-FD1B2891A597}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{8B169FCC-A93C-4071-AAB9-B0AB9C08F74E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{8C131F5B-F05F-44F2-ABBF-4FA70F28889A}" = dir=out | name=tunein radio | 
"{9729A4CE-1AE6-4497-8155-4F50E1C11872}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{98EDC15D-9CA6-4A40-BC9A-232FFC88E120}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{9A604D04-C89A-452C-88D7-3057BB2E1DE2}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{A36EF3B4-4844-4532-BE4A-35185B73A259}" = dir=out | name=reckless racing ultimate | 
"{A9C0CDDA-8464-46E6-B5BD-F8B288238E28}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{AB68519E-86E7-4063-8FE6-03B049FCA38B}" = dir=out | name=acer crystal eye | 
"{B013BF6C-08ED-47A5-A6E7-CFDCCF1E870D}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\ischedulesvc.exe | 
"{B484DFA7-0EBC-40B8-9E9E-B760821757C9}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\movie\playmovie.exe | 
"{B496F524-7EFB-4895-90DE-4373C11EFB68}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\backupmanager.exe | 
"{B6BE2A5E-1557-46F7-AC55-C78344010A21}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{B793A700-5D3D-48D9-ABB7-DD3D96E9EA73}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{B95E7F13-DF6A-42C6-AA35-CFA7C3D8E952}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe | 
"{B970B952-7FEF-4EAC-A51E-A3FDBB051129}" = dir=in | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{BBE44414-D012-4C19-952A-9068197A1350}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{BFEFF18B-C98C-4057-88B6-F6C4F48E13F2}" = dir=out | name=shazam | 
"{CC9CFCC1-4871-4882-8246-90BD6C7F1632}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{CCD5AE0B-36C4-4314-9C2A-021ABCDDB8DD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D19D534F-0A1F-4A42-B7C7-7D16AA4860BE}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\videoplayer.exe | 
"{DD2363B1-EA80-4CBF-9F61-9DE0DA4C6F84}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{E28D2DED-FD23-4A73-8164-E4CEA184DE9C}" = dir=in | name=evernote | 
"{E3E4CC9B-58F8-4E76-85C6-55158A0DE627}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{E467BD73-ED5C-424E-8BB9-6704DCA8B58B}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{E72244B5-D19E-4B23-B296-F3428005F455}" = protocol=17 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe | 
"{E724CFA3-96D5-4364-829C-9E3F0F959577}" = protocol=17 | dir=in | app=c:\users\markus\appdata\roaming\dropbox\bin\dropbox.exe | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{EB49B690-D42B-4441-BEDB-9886A791D75A}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{ED08EB73-82B5-4613-83CE-75BC1B3BAEEA}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{F5E38161-7B3A-4955-867D-E55F40523538}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{F9B44CD8-F427-41FF-AA8B-F73E021A0E57}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\fileexplorer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}" = Acer Recovery Management
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2F74F544-9A53-4787-A6B1-0844359040D7}" = MAGIX Speed burnR (MSI)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8215A318-CC27-435E-B3EA-2E3443C8998C}" = Acer Instant Update Service
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{91F52DE4-B789-42B0-9311-A349F10E5479}" = Acer Power Management
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 307.17
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 307.17
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0613
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B5CF4CFE-3080-4436-A8A5-00CFDC0F7918}" = MAGIX Video deluxe Premium 2013 Update
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{EDDE6F74-A091-45D1-8E9B-D3A2205A06E5}" = MAGIX Movie Edit Pro 2013 Premium
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"0B624A43DD66DBF5CF3EDFA9741A364E688062A4" = Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 )
"Elantech" = ETDWare PS/2-X64 11.6.10.001_WHQL
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros WiFi Driver Installation
"{331ED3CF-3A1B-467C-9A62-899E2D3B20C4}_is1" =  Leawo Video Converter Version  5.2.0.1
"{35DA427D-BB23-49B8-9AFD-CFFCFE3B708D}" =  clear.fi SDK- Movie 2
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{3D535C93-9786-48D5-9DEF-97353F1CB936}" = HID Monitor
"{3D9CB654-99AD-4301-89C6-0D12A790767C}" = Identity Card
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{6D2BBE1D-E600-4695-BA37-0B0E605542CC}" = Office Addin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A21C722-F259-4976-B7AA-6658E5FDEDAF}" = Google Drive
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}" = Backup Manager v4
"{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}" = AcerCloud
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B5AD89F2-03D3-4206-8487-018298007DD0}" = clear.fi Photo
"{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}" = AcerCloud Docs
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{E9AF1707-3F3A-49E2-8345-4F2D629D0876}" = clear.fi Media
"{EBA33CAD-E071-48d5-A168-FBA4EEB42E93}" =  clear.fi SDK - Video 2
"{EE26E302-876A-48D9-9058-3129E5B99999}" = Live Updater
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Google Chrome" = Google Chrome
"GoPro CineForm Studio" = GoPro CineForm Studio 1.3.2
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}" = Acer Backup Manager
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.7.0 (Basic)
"LManager" = Launch Manager
"MAGIX_{2F74F544-9A53-4787-A6B1-0844359040D7}" = MAGIX Speed burnR (MSI)
"MAGIX_{EDDE6F74-A091-45D1-8E9B-D3A2205A06E5}" = MAGIX Movie Edit Pro 2013 Premium
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"MSC" = McAfee Internet Security Suite
"Red Baron II" = Red Baron II
"Sierra Utilities" = Sierra Utilities
"uTorrent" = µTorrent
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"Xvid Video Codec 1.3.2" = Xvid Video Codec
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 24.01.2013 05:20:23 | Computer Name = freakybaby | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.2.9200.16384,
 Zeitstempel: 0x50108850  Name des fehlerhaften Moduls: CFHD.dll, Version: 8.4.3.660,
 Zeitstempel: 0x508ce368  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000004165
ID
 des fehlerhaften Prozesses: 0xd0  Startzeit der fehlerhaften Anwendung: 0x01cdfa140966873f
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\DllHost.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\system32\CFHD.dll  Berichtskennung: 47626125-6607-11e2-be7f-206a8a930aa7
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
Error - 24.01.2013 05:20:37 | Computer Name = freakybaby | Source = Microsoft-Windows-Immersive-Shell | ID = 2486
Description = Die App „Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo“ wurde
 nicht innerhalb der vorgesehenen Zeit gestartet.
 
Error - 24.01.2013 05:21:00 | Computer Name = freakybaby | Source = Application Hang | ID = 1002
Description = Programm wwahost.exe, Version 6.2.9200.16420 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 22d8    Startzeit: 01cdfa1408e8dc8d    Endzeit: 4294967295    Anwendungspfad:
 C:\Windows\system32\wwahost.exe    Berichts-ID: 5020e1ec-6607-11e2-be7f-206a8a930aa7

Vollständiger
 Name des fehlerhaften Pakets: Microsoft.ZuneVideo_1.1.134.0_x64__8wekyb3d8bbwe    Anwendungs-ID,
 die relativ zum fehlerhaften Paket ist: Microsoft.ZuneVideo  
 
Error - 24.01.2013 05:31:47 | Computer Name = freakybaby | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.2.9200.16384,
 Zeitstempel: 0x50108850  Name des fehlerhaften Moduls: CFHD.dll, Version: 8.4.3.660,
 Zeitstempel: 0x508ce368  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000004165
ID
 des fehlerhaften Prozesses: 0x1e30  Startzeit der fehlerhaften Anwendung: 0x01cdfa15a19114a0
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\DllHost.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\system32\CFHD.dll  Berichtskennung: df5dc02a-6608-11e2-be7f-206a8a930aa7
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
Error - 24.01.2013 06:16:36 | Computer Name = freakybaby | Source = Microsoft-Windows-Immersive-Shell | ID = 2486
Description = Die App „Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo“ wurde
 nicht innerhalb der vorgesehenen Zeit gestartet.
 
Error - 24.01.2013 06:16:55 | Computer Name = freakybaby | Source = Application Hang | ID = 1002
Description = Programm wwahost.exe, Version 6.2.9200.16420 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1fb0    Startzeit: 01cdfa1bdaeddacf    Endzeit: 4294967295    Anwendungspfad:
 C:\Windows\system32\wwahost.exe    Berichts-ID: 2240c086-660f-11e2-be7f-206a8a930aa7

Vollständiger
 Name des fehlerhaften Pakets: Microsoft.ZuneVideo_1.1.134.0_x64__8wekyb3d8bbwe    Anwendungs-ID,
 die relativ zum fehlerhaften Paket ist: Microsoft.ZuneVideo  
 
Error - 24.01.2013 07:40:28 | Computer Name = freakybaby | Source = Microsoft-Windows-Immersive-Shell | ID = 2486
Description = Die App „DefaultBrowser_NOPUBLISHERID!Chrome“ wurde nicht innerhalb
 der vorgesehenen Zeit gestartet.
 
Error - 24.01.2013 08:59:18 | Computer Name = freakybaby | Source = Application Hang | ID = 1002
Description = Programm video_pro_x.exe, Version 9.0.1.84 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 31c    Startzeit: 
01cdfa322f57e1ff    Endzeit: 4294967295    Anwendungspfad: C:\Program Files (x86)\MAGIX\Video_Pro_X2\video_pro_x.exe

Berichts-ID:
 dc2467e0-6625-11e2-be7f-206a8a930aa7    Vollständiger Name des fehlerhaften Pakets:
     Anwendungs-ID, die relativ zum fehlerhaften Paket ist:   
 
Error - 24.01.2013 08:59:51 | Computer Name = freakybaby | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
 took longer than 90000 ms to complete a request.    The process will be terminated.
Thread
 id : 2396 (0x95c)    Thread address : 0x000007FE35C5347B    Thread message :      Build VSCORE.15.1.0.461
 / 5500.1093   Object being scanned = \Device\HarddiskVolume4\Windows\SysWOW64\mgxoschk.dll

 by C:\Users\Markus\Documents\MAGIX_Video_Pro_X2\LHTechConfig.EXE   4(0)(0)   4(0)(0)

 7200(0)(0)   7595(0)(0)   7005(0)(0)   7004(0)(0)   5006(0)(0)   5004(0)(0)  
 
Error - 24.01.2013 08:59:55 | Computer Name = freakybaby | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LHTechConfig.EXE, Version: 1.3.0.0,
 Zeitstempel: 0x3bd86c3f  Name des fehlerhaften Moduls: combase.dll, Version: 6.2.9200.16420,
 Zeitstempel: 0x505a976e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00012ec4  ID des fehlerhaften
 Prozesses: 0x15c0  Startzeit der fehlerhaften Anwendung: 0x01cdfa326c667823  Pfad der
 fehlerhaften Anwendung: C:\Users\Markus\Documents\MAGIX_Video_Pro_X2\LHTechConfig.EXE
Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\combase.dll  Berichtskennung: f2b455a3-6625-11e2-be7f-206a8a930aa7
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
[ System Events ]
Error - 18.01.2013 15:50:14 | Computer Name = freakybaby | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst McNASvc erreicht.
 
Error - 19.01.2013 12:12:40 | Computer Name = freakybaby | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst McNASvc erreicht.
 
Error - 20.01.2013 07:27:40 | Computer Name = freakybaby | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst McNASvc erreicht.
 
Error - 20.01.2013 16:00:43 | Computer Name = freakybaby | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst McNASvc erreicht.
 
Error - 20.01.2013 17:10:06 | Computer Name = freakybaby | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst McNASvc erreicht.
 
Error - 21.01.2013 05:42:58 | Computer Name = freakybaby | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst McNASvc erreicht.
 
Error - 21.01.2013 16:19:23 | Computer Name = freakybaby | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst McNASvc erreicht.
 
Error - 22.01.2013 04:08:50 | Computer Name = freakybaby | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst McNASvc erreicht.
 
Error - 22.01.2013 04:50:27 | Computer Name = freakybaby | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst McNASvc erreicht.
 
Error - 22.01.2013 07:42:23 | Computer Name = freakybaby | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst McNASvc erreicht.
 
 
< End of report >

cosinus · 28.01.2013, 12:07

Malwarebytes Anti-Rootkit

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Entpacke das Archiv auf deinem Desktop.
Im neu erstellten Ordner starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Realbuchilla · 28.01.2013, 16:05

Hey

Wenn ich das Programm starte, gibt es zuerst eine Fehlermeldung: "Probable rootkit activity detected" Registry value "Applnit_Dlls" has been found, which may be caused by rootkit activity..

dann kommt, dass ich nicht die neueste Version benutze des Programms und ob ich die neueste downloaden will. Wenn ich dem Link folge, und das neuste downloade kommt wieder die gleiche Meldung.

Was kommt als nächster Schritt?

Vielen Dank
Gruss

cosinus · 28.01.2013, 16:38

Scheint wohl gerade ein Bug zu sein, ich hab das gleiche hier beobachtet
Lass MBAR erstma weg, machen wir vllt später nochmal

Bitte nun Logs mit GMER (<<< klick für Anleitung) und aswMBR (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur aswMBR aus.

aswMBR-Download => aswMBR.exe - speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Realbuchilla · 28.01.2013, 17:44

GMER Log

Es kamen zwei Meldungen, dass er keinen Zugriff auf "system" und "user" hat, weil Prozesse gerade verwendet werden.

Code:

ATTFilter

GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-28 17:44:37
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000037 Hitachi_HTS545050A7E380 rev.GG2OA920 465.76GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\Markus\AppData\Local\Temp\pwtcafow.sys


---- User code sections - GMER 2.0 ----

.text    C:\Windows\system32\dwm.exe[588] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                             000007f8e4fe1532 4 bytes [FE, E4, F8, 07]
.text    C:\Windows\system32\dwm.exe[588] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                             000007f8e4fe153a 4 bytes [FE, E4, F8, 07]
.text    C:\Windows\system32\dwm.exe[588] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                           000007f8e4fe165a 4 bytes [FE, E4, F8, 07]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1032] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690               000007f8e4fe1532 4 bytes [FE, E4, F8, 07]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1032] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698               000007f8e4fe153a 4 bytes [FE, E4, F8, 07]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1032] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246             000007f8e4fe165a 4 bytes [FE, E4, F8, 07]
.text    C:\Windows\system32\nvvsvc.exe[1044] C:\Windows\system32\MSIMG32.dll!GradientFill + 690                                         000007f8e4fe1532 4 bytes [FE, E4, F8, 07]
.text    C:\Windows\system32\nvvsvc.exe[1044] C:\Windows\system32\MSIMG32.dll!GradientFill + 698                                         000007f8e4fe153a 4 bytes [FE, E4, F8, 07]
.text    C:\Windows\system32\nvvsvc.exe[1044] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246                                       000007f8e4fe165a 4 bytes [FE, E4, F8, 07]
.text    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1904] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306  000007f8eac2177a 4 bytes [C2, EA, F8, 07]
.text    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1904] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314  000007f8eac21782 4 bytes [C2, EA, F8, 07]
.text    C:\Windows\system32\rundll32.exe[2200] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                       000007f8e4fe1532 4 bytes [FE, E4, F8, 07]
.text    C:\Windows\system32\rundll32.exe[2200] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                       000007f8e4fe153a 4 bytes [FE, E4, F8, 07]
.text    C:\Windows\system32\rundll32.exe[2200] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                     000007f8e4fe165a 4 bytes [FE, E4, F8, 07]
.text    C:\Windows\Explorer.EXE[2960] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                000007f8e4fe1532 4 bytes [FE, E4, F8, 07]
.text    C:\Windows\Explorer.EXE[2960] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                000007f8e4fe153a 4 bytes [FE, E4, F8, 07]
.text    C:\Windows\Explorer.EXE[2960] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                              000007f8e4fe165a 4 bytes [FE, E4, F8, 07]
.text    C:\Windows\Explorer.EXE[2960] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                      000007f8eac2177a 4 bytes [C2, EA, F8, 07]
.text    C:\Windows\Explorer.EXE[2960] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                      000007f8eac21782 4 bytes [C2, EA, F8, 07]
.text    C:\Windows\Explorer.EXE[2960] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742                                                    000007f8cbaa1b32 4 bytes [AA, CB, F8, 07]
.text    C:\Windows\Explorer.EXE[2960] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750                                                    000007f8cbaa1b3a 4 bytes [AA, CB, F8, 07]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4340] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                 000007f8e4fe1532 4 bytes [FE, E4, F8, 07]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4340] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                 000007f8e4fe153a 4 bytes [FE, E4, F8, 07]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4340] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246               000007f8e4fe165a 4 bytes [FE, E4, F8, 07]
.text    C:\Program Files\mcafee.com\agent\mcagent.exe[4728] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 306                000007f8eac2177a 4 bytes [C2, EA, F8, 07]
.text    C:\Program Files\mcafee.com\agent\mcagent.exe[4728] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 314                000007f8eac21782 4 bytes [C2, EA, F8, 07]

---- User IAT/EAT - GMER 2.0 ----

IAT      C:\Windows\system32\msiexec.exe[5524] @ C:\Windows\system32\msiexec.exe[ADVAPI32.dll!RegOpenKeyExW]                             [7f8c5d21c80] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT      C:\Windows\system32\msiexec.exe[5524] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!CopyFileW]                                [7f8c5d23298] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT      C:\Windows\system32\msiexec.exe[5524] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!CreateFileW]                              [7f8c5d21bdc] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT      C:\Windows\system32\msiexec.exe[5524] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!MoveFileW]                                [7f8c5d45040] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT      C:\Windows\system32\msiexec.exe[5524] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!DeleteFileW]                              [7f8c5d23184] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT      C:\Windows\system32\msiexec.exe[5524] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!CopyFileExW]                              [7f8c5d44f30] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT      C:\Windows\system32\msiexec.exe[5524] @ C:\Windows\system32\ole32.dll[KERNEL32.dll!CreateFileA]                                 [7f8c5d21e60] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT      C:\Windows\system32\msiexec.exe[5524] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!DeleteFileW]                                [7f8c5d23184] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT      C:\Windows\system32\msiexec.exe[5524] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!CreateFileW]                                [7f8c5d21bdc] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT      C:\Windows\system32\msiexec.exe[5524] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!CreateFileA]                                [7f8c5d21e60] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT      C:\Windows\system32\msiexec.exe[5524] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!SetFileAttributesA]                         [7f8c5d456b0] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT      C:\Windows\system32\msiexec.exe[5524] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!DeleteFileA]                                [7f8c5d21f00] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT      C:\Windows\system32\msiexec.exe[5524] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!CopyFileA]                                  [7f8c5d44e50] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT      C:\Windows\system32\msiexec.exe[5524] @ C:\Windows\system32\ESENT.dll[KERNEL32.dll!CopyFileExW]                                 [7f8c5d44f30] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT      C:\Windows\system32\msiexec.exe[5524] @ C:\Windows\system32\ESENT.dll[KERNEL32.dll!MoveFileExW]                                 [7f8c5d45164] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT      C:\Windows\system32\msiexec.exe[5524] @ C:\Windows\system32\ESENT.dll[KERNEL32.dll!DeleteFileW]                                 [7f8c5d23184] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT      C:\Windows\system32\msiexec.exe[5524] @ C:\Windows\system32\ESENT.dll[KERNEL32.dll!CreateFileW]                                 [7f8c5d21bdc] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT      C:\Windows\system32\msiexec.exe[5524] @ C:\Windows\system32\ESENT.dll[KERNEL32.dll!CreateFileA]                                 [7f8c5d21e60] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT      C:\Windows\system32\msiexec.exe[5524] @ C:\Windows\system32\USERENV.dll[KERNELBASE.dll!PrivCopyFileExW]                         [7f8c5d45638] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT      C:\Windows\system32\msiexec.exe[5524] @ C:\Windows\system32\VERSION.dll[KERNEL32.dll!CreateFileW]                               [7f8c5d21bdc] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT      C:\Windows\system32\msiexec.exe[5524] @ C:\Windows\system32\VERSION.dll[KERNEL32.dll!_lcreat]                                   [7f8c5d453f8] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT      C:\Windows\system32\msiexec.exe[5524] @ C:\Windows\system32\VERSION.dll[KERNEL32.dll!_lopen]                                    [7f8c5d45300] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT      C:\Windows\system32\msiexec.exe[5524] @ C:\Windows\system32\VERSION.dll[KERNEL32.dll!_lwrite]                                   [7f8c5d454f0] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT      C:\Windows\system32\msiexec.exe[5524] @ C:\Windows\system32\VERSION.dll[KERNEL32.dll!DeleteFileA]                               [7f8c5d21f00] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT      C:\Windows\system32\msiexec.exe[5524] @ C:\Windows\system32\VERSION.dll[KERNEL32.dll!DeleteFileW]                               [7f8c5d23184] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT      C:\Windows\system32\msiexec.exe[5524] @ C:\Windows\system32\VERSION.dll[KERNEL32.dll!MoveFileW]                                 [7f8c5d45040] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT      C:\Windows\system32\msiexec.exe[5524] @ C:\Windows\system32\iertutil.dll[KERNEL32.dll!CreateFileW]                              [7f8c5d21bdc] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT      C:\Windows\system32\msiexec.exe[5524] @ C:\Windows\system32\WININET.dll[KERNEL32.dll!MoveFileW]                                 [7f8c5d45040] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT      C:\Windows\system32\msiexec.exe[5524] @ C:\Windows\system32\WININET.dll[KERNEL32.dll!CreateFileA]                               [7f8c5d21e60] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT      C:\Windows\system32\msiexec.exe[5524] @ C:\Windows\system32\WININET.dll[KERNEL32.dll!CreateFileW]                               [7f8c5d21bdc] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT      C:\Windows\system32\msiexec.exe[5524] @ C:\Windows\system32\WININET.dll[KERNEL32.dll!DeleteFileA]                               [7f8c5d21f00] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT      C:\Windows\system32\msiexec.exe[5524] @ C:\Windows\system32\WININET.dll[KERNEL32.dll!DeleteFileW]                               [7f8c5d23184] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT      C:\Windows\system32\msiexec.exe[5524] @ C:\Windows\system32\WININET.dll[KERNEL32.dll!SetFileAttributesA]                        [7f8c5d456b0] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT      C:\Windows\system32\msiexec.exe[5524] @ C:\Windows\system32\WININET.dll[KERNEL32.dll!MoveFileExW]                               [7f8c5d45164] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT      C:\Windows\system32\msiexec.exe[5524] @ C:\Windows\system32\WININET.dll[KERNEL32.dll!SetFileAttributesW]                        [7f8c5d23260] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL

---- Threads - GMER 2.0 ----

Thread   C:\Windows\system32\csrss.exe [716:740]                                                                                         fffff9600090a5e8
Thread   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [1672:1792]                              00000000770e6f00
Thread   C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2072:3404]                                                     0000000000ea4540
Thread   C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2072:3536]                                                     0000000000ea4540
Thread   C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2072:3540]                                                     0000000000ea4540
Thread   C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2072:3552]                                                     0000000000ea4540
Thread   C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2072:3556]                                                     0000000000ea4540
Thread   C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2072:3560]                                                     0000000000ea4540
Thread   C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2312:3724]                                                        0000000059182760
Thread   C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2312:5276]                                                        0000000059182760
Thread   C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2312:3864]                                                        0000000059182760
Thread   C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2312:6040]                                                        0000000059182760
Thread   C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2312:52]                                                          0000000059182760
Thread   C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2312:6424]                                                        0000000059182760
Thread   C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2312:5384]                                                        0000000059182760
Thread   C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2312:7000]                                                        0000000059182760
Thread   C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2312:584]                                                         0000000059182760
Thread   C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2312:4516]                                                        0000000059182760
Thread   C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2312:3756]                                                        0000000059182760
Thread   C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2312:5996]                                                        0000000059182760
Thread   C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2312:3808]                                                        0000000059182760
Thread   C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2312:164]                                                         0000000059182760
Thread   C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2312:5916]                                                        0000000059182760
Thread   C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2312:6248]                                                        0000000059182760
Thread   C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2312:4952]                                                        0000000059182760
Thread   C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2312:2380]                                                        0000000059182760
Thread   C:\Program Files (x86)\Acer Incorporated\HID Monitor\HIDMonitor.exe [1152:3544]                                                 00000000754f9102
Thread   C:\Program Files (x86)\Acer Incorporated\HID Monitor\HIDMonitor.exe [1152:2652]                                                 00000000754f9102
Thread   C:\Program Files (x86)\Launch Manager\LManager.exe [392:876]                                                                    000000000055bd8c
Thread   C:\Program Files (x86)\Launch Manager\LManager.exe [392:3828]                                                                   0000000074cb9a76
Thread   C:\Program Files (x86)\Launch Manager\LManager.exe [392:2736]                                                                   00000000026a11f0
Thread   C:\Program Files (x86)\Launch Manager\LManager.exe [392:6700]                                                                   00000000770e6f00
Thread   C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2284:3596]                                    0000000074cb9a76
Thread   C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [5512:5736]                                       0000000074cb9a76
---- Processes - GMER 2.0 ----

Library  ? (*** suspicious ***) @ C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [1876]    00000000756c0000
Library  ? (*** suspicious ***) @ C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2072]                                 0000000010000000
Library  ? (*** suspicious ***) @ C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2312]                                    00000000591b0000
Library  ? (*** suspicious ***) @ C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1268]                        0000000074740000
Library  ? (*** suspicious ***) @ C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2284]                0000000064020000
Library  ? (*** suspicious ***) @ C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [5512]                   0000000071ff0000

---- Disk sectors - GMER 2.0 ----

Disk     \Device\Harddisk0\DR0                                                                                                           unknown MBR code

---- EOF - GMER 2.0 ----

Aswbmr LOG

Code:

ATTFilter

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-28 17:50:39
-----------------------------
17:50:39.548    OS Version: Windows x64 6.2.9200 
17:50:39.548    Number of processors: 4 586 0x3A09
17:50:39.549    ComputerName: FREAKYBABY  UserName: Markus
17:50:39.555    Initialze error 1 
17:53:01.600    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000037
17:53:01.603    Disk 0 Vendor: Hitachi_HTS545050A7E380 GG2OA920 Size: 476940MB BusType: 11
17:53:01.618    Disk 0 MBR read successfully
17:53:01.620    Disk 0 MBR scan
17:53:01.622    Disk 0 unknown MBR code
17:53:01.624    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
17:53:01.626    Disk 0 scanning C:\Windows\system32\drivers
17:53:01.628    Service scanning
17:53:02.342    Modules scanning
17:53:02.350    Disk 0 trace - called modules:
17:53:02.363    ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll iaStorA.sys 
17:53:02.367    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009010060]
17:53:02.371    3 CLASSPNP.SYS[fffff88000b118aa] -> nt!IofCallDriver -> \Device\00000037[0xfffffa8007701060]
17:53:02.374    Scan finished successfully
17:53:48.746    Disk 0 MBR has been saved successfully to "C:\Users\Markus\Desktop\MBR.dat"
17:53:48.749    The log file has been saved successfully to "C:\Users\Markus\Desktop\aswMBR.txt"

cosinus · 28.01.2013, 22:08

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Realbuchilla · 28.01.2013, 22:36

Ok Cosinus hier das log, danke für deine Hilfe.

Code:

ATTFilter

22:27:51.0711 3432  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:27:51.0711 3432  UEFI system
22:27:53.0008 3432  ============================================================
22:27:53.0008 3432  Current date / time: 2013/01/28 22:27:53.0008
22:27:53.0008 3432  SystemInfo:
22:27:53.0008 3432  
22:27:53.0008 3432  OS Version: 6.2.9200 ServicePack: 0.0
22:27:53.0008 3432  Product type: Workstation
22:27:53.0008 3432  ComputerName: FREAKYBABY
22:27:53.0008 3432  UserName: Markus
22:27:53.0008 3432  Windows directory: C:\Windows
22:27:53.0008 3432  System windows directory: C:\Windows
22:27:53.0008 3432  Running under WOW64
22:27:53.0008 3432  Processor architecture: Intel x64
22:27:53.0008 3432  Number of processors: 4
22:27:53.0008 3432  Page size: 0x1000
22:27:53.0008 3432  Boot type: Normal boot
22:27:53.0008 3432  ============================================================
22:27:54.0852 3432  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:27:54.0852 3432  ============================================================
22:27:54.0852 3432  \Device\Harddisk0\DR0:
22:27:54.0852 3432  GPT partitions:
22:27:54.0852 3432  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {3EB7D8D9-1C37-4476-A9A4-1E82858C379A}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xC8000
22:27:54.0852 3432  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {1AAD714F-1082-4B60-A3AE-EFFDF8CCD450}, Name: EFI system partition, StartLBA 0xC8800, BlocksNum 0x96000
22:27:54.0852 3432  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {AE0FB3B3-F035-4125-BAA3-20EDC63893B9}, Name: Microsoft reserved partition, StartLBA 0x15E800, BlocksNum 0x40000
22:27:54.0852 3432  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {03F59C77-C0C8-4715-A83C-96BDBCBB65F6}, Name: Basic data partition, StartLBA 0x19E800, BlocksNum 0x383D2800
22:27:54.0852 3432  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {C8BBE2CA-D854-455A-B08F-26DA2E76E07C}, Name: Basic data partition, StartLBA 0x38571000, BlocksNum 0x1E15000
22:27:54.0852 3432  MBR partitions:
22:27:54.0852 3432  ============================================================
22:27:54.0884 3432  C: <-> \Device\Harddisk0\DR0\Partition4
22:27:54.0884 3432  ============================================================
22:27:54.0884 3432  Initialize success
22:27:54.0884 3432  ============================================================
22:28:16.0294 1476  ============================================================
22:28:16.0294 1476  Scan started
22:28:16.0294 1476  Mode: Manual; SigCheck; TDLFS; 
22:28:16.0294 1476  ============================================================
22:28:17.0482 1476  ================ Scan system memory ========================
22:28:17.0482 1476  System memory - ok
22:28:17.0482 1476  ================ Scan services =============================
22:28:17.0669 1476  [ E890C46E4754F0DF51BAFCC8D2E07498 ] 1394ohci        C:\Windows\System32\drivers\1394ohci.sys
22:28:17.0966 1476  1394ohci - ok
22:28:17.0982 1476  [ 4F18D4C7EA14F11A7211F60D553C03DB ] 3ware           C:\Windows\system32\drivers\3ware.sys
22:28:18.0138 1476  3ware - ok
22:28:18.0185 1476  [ 975AABEB243B800C23626D6B652C5A9C ] ACPI            C:\Windows\system32\drivers\ACPI.sys
22:28:18.0232 1476  ACPI - ok
22:28:18.0279 1476  [ DC968C37822117E576B933F34A2D130C ] acpiex          C:\Windows\system32\Drivers\acpiex.sys
22:28:18.0310 1476  acpiex - ok
22:28:18.0326 1476  [ 0CA9F7C3A78227C21A0A7854E245CFB2 ] acpipagr        C:\Windows\System32\drivers\acpipagr.sys
22:28:18.0498 1476  acpipagr - ok
22:28:18.0498 1476  [ 8EB8DA03B142D3DD1EB9ED8107A76C43 ] AcpiPmi         C:\Windows\System32\drivers\acpipmi.sys
22:28:18.0670 1476  AcpiPmi - ok
22:28:18.0701 1476  [ CBCE725C5D86ABA7D2604E22951AA9B8 ] acpitime        C:\Windows\System32\drivers\acpitime.sys
22:28:18.0873 1476  acpitime - ok
22:28:18.0920 1476  [ 93C6388592B99925C1D1576E465BC80F ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
22:28:19.0091 1476  adp94xx - ok
22:28:19.0123 1476  [ D27763E0247292654E7F7D16444C7C72 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
22:28:19.0295 1476  adpahci - ok
22:28:19.0310 1476  [ 67B90070FF48F794AF19F9FCF0080D75 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
22:28:19.0466 1476  adpu320 - ok
22:28:19.0498 1476  [ 974AE60BF5B90E31412D93596C968E5B ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:28:19.0560 1476  AeLookupSvc - ok
22:28:19.0607 1476  [ 36D6A3201721558A8AFBCC09C2DA4C2C ] AFD             C:\Windows\system32\drivers\afd.sys
22:28:19.0795 1476  AFD - ok
22:28:19.0841 1476  [ 01590377A5AB19E792528C628A2A68F9 ] agp440          C:\Windows\system32\drivers\agp440.sys
22:28:19.0998 1476  agp440 - ok
22:28:20.0029 1476  [ D1BE8E6E5B3AF23A4393AF1BF867977A ] ALG             C:\Windows\System32\alg.exe
22:28:20.0232 1476  ALG - ok
22:28:20.0263 1476  [ 025E8C755BE293E50854D26D1BBE5133 ] AllUserInstallAgent C:\Windows\system32\AUInstallAgent.dll
22:28:20.0404 1476  AllUserInstallAgent - ok
22:28:20.0435 1476  [ 5A81054B824004B1ECC04F0034A1CDF9 ] AmdK8           C:\Windows\System32\drivers\amdk8.sys
22:28:20.0623 1476  AmdK8 - ok
22:28:20.0654 1476  [ B849D453E644FAB9BC8EF6DC8CA9C4C6 ] AmdPPM          C:\Windows\System32\drivers\amdppm.sys
22:28:20.0810 1476  AmdPPM - ok
22:28:20.0842 1476  [ 35A0EB5AECB0FA3C41A2FB514A562304 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
22:28:20.0998 1476  amdsata - ok
22:28:20.0998 1476  [ 00452671904F5EE94B50BF0219C97164 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
22:28:21.0170 1476  amdsbs - ok
22:28:21.0170 1476  [ EA3FFE53E92E59C87E3ECA9BEB20D9B7 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
22:28:21.0326 1476  amdxata - ok
22:28:21.0326 1476  [ 83B3682CE922FB0F415734B26D9D6233 ] AppID           C:\Windows\system32\drivers\appid.sys
22:28:21.0529 1476  AppID - ok
22:28:21.0560 1476  [ CE2BEAD7F31816FF0AC490D048C969F9 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
22:28:21.0701 1476  AppIDSvc - ok
22:28:21.0717 1476  [ D64C4AFEE8277F35EF729A2B924666B0 ] Appinfo         C:\Windows\System32\appinfo.dll
22:28:21.0857 1476  Appinfo - ok
22:28:21.0935 1476  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:28:22.0092 1476  Apple Mobile Device - ok
22:28:22.0123 1476  [ E933401B392387F4BE34DE8BAF1722A7 ] arc             C:\Windows\system32\drivers\arc.sys
22:28:22.0263 1476  arc - ok
22:28:22.0279 1476  [ 07CA323EF2E8247A568AB0F3662AD644 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
22:28:22.0435 1476  arcsas - ok
22:28:22.0451 1476  [ 74DBAEC35366C4EE7670428808715A6A ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:28:22.0623 1476  AsyncMac - ok
22:28:22.0623 1476  [ A721FF570C2387E383BDDEA9632863C9 ] atapi           C:\Windows\system32\drivers\atapi.sys
22:28:22.0779 1476  atapi - ok
22:28:22.0826 1476  [ 51C6777AD7649F6C3ED389151CFD9DE6 ] AthBTPort       C:\Windows\system32\DRIVERS\btath_flt.sys
22:28:23.0029 1476  AthBTPort - ok
22:28:23.0107 1476  [ 67EC05E67E1416A51C478A5DAA59302E ] AtherosSvc      C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
22:28:23.0248 1476  AtherosSvc - ok
22:28:23.0357 1476  [ 221F28472FB210E2D4A7B4488BC798F9 ] athr            C:\Windows\system32\DRIVERS\athw8x.sys
22:28:23.0717 1476  athr - ok
22:28:23.0764 1476  [ 810ED88782952228AF9C0985FB7D259E ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
22:28:23.0920 1476  AudioEndpointBuilder - ok
22:28:23.0951 1476  [ 25CA8B87479A374919563B3EE7136F32 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
22:28:24.0123 1476  Audiosrv - ok
22:28:24.0154 1476  [ 89491EF71D5EA011127832C588002853 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
22:28:24.0279 1476  AxInstSV - ok
22:28:24.0326 1476  [ 87AB5BB072A3F128541D5B815F82FFDD ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
22:28:24.0498 1476  b06bdrv - ok
22:28:24.0545 1476  [ 1D55E5313E44FB7968AB2D8758E74D68 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
22:28:24.0717 1476  b57nd60a - ok
22:28:24.0732 1476  [ 81703BC5D68DEDBB086C2368FBE7B334 ] BasicDisplay    C:\Windows\System32\drivers\BasicDisplay.sys
22:28:24.0920 1476  BasicDisplay - ok
22:28:24.0935 1476  [ 5EC68164E14D25675C98BBB5F09E8606 ] BasicRender     C:\Windows\System32\drivers\BasicRender.sys
22:28:25.0092 1476  BasicRender - ok
22:28:25.0139 1476  [ 89143A7BA7850F5C7E61B43BB44B6418 ] BDESVC          C:\Windows\System32\bdesvc.dll
22:28:25.0279 1476  BDESVC - ok
22:28:25.0295 1476  [ 9E7AEA59776D904607985AFFE7E5E183 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:28:25.0467 1476  Beep - ok
22:28:25.0514 1476  [ 9E6A544F465C582AB42444A217CF04DC ] BFE             C:\Windows\System32\bfe.dll
22:28:25.0670 1476  BFE - ok
22:28:25.0717 1476  [ D598C44A7072D3108D8D8102EC5E07F7 ] BITS            C:\Windows\System32\qmgr.dll
22:28:25.0982 1476  BITS - ok
22:28:26.0045 1476  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:28:26.0217 1476  Bonjour Service - ok
22:28:26.0232 1476  [ B17AC10B47C7FCB44D22A1F06415840E ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:28:26.0295 1476  bowser - ok
22:28:26.0326 1476  [ 975398A3D2C1FEA73FC93931978DF354 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
22:28:26.0373 1476  BrokerInfrastructure - ok
22:28:26.0420 1476  [ 310068BDA80B1D55C36580FD8A873FAF ] Browser         C:\Windows\System32\browser.dll
22:28:26.0561 1476  Browser - ok
22:28:26.0607 1476  [ B600D86961C6DF87EEB637D4C4ABB663 ] BTATH_A2DP      C:\Windows\system32\drivers\btath_a2dp.sys
22:28:26.0764 1476  BTATH_A2DP - ok
22:28:26.0779 1476  [ 43C965027229D9FF6E52E4C71C03B09E ] btath_avdt      C:\Windows\system32\drivers\btath_avdt.sys
22:28:26.0920 1476  btath_avdt - ok
22:28:26.0967 1476  [ 23CEDCD7527A26B222732A158F76EB24 ] BTATH_BUS       C:\Windows\System32\drivers\btath_bus.sys
22:28:26.0982 1476  BTATH_BUS - ok
22:28:27.0014 1476  [ 3DD64966A764BCAFF07C9DC064BD410E ] BTATH_HCRP      C:\Windows\System32\drivers\btath_hcrp.sys
22:28:27.0170 1476  BTATH_HCRP - ok
22:28:27.0186 1476  [ B68EE0721EAC305AB1C9C989CDF1AEFF ] BTATH_LWFLT     C:\Windows\system32\DRIVERS\btath_lwflt.sys
22:28:27.0326 1476  BTATH_LWFLT - ok
22:28:27.0342 1476  [ 057DA8351AD21AE485A11A8237DC9263 ] BTATH_RCP       C:\Windows\System32\drivers\btath_rcp.sys
22:28:27.0514 1476  BTATH_RCP - ok
22:28:27.0561 1476  [ 185C8FCF6FD4D263AB1AC5A32ADD86AD ] BtFilter        C:\Windows\system32\DRIVERS\btfilter.sys
22:28:27.0717 1476  BtFilter - ok
22:28:27.0748 1476  [ 3AA4309EBD9491E516F13FE3DC752FEE ] BthAvrcpTg      C:\Windows\System32\drivers\BthAvrcpTg.sys
22:28:27.0904 1476  BthAvrcpTg - ok
22:28:27.0920 1476  [ 6AB44FF15F12E2CADABA3B8E9B2FBEB8 ] BthEnum         C:\Windows\System32\drivers\BthEnum.sys
22:28:28.0123 1476  BthEnum - ok
22:28:28.0154 1476  [ 616EB8748C988AEE98D93DA141C3D3B4 ] BthHFEnum       C:\Windows\System32\drivers\bthhfenum.sys
22:28:28.0389 1476  BthHFEnum - ok
22:28:28.0404 1476  [ DCB4EBD928A6FB368BE6CAE522412DE1 ] bthhfhid        C:\Windows\System32\drivers\BthHFHid.sys
22:28:28.0562 1476  bthhfhid - ok
22:28:28.0609 1476  [ 42201C346F0B8C458E1E9CDE04D68A2C ] BthLEEnum       C:\Windows\system32\DRIVERS\BthLEEnum.sys
22:28:28.0796 1476  BthLEEnum - ok
22:28:28.0812 1476  [ 033916CE8784A848B9A3D686B7F66D97 ] BTHMODEM        C:\Windows\System32\drivers\bthmodem.sys
22:28:28.0984 1476  BTHMODEM - ok
22:28:28.0999 1476  [ 091BB978E9504D0AD14586929431A957 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
22:28:29.0171 1476  BthPan - ok
22:28:29.0234 1476  [ CFD630EA8B3F593FFA0030FD53BA7908 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
22:28:29.0406 1476  BTHPORT - ok
22:28:29.0452 1476  [ A4387C3D271959313E2577DB7BE8BA7A ] bthserv         C:\Windows\system32\bthserv.dll
22:28:29.0577 1476  bthserv - ok
22:28:29.0593 1476  [ 69C903C026CB675E234F4A7C951FD722 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
22:28:29.0749 1476  BTHUSB - ok
22:28:29.0890 1476  [ CFA963D67CF8791B2145ED9E2B89ED95 ] CCDMonitorService C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
22:28:30.0171 1476  CCDMonitorService - ok
22:28:30.0202 1476  [ 990B1BABE6E81FB18E65A87EBEFB1772 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:28:30.0374 1476  cdfs - ok
22:28:30.0390 1476  [ 339BFF85D788268752DA8C9644B188EE ] cdrom           C:\Windows\System32\drivers\cdrom.sys
22:28:30.0578 1476  cdrom - ok
22:28:30.0609 1476  [ BAF8F0F55BC300E5F882E521F054E345 ] CertPropSvc     C:\Windows\System32\certprop.dll
22:28:30.0781 1476  CertPropSvc - ok
22:28:30.0812 1476  [ A73276435F75025DA6E67B2470E1FE16 ] cfwids          C:\Windows\system32\drivers\cfwids.sys
22:28:30.0953 1476  cfwids - ok
22:28:30.0984 1476  [ F64B7D1A37CC1D5F421D5359EEC81E2E ] circlass        C:\Windows\System32\drivers\circlass.sys
22:28:31.0156 1476  circlass - ok
22:28:31.0187 1476  [ 9905168708DB68849B879B5548F68AB3 ] CLFS            C:\Windows\system32\drivers\CLFS.sys
22:28:31.0234 1476  CLFS - ok
22:28:31.0265 1476  [ 2DC8538A2260647484A6C921CA837313 ] CmBatt          C:\Windows\System32\drivers\CmBatt.sys
22:28:31.0437 1476  CmBatt - ok
22:28:31.0468 1476  [ E708BFF0473EC6B271EA46B65B16CA56 ] CNG             C:\Windows\system32\Drivers\cng.sys
22:28:31.0531 1476  CNG - ok
22:28:31.0562 1476  [ 0E5B1E9E7122EDAAF1F6CE047965CA92 ] CompositeBus    C:\Windows\System32\drivers\CompositeBus.sys
22:28:31.0749 1476  CompositeBus - ok
22:28:31.0765 1476  COMSysApp - ok
22:28:31.0781 1476  [ D9CB0782AF819548072AA45B70F8B22D ] condrv          C:\Windows\system32\drivers\condrv.sys
22:28:31.0953 1476  condrv - ok
22:28:32.0046 1476  [ 78AF1C499BF02F9814DF959A04A4F9C9 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
22:28:32.0218 1476  cphs - ok
22:28:32.0265 1476  [ F0E78B119D12BA81F163D48C0FF30B9A ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:28:32.0390 1476  CryptSvc - ok
22:28:32.0421 1476  [ C4D01BD86D6B207275FC143EEA951D75 ] dam             C:\Windows\system32\drivers\dam.sys
22:28:32.0578 1476  dam - ok
22:28:32.0624 1476  [ 1EC6E533C954BDDF2A37E7851A7E58FD ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:28:32.0703 1476  DcomLaunch - ok
22:28:32.0734 1476  [ C8650D1F61149AA546BDBC99172EBBC1 ] defragsvc       C:\Windows\System32\defragsvc.dll
22:28:32.0828 1476  defragsvc - ok
22:28:32.0859 1476  [ 5EAEF67AE2AF4D2DC664B649DB7B2E16 ] DeviceAssociationService C:\Windows\system32\das.dll
22:28:33.0015 1476  DeviceAssociationService - ok
22:28:33.0046 1476  [ 799BE46D45D486704CE0F37CA5385262 ] DeviceInstall   C:\Windows\system32\umpnpmgr.dll
22:28:33.0171 1476  DeviceInstall - ok
22:28:33.0203 1476  [ 09D9EB9E7898F8E6561473A20CC808B9 ] Dfsc            C:\Windows\system32\Drivers\dfsc.sys
22:28:33.0234 1476  Dfsc - ok
22:28:33.0265 1476  [ 9E0E72222264745ADEB0E5AC680B0ED6 ] Dhcp            C:\Windows\system32\dhcpcore.dll
22:28:33.0421 1476  Dhcp - ok
22:28:33.0437 1476  [ 3C736FAE17BA6F91BA37594AAB139CD0 ] discache        C:\Windows\system32\drivers\discache.sys
22:28:33.0609 1476  discache - ok
22:28:33.0640 1476  [ 560495FF4CA22E1D9B1972FA18F43B6F ] disk            C:\Windows\system32\drivers\disk.sys
22:28:33.0671 1476  disk - ok
22:28:33.0687 1476  [ 82A7C72593793FE1EADA7A305BD1567A ] dmvsc           C:\Windows\System32\drivers\dmvsc.sys
22:28:33.0843 1476  dmvsc - ok
22:28:33.0875 1476  [ 066B9710B36AB550E01EEFCA52155968 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:28:34.0015 1476  Dnscache - ok
22:28:34.0046 1476  [ 9949AD2ABA168A618D46C799D6CC898C ] dot3svc         C:\Windows\System32\dot3svc.dll
22:28:34.0187 1476  dot3svc - ok
22:28:34.0218 1476  [ 109FC3F80BF4F4DC5A071058074F13C1 ] DPS             C:\Windows\system32\dps.dll
22:28:34.0343 1476  DPS - ok
22:28:34.0390 1476  [ 9C7C183F937951AE17C5B8B3259CF3FF ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:28:34.0562 1476  drmkaud - ok
22:28:34.0609 1476  [ 97FF36062963F8C818506E6A8201C5EF ] DsiWMIService   C:\Program Files (x86)\Launch Manager\dsiwmis.exe
22:28:34.0796 1476  DsiWMIService - ok
22:28:34.0828 1476  [ BF48F32EE248C3D371DA5DC93BBEADA7 ] DsmSvc          C:\Windows\System32\DeviceSetupManager.dll
22:28:34.0984 1476  DsmSvc - ok
22:28:35.0031 1476  [ 898BF1647BBF012B38EF45C7F9F7A67E ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:28:35.0234 1476  DXGKrnl - ok
22:28:35.0281 1476  [ 58BA473DD88F5FC1932282BA683AA03E ] Eaphost         C:\Windows\System32\eapsvc.dll
22:28:35.0406 1476  Eaphost - ok
22:28:35.0515 1476  [ 5AB97B3282D7D6114949D1EB5C8598E4 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
22:28:35.0875 1476  ebdrv - ok
22:28:35.0890 1476  [ F702AB6181513303AB0FC8D59E52708B ] EFS             C:\Windows\System32\lsass.exe
22:28:36.0125 1476  EFS - ok
22:28:36.0187 1476  [ AD23FC5DB336CA89A6FC2DA1F70E421C ] EgisTec Ticket Service C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
22:28:36.0359 1476  EgisTec Ticket Service - ok
22:28:36.0406 1476  [ 66D60BD9A4C05616ABECA2A901475098 ] EhStorClass     C:\Windows\system32\drivers\EhStorClass.sys
22:28:36.0437 1476  EhStorClass - ok
22:28:36.0453 1476  [ A61D0F543024E458C0FE32352E1978E2 ] EhStorTcgDrv    C:\Windows\system32\drivers\EhStorTcgDrv.sys
22:28:36.0609 1476  EhStorTcgDrv - ok
22:28:36.0703 1476  [ B4FAD52C897255AFFADC43F3221533A1 ] ePowerSvc       C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
22:28:36.0750 1476  ePowerSvc - ok
22:28:36.0765 1476  [ D790D058D67582DB9C84C2D33695FE6B ] ErrDev          C:\Windows\System32\drivers\errdev.sys
22:28:36.0906 1476  ErrDev - ok
22:28:36.0953 1476  [ 2E7987EF2E2452D2DAA72A3F613D30FE ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
22:28:37.0109 1476  ETD - ok
22:28:37.0140 1476  [ AA73652B0C5EDE61D5B4021F0834BA03 ] ETDService      C:\Program Files\Elantech\ETDService.exe
22:28:37.0281 1476  ETDService - ok
22:28:37.0343 1476  [ F9E01C2D9F8BC049E04CF5DC24A5F638 ] EventSystem     C:\Windows\system32\es.dll
22:28:37.0422 1476  EventSystem - ok
22:28:37.0453 1476  [ 7A4D6FEB8C52B3FE855E4DCDF9107E03 ] exfat           C:\Windows\system32\drivers\exfat.sys
22:28:37.0625 1476  exfat - ok
22:28:37.0656 1476  Fabs - ok
22:28:37.0687 1476  [ 60996602A7111FD2D086E803F33E4282 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:28:37.0719 1476  fastfat - ok
22:28:37.0765 1476  [ F0E7F8382ED5E138B0DFA4CB5058BCFE ] Fax             C:\Windows\system32\fxssvc.exe
22:28:37.0953 1476  Fax - ok
22:28:37.0984 1476  [ 73B2D11DF0B6E03A0CB0323218ACB3E4 ] fdc             C:\Windows\System32\drivers\fdc.sys
22:28:38.0140 1476  fdc - ok
22:28:38.0172 1476  [ 0828E3E7BD77C89149EAD3232BFD38DB ] fdPHost         C:\Windows\system32\fdPHost.dll
22:28:38.0328 1476  fdPHost - ok
22:28:38.0344 1476  [ 872506AAB591E8908DF4461475AF92DF ] FDResPub        C:\Windows\system32\fdrespub.dll
22:28:38.0500 1476  FDResPub - ok
22:28:38.0531 1476  [ 0588950D93A426F97C7AAADB1A9B0458 ] fhsvc           C:\Windows\system32\fhsvc.dll
22:28:38.0672 1476  fhsvc - ok
22:28:38.0687 1476  [ 88A9EBACD1058ABB237A6B4E96E7F397 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:28:38.0719 1476  FileInfo - ok
22:28:38.0734 1476  [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:28:38.0906 1476  Filetrace - ok
22:28:39.0015 1476  [ 5BD96D8C5411ACE71A7EAACAF0EF2903 ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
22:28:39.0469 1476  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
22:28:39.0469 1476  FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
22:28:39.0531 1476  [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:28:39.0734 1476  FLEXnet Licensing Service - ok
22:28:39.0766 1476  [ B1D4C168FF7B8579E3745888658FFB1D ] flpydisk        C:\Windows\System32\drivers\flpydisk.sys
22:28:39.0937 1476  flpydisk - ok
22:28:39.0969 1476  [ B33EC133AE4E6C1881D2302D93D2467D ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:28:40.0016 1476  FltMgr - ok
22:28:40.0078 1476  [ 0BCDC0FF11B984162B0CF0FF6E9E0146 ] FontCache       C:\Windows\system32\FntCache.dll
22:28:40.0266 1476  FontCache - ok
22:28:40.0344 1476  [ 0B56259F5611787222A04A8F254E51D4 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:28:40.0500 1476  FontCache3.0.0.0 - ok
22:28:40.0531 1476  [ A5F7873A39E4E9FAAAE59B7E9E36B705 ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
22:28:40.0656 1476  FsDepends - ok
22:28:40.0672 1476  [ A6DD7D491F587F4BC13FB972977DC8E8 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:28:40.0812 1476  Fs_Rec - ok
22:28:40.0859 1476  [ FA228F4BB10DC7ED7E7D131C034E2331 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
22:28:40.0922 1476  fvevol - ok
22:28:40.0953 1476  [ A969D92973DFA895E7776B4BFE36DBB2 ] FxPPM           C:\Windows\System32\drivers\fxppm.sys
22:28:41.0109 1476  FxPPM - ok
22:28:41.0141 1476  [ 52BC441E07A827EBAB70CDC7EAEDB28D ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
22:28:41.0297 1476  gagp30kx - ok
22:28:41.0328 1476  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:28:41.0469 1476  GEARAspiWDM - ok
22:28:41.0500 1476  [ 721F8EEF5E9747F32670DEFF7FB92541 ] gencounter      C:\Windows\System32\drivers\vmgencounter.sys
22:28:41.0657 1476  gencounter - ok
22:28:41.0704 1476  [ CA18ECFCFFDD638ECE80799A9056B238 ] GPIOClx0101     C:\Windows\system32\Drivers\msgpioclx.sys
22:28:41.0860 1476  GPIOClx0101 - ok
22:28:41.0923 1476  [ 5358678C6370F2ADC5291849F6503262 ] gpsvc           C:\Windows\System32\gpsvc.dll
22:28:42.0001 1476  gpsvc - ok
22:28:42.0032 1476  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:28:42.0064 1476  gupdate - ok
22:28:42.0064 1476  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:28:42.0079 1476  gupdatem - ok
22:28:42.0126 1476  [ 9FC1F11D4D19F61DFE5CC878B4557D3A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:28:42.0329 1476  HdAudAddService - ok
22:28:42.0360 1476  [ 7D87B5B6C7188D553E11B59DC7F0B111 ] HDAudBus        C:\Windows\System32\drivers\HDAudBus.sys
22:28:42.0423 1476  HDAudBus - ok
22:28:42.0454 1476  [ 3F76BBA53D65E85A7F53E7A71082082C ] HidBatt         C:\Windows\System32\drivers\HidBatt.sys
22:28:42.0626 1476  HidBatt - ok
22:28:42.0626 1476  [ A25BAE8C1F2830C8E5625EC7E4E968BE ] HidBth          C:\Windows\System32\drivers\hidbth.sys
22:28:42.0829 1476  HidBth - ok
22:28:42.0845 1476  [ CC4A07E51D89575CAB6F4EB590D87CD4 ] hidi2c          C:\Windows\System32\drivers\hidi2c.sys
22:28:43.0017 1476  hidi2c - ok
22:28:43.0048 1476  [ DC96F7DACB777CDEAEF9958A50BFDA06 ] HidIr           C:\Windows\System32\drivers\hidir.sys
22:28:43.0220 1476  HidIr - ok
22:28:43.0267 1476  [ FAC37D7B3D6354A5A5E19A45B50B4008 ] hidserv         C:\Windows\system32\hidserv.dll
22:28:43.0392 1476  hidserv - ok
22:28:43.0407 1476  [ 590B6F71BCDA4368B4BF7D8DF22B60F7 ] HidUsb          C:\Windows\System32\drivers\hidusb.sys
22:28:43.0579 1476  HidUsb - ok
22:28:43.0657 1476  [ A894FB2CAE6A29F5D9C8EDA47B074623 ] HipShieldK      C:\Windows\system32\drivers\HipShieldK.sys
22:28:43.0798 1476  HipShieldK - ok
22:28:43.0829 1476  [ 43F884B61A24377567CD0FEB35236334 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:28:43.0954 1476  hkmsvc - ok
22:28:44.0001 1476  [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:28:44.0142 1476  HomeGroupListener - ok
22:28:44.0189 1476  [ E0D9F6FE18FA7F53ADD29AF719CE2B7E ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:28:44.0282 1476  HomeGroupProvider - ok
22:28:44.0314 1476  [ 64DB7A8D97CA53DCCF93D0A1E08342CF ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
22:28:44.0470 1476  HpSAMD - ok
22:28:44.0517 1476  [ 29CB98187BB5711F7759540976D295FC ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:28:44.0720 1476  HTTP - ok
22:28:44.0767 1476  [ 2A98301068801700906C06649860FE94 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
22:28:44.0876 1476  hwpolicy - ok
22:28:44.0892 1476  [ DC76901D82097C9E297F20C287CB9A27 ] hyperkbd        C:\Windows\System32\drivers\hyperkbd.sys
22:28:45.0064 1476  hyperkbd - ok
22:28:45.0064 1476  [ 716413AB3CA12DE0A7222D28C1C9352C ] HyperVideo      C:\Windows\system32\DRIVERS\HyperVideo.sys
22:28:45.0220 1476  HyperVideo - ok
22:28:45.0251 1476  [ C9E9CBF73AFFBFE3E801EFB516787BA3 ] i8042prt        C:\Windows\System32\drivers\i8042prt.sys
22:28:45.0407 1476  i8042prt - ok
22:28:45.0454 1476  [ 6C024B3AE192D72B216166802AF345DD ] iaStorA         C:\Windows\system32\drivers\iaStorA.sys
22:28:45.0501 1476  iaStorA - ok
22:28:45.0532 1476  [ 5E394EBD26FD68AA9300332C46BEDD62 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
22:28:45.0704 1476  iaStorV - ok
22:28:45.0814 1476  [ 5AD5A7781BE907D6E2D75CA1DADAA97B ] IconMan_R       C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
22:28:46.0048 1476  IconMan_R - ok
22:28:46.0204 1476  [ A1CF07D24EDCDC6870535471654D957C ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
22:28:46.0564 1476  igfx - ok
22:28:46.0611 1476  [ 24847A06B84339FEEDE5CABF3D27D320 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
22:28:46.0783 1476  iirsp - ok
22:28:46.0829 1476  [ 531B5A98145DA689741A0AC18F14EA94 ] IKEEXT          C:\Windows\System32\ikeext.dll
22:28:47.0017 1476  IKEEXT - ok
22:28:47.0142 1476  [ 6BDCC85422817FA53CD705ADE312CE6A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:28:47.0454 1476  IntcAzAudAddService - ok
22:28:47.0486 1476  [ F5495B38BFB9149925F54F65AB40EFBF ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
22:28:47.0658 1476  IntcDAud - ok
22:28:47.0704 1476  [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
22:28:47.0876 1476  Intel(R) Capability Licensing Service Interface - ok
22:28:47.0908 1476  [ 4F37726CF764CA18A8A84F85EF3A7F24 ] intelide        C:\Windows\system32\drivers\intelide.sys
22:28:48.0048 1476  intelide - ok
22:28:48.0079 1476  [ E15CDF68DD73423F15D4AC404793AF0D ] intelppm        C:\Windows\System32\drivers\intelppm.sys
22:28:48.0126 1476  intelppm - ok
22:28:48.0142 1476  [ 8FCA66234A0933D796BB780B7953BAB9 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:28:48.0314 1476  IpFilterDriver - ok
22:28:48.0392 1476  [ CAC5202757EF68C4849B0DFFA75F6D3C ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:28:48.0564 1476  iphlpsvc - ok
22:28:48.0579 1476  [ 6E98A046A12AA113F8898AA5D612BD6E ] IPMIDRV         C:\Windows\System32\drivers\IPMIDrv.sys
22:28:48.0751 1476  IPMIDRV - ok
22:28:48.0767 1476  [ 3969B9C218DD3FAA9F4ED2FFC3651C02 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
22:28:48.0955 1476  IPNAT - ok
22:28:49.0001 1476  [ 0F261EC4F514926177C70C1832374231 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
22:28:49.0173 1476  iPod Service - ok
22:28:49.0189 1476  [ 25CD7C4BB2863FFC2B0B311F0AEBF77C ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:28:49.0361 1476  IRENUM - ok
22:28:49.0376 1476  [ D940C5BB9DC92E588533C19ABCC3D2C2 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:28:49.0533 1476  isapnp - ok
22:28:49.0564 1476  [ 69C8BF0BC2B0EA10F130F4D3104DC2EF ] iScsiPrt        C:\Windows\System32\drivers\msiscsi.sys
22:28:49.0736 1476  iScsiPrt - ok
22:28:49.0798 1476  [ 78ABBE558F57144047F10A0F50FE4B2F ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
22:28:49.0970 1476  jhi_service - ok
22:28:50.0017 1476  [ 8FBD94B69D6423E20ABCD59D86368B21 ] kbdclass        C:\Windows\System32\drivers\kbdclass.sys
22:28:50.0189 1476  kbdclass - ok
22:28:50.0220 1476  [ E88C932ABDF8185A62C8F2FC7B051FB6 ] kbdhid          C:\Windows\System32\drivers\kbdhid.sys
22:28:50.0376 1476  kbdhid - ok
22:28:50.0392 1476  [ FB6C185092E18011EF49989425C2AA87 ] kdnic           C:\Windows\system32\DRIVERS\kdnic.sys
22:28:50.0548 1476  kdnic - ok
22:28:50.0580 1476  [ F702AB6181513303AB0FC8D59E52708B ] KeyIso          C:\Windows\system32\lsass.exe
22:28:50.0611 1476  KeyIso - ok
22:28:50.0642 1476  [ DFA480F6DED551464F3A5B959F437800 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:28:50.0673 1476  KSecDD - ok
22:28:50.0705 1476  [ 127FB0AAD232BAAD2C9BBACD374F4FC5 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
22:28:50.0736 1476  KSecPkg - ok
22:28:50.0767 1476  [ 81492FEEBF2F26455B00EE8DBAE8A1B0 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
22:28:50.0923 1476  ksthunk - ok
22:28:50.0955 1476  [ 5825DBACEDC3812B5CF8D40B997BF210 ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:28:51.0095 1476  KtmRm - ok
22:28:51.0127 1476  [ 256EE31588257E8A555DBFAA13F1908E ] LanmanServer    C:\Windows\system32\srvsvc.dll
22:28:51.0267 1476  LanmanServer - ok
22:28:51.0298 1476  [ 16650912BE5A94B40E0B3B4C39652B56 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:28:51.0408 1476  LanmanWorkstation - ok
22:28:51.0439 1476  [ CEEFD29FC551F289810B0B9381B321DC ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:28:51.0596 1476  lltdio - ok
22:28:51.0628 1476  [ BCF53485E0A94722CDE3C4A93CD8EB8C ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:28:51.0784 1476  lltdsvc - ok
22:28:51.0799 1476  [ 5A2F7F1CBC2E631A497DAD16164E06D2 ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:28:51.0956 1476  lmhosts - ok
22:28:51.0987 1476  [ 2C24DC448DBE8DB9BE1441B824C57E79 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:28:52.0190 1476  LMS - ok
22:28:52.0221 1476  [ 022CDD12161B063D7852B1075BF3FFF2 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
22:28:52.0362 1476  LSI_SAS - ok
22:28:52.0409 1476  [ 07AD59D669B996F29F91817F0ECFA34F ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
22:28:52.0596 1476  LSI_SAS2 - ok
22:28:52.0628 1476  [ 216FB796AA4E252ACCE93B1BCB80B5EC ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
22:28:52.0784 1476  LSI_SCSI - ok
22:28:52.0815 1476  [ 5E80530AF37102488EE980B4A92AF99F ] LSI_SSS         C:\Windows\system32\drivers\lsi_sss.sys
22:28:52.0987 1476  LSI_SSS - ok
22:28:53.0081 1476  [ 8FEFDCEE40B75FD23B4BC60DA6576113 ] LSM             C:\Windows\System32\lsm.dll
22:28:53.0159 1476  LSM - ok
22:28:53.0175 1476  [ 2BDC5D711FA61307CE6190D47C956368 ] luafv           C:\Windows\system32\drivers\luafv.sys
22:28:53.0237 1476  luafv - ok
22:28:53.0300 1476  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
22:28:53.0331 1476  McAfee SiteAdvisor Service - ok
22:28:53.0393 1476  [ 1E3AF124A3405EEE594BB9FFD4640F48 ] McAWFwk         c:\PROGRA~1\mcafee\msc\mcawfwk.exe
22:28:53.0550 1476  McAWFwk - ok
22:28:53.0596 1476  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McMPFSvc        C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
22:28:53.0612 1476  McMPFSvc - ok
22:28:53.0628 1476  [ F928E5E72BBA15DD0CE9A26E0413D236 ] mcmscsvc        C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
22:28:53.0659 1476  mcmscsvc - ok
22:28:53.0690 1476  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNaiAnn        C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
22:28:53.0721 1476  McNaiAnn - ok
22:28:53.0721 1476  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNASvc         C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
22:28:53.0753 1476  McNASvc - ok
22:28:53.0815 1476  [ 1814532DB0404C5FB65AA3EB051B2BE5 ] McODS           C:\Program Files\mcafee\VirusScan\mcods.exe
22:28:53.0846 1476  McODS - ok
22:28:53.0878 1476  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McOobeSv        C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
22:28:53.0893 1476  McOobeSv - ok
22:28:53.0909 1476  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McProxy         C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
22:28:53.0925 1476  McProxy - ok
22:28:53.0987 1476  [ 23EA22ACADD66D7F1E18A4AA72BE6158 ] McShield        C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
22:28:54.0143 1476  McShield - ok
22:28:54.0175 1476  [ 9B0D829C3BE4E7472DB9DD2B79908E3C ] megasas         C:\Windows\system32\drivers\megasas.sys
22:28:54.0362 1476  megasas - ok
22:28:54.0378 1476  [ ECC3F54C7AFC318271C4F0B4606D8DB0 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
22:28:54.0550 1476  MegaSR - ok
22:28:54.0581 1476  [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64          C:\Windows\System32\drivers\HECIx64.sys
22:28:54.0721 1476  MEIx64 - ok
22:28:54.0753 1476  [ 19323081FA4018C9C1AEBF08114BEA11 ] mfeapfk         C:\Windows\system32\drivers\mfeapfk.sys
22:28:54.0768 1476  mfeapfk - ok
22:28:54.0800 1476  [ EF1D39A70CAD1B7BEDC220480F26815C ] mfeavfk         C:\Windows\system32\drivers\mfeavfk.sys
22:28:54.0956 1476  mfeavfk - ok
22:28:55.0003 1476  mfeavfk01 - ok
22:28:55.0034 1476  [ 9DBA574C2189A32BF484F6EC2322C5CA ] mfeelamk        C:\Windows\system32\drivers\mfeelamk.sys
22:28:55.0190 1476  mfeelamk - ok
22:28:55.0222 1476  [ 3CBBB569730EFD069B4BD253DDD4AD58 ] mfefire         C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
22:28:55.0378 1476  mfefire - ok
22:28:55.0409 1476  [ 67972BFC8F23054BD23E1DE1450E40BD ] mfefirek        C:\Windows\system32\drivers\mfefirek.sys
22:28:55.0581 1476  mfefirek - ok
22:28:55.0659 1476  [ 5C0EE849C03C37071FABDAA6B58D3D94 ] mfehidk         C:\Windows\system32\drivers\mfehidk.sys
22:28:55.0706 1476  mfehidk - ok
22:28:55.0722 1476  [ 450B77CAC7384A9C1BAF476AC302CD4C ] mferkdet        C:\Windows\system32\drivers\mferkdet.sys
22:28:55.0862 1476  mferkdet - ok
22:28:55.0893 1476  [ 74CE2EBE64AB78904E33DD4C5F21611F ] mfevtp          C:\windows\system32\mfevtps.exe
22:28:56.0050 1476  mfevtp - ok
22:28:56.0081 1476  [ F55F9742BFA88D02F96516B80AB400EC ] mfewfpk         C:\Windows\system32\drivers\mfewfpk.sys
22:28:56.0112 1476  mfewfpk - ok
22:28:56.0159 1476  Microsoft SharePoint Workspace Audit Service - ok
22:28:56.0206 1476  [ EEE908BE7143FCA48CF0CB87214E2AB8 ] MMCSS           C:\Windows\system32\mmcss.dll
22:28:56.0253 1476  MMCSS - ok
22:28:56.0268 1476  [ 780098AD5DA8A4822E2563984C85EF7B ] Modem           C:\Windows\system32\drivers\modem.sys
22:28:56.0440 1476  Modem - ok
22:28:56.0456 1476  [ 83EB0BF7E6EBD5B1AAC97F9DBD5EB935 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:28:56.0503 1476  monitor - ok
22:28:56.0550 1476  [ 618446B98C79776654340CE27C73485E ] mouclass        C:\Windows\System32\drivers\mouclass.sys
22:28:56.0690 1476  mouclass - ok
22:28:56.0722 1476  [ CB2527B8B87D83E56FBF3944BBB6F606 ] mouhid          C:\Windows\System32\drivers\mouhid.sys
22:28:56.0893 1476  mouhid - ok
22:28:56.0909 1476  [ 89D263DBF08119CE16273991C120D6DD ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
22:28:56.0940 1476  mountmgr - ok
22:28:56.0972 1476  [ 0D1609DD82C7440F5D5BF21A9D4D5C0C ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:28:57.0128 1476  mpsdrv - ok
22:28:57.0206 1476  [ 3031573A739DBEE8923851929D0AF423 ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:28:57.0268 1476  MpsSvc - ok
22:28:57.0300 1476  [ 3D70147F55F1EC84EB9139ED7FFE48BC ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:28:57.0487 1476  MRxDAV - ok
22:28:57.0519 1476  [ 877D60D6E4156EC4A2E0B6871D41BED9 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:28:57.0597 1476  mrxsmb - ok
22:28:57.0628 1476  [ 06D5F2FA3C61E8EA91648EA8E9F99FD3 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:28:57.0659 1476  mrxsmb10 - ok
22:28:57.0706 1476  [ E078446D4B8622AA6030C7B8A1A08962 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:28:57.0753 1476  mrxsmb20 - ok
22:28:57.0784 1476  [ 98487487D6B3797CA927E9D7B030AE13 ] MsBridge        C:\Windows\system32\DRIVERS\bridge.sys
22:28:57.0956 1476  MsBridge - ok
22:28:57.0987 1476  [ 4A07458EB4F17573BD39F22029A991C1 ] MSDTC           C:\Windows\System32\msdtc.exe
22:28:58.0159 1476  MSDTC - ok
22:28:58.0206 1476  [ 3886F1F2A4D2900ABAA7E4486BEEE6A2 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:28:58.0237 1476  Msfs - ok
22:28:58.0284 1476  [ C9BFB0353099B071E70299549C18C8AE ] msgpiowin32     C:\Windows\System32\drivers\msgpiowin32.sys
22:28:58.0440 1476  msgpiowin32 - ok
22:28:58.0472 1476  [ D3857A767B91A061B408CCAB02DA4F40 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
22:28:58.0628 1476  mshidkmdf - ok
22:28:58.0644 1476  [ 839B48910FB1E887635C48F3EC11A05E ] mshidumdf       C:\Windows\System32\drivers\mshidumdf.sys
22:28:58.0784 1476  mshidumdf - ok
22:28:58.0800 1476  [ 55C0DB741E3AB7463242B185B1C2997C ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:28:58.0831 1476  msisadrv - ok
22:28:58.0862 1476  [ 216C6B035A4BA5560E1255BD8E5BB89F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:28:59.0034 1476  MSiSCSI - ok
22:28:59.0050 1476  msiserver - ok
22:28:59.0081 1476  [ F928E5E72BBA15DD0CE9A26E0413D236 ] MSK80Service    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
22:28:59.0112 1476  MSK80Service - ok
22:28:59.0144 1476  [ 509809566E49F4411055864EA8D437CD ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:28:59.0300 1476  MSKSSRV - ok
22:28:59.0315 1476  [ 63145201D6458E4958E572E7D6FC2604 ] MsLldp          C:\Windows\system32\DRIVERS\mslldp.sys
22:28:59.0472 1476  MsLldp - ok
22:28:59.0472 1476  [ 99D526E803DB6D7FF290FD98B6204641 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:28:59.0628 1476  MSPCLOCK - ok
22:28:59.0628 1476  [ 06FA77C3E2A491ADCD704C5E73006269 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:28:59.0784 1476  MSPQM - ok
22:28:59.0816 1476  [ E134EC4DE11CF78CB01432D180710D84 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:28:59.0862 1476  MsRPC - ok
22:28:59.0894 1476  [ B5AECF12F09DEE97C9FCAA5BA016CE1E ] mssmbios        C:\Windows\System32\drivers\mssmbios.sys
22:28:59.0925 1476  mssmbios - ok
22:28:59.0941 1476  [ 72D66A05E0F99F2528F6C6204FD22AA1 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:29:00.0097 1476  MSTEE - ok
22:29:00.0112 1476  [ 8AAAE399FC255FA105D4158CBA289001 ] MTConfig        C:\Windows\System32\drivers\MTConfig.sys
22:29:00.0269 1476  MTConfig - ok
22:29:00.0300 1476  [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A ] Mup             C:\Windows\system32\Drivers\mup.sys
22:29:00.0331 1476  Mup - ok
22:29:00.0362 1476  [ 3A1E095277BBD406CEA8EA6B76950664 ] mvumis          C:\Windows\system32\drivers\mvumis.sys
22:29:00.0503 1476  mvumis - ok
22:29:00.0534 1476  [ C009123B206C56854F4E88596035231D ] mwlPSDFilter    C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
22:29:00.0566 1476  mwlPSDFilter - ok
22:29:00.0581 1476  [ BF3739EEB9F008B1DEBAC115089A53F8 ] mwlPSDNServ     C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
22:29:00.0722 1476  mwlPSDNServ - ok
22:29:00.0737 1476  [ 38DD143D95E7A01B86F219DDA9C28779 ] mwlPSDVDisk     C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
22:29:00.0878 1476  mwlPSDVDisk - ok
22:29:00.0909 1476  [ 4B18840511D720BA118D3017E8165875 ] napagent        C:\Windows\system32\qagentRT.dll
22:29:00.0987 1476  napagent - ok
22:29:01.0019 1476  [ 43D7388A90A4C6EA346A4D6FF0377479 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:29:01.0191 1476  NativeWifiP - ok
22:29:01.0222 1476  [ 6A0C3996DA7DAE6D6939676D786EEEC4 ] NcaSvc          C:\Windows\System32\ncasvc.dll
22:29:01.0362 1476  NcaSvc - ok
22:29:01.0378 1476  [ C982FE4CC91DECE2259F494FCEB4030F ] NcdAutoSetup    C:\Windows\System32\NcdAutoSetup.dll
22:29:01.0503 1476  NcdAutoSetup - ok
22:29:01.0581 1476  [ 0F89AE618DBA5D8AB7A2DFCC375F4159 ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:29:01.0659 1476  NDIS - ok
22:29:01.0675 1476  [ 39C8A1D9D46F5E83A016BCAB72455284 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
22:29:01.0831 1476  NdisCap - ok
22:29:01.0878 1476  [ 762941932B7E4C588E48A577BA9D6440 ] NdisImPlatform  C:\Windows\system32\DRIVERS\NdisImPlatform.sys
22:29:02.0019 1476  NdisImPlatform - ok
22:29:02.0066 1476  [ 7A6F8A6D0E01432EBA294EF29CDD0FA7 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:29:02.0237 1476  NdisTapi - ok
22:29:02.0253 1476  [ 79AB68BB3FFF974AD4F41FA559F4EC67 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:29:02.0409 1476  Ndisuio - ok
22:29:02.0425 1476  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:29:02.0597 1476  NdisWan - ok
22:29:02.0613 1476  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NDISWANLEGACY   C:\Windows\system32\DRIVERS\ndiswan.sys
22:29:02.0659 1476  NDISWANLEGACY - ok
22:29:02.0675 1476  [ CE6EBC0AD38CC6482D8FBB744FF15CE2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:29:02.0831 1476  NDProxy - ok
22:29:02.0847 1476  [ D3F60A4345FCA9C1BE68AD7D0D6DE770 ] Ndu             C:\Windows\system32\drivers\Ndu.sys
22:29:03.0003 1476  Ndu - ok
22:29:03.0019 1476  [ 7C203A76394F9AE68F69EEE5F9612C4A ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:29:03.0066 1476  NetBIOS - ok
22:29:03.0113 1476  [ 7CEC25C682D319D484630B3952C31A11 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
22:29:03.0300 1476  NetBT - ok
22:29:03.0316 1476  [ F702AB6181513303AB0FC8D59E52708B ] Netlogon        C:\Windows\system32\lsass.exe
22:29:03.0347 1476  Netlogon - ok
22:29:03.0378 1476  [ 89519D29CBEC2121CA65CC29C4D345E0 ] Netman          C:\Windows\System32\netman.dll
22:29:03.0425 1476  Netman - ok
22:29:03.0456 1476  [ 20F6FD63E6D456114BC8056D62792786 ] netprofm        C:\Windows\System32\netprofmsvc.dll
22:29:03.0519 1476  netprofm - ok
22:29:03.0581 1476  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:29:03.0769 1476  NetTcpPortSharing - ok
22:29:03.0800 1476  [ 12DD2800E4EEA37DC9AE256AD62423B4 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
22:29:03.0956 1476  nfrd960 - ok
22:29:03.0988 1476  [ 80ABCD4C2DE9FD832477303AE0CA3BE5 ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:29:04.0050 1476  NlaSvc - ok
22:29:04.0081 1476  [ 17E19A742FB30C002F8B43575451DBE1 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:29:04.0128 1476  Npfs - ok
22:29:04.0160 1476  [ 8ED299C30792544264E558BEA79F0947 ] npsvctrig       C:\Windows\System32\drivers\npsvctrig.sys
22:29:04.0331 1476  npsvctrig - ok
22:29:04.0363 1476  [ 832B5FDF0B5577713FD7F2465FCD0ACE ] nsi             C:\Windows\system32\nsisvc.dll
22:29:04.0488 1476  nsi - ok
22:29:04.0503 1476  [ 689B3B1E95C70ABF7AFF29F9406EF1E0 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:29:04.0661 1476  nsiproxy - ok
22:29:04.0739 1476  [ 4A7EEA9C4AD5CBFDA3C0E5B821C99CAD ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:29:04.0879 1476  Ntfs - ok
22:29:04.0926 1476  [ 24802A206925A340DBA52ABF83C21315 ] NTI IScheduleSvc C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
22:29:05.0114 1476  NTI IScheduleSvc - ok
22:29:05.0129 1476  [ 710263B44C1D1AEE07525A53401FBE48 ] NTIDrvr         C:\windows\system32\drivers\NTIDrvr.sys
22:29:05.0270 1476  NTIDrvr - ok
22:29:05.0286 1476  [ 4163ADE07DB51843AE31F65B94F5398D ] Null            C:\Windows\system32\drivers\Null.sys
22:29:05.0442 1476  Null - ok
22:29:05.0817 1476  [ 076C32433B06AAAD72742774E56FB854 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:29:06.0692 1476  nvlddmkm - ok
22:29:06.0708 1476  [ 0AFB4857ADD1D11012E6B38C9F4B625B ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
22:29:06.0739 1476  nvpciflt - ok
22:29:06.0770 1476  [ D6D34118263412D3AAA8348A9572B7F2 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:29:06.0926 1476  nvraid - ok
22:29:06.0942 1476  [ 27AFC428D1D32ABD04A86763A4EDDEA9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:29:07.0098 1476  nvstor - ok
22:29:07.0161 1476  [ A9495A3AAAB5E470F2460F85849A5F66 ] nvsvc           C:\Windows\system32\nvvsvc.exe
22:29:07.0208 1476  nvsvc - ok
22:29:07.0301 1476  [ FAA2048284D763409F7BB84F61601C80 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:29:07.0504 1476  nvUpdatusService - ok
22:29:07.0520 1476  [ 051CFB5107BAAE510419BDC41F8C4036 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:29:07.0692 1476  nv_agp - ok
22:29:07.0739 1476  [ 4965B005492CBA7719E82B71E3245495 ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:29:07.0895 1476  ose64 - ok
22:29:08.0051 1476  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:29:08.0520 1476  osppsvc - ok
22:29:08.0551 1476  [ AB76700D764A342D7475FB8F47CAB18C ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
22:29:08.0692 1476  p2pimsvc - ok
22:29:08.0708 1476  [ 4319FD931DCD796435ECB5DB4A04FBA5 ] p2psvc          C:\Windows\system32\p2psvc.dll
22:29:08.0864 1476  p2psvc - ok
22:29:08.0895 1476  [ 4563DAF8C6A740AD7F501E219BD10766 ] Parport         C:\Windows\System32\drivers\parport.sys
22:29:09.0036 1476  Parport - ok
22:29:09.0051 1476  [ C1D7BA7F0DE487DFEEB51BF8D3EC5562 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:29:09.0083 1476  partmgr - ok
22:29:09.0130 1476  [ 4811D9EC53649105A5A8BEA661B0F936 ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:29:09.0270 1476  PcaSvc - ok
22:29:09.0301 1476  [ 4A003E8F718C1E6A2050CA98CD53E3E2 ] pci             C:\Windows\system32\drivers\pci.sys
22:29:09.0348 1476  pci - ok
22:29:09.0364 1476  [ F9908D274D458220F91E89B54D78D837 ] pciide          C:\Windows\system32\drivers\pciide.sys
22:29:09.0505 1476  pciide - ok
22:29:09.0520 1476  [ 84D19CB6102627932DCB5DFDF89FE269 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
22:29:09.0676 1476  pcmcia - ok
22:29:09.0692 1476  [ CEBBAD5391C2644560C55628A40BFD27 ] pcw             C:\Windows\system32\drivers\pcw.sys
22:29:09.0723 1476  pcw - ok
22:29:09.0770 1476  [ EF9B4F3136B4C45F421ADE6871659FB6 ] pdc             C:\Windows\system32\drivers\pdc.sys
22:29:09.0801 1476  pdc - ok
22:29:09.0848 1476  [ 70DBB6A8B52B3830922F1C5789E1BEEB ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:29:10.0036 1476  PEAUTH - ok
22:29:10.0130 1476  [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A ] PerfHost        C:\Windows\SysWow64\perfhost.exe
22:29:10.0333 1476  PerfHost - ok
22:29:10.0395 1476  [ 6E84BFF58F7643499277F29DFA2F8C8D ] pla             C:\Windows\system32\pla.dll
22:29:10.0583 1476  pla - ok
22:29:10.0614 1476  [ 799BE46D45D486704CE0F37CA5385262 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:29:10.0645 1476  PlugPlay - ok
22:29:10.0677 1476  [ 8E2414E818C26C4A9C70CB2B8567F04F ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
22:29:10.0801 1476  PNRPAutoReg - ok
22:29:10.0833 1476  [ AB76700D764A342D7475FB8F47CAB18C ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
22:29:10.0880 1476  PNRPsvc - ok
22:29:10.0926 1476  [ 0108C8E5176D590F242701EF5A62CC26 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:29:11.0067 1476  PolicyAgent - ok
22:29:11.0098 1476  [ F1E067F56373F11EA4B785CAE823740A ] Power           C:\Windows\system32\umpo.dll
22:29:11.0145 1476  Power - ok
22:29:11.0177 1476  [ 362D47E5B4D67270DE4B8606036F4ADD ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:29:11.0333 1476  PptpMiniport - ok
22:29:11.0473 1476  [ C2D3B3D0060619D5E03E696BD56FF59F ] PrintNotify     C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
22:29:11.0677 1476  PrintNotify - ok
22:29:11.0708 1476  [ DD979EB6A7212F60E4AFBE96EDC7AE6D ] Processor       C:\Windows\System32\drivers\processr.sys
22:29:11.0880 1476  Processor - ok
22:29:11.0911 1476  [ 429E8502AD2227CF88F8840FC5BD590D ] ProfSvc         C:\Windows\system32\profsvc.dll
22:29:11.0973 1476  ProfSvc - ok
22:29:12.0005 1476  [ AF038FA3D3748B7595FE7096AD803696 ] Ps2Kb2Hid       C:\Windows\System32\drivers\aPs2Kb2Hid.sys
22:29:12.0145 1476  Ps2Kb2Hid - ok
22:29:12.0161 1476  [ EB8034147D4820CD31BFCB11A2A652DF ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
22:29:12.0333 1476  Psched - ok
22:29:12.0364 1476  [ 0AFBF333B6F87A2F598EAB379AF100B8 ] QWAVE           C:\Windows\system32\qwave.dll
22:29:12.0520 1476  QWAVE - ok
22:29:12.0552 1476  [ 13D47BB0CCA2FC51BD15F8E85C6A078E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:29:12.0755 1476  QWAVEdrv - ok
22:29:12.0802 1476  [ 873C60F8178100557740A832FCE10B5F ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:29:12.0989 1476  RasAcd - ok
22:29:13.0005 1476  [ 69B93F623B130976243ECA3D84CC99CA ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
22:29:13.0208 1476  RasAgileVpn - ok
22:29:13.0223 1476  [ 005F6E54C4A2DA4EBF68FB0392CE8BB0 ] RasAuto         C:\Windows\System32\rasauto.dll
22:29:13.0364 1476  RasAuto - ok
22:29:13.0411 1476  [ A14D625C5AEE5FFE0F47D1A1D419FAAE ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:29:13.0614 1476  Rasl2tp - ok
22:29:13.0661 1476  [ C923C785A2DE0B396AD6D13ACAFF2DE9 ] RasMan          C:\Windows\System32\rasmans.dll
22:29:13.0833 1476  RasMan - ok
22:29:13.0864 1476  [ 00695B9C2DB6111064499C529E90C042 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:29:14.0052 1476  RasPppoe - ok
22:29:14.0067 1476  [ A7F24D8CD1956B0A1FDCB86CC5114DE4 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:29:14.0333 1476  RasSstp - ok
22:29:14.0364 1476  [ B72C33DBD5326B3864CF2091AF8B906B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:29:14.0442 1476  rdbss - ok
22:29:14.0474 1476  [ CA7DF5EC95D8DE0DD24BE7FF97369F68 ] rdpbus          C:\Windows\System32\drivers\rdpbus.sys
22:29:14.0692 1476  rdpbus - ok
22:29:14.0724 1476  [ B2A3AD74FF2E2FFA73AF2567108231B3 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
22:29:14.0974 1476  RDPDR - ok
22:29:15.0020 1476  [ 57F4787E4602A3FCA719C0A33137C6DA ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
22:29:15.0052 1476  RdpVideoMiniport - ok
22:29:15.0083 1476  [ B3CB0721E81E30419CE7D837EF4EA151 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:29:15.0255 1476  RDPWD - ok
22:29:15.0270 1476  [ 62C1F8A0685FE07E998AA296C4F697C4 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
22:29:15.0317 1476  rdyboost - ok
22:29:15.0349 1476  [ 3663CCF243EE0C04E9F6F91ED1737273 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:29:15.0489 1476  RemoteAccess - ok
22:29:15.0536 1476  [ E80DD61E52EDFFF9DA1ED7260A68855B ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:29:15.0678 1476  RemoteRegistry - ok
22:29:15.0709 1476  [ CF59781FCB68F859EB6C835ED285211D ] RfButtonDriverService C:\Windows\RfBtnSvc64.exe
22:29:15.0850 1476  RfButtonDriverService - ok
22:29:15.0865 1476  [ 17EF582CBC4809F96B9E6D0543480763 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
22:29:16.0084 1476  RFCOMM - ok
22:29:16.0131 1476  [ 73F2E030B5C24E4E41401B5F0D59E6FD ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
22:29:16.0272 1476  RpcEptMapper - ok
22:29:16.0303 1476  [ 10B21284B3D964AB3DC45490E57D422E ] RpcLocator      C:\Windows\system32\locator.exe
22:29:16.0459 1476  RpcLocator - ok
22:29:16.0522 1476  [ 1EC6E533C954BDDF2A37E7851A7E58FD ] RpcSs           C:\Windows\system32\rpcss.dll
22:29:16.0568 1476  RpcSs - ok
22:29:16.0600 1476  [ 49EEC19C34A6906883E1279EF8EDA361 ] RSBASTOR        C:\Windows\system32\DRIVERS\RtsBaStor.sys
22:29:16.0803 1476  RSBASTOR - ok
22:29:16.0834 1476  [ E04E770DD198B9399640717145E79EBF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:29:17.0022 1476  rspndr - ok
22:29:17.0068 1476  [ 7D9DA8EC6784A9EE213C676709D46BE6 ] RTL8168         C:\Windows\system32\DRIVERS\Rt630x64.sys
22:29:17.0256 1476  RTL8168 - ok
22:29:17.0272 1476  [ 752EC7DCD2F96871A3857EEE6AFE965A ] s3cap           C:\Windows\System32\drivers\vms3cap.sys
22:29:17.0490 1476  s3cap - ok
22:29:17.0506 1476  [ F702AB6181513303AB0FC8D59E52708B ] SamSs           C:\Windows\system32\lsass.exe
22:29:17.0537 1476  SamSs - ok
22:29:17.0569 1476  [ 9C7B28CE0D136DB226E24DB3BC817F92 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:29:17.0725 1476  sbp2port - ok
22:29:17.0772 1476  [ 14316954FCE79C9DE5A0AFF9D42C83AA ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:29:17.0912 1476  SCardSvr - ok
22:29:17.0944 1476  [ 5D7733A12756B267FCA021672B26BC9E ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
22:29:18.0115 1476  scfilter - ok
22:29:18.0178 1476  [ EDCDF4DB82EF825B94B190D544C8C58B ] Schedule        C:\Windows\system32\schedsvc.dll
22:29:18.0287 1476  Schedule - ok
22:29:18.0319 1476  [ BAF8F0F55BC300E5F882E521F054E345 ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:29:18.0350 1476  SCPolicySvc - ok
22:29:18.0397 1476  [ 66E29CADF9FF6C8325C356BDD617F7EA ] sdbus           C:\Windows\System32\drivers\sdbus.sys
22:29:18.0553 1476  sdbus - ok
22:29:18.0600 1476  [ 92968277ED491E4B3DDA361E3952361E ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:29:18.0725 1476  SDRSVC - ok
22:29:18.0756 1476  [ BB107AA9980B0DA4E19A3A90C3BD4460 ] sdstor          C:\Windows\System32\drivers\sdstor.sys
22:29:18.0912 1476  sdstor - ok
22:29:19.0022 1476  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:29:19.0100 1476  secdrv - ok
22:29:19.0131 1476  [ CD282626738B6BC92B6E7CD0AAE95B63 ] seclogon        C:\Windows\system32\seclogon.dll
22:29:19.0272 1476  seclogon - ok
22:29:19.0287 1476  [ 9C51620998F0763039DFA6BF68E475ED ] SENS            C:\Windows\System32\sens.dll
22:29:19.0334 1476  SENS - ok
22:29:19.0366 1476  [ 0D50B4B860DAB65241628D04CD33ACAE ] SensrSvc        C:\Windows\system32\sensrsvc.dll
22:29:19.0490 1476  SensrSvc - ok
22:29:19.0522 1476  [ 87C46B239A7EEF30FDFDD5E9BD46130C ] SerCx           C:\Windows\system32\drivers\SerCx.sys
22:29:19.0678 1476  SerCx - ok
22:29:19.0694 1476  [ 7A1F9347C85FD55E39B8A76B3A25C5AD ] Serenum         C:\Windows\System32\drivers\serenum.sys
22:29:19.0850 1476  Serenum - ok
22:29:19.0865 1476  [ F640A0A218BBF857F1D04A15D7D939F6 ] Serial          C:\Windows\System32\drivers\serial.sys
22:29:20.0006 1476  Serial - ok
22:29:20.0022 1476  [ F1A5F56B2620B862CC28FF96A0A6DAAB ] sermouse        C:\Windows\System32\drivers\sermouse.sys
22:29:20.0162 1476  sermouse - ok
22:29:20.0209 1476  [ CB60A60340788C8D6DE2A269D28086AB ] SessionEnv      C:\Windows\system32\sessenv.dll
22:29:20.0334 1476  SessionEnv - ok
22:29:20.0366 1476  [ 7EE65419B29302C795714FF8073969A1 ] sfloppy         C:\Windows\System32\drivers\sfloppy.sys
22:29:20.0506 1476  sfloppy - ok
22:29:20.0553 1476  [ 090AE16F79C8EAD04E6031F863DA85F3 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:29:20.0709 1476  SharedAccess - ok
22:29:20.0772 1476  [ A77F3ABE13FCC698511E5DEC7ACEBD5F ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:29:20.0881 1476  ShellHWDetection - ok
22:29:20.0897 1476  [ 2560721D6F16D5B611C36A3A9D28C1B2 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
22:29:21.0053 1476  SiSRaid2 - ok
22:29:21.0069 1476  [ 3AA8FDE1DBF65BB8B88B053529554A0D ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
22:29:21.0225 1476  SiSRaid4 - ok
22:29:21.0256 1476  [ E660156A4588A84305CB772FD2C0DB21 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:29:21.0412 1476  SNMPTRAP - ok
22:29:21.0459 1476  [ 465F3C355CE5ED2779B8F460F14C5A78 ] spaceport       C:\Windows\system32\drivers\spaceport.sys
22:29:21.0491 1476  spaceport - ok
22:29:21.0522 1476  [ 3D8679C8DF52EB26EB7583A4E0A29202 ] SpbCx           C:\Windows\system32\drivers\SpbCx.sys
22:29:21.0678 1476  SpbCx - ok
22:29:21.0772 1476  [ 3F215BF2D4D8D6756298B25B579772C2 ] Spooler         C:\Windows\System32\spoolsv.exe
22:29:21.0975 1476  Spooler - ok
22:29:22.0116 1476  [ EC84D961501054F87A6878EC5D53388F ] sppsvc          C:\Windows\system32\sppsvc.exe
22:29:22.0319 1476  sppsvc - ok
22:29:22.0350 1476  [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6 ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:29:22.0413 1476  srv - ok
22:29:22.0459 1476  [ C2106BB710AA34A046126AED7BCA6964 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:29:22.0538 1476  srv2 - ok
22:29:22.0584 1476  [ 9400C71F5A1A380B494B6922F007D485 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:29:22.0616 1476  srvnet - ok
22:29:22.0678 1476  [ 7A20882D76D4A78240A5AC9F2C2EBA21 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:29:22.0803 1476  SSDPSRV - ok
22:29:22.0834 1476  [ D233B16999A8E626F6004BD7814C57EC ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:29:22.0975 1476  SstpSvc - ok
22:29:22.0991 1476  [ 4E85355B94CFCB67C135F6521A4895A7 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
22:29:23.0147 1476  stexstor - ok
22:29:23.0194 1476  [ BAC8A721736AECC55A4F71523AEAB65F ] stisvc          C:\Windows\System32\wiaservc.dll
22:29:23.0350 1476  stisvc - ok
22:29:23.0381 1476  [ C588BBD37B432CE3204E5765B459E6B2 ] storahci        C:\Windows\system32\drivers\storahci.sys
22:29:23.0522 1476  storahci - ok
22:29:23.0553 1476  [ F74DBC95A57B1EE866D3732EB5F79BE2 ] storflt         C:\Windows\system32\DRIVERS\vmstorfl.sys
22:29:23.0709 1476  storflt - ok
22:29:23.0741 1476  [ 5337E138B49ED1F44CCBA4073BC35C20 ] StorSvc         C:\Windows\system32\storsvc.dll
22:29:23.0866 1476  StorSvc - ok
22:29:23.0897 1476  [ 543CD3CC0E05B8D8815E0D4F040B6F59 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
22:29:24.0053 1476  storvsc - ok
22:29:24.0069 1476  [ 8BC1C1ED6EF9C985A3FAA6A72F41679A ] svsvc           C:\Windows\system32\svsvc.dll
22:29:24.0225 1476  svsvc - ok
22:29:24.0241 1476  [ 4AFD66AAE74FFB5986BC240744DC5FC9 ] swenum          C:\Windows\System32\drivers\swenum.sys
22:29:24.0381 1476  swenum - ok
22:29:24.0413 1476  [ 502F9488540051F3E6C39889ECFA76BB ] swprv           C:\Windows\System32\swprv.dll
22:29:24.0491 1476  swprv - ok
22:29:24.0538 1476  [ DC21E1F06343773D7E24362DCEF7944B ] SysMain         C:\Windows\system32\sysmain.dll
22:29:24.0647 1476  SysMain - ok
22:29:24.0678 1476  [ E219BF7BCCFE4881B0C053C7E0B47ECC ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
22:29:24.0725 1476  SystemEventsBroker - ok
22:29:24.0756 1476  [ A6C06C45C44AD06C70AF8899AEC15BDC ] TabletInputService C:\Windows\System32\TabSvc.dll
22:29:24.0913 1476  TabletInputService - ok
22:29:24.0928 1476  [ 88B7721AB551C4325036B25A34A2BF7B ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:29:25.0069 1476  TapiSrv - ok
22:29:25.0163 1476  [ 1D644E2D0FC395A055AB1C23C3B43631 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:29:25.0303 1476  Tcpip - ok
22:29:25.0381 1476  [ 1D644E2D0FC395A055AB1C23C3B43631 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
22:29:25.0506 1476  TCPIP6 - ok
22:29:25.0553 1476  [ 8F2A13A5DF99D72FDDE87F502A66F989 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:29:25.0725 1476  tcpipreg - ok
22:29:25.0741 1476  [ 73DC722CE5DF26D7638CE2446F2655C7 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:29:25.0897 1476  tdx - ok
22:29:25.0913 1476  [ F7C8AB5D8AFFAA318D6A21093D139BF4 ] terminpt        C:\Windows\System32\drivers\terminpt.sys
22:29:26.0069 1476  terminpt - ok
22:29:26.0116 1476  [ 541EE228D0DEF392F7B2DFD885DD021B ] TermService     C:\Windows\System32\termsrv.dll
22:29:26.0272 1476  TermService - ok
22:29:26.0303 1476  [ 519A6F672FFF56B7D8EE8C730CEC8ECD ] Themes          C:\Windows\system32\themeservice.dll
22:29:26.0460 1476  Themes - ok
22:29:26.0491 1476  [ EEE908BE7143FCA48CF0CB87214E2AB8 ] THREADORDER     C:\Windows\system32\mmcss.dll
22:29:26.0522 1476  THREADORDER - ok
22:29:26.0600 1476  [ FF4135424A79DCC2998276D8E39C9B4D ] TimeBroker      C:\Windows\System32\TimeBrokerServer.dll
22:29:26.0631 1476  TimeBroker - ok
22:29:26.0678 1476  [ B44EFE254C0B3719E4037088D24FE4B5 ] TPM             C:\Windows\system32\drivers\tpm.sys
22:29:26.0835 1476  TPM - ok
22:29:26.0850 1476  [ 8C8CF3041B27E7657ADD0EE17F6DBFCA ] TrkWks          C:\Windows\System32\trkwks.dll
22:29:26.0975 1476  TrkWks - ok
22:29:27.0022 1476  [ 8D516AEF3C1DF980664CF17BB1FF6093 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:29:27.0069 1476  TrustedInstaller - ok
22:29:27.0100 1476  [ 4E7C5FB10A50435523DE0CAA37DE2BD3 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
22:29:27.0257 1476  TsUsbFlt - ok
22:29:27.0272 1476  [ 16D684A820872EE54F6370703AC0B513 ] TsUsbGD         C:\Windows\System32\drivers\TsUsbGD.sys
22:29:27.0429 1476  TsUsbGD - ok
22:29:27.0444 1476  [ 78C9EE193AC2B4CBDBC48B620314D740 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:29:27.0600 1476  tunnel - ok
22:29:27.0632 1476  [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A ] uagp35          C:\Windows\system32\drivers\uagp35.sys
22:29:27.0772 1476  uagp35 - ok
22:29:27.0788 1476  [ 6FD6D03B7752C78712E5CFF29A305026 ] UASPStor        C:\Windows\System32\drivers\uaspstor.sys
22:29:27.0944 1476  UASPStor - ok
22:29:27.0975 1476  [ 69CC6087483FCE6AEBF1DF5AE791044F ] UBHelper        C:\windows\system32\drivers\UBHelper.sys
22:29:28.0116 1476  UBHelper - ok
22:29:28.0147 1476  [ 1ED222DFE6C13DA50FE081ABF90CAFE1 ] UCX01000        C:\Windows\System32\drivers\ucx01000.sys
22:29:28.0304 1476  UCX01000 - ok
22:29:28.0350 1476  [ DC5A461591C71AF7F19DC048A81E3F88 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:29:28.0538 1476  udfs - ok
22:29:28.0569 1476  [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:29:28.0726 1476  UI0Detect - ok
22:29:28.0773 1476  [ 07FEBCDF24FABA0D47B635D85A0FFB7A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:29:28.0930 1476  uliagpkx - ok
22:29:28.0945 1476  [ 02CEB3FE6152668A7BA420B93B664860 ] umbus           C:\Windows\System32\drivers\umbus.sys
22:29:29.0102 1476  umbus - ok
22:29:29.0133 1476  [ 991EE6B5FC41EAEF99C8AF5B92F2CA09 ] UmPass          C:\Windows\System32\drivers\umpass.sys
22:29:29.0305 1476  UmPass - ok
22:29:29.0336 1476  [ 43FEFB040A0CC30F795FBF544169594D ] UmRdpService    C:\Windows\System32\umrdp.dll
22:29:29.0461 1476  UmRdpService - ok
22:29:29.0539 1476  [ E1A119AD21F5AFE22EB516C549306D3D ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:29:29.0727 1476  UNS - ok
22:29:29.0758 1476  [ 14D22C411854AA2560AFC94CD2D5E61F ] upnphost        C:\Windows\System32\upnphost.dll
22:29:29.0914 1476  upnphost - ok
22:29:29.0945 1476  [ 2AF9F0E16D75B8F783A1ACE74EF51C9B ] usbccgp         C:\Windows\System32\drivers\usbccgp.sys
22:29:30.0102 1476  usbccgp - ok
22:29:30.0117 1476  [ B395B62B62F28106218FA6FB17F4C797 ] usbcir          C:\Windows\System32\drivers\usbcir.sys
22:29:30.0305 1476  usbcir - ok
22:29:30.0336 1476  [ 52F267AEE8CA5AA5CEB88C6A71EE1E86 ] usbehci         C:\Windows\System32\drivers\usbehci.sys
22:29:30.0492 1476  usbehci - ok
22:29:30.0523 1476  [ FBB6794E3BBAD92D66D59D206C1F849F ] usbhub          C:\Windows\System32\drivers\usbhub.sys
22:29:30.0711 1476  usbhub - ok
22:29:30.0742 1476  [ B7A948501424805571BF562BB0BFE31D ] USBHUB3         C:\Windows\System32\drivers\UsbHub3.sys
22:29:30.0930 1476  USBHUB3 - ok
22:29:30.0945 1476  [ 325F6179009B5A7F6118951A5BA422AB ] usbohci         C:\Windows\System32\drivers\usbohci.sys
22:29:31.0102 1476  usbohci - ok
22:29:31.0149 1476  [ BA3ABE0CD1C14B3295BAD0F076B84CAC ] usbprint        C:\Windows\System32\drivers\usbprint.sys
22:29:31.0320 1476  usbprint - ok
22:29:31.0336 1476  [ F77177F6C95B2116EE7AD23B5EF57007 ] USBSTOR         C:\Windows\System32\drivers\USBSTOR.SYS
22:29:31.0492 1476  USBSTOR - ok
22:29:31.0524 1476  [ D25EF4A6EC244C5DE85D88A05B7C149D ] usbuhci         C:\Windows\System32\drivers\usbuhci.sys
22:29:31.0681 1476  usbuhci - ok
22:29:31.0712 1476  [ 09799E701B4327097E9F63D3FE221083 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
22:29:31.0868 1476  usbvideo - ok
22:29:31.0915 1476  [ 9CD4259AD15F84DE27B94A956C978D6C ] USBXHCI         C:\Windows\System32\drivers\USBXHCI.SYS
22:29:32.0087 1476  USBXHCI - ok
22:29:32.0103 1476  [ F702AB6181513303AB0FC8D59E52708B ] VaultSvc        C:\Windows\system32\lsass.exe
22:29:32.0150 1476  VaultSvc - ok
22:29:32.0165 1476  [ BACECBFF9C97F7627A60B0E0F1FE7EE8 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
22:29:32.0196 1476  vdrvroot - ok
22:29:32.0243 1476  [ 8A8CDA9E3CF2E0B4C6CC19FBC6FB9A71 ] vds             C:\Windows\System32\vds.exe
22:29:32.0415 1476  vds - ok
22:29:32.0447 1476  [ 74FA2D4368DE6F6CE14393EDF1F342BE ] VerifierExt     C:\Windows\system32\drivers\VerifierExt.sys
22:29:32.0618 1476  VerifierExt - ok
22:29:32.0665 1476  [ 8628FA679F0EC4B709CCD1F6B6A3233B ] vhdmp           C:\Windows\System32\drivers\vhdmp.sys
22:29:32.0837 1476  vhdmp - ok
22:29:32.0853 1476  [ F5B4A14B00E89250C50982AC762DDD1D ] viaide          C:\Windows\system32\drivers\viaide.sys
22:29:33.0009 1476  viaide - ok
22:29:33.0025 1476  [ 78DB50F7329F6D1311658DABFFFC8BE0 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
22:29:33.0197 1476  vmbus - ok
22:29:33.0197 1476  [ ECFEE2F2BA3932C7880D1A8F67D68F91 ] VMBusHID        C:\Windows\System32\drivers\VMBusHID.sys
22:29:33.0353 1476  VMBusHID - ok
22:29:33.0400 1476  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicheartbeat   C:\Windows\System32\ICSvc.dll
22:29:33.0540 1476  vmicheartbeat - ok
22:29:33.0556 1476  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
22:29:33.0587 1476  vmickvpexchange - ok
22:29:33.0603 1476  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicrdv         C:\Windows\System32\ICSvc.dll
22:29:33.0634 1476  vmicrdv - ok
22:29:33.0650 1476  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicshutdown    C:\Windows\System32\ICSvc.dll
22:29:33.0697 1476  vmicshutdown - ok
22:29:33.0712 1476  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmictimesync    C:\Windows\System32\ICSvc.dll
22:29:33.0759 1476  vmictimesync - ok
22:29:33.0790 1476  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicvss         C:\Windows\System32\ICSvc.dll
22:29:33.0837 1476  vmicvss - ok
22:29:33.0868 1476  [ CB60FAAED8B49B812EBBF77EB87D9B18 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:29:33.0900 1476  volmgr - ok
22:29:33.0931 1476  [ A74101DA9809251BCD0E5A26BAE0F824 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:29:33.0978 1476  volmgrx - ok
22:29:33.0993 1476  [ 2FB3CDFD5EAF4CD9D4AFAF96877D13AE ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:29:34.0040 1476  volsnap - ok
22:29:34.0072 1476  [ A8DA1C1B52ECEA3726DEBED4FF1B700D ] vpci            C:\Windows\System32\drivers\vpci.sys
22:29:34.0228 1476  vpci - ok
22:29:34.0243 1476  [ 38A60CD9C009C55C6D3B5586F8E6A353 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
22:29:34.0400 1476  vsmraid - ok
22:29:34.0462 1476  [ EA658570314042C914964FC72AB50E6B ] VSS             C:\Windows\system32\vssvc.exe
22:29:34.0540 1476  VSS - ok
22:29:34.0603 1476  [ A0F6FE0FC2F647C22BBFD6BD4249DBCC ] VSTXRAID        C:\Windows\system32\drivers\vstxraid.sys
22:29:34.0775 1476  VSTXRAID - ok
22:29:34.0790 1476  [ 62460A45435A26A334907E3F2EA45611 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
22:29:34.0931 1476  vwifibus - ok
22:29:34.0947 1476  [ 095E943D27025E4D588AF0A72CC2318F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
22:29:35.0119 1476  vwififlt - ok
22:29:35.0150 1476  [ 73FA1A41A97A5C34ADC03B3577FF1A86 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
22:29:35.0306 1476  vwifimp - ok
22:29:35.0337 1476  [ F690B6EEAA94576727B24376D7ED3601 ] W32Time         C:\Windows\system32\w32time.dll
22:29:35.0415 1476  W32Time - ok
22:29:35.0447 1476  [ 6B806E893714019969E2B50D7EF6A4D9 ] WacomPen        C:\Windows\System32\drivers\wacompen.sys
22:29:35.0603 1476  WacomPen - ok
22:29:35.0634 1476  [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
22:29:35.0790 1476  Wanarp - ok
22:29:35.0806 1476  [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:29:35.0837 1476  Wanarpv6 - ok
22:29:35.0900 1476  [ 42DF22F8C448E7CD219F6D63743505E2 ] wbengine        C:\Windows\system32\wbengine.exe
22:29:36.0103 1476  wbengine - ok
22:29:36.0134 1476  [ 31D37B2F6069C631EF0557D322924812 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
22:29:36.0259 1476  WbioSrvc - ok
22:29:36.0275 1476  [ D9C1E82651BF19C6FF69CEC6FD400124 ] Wcmsvc          C:\Windows\System32\wcmsvc.dll
22:29:36.0400 1476  Wcmsvc - ok
22:29:36.0447 1476  [ 5B5FEAB51172F5513C2CF7B39CFA6A01 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:29:36.0587 1476  wcncsvc - ok
22:29:36.0634 1476  [ E19556D414332E2BEBA1F368229006B4 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:29:36.0759 1476  WcsPlugInService - ok
22:29:36.0791 1476  [ B3A4D918DAB90505B6BC7B70632913CB ] Wd              C:\Windows\system32\drivers\wd.sys
22:29:36.0931 1476  Wd - ok
22:29:36.0947 1476  [ 260F8DFC4D5748F4CCB9B19CFB0E58EA ] WdBoot          C:\Windows\system32\drivers\WdBoot.sys
22:29:37.0103 1476  WdBoot - ok
22:29:37.0150 1476  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:29:37.0212 1476  Wdf01000 - ok
22:29:37.0244 1476  [ 880FFFC4D5BBBB4187B6B04AB2E8C32A ] WdFilter        C:\Windows\system32\drivers\WdFilter.sys
22:29:37.0400 1476  WdFilter - ok
22:29:37.0431 1476  [ 240FC332484572227CD1DF82407F33E5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:29:37.0478 1476  WdiServiceHost - ok
22:29:37.0494 1476  [ 240FC332484572227CD1DF82407F33E5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:29:37.0541 1476  WdiSystemHost - ok
22:29:37.0587 1476  [ F2002DA5E6B78C15B2CD48CFF8F0FBB6 ] WebClient       C:\Windows\System32\webclnt.dll
22:29:37.0712 1476  WebClient - ok
22:29:37.0728 1476  [ 35FD720943D4FCD75C3275BF062FF140 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:29:37.0869 1476  Wecsvc - ok
22:29:37.0900 1476  [ 4D2612E3C462B68F499D840B1133263E ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:29:38.0009 1476  wercplsupport - ok
22:29:38.0041 1476  [ 8E2426162ED6749A127B35D235F21E11 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:29:38.0119 1476  WerSvc - ok
22:29:38.0134 1476  [ FE762D3498719C3A23471BBA62F747B4 ] WFPLWFS         C:\Windows\system32\DRIVERS\wfplwfs.sys
22:29:38.0166 1476  WFPLWFS - ok
22:29:38.0197 1476  [ 60E0C220593DA4F7C289CB909D2DBAE0 ] WiaRpc          C:\Windows\System32\wiarpc.dll
22:29:38.0337 1476  WiaRpc - ok
22:29:38.0353 1476  [ A3C7624A42A3447EF5EDD1ED37FE4E60 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
22:29:38.0494 1476  WIMMount - ok
22:29:38.0525 1476  WinDefend - ok
22:29:38.0603 1476  [ 7911470B6018059A880469A63B65700A ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
22:29:38.0650 1476  WinHttpAutoProxySvc - ok
22:29:38.0712 1476  [ 3D6B518B71C75C8FA4115A33615C107A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:29:38.0837 1476  Winmgmt - ok
22:29:38.0947 1476  [ 8E212A627F33F6FC3B5F3BB47212F66E ] WinRM           C:\Windows\system32\WsmSvc.dll
22:29:39.0181 1476  WinRM - ok
22:29:39.0275 1476  [ 6351724B8FA0255C2DBD970297F00B93 ] WlanSvc         C:\Windows\System32\wlansvc.dll
22:29:39.0369 1476  WlanSvc - ok
22:29:39.0431 1476  [ 08EFA13A2234C8C3B8A99E4B88BE7E9B ] wlidsvc         C:\Windows\system32\wlidsvc.dll
22:29:39.0525 1476  wlidsvc - ok
22:29:39.0556 1476  [ E2A596CACFC6504306CDB7B593B90084 ] WmiAcpi         C:\Windows\System32\drivers\wmiacpi.sys
22:29:39.0588 1476  WmiAcpi - ok
22:29:39.0619 1476  [ D113499052C5E541906B727779F0F959 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:29:39.0791 1476  wmiApSrv - ok
22:29:39.0806 1476  WMPNetworkSvc - ok
22:29:39.0853 1476  [ C6FF953D5D6F2EAE3B8883474D5076B3 ] wpcfltr         C:\Windows\system32\DRIVERS\wpcfltr.sys
22:29:40.0025 1476  wpcfltr - ok
22:29:40.0056 1476  [ A6ED163169876BFD2437E872FE2F1509 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:29:40.0181 1476  WPCSvc - ok
22:29:40.0197 1476  [ 94AA5150E35B3ABB7191FE641E3C2473 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:29:40.0338 1476  WPDBusEnum - ok
22:29:40.0353 1476  [ 0346CAFC181C91C6E2330332EB332ED6 ] WpdUpFltr       C:\Windows\system32\drivers\WpdUpFltr.sys
22:29:40.0494 1476  WpdUpFltr - ok
22:29:40.0525 1476  [ BC8B5CB336E63BB25EAD1CE8EDD34B81 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:29:40.0697 1476  ws2ifsl - ok
22:29:40.0728 1476  [ FB0C1B7F94FA08E72F19F6F2CE7210E1 ] wscsvc          C:\Windows\System32\wscsvc.dll
22:29:40.0869 1476  wscsvc - ok
22:29:40.0884 1476  WSearch - ok
22:29:40.0978 1476  [ C10BFFEE7E0D7A1366E84F251796C51D ] WSService       C:\Windows\System32\WSService.dll
22:29:41.0134 1476  WSService - ok
22:29:41.0228 1476  [ A8484C0CB54DB48180FB7CA00F1C3F8F ] wuauserv        C:\Windows\system32\wuaueng.dll
22:29:41.0431 1476  wuauserv - ok
22:29:41.0463 1476  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:29:41.0619 1476  WudfPf - ok
22:29:41.0650 1476  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\System32\drivers\WUDFRd.sys
22:29:41.0806 1476  WUDFRd - ok
22:29:41.0838 1476  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:29:41.0963 1476  wudfsvc - ok
22:29:41.0994 1476  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdFs       C:\Windows\system32\DRIVERS\WUDFRd.sys
22:29:42.0025 1476  WUDFWpdFs - ok
22:29:42.0088 1476  [ F9D8D2E6ECE08B278621D5BF3A7240A6 ] WwanSvc         C:\Windows\System32\wwansvc.dll
22:29:42.0228 1476  WwanSvc - ok
22:29:42.0275 1476  [ BB1842E3AA602B401F7692718B0D0F9A ] ZAtheros Wlan Agent C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
22:29:42.0431 1476  ZAtheros Wlan Agent - ok
22:29:42.0447 1476  ================ Scan global ===============================
22:29:42.0478 1476  [ DDC1AFBF9DDF880CE9BD3896114D8DED ] C:\Windows\system32\basesrv.dll
22:29:42.0525 1476  [ E9343076AE704D20BB0D01F3AF3EFFEF ] C:\Windows\system32\winsrv.dll
22:29:42.0556 1476  [ BD7C6949984D19AAA609896B675E7357 ] C:\Windows\system32\sxssrv.dll
22:29:42.0603 1476  [ 8F226143046435C75C033B0C52E90FFE ] C:\Windows\system32\services.exe
22:29:42.0728 1476  [Global] - ok
22:29:42.0728 1476  ================ Scan MBR ==================================
22:29:42.0744 1476  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
22:29:42.0853 1476  \Device\Harddisk0\DR0 - ok
22:29:42.0853 1476  ================ Scan VBR ==================================
22:29:42.0885 1476  [ 61C7285CFB59C20DFA961EE75A056B41 ] \Device\Harddisk0\DR0\Partition1
22:29:42.0885 1476  \Device\Harddisk0\DR0\Partition1 - ok
22:29:42.0900 1476  [ 0734B975355D510959DE3CA060E135F0 ] \Device\Harddisk0\DR0\Partition2
22:29:42.0900 1476  \Device\Harddisk0\DR0\Partition2 - ok
22:29:42.0931 1476  [ 160226873472F95200BFE27ED2823D10 ] \Device\Harddisk0\DR0\Partition3
22:29:42.0931 1476  \Device\Harddisk0\DR0\Partition3 - ok
22:29:42.0931 1476  [ AAB2E0C75E9E2CE6B5549F6D9EB17A5A ] \Device\Harddisk0\DR0\Partition4
22:29:42.0947 1476  \Device\Harddisk0\DR0\Partition4 - ok
22:29:42.0978 1476  [ 71940CD3704A80F55E27778468F0937A ] \Device\Harddisk0\DR0\Partition5
22:29:42.0978 1476  \Device\Harddisk0\DR0\Partition5 - ok
22:29:42.0978 1476  ============================================================
22:29:42.0978 1476  Scan finished
22:29:42.0978 1476  ============================================================
22:29:42.0994 5472  Detected object count: 1
22:29:42.0994 5472  Actual detected object count: 1
22:32:32.0139 5472  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
22:32:32.0139 5472  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip

Also ist das eine echte Infektion? Gruss

cosinus · 29.01.2013, 12:20

Zitat:

Also ist das eine echte Infektion? Gruss

Wir sind noch mitten in der Analyse!
Bitte nochmal MBAR ausprobieren, die neue Version ist jetzt verfügbar.

Realbuchilla · 29.01.2013, 13:22

Hey super, der Scan hat nichts gefunden, clean up war nicht erforderlich!! Habe auch alles upgedatet..

hier noch das log

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.01.0.1017
www.malwarebytes.org

Database version: v2013.01.29.04

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16466
Markus :: FREAKYBABY [administrator]

29.01.2013 13:04:15
mbar-log-2013-01-29 (13-04-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 8945
Time elapsed: 30 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

cosinus · 29.01.2013, 14:21

Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.