| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU Trojaner will einfach nicht verschwinden.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.03.2013, 12:16
| #1 | ||
 |  GVU Trojaner will einfach nicht verschwinden. Hallo liebe Community, ich habe mir mal wieder einen ganz besonders hartnäckigen GVU Trojaner eingefangen, der abgesicherte Modus meines Windows 7 Home Premium 64-Bit geht zwar noch, aber jegliche Versuche dem Teil Herr zu werden sind gescheitert, bisher ausgeführt : 1) Panda ActiveScan Pro 2) Temp. Files gelöscht 3) Malware Bytes Anti-Malware Leider habe ich wohl versäumt auf diesem Gerät SP1 zu installieren *peinlich* Anbei auch die beiden OTL Files! Zitat:
Zitat:
Gruß, DarKxRaideR |
|
05.03.2013, 12:44
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  GVU Trojaner will einfach nicht verschwinden. Hallo und
__________________ Zitat:
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
05.03.2013, 12:57
| #3 |
| | GVU Trojaner will einfach nicht verschwinden. Natürlich, hier bitte :
__________________Code:
ATTFilter ;***********************************************************************************************************************************************************************************
ANALYSIS: 2013-03-04 13:11:25
PROTECTIONS: 1
MALWARE: 2
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
McAfee VirusScan Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\oapalliance\appdata\roaming\microsoft\windows\cookies\oapalliance@doubleclick[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes Yes c:\users\oapalliance\appdata\roaming\microsoft\windows\cookies\oapalliance@ad.yieldmanager[2].txt
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No c:\oem\preload\autorun\app\arcade deluxe v4.0\pcmmovie\data1.cab[_5b1ae89f08479558f9c249abf9b5c8d3]
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================
Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.04.05 Windows 7 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 8.0.7600.16385 OAPalliance :: OAPALLIANCE-PC [Administrator] 04.03.2013 14:41:34 mbam-log-2013-03-04 (14-41-34).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 297227 Laufzeit: 15 Minute(n), 57 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) C:\Programdata\FullRemove.exe |
|
05.03.2013, 13:05
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner will einfach nicht verschwinden. Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte nun Logs mit GMER (<<< klick für Anleitung) und MBAR (Anleitung etwas weiter unten) erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur MBAR aus. Anleitung MBAR: Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
05.03.2013, 13:47
| #5 |
| | GVU Trojaner will einfach nicht verschwinden. Ergebniss ist folgendes : Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.05.02
Windows 7 x64 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.7600.16385
OAPalliance :: OAPALLIANCE-PC [administrator]
05.03.2013 13:46:21
mbar-log-2013-03-05 (13-46-21).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27789
Time elapsed: 10 minute(s), 19 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
05.03.2013, 14:00
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner will einfach nicht verschwinden. Was ist mit GMER?
__________________ --> GVU Trojaner will einfach nicht verschwinden. |
|
05.03.2013, 14:05
| #7 | |
| | GVU Trojaner will einfach nicht verschwinden.Zitat:
|
|
05.03.2013, 14:06
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner will einfach nicht verschwinden. Ok, aber eine Bitte: lass solche Zwischenrufe, poste nur wenn es Probleme gibt oder wenn du die Logs hast (diese dann auch posten in CODE-Tags)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.03.2013, 14:30
| #9 |
| | GVU Trojaner will einfach nicht verschwinden.Code:
ATTFilter GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-05 14:29:26
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465,76GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\OAPALL~1\AppData\Local\Temp\pglyqfog.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification
---- User IAT/EAT - GMER 2.1 ----
IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[1120] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!LoadLibraryA] [13f588960] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
IAT C:\Windows\Explorer.EXE[1396] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!FreeLibraryAndExitThread] [10002350] C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll
IAT C:\Windows\Explorer.EXE[1396] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!CreateThread] [10003450] C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll
IAT C:\Windows\Explorer.EXE[1396] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!LoadLibraryA] [100011e0] C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll
---- Devices - GMER 2.1 ----
Device \Driver\iaStor \Device\Dev_fffffa8004ef6050 fffffa8004acd328
---- Threads - GMER 2.1 ----
Thread System [4:1944] fffffa8004ac5b50
---- EOF - GMER 2.1 ----
|
|
05.03.2013, 14:40
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner will einfach nicht verschwinden. aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.03.2013, 15:31
| #11 |
| | GVU Trojaner will einfach nicht verschwinden. Hier zuerst die aswMBR: Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-05 14:47:37
-----------------------------
14:47:37.363 OS Version: Windows x64 6.1.7600
14:47:37.363 Number of processors: 4 586 0x2502
14:47:37.363 ComputerName: OAPALLIANCE-PC UserName: OAPalliance
14:47:38.330 Initialize success
14:53:56.038 AVAST engine defs: 13030500
14:54:17.754 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:54:17.754 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
14:54:17.910 Disk 0 MBR read successfully
14:54:17.910 Disk 0 MBR scan
14:54:17.925 Disk 0 Windows 7 default MBR code
14:54:17.956 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048
14:54:17.972 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 27265024
14:54:17.988 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 463526 MB offset 27469824
14:54:18.315 Disk 0 scanning C:\Windows\system32\drivers
14:55:29.061 Service scanning
14:55:49.373 Service UCORESYS D:\DMIEDIT_utility\UCORESYS.sys **LOCKED** 21
14:55:49.388 Service UCOREW64 D:\DMIEDIT_utility\UCOREW64.sys **LOCKED** 21
14:55:53.663 Modules scanning
14:55:53.663 Disk 0 trace - called modules:
14:55:53.709 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
14:55:53.709 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005f7e060]
14:55:53.725 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004ef6050]
14:55:54.739 AVAST engine scan C:\Windows
14:56:17.250 AVAST engine scan C:\Windows\system32
15:16:04.147 AVAST engine scan C:\Windows\system32\drivers
15:16:13.335 AVAST engine scan C:\Users\OAPalliance
15:17:07.498 AVAST engine scan C:\ProgramData
15:17:33.254 Scan finished successfully
15:21:11.826 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
15:21:12.029 The log file has been saved successfully to "E:\aswMBR.txt"
Code:
ATTFilter 15:21:29.0314 1168 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:21:31.0326 1168 ============================================================
15:21:31.0326 1168 Current date / time: 2013/03/05 15:21:31.0326
15:21:31.0326 1168 SystemInfo:
15:21:31.0326 1168
15:21:31.0326 1168 OS Version: 6.1.7600 ServicePack: 0.0
15:21:31.0326 1168 Product type: Workstation
15:21:31.0326 1168 ComputerName: OAPALLIANCE-PC
15:21:31.0326 1168 UserName: OAPalliance
15:21:31.0326 1168 Windows directory: C:\Windows
15:21:31.0326 1168 System windows directory: C:\Windows
15:21:31.0326 1168 Running under WOW64
15:21:31.0326 1168 Processor architecture: Intel x64
15:21:31.0326 1168 Number of processors: 4
15:21:31.0326 1168 Page size: 0x1000
15:21:31.0326 1168 Boot type: Safe boot with network
15:21:31.0326 1168 ============================================================
15:21:31.0685 1168 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:21:31.0685 1168 Drive \Device\Harddisk1\DR5 - Size: 0xEFC00000 (3.75 Gb), SectorSize: 0x200, Cylinders: 0x1E9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:21:31.0700 1168 ============================================================
15:21:31.0700 1168 \Device\Harddisk0\DR0:
15:21:31.0700 1168 MBR partitions:
15:21:31.0700 1168 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
15:21:31.0700 1168 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x38953000
15:21:31.0700 1168 \Device\Harddisk1\DR5:
15:21:31.0700 1168 MBR partitions:
15:21:31.0700 1168 \Device\Harddisk1\DR5\Partition1: MBR, Type 0xB, StartLBA 0x448, BlocksNum 0x77DBB8
15:21:31.0700 1168 ============================================================
15:21:31.0732 1168 C: <-> \Device\Harddisk0\DR0\Partition2
15:21:31.0732 1168 ============================================================
15:21:31.0732 1168 Initialize success
15:21:31.0732 1168 ============================================================
15:22:14.0117 2544 ============================================================
15:22:14.0117 2544 Scan started
15:22:14.0117 2544 Mode: Manual; SigCheck; TDLFS;
15:22:14.0117 2544 ============================================================
15:22:14.0476 2544 ================ Scan system memory ========================
15:22:14.0476 2544 System memory - ok
15:22:14.0476 2544 ================ Scan services =============================
15:22:14.0928 2544 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
15:22:14.0991 2544 1394ohci - ok
15:22:15.0022 2544 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
15:22:15.0037 2544 ACPI - ok
15:22:15.0084 2544 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
15:22:15.0147 2544 AcpiPmi - ok
15:22:15.0209 2544 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
15:22:15.0225 2544 adp94xx - ok
15:22:15.0256 2544 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
15:22:15.0256 2544 adpahci - ok
15:22:15.0271 2544 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
15:22:15.0271 2544 adpu320 - ok
15:22:15.0303 2544 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:22:15.0459 2544 AeLookupSvc - ok
15:22:15.0537 2544 [ B9384E03479D2506BC924C16A3DB87BC ] AFD C:\Windows\system32\drivers\afd.sys
15:22:15.0583 2544 AFD - ok
15:22:15.0615 2544 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
15:22:15.0615 2544 agp440 - ok
15:22:15.0646 2544 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:22:15.0693 2544 ALG - ok
15:22:15.0771 2544 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
15:22:15.0786 2544 aliide - ok
15:22:15.0849 2544 [ B4143CB1DD16AE73C6177C72F33450A6 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:22:15.0942 2544 AMD External Events Utility - ok
15:22:15.0958 2544 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
15:22:15.0973 2544 amdide - ok
15:22:16.0005 2544 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
15:22:16.0036 2544 AmdK8 - ok
15:22:16.0192 2544 [ D1D06810BF7E21F5763EB06CB7E7262B ] amdkmdag C:\Windows\system32\DRIVERS\atipmdag.sys
15:22:16.0285 2544 amdkmdag - ok
15:22:16.0332 2544 [ 6BA71D6616B56816E57394D77DD1BB6F ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
15:22:16.0363 2544 amdkmdap - ok
15:22:16.0379 2544 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
15:22:16.0395 2544 AmdPPM - ok
15:22:16.0457 2544 [ 7A4B413614C055935567CF88A9734D38 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
15:22:16.0473 2544 amdsata - ok
15:22:16.0504 2544 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
15:22:16.0519 2544 amdsbs - ok
15:22:16.0519 2544 [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
15:22:16.0519 2544 amdxata - ok
15:22:16.0597 2544 [ 391887990CDAA83DE5C56C3FDE966DA1 ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS
15:22:16.0629 2544 AmUStor - ok
15:22:16.0691 2544 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
15:22:16.0769 2544 AppID - ok
15:22:16.0800 2544 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:22:16.0847 2544 AppIDSvc - ok
15:22:16.0894 2544 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
15:22:16.0941 2544 Appinfo - ok
15:22:17.0003 2544 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
15:22:17.0003 2544 arc - ok
15:22:17.0019 2544 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
15:22:17.0019 2544 arcsas - ok
15:22:17.0050 2544 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:22:17.0097 2544 AsyncMac - ok
15:22:17.0128 2544 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
15:22:17.0128 2544 atapi - ok
15:22:17.0206 2544 [ 70260C7C98CC0101316F5B2650C3BB44 ] athr C:\Windows\system32\DRIVERS\athrx.sys
15:22:17.0253 2544 athr - ok
15:22:17.0331 2544 [ 77C149E6D702737B2E372DEE166FAEF8 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
15:22:17.0362 2544 AtiHdmiService - ok
15:22:17.0424 2544 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:22:17.0471 2544 AudioEndpointBuilder - ok
15:22:17.0502 2544 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:22:17.0549 2544 AudioSrv - ok
15:22:17.0580 2544 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:22:17.0643 2544 AxInstSV - ok
15:22:17.0705 2544 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
15:22:17.0736 2544 b06bdrv - ok
15:22:17.0783 2544 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:22:17.0814 2544 b57nd60a - ok
15:22:17.0939 2544 [ FDE8C8DC07E75347E4C6B455A0964217 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
15:22:17.0986 2544 BCM43XX - ok
15:22:18.0033 2544 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:22:18.0064 2544 BDESVC - ok
15:22:18.0095 2544 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:22:18.0126 2544 Beep - ok
15:22:18.0204 2544 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
15:22:18.0267 2544 BFE - ok
15:22:18.0298 2544 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
15:22:18.0360 2544 BITS - ok
15:22:18.0407 2544 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:22:18.0438 2544 blbdrive - ok
15:22:18.0454 2544 [ 91CE0D3DC57DD377E690A2D324022B08 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:22:18.0501 2544 bowser - ok
15:22:18.0532 2544 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:22:18.0563 2544 BrFiltLo - ok
15:22:18.0563 2544 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:22:18.0579 2544 BrFiltUp - ok
15:22:18.0641 2544 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll
15:22:18.0703 2544 Browser - ok
15:22:18.0735 2544 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:22:18.0781 2544 Brserid - ok
15:22:18.0781 2544 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:22:18.0813 2544 BrSerWdm - ok
15:22:18.0828 2544 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:22:18.0875 2544 BrUsbMdm - ok
15:22:18.0891 2544 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:22:18.0922 2544 BrUsbSer - ok
15:22:18.0937 2544 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
15:22:18.0953 2544 BTHMODEM - ok
15:22:19.0015 2544 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:22:19.0062 2544 bthserv - ok
15:22:19.0125 2544 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:22:19.0171 2544 cdfs - ok
15:22:19.0234 2544 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:22:19.0265 2544 cdrom - ok
15:22:19.0312 2544 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
15:22:19.0374 2544 CertPropSvc - ok
15:22:19.0421 2544 [ 735F1CF0175CC510D1BF28EB2EA74C4C ] cfwids C:\Windows\system32\drivers\cfwids.sys
15:22:19.0437 2544 cfwids - ok
15:22:19.0483 2544 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
15:22:19.0515 2544 circlass - ok
15:22:19.0561 2544 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:22:19.0577 2544 CLFS - ok
15:22:19.0733 2544 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:22:19.0733 2544 clr_optimization_v2.0.50727_32 - ok
15:22:19.0811 2544 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:22:19.0827 2544 clr_optimization_v2.0.50727_64 - ok
15:22:19.0873 2544 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:22:19.0905 2544 CmBatt - ok
15:22:19.0905 2544 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
15:22:19.0920 2544 cmdide - ok
15:22:19.0951 2544 [ F95FD4CB7DA00BA2A63CE9F6B5C053E1 ] CNG C:\Windows\system32\Drivers\cng.sys
15:22:19.0967 2544 CNG - ok
15:22:20.0014 2544 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:22:20.0014 2544 Compbatt - ok
15:22:20.0029 2544 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
15:22:20.0061 2544 CompositeBus - ok
15:22:20.0092 2544 COMSysApp - ok
15:22:20.0092 2544 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
15:22:20.0092 2544 crcdisk - ok
15:22:20.0154 2544 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:22:20.0185 2544 CryptSvc - ok
15:22:20.0232 2544 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:22:20.0295 2544 DcomLaunch - ok
15:22:20.0310 2544 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:22:20.0373 2544 defragsvc - ok
15:22:20.0404 2544 [ 3F1DC527070ACB87E40AFE46EF6DA749 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:22:20.0451 2544 DfsC - ok
15:22:20.0513 2544 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
15:22:20.0575 2544 Dhcp - ok
15:22:20.0638 2544 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:22:20.0669 2544 discache - ok
15:22:20.0731 2544 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
15:22:20.0731 2544 Disk - ok
15:22:20.0778 2544 [ 676108C4E3AA6F6B34633748BD0BEBD9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:22:20.0825 2544 Dnscache - ok
15:22:20.0872 2544 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
15:22:20.0919 2544 dot3svc - ok
15:22:20.0919 2544 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
15:22:20.0965 2544 DPS - ok
15:22:21.0012 2544 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:22:21.0028 2544 drmkaud - ok
15:22:21.0168 2544 [ 61E894FE1E9CC720C909E6E343351794 ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
15:22:21.0184 2544 DsiWMIService - ok
15:22:21.0246 2544 [ EBCE0B0924835F635F620D19F0529DCE ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:22:21.0262 2544 DXGKrnl - ok
15:22:21.0277 2544 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:22:21.0340 2544 EapHost - ok
15:22:21.0418 2544 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
15:22:21.0465 2544 ebdrv - ok
15:22:21.0480 2544 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\Windows\System32\lsass.exe
15:22:21.0511 2544 EFS - ok
15:22:21.0621 2544 [ B91D81B3B54A54CCAFC03733DBC2E29E ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:22:21.0683 2544 ehRecvr - ok
15:22:21.0683 2544 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:22:21.0699 2544 ehSched - ok
15:22:21.0730 2544 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
15:22:21.0745 2544 elxstor - ok
15:22:21.0917 2544 [ 679EFB7FB5FAB13A68ADB9AE9C6ED4EF ] ePowerSvc C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
15:22:21.0933 2544 ePowerSvc - ok
15:22:21.0948 2544 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
15:22:21.0948 2544 ErrDev - ok
15:22:22.0011 2544 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:22:22.0073 2544 EventSystem - ok
15:22:22.0104 2544 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:22:22.0151 2544 exfat - ok
15:22:22.0167 2544 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:22:22.0229 2544 fastfat - ok
15:22:22.0291 2544 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
15:22:22.0323 2544 Fax - ok
15:22:22.0369 2544 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:22:22.0401 2544 fdc - ok
15:22:22.0447 2544 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:22:22.0479 2544 fdPHost - ok
15:22:22.0479 2544 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:22:22.0525 2544 FDResPub - ok
15:22:22.0541 2544 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:22:22.0557 2544 FileInfo - ok
15:22:22.0557 2544 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:22:22.0603 2544 Filetrace - ok
15:22:22.0635 2544 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:22:22.0650 2544 flpydisk - ok
15:22:22.0681 2544 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:22:22.0697 2544 FltMgr - ok
15:22:22.0728 2544 [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A ] FontCache C:\Windows\system32\FntCache.dll
15:22:22.0791 2544 FontCache - ok
15:22:22.0853 2544 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:22:22.0853 2544 FontCache3.0.0.0 - ok
15:22:22.0869 2544 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:22:22.0884 2544 FsDepends - ok
15:22:22.0900 2544 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:22:22.0900 2544 Fs_Rec - ok
15:22:22.0931 2544 [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:22:22.0947 2544 fvevol - ok
15:22:22.0947 2544 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
15:22:22.0962 2544 gagp30kx - ok
15:22:23.0009 2544 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
15:22:23.0040 2544 gpsvc - ok
15:22:23.0118 2544 [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
15:22:23.0134 2544 GREGService - ok
15:22:23.0165 2544 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:22:23.0165 2544 gusvc - ok
15:22:23.0259 2544 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:22:23.0290 2544 hcw85cir - ok
15:22:23.0337 2544 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:22:23.0368 2544 HdAudAddService - ok
15:22:23.0399 2544 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:22:23.0415 2544 HDAudBus - ok
15:22:23.0461 2544 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
15:22:23.0461 2544 HECIx64 - ok
15:22:23.0461 2544 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
15:22:23.0477 2544 HidBatt - ok
15:22:23.0508 2544 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
15:22:23.0524 2544 HidBth - ok
15:22:23.0539 2544 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
15:22:23.0555 2544 HidIr - ok
15:22:23.0586 2544 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
15:22:23.0633 2544 hidserv - ok
15:22:23.0695 2544 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:22:23.0695 2544 HidUsb - ok
15:22:23.0727 2544 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:22:23.0773 2544 hkmsvc - ok
15:22:23.0789 2544 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:22:23.0836 2544 HomeGroupListener - ok
15:22:23.0851 2544 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:22:23.0883 2544 HomeGroupProvider - ok
15:22:23.0914 2544 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
15:22:23.0914 2544 HpSAMD - ok
15:22:23.0945 2544 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:22:24.0007 2544 HTTP - ok
15:22:24.0007 2544 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:22:24.0023 2544 hwpolicy - ok
15:22:24.0085 2544 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:22:24.0085 2544 i8042prt - ok
15:22:24.0117 2544 [ ABBF174CB394F5C437410A788B7E404A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
15:22:24.0132 2544 iaStor - ok
15:22:24.0226 2544 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
15:22:24.0241 2544 IAStorDataMgrSvc - ok
15:22:24.0304 2544 [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
15:22:24.0304 2544 iaStorV - ok
15:22:24.0366 2544 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:22:24.0382 2544 idsvc - ok
15:22:24.0429 2544 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
15:22:24.0429 2544 iirsp - ok
15:22:24.0460 2544 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
15:22:24.0507 2544 IKEEXT - ok
15:22:24.0600 2544 [ C48567D80AD357613CD0EEADE18780AE ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
15:22:24.0647 2544 Impcd - ok
15:22:24.0725 2544 [ A0EAB13A78CC5FB960EC76E3D6408DA3 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:22:24.0772 2544 IntcAzAudAddService - ok
15:22:24.0787 2544 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
15:22:24.0787 2544 intelide - ok
15:22:24.0975 2544 [ 90AFAB2B5962B1CD5BB23320675D6174 ] intelkmd C:\Windows\system32\DRIVERS\igdpmd64.sys
15:22:25.0084 2544 intelkmd - ok
15:22:25.0099 2544 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:22:25.0131 2544 intelppm - ok
15:22:25.0146 2544 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:22:25.0193 2544 IPBusEnum - ok
15:22:25.0209 2544 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:22:25.0240 2544 IpFilterDriver - ok
15:22:25.0271 2544 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:22:25.0333 2544 iphlpsvc - ok
15:22:25.0349 2544 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
15:22:25.0365 2544 IPMIDRV - ok
15:22:25.0365 2544 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:22:25.0411 2544 IPNAT - ok
15:22:25.0427 2544 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:22:25.0443 2544 IRENUM - ok
15:22:25.0443 2544 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
15:22:25.0458 2544 isapnp - ok
15:22:25.0489 2544 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
15:22:25.0505 2544 iScsiPrt - ok
15:22:25.0521 2544 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:22:25.0536 2544 kbdclass - ok
15:22:25.0552 2544 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:22:25.0583 2544 kbdhid - ok
15:22:25.0599 2544 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\Windows\system32\lsass.exe
15:22:25.0599 2544 KeyIso - ok
15:22:25.0630 2544 [ E8B6FCC9C83535C67F835D407620BD27 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:22:25.0645 2544 KSecDD - ok
15:22:25.0661 2544 [ BBE1BF6D9B661C354D4857D5FADB943B ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:22:25.0677 2544 KSecPkg - ok
15:22:25.0708 2544 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:22:25.0755 2544 ksthunk - ok
15:22:25.0786 2544 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:22:25.0848 2544 KtmRm - ok
15:22:25.0895 2544 [ 6E0698CEA0901FD1A2B9CE0859E2D8FE ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
15:22:25.0895 2544 L1C - ok
15:22:25.0957 2544 [ C926920B8978DE6ACFE9E15C709E9B57 ] LanmanServer C:\Windows\system32\srvsvc.dll
15:22:26.0004 2544 LanmanServer - ok
15:22:26.0051 2544 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:22:26.0098 2544 LanmanWorkstation - ok
15:22:26.0160 2544 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:22:26.0191 2544 lltdio - ok
15:22:26.0223 2544 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:22:26.0269 2544 lltdsvc - ok
15:22:26.0285 2544 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:22:26.0316 2544 lmhosts - ok
15:22:26.0410 2544 [ A1C148801B4AF64847AEB9F3AD9594EF ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:22:26.0441 2544 LMS ( UnsignedFile.Multi.Generic ) - warning
15:22:26.0441 2544 LMS - detected UnsignedFile.Multi.Generic (1)
15:22:26.0488 2544 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
15:22:26.0503 2544 LSI_FC - ok
15:22:26.0519 2544 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
15:22:26.0519 2544 LSI_SAS - ok
15:22:26.0535 2544 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:22:26.0535 2544 LSI_SAS2 - ok
15:22:26.0566 2544 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:22:26.0566 2544 LSI_SCSI - ok
15:22:26.0597 2544 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:22:26.0644 2544 luafv - ok
15:22:26.0722 2544 [ E4421EE8DAC8AD4CCCF6090C9EA52211 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:22:26.0722 2544 McAfee SiteAdvisor Service - ok
15:22:26.0800 2544 [ E4421EE8DAC8AD4CCCF6090C9EA52211 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:22:26.0800 2544 McMPFSvc - ok
15:22:26.0831 2544 [ E4421EE8DAC8AD4CCCF6090C9EA52211 ] mcmscsvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
15:22:26.0831 2544 mcmscsvc - ok
15:22:26.0847 2544 [ E4421EE8DAC8AD4CCCF6090C9EA52211 ] McNaiAnn C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
15:22:26.0847 2544 McNaiAnn - ok
15:22:26.0893 2544 [ E4421EE8DAC8AD4CCCF6090C9EA52211 ] McNASvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
15:22:26.0893 2544 McNASvc - ok
15:22:26.0987 2544 [ 06A4F882427FDC7ECC575F6633814565 ] McODS C:\Program Files\mcafee\VirusScan\mcods.exe
15:22:27.0003 2544 McODS - ok
15:22:27.0003 2544 [ E4421EE8DAC8AD4CCCF6090C9EA52211 ] McOobeSv C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
15:22:27.0018 2544 McOobeSv - ok
15:22:27.0081 2544 [ E4421EE8DAC8AD4CCCF6090C9EA52211 ] McProxy C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
15:22:27.0081 2544 McProxy - ok
15:22:27.0159 2544 [ 7BE77F9B4AF85863154FF0D2A0AEC0F1 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
15:22:27.0174 2544 McShield - ok
15:22:27.0205 2544 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:22:27.0221 2544 Mcx2Svc - ok
15:22:27.0237 2544 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
15:22:27.0252 2544 megasas - ok
15:22:27.0299 2544 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
15:22:27.0299 2544 MegaSR - ok
15:22:27.0346 2544 [ 0E7C21761AF136CC69AB4C70AF0E1AFB ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
15:22:27.0361 2544 mfeapfk - ok
15:22:27.0377 2544 [ 940322EEF87FCCCE14AEB2E2E3010D6B ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
15:22:27.0393 2544 mfeavfk - ok
15:22:27.0439 2544 [ 2810A58E1504E23AF6D4D046332CF709 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
15:22:27.0455 2544 mfefire - ok
15:22:27.0471 2544 [ E28B633FC5CA7449B67B9E3204143D82 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
15:22:27.0486 2544 mfefirek - ok
15:22:27.0502 2544 [ D4D7BD28B9B407F0B2BA6579DE689DEC ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
15:22:27.0502 2544 mfehidk - ok
15:22:27.0517 2544 [ C0B72F83E453B883D0C56BE99F161EDF ] mfenlfk C:\Windows\system32\DRIVERS\mfenlfk.sys
15:22:27.0517 2544 mfenlfk - ok
15:22:27.0549 2544 [ E284A06B2C3493CDE22AA9B31B123B57 ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
15:22:27.0549 2544 mferkdet - ok
15:22:27.0595 2544 [ D276436C173C3A48B17973CC4BF21CA9 ] mfevtp C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
15:22:27.0611 2544 mfevtp - ok
15:22:27.0627 2544 [ B8D41FDB7262F758DC498CFEE44E513B ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
15:22:27.0627 2544 mfewfpk - ok
15:22:27.0689 2544 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:22:27.0736 2544 MMCSS - ok
15:22:27.0751 2544 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:22:27.0798 2544 Modem - ok
15:22:27.0845 2544 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:22:27.0861 2544 monitor - ok
15:22:27.0923 2544 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:22:27.0923 2544 mouclass - ok
15:22:27.0923 2544 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:22:27.0939 2544 mouhid - ok
15:22:27.0970 2544 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:22:27.0970 2544 mountmgr - ok
15:22:27.0985 2544 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
15:22:27.0985 2544 mpio - ok
15:22:28.0001 2544 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:22:28.0032 2544 mpsdrv - ok
15:22:28.0063 2544 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:22:28.0126 2544 MpsSvc - ok
15:22:28.0126 2544 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:22:28.0141 2544 MRxDAV - ok
15:22:28.0141 2544 [ 767A4C3BCF9410C286CED15A2DB17108 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:22:28.0173 2544 mrxsmb - ok
15:22:28.0188 2544 [ 920EE0FF995FCFDEB08C41605A959E1C ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:22:28.0204 2544 mrxsmb10 - ok
15:22:28.0204 2544 [ 740D7EA9D72C981510A5292CF6ADC941 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:22:28.0219 2544 mrxsmb20 - ok
15:22:28.0235 2544 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
15:22:28.0251 2544 msahci - ok
15:22:28.0282 2544 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
15:22:28.0282 2544 msdsm - ok
15:22:28.0297 2544 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:22:28.0313 2544 MSDTC - ok
15:22:28.0313 2544 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:22:28.0344 2544 Msfs - ok
15:22:28.0360 2544 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:22:28.0391 2544 mshidkmdf - ok
15:22:28.0391 2544 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
15:22:28.0407 2544 msisadrv - ok
15:22:28.0453 2544 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:22:28.0500 2544 MSiSCSI - ok
15:22:28.0516 2544 msiserver - ok
15:22:28.0531 2544 [ E4421EE8DAC8AD4CCCF6090C9EA52211 ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:22:28.0547 2544 MSK80Service - ok
15:22:28.0563 2544 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:22:28.0609 2544 MSKSSRV - ok
15:22:28.0656 2544 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:22:28.0687 2544 MSPCLOCK - ok
15:22:28.0687 2544 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:22:28.0734 2544 MSPQM - ok
15:22:28.0750 2544 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:22:28.0765 2544 MsRPC - ok
15:22:28.0781 2544 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:22:28.0781 2544 mssmbios - ok
15:22:28.0812 2544 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:22:28.0843 2544 MSTEE - ok
15:22:28.0859 2544 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
15:22:28.0875 2544 MTConfig - ok
15:22:28.0906 2544 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:22:28.0921 2544 Mup - ok
15:22:28.0984 2544 [ 6FFECC25B39DC7652A0CEC0ADA9DB589 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
15:22:28.0999 2544 mwlPSDFilter - ok
15:22:29.0015 2544 [ 0BEFE32CA56D6EE89D58175725596A85 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
15:22:29.0015 2544 mwlPSDNServ - ok
15:22:29.0015 2544 [ D43BC633B8660463E446E28E14A51262 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
15:22:29.0031 2544 mwlPSDVDisk - ok
15:22:29.0109 2544 [ 0036634E5C92BE109056F7E2380103A9 ] MWLService C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
15:22:29.0124 2544 MWLService - ok
15:22:29.0155 2544 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
15:22:29.0202 2544 napagent - ok
15:22:29.0265 2544 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:22:29.0280 2544 NativeWifiP - ok
15:22:29.0327 2544 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
15:22:29.0358 2544 NDIS - ok
15:22:29.0389 2544 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:22:29.0436 2544 NdisCap - ok
15:22:29.0467 2544 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:22:29.0514 2544 NdisTapi - ok
15:22:29.0530 2544 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:22:29.0577 2544 Ndisuio - ok
15:22:29.0592 2544 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:22:29.0623 2544 NdisWan - ok
15:22:29.0623 2544 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:22:29.0670 2544 NDProxy - ok
15:22:29.0686 2544 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:22:29.0717 2544 NetBIOS - ok
15:22:29.0717 2544 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:22:29.0764 2544 NetBT - ok
15:22:29.0779 2544 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\Windows\system32\lsass.exe
15:22:29.0795 2544 Netlogon - ok
15:22:29.0857 2544 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:22:29.0904 2544 Netman - ok
15:22:29.0920 2544 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:22:29.0982 2544 netprofm - ok
15:22:30.0013 2544 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:22:30.0013 2544 NetTcpPortSharing - ok
15:22:30.0045 2544 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
15:22:30.0060 2544 nfrd960 - ok
15:22:30.0123 2544 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:22:30.0169 2544 NlaSvc - ok
15:22:30.0169 2544 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:22:30.0201 2544 Npfs - ok
15:22:30.0216 2544 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:22:30.0263 2544 nsi - ok
15:22:30.0279 2544 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:22:30.0310 2544 nsiproxy - ok
15:22:30.0357 2544 [ 356698A13C4630D5B31C37378D469196 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:22:30.0388 2544 Ntfs - ok
15:22:30.0481 2544 [ 5B3CE960C62DBE864BE9A0BD043A3E30 ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
15:22:30.0497 2544 NTI IScheduleSvc ( UnsignedFile.Multi.Generic ) - warning
15:22:30.0497 2544 NTI IScheduleSvc - detected UnsignedFile.Multi.Generic (1)
15:22:30.0622 2544 [ 15221DD637D9D0FFC60848EBBF1DF538 ] NTIBackupSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
15:22:30.0622 2544 NTIBackupSvc - ok
15:22:30.0653 2544 [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
15:22:30.0653 2544 NTIDrvr - ok
15:22:30.0684 2544 [ B5071E15D4C3F5EF5018AFF7E85A85E5 ] NTISchedulerSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
15:22:30.0684 2544 NTISchedulerSvc - ok
15:22:30.0715 2544 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:22:30.0762 2544 Null - ok
15:22:30.0809 2544 [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
15:22:30.0809 2544 nvraid - ok
15:22:30.0825 2544 [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
15:22:30.0825 2544 nvstor - ok
15:22:30.0840 2544 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
15:22:30.0840 2544 nv_agp - ok
15:22:30.0840 2544 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
15:22:30.0856 2544 ohci1394 - ok
15:22:30.0887 2544 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:22:30.0918 2544 p2pimsvc - ok
15:22:30.0949 2544 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:22:30.0965 2544 p2psvc - ok
15:22:30.0981 2544 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
15:22:30.0981 2544 Parport - ok
15:22:30.0996 2544 [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:22:31.0012 2544 partmgr - ok
15:22:31.0027 2544 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:22:31.0043 2544 PcaSvc - ok
15:22:31.0059 2544 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
15:22:31.0059 2544 pci - ok
15:22:31.0074 2544 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
15:22:31.0074 2544 pciide - ok
15:22:31.0074 2544 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
15:22:31.0090 2544 pcmcia - ok
15:22:31.0090 2544 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:22:31.0105 2544 pcw - ok
15:22:31.0121 2544 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:22:31.0168 2544 PEAUTH - ok
15:22:31.0355 2544 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:22:31.0371 2544 PerfHost - ok
15:22:31.0433 2544 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
15:22:31.0511 2544 pla - ok
15:22:31.0589 2544 [ 23157D583244400E1D7FBAEE2E4B31B7 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:22:31.0620 2544 PlugPlay - ok
15:22:31.0636 2544 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:22:31.0667 2544 PNRPAutoReg - ok
15:22:31.0683 2544 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:22:31.0698 2544 PNRPsvc - ok
15:22:31.0729 2544 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:22:31.0792 2544 PolicyAgent - ok
15:22:31.0807 2544 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:22:31.0870 2544 Power - ok
15:22:31.0917 2544 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:22:31.0948 2544 PptpMiniport - ok
15:22:31.0979 2544 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
15:22:31.0995 2544 Processor - ok
15:22:32.0057 2544 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll
15:22:32.0104 2544 ProfSvc - ok
15:22:32.0119 2544 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
15:22:32.0135 2544 ProtectedStorage - ok
15:22:32.0182 2544 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:22:32.0229 2544 Psched - ok
15:22:32.0260 2544 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
15:22:32.0291 2544 ql2300 - ok
15:22:32.0322 2544 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
15:22:32.0322 2544 ql40xx - ok
15:22:32.0353 2544 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:22:32.0369 2544 QWAVE - ok
15:22:32.0369 2544 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:22:32.0385 2544 QWAVEdrv - ok
15:22:32.0400 2544 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:22:32.0431 2544 RasAcd - ok
15:22:32.0494 2544 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:22:32.0525 2544 RasAgileVpn - ok
15:22:32.0572 2544 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:22:32.0619 2544 RasAuto - ok
15:22:32.0634 2544 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:22:32.0681 2544 Rasl2tp - ok
15:22:32.0697 2544 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
15:22:32.0759 2544 RasMan - ok
15:22:32.0759 2544 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:22:32.0790 2544 RasPppoe - ok
15:22:32.0837 2544 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:22:32.0884 2544 RasSstp - ok
15:22:32.0915 2544 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:22:32.0962 2544 rdbss - ok
15:22:32.0977 2544 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:22:32.0993 2544 rdpbus - ok
15:22:32.0993 2544 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:22:33.0024 2544 RDPCDD - ok
15:22:33.0055 2544 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:22:33.0118 2544 RDPENCDD - ok
15:22:33.0118 2544 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:22:33.0165 2544 RDPREFMP - ok
15:22:33.0165 2544 [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:22:33.0211 2544 RDPWD - ok
15:22:33.0227 2544 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:22:33.0227 2544 rdyboost - ok
15:22:33.0274 2544 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:22:33.0305 2544 RemoteAccess - ok
15:22:33.0352 2544 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:22:33.0399 2544 RemoteRegistry - ok
15:22:33.0461 2544 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:22:33.0508 2544 RpcEptMapper - ok
15:22:33.0539 2544 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:22:33.0539 2544 RpcLocator - ok
15:22:33.0570 2544 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
15:22:33.0601 2544 RpcSs - ok
15:22:33.0679 2544 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:22:33.0726 2544 rspndr - ok
15:22:33.0742 2544 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\Windows\system32\lsass.exe
15:22:33.0757 2544 SamSs - ok
15:22:33.0773 2544 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
15:22:33.0773 2544 sbp2port - ok
15:22:33.0789 2544 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:22:33.0835 2544 SCardSvr - ok
15:22:33.0851 2544 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:22:33.0898 2544 scfilter - ok
15:22:33.0945 2544 [ EC56B171F85C7E855E7B0588AC503EEA ] Schedule C:\Windows\system32\schedsvc.dll
15:22:34.0007 2544 Schedule - ok
15:22:34.0023 2544 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:22:34.0069 2544 SCPolicySvc - ok
15:22:34.0069 2544 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:22:34.0116 2544 SDRSVC - ok
15:22:34.0163 2544 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:22:34.0225 2544 secdrv - ok
15:22:34.0241 2544 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
15:22:34.0288 2544 seclogon - ok
15:22:34.0288 2544 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
15:22:34.0335 2544 SENS - ok
15:22:34.0381 2544 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:22:34.0397 2544 SensrSvc - ok
15:22:34.0444 2544 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:22:34.0459 2544 Serenum - ok
15:22:34.0506 2544 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:22:34.0522 2544 Serial - ok
15:22:34.0537 2544 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
15:22:34.0553 2544 sermouse - ok
15:22:34.0615 2544 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
15:22:34.0647 2544 SessionEnv - ok
15:22:34.0678 2544 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
15:22:34.0709 2544 sffdisk - ok
15:22:34.0709 2544 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
15:22:34.0725 2544 sffp_mmc - ok
15:22:34.0740 2544 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
15:22:34.0740 2544 sffp_sd - ok
15:22:34.0787 2544 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
15:22:34.0803 2544 sfloppy - ok
15:22:34.0849 2544 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:22:34.0912 2544 SharedAccess - ok
15:22:34.0943 2544 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:22:34.0974 2544 ShellHWDetection - ok
15:22:35.0005 2544 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:22:35.0021 2544 SiSRaid2 - ok
15:22:35.0021 2544 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
15:22:35.0021 2544 SiSRaid4 - ok
15:22:35.0052 2544 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:22:35.0083 2544 Smb - ok
15:22:35.0146 2544 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:22:35.0161 2544 SNMPTRAP - ok
15:22:35.0177 2544 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:22:35.0193 2544 spldr - ok
15:22:35.0208 2544 [ 89E8550C5862999FCF482EA562B0E98E ] Spooler C:\Windows\System32\spoolsv.exe
15:22:35.0224 2544 Spooler - ok
15:22:35.0302 2544 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
15:22:35.0411 2544 sppsvc - ok
15:22:35.0411 2544 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:22:35.0442 2544 sppuinotify - ok
15:22:35.0473 2544 [ 37C3ABC2338010E110D2A6A3930F3149 ] srv C:\Windows\system32\DRIVERS\srv.sys
15:22:35.0489 2544 srv - ok
15:22:35.0505 2544 [ F773D2ED090B7BAA1C1A034F3CA476C8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:22:35.0551 2544 srv2 - ok
15:22:35.0551 2544 [ CCE32BB223E9FF55D241099A858FA889 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:22:35.0583 2544 srvnet - ok
15:22:35.0645 2544 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:22:35.0707 2544 SSDPSRV - ok
15:22:35.0723 2544 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:22:35.0754 2544 SstpSvc - ok
15:22:35.0770 2544 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
15:22:35.0770 2544 stexstor - ok
15:22:35.0801 2544 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
15:22:35.0832 2544 stisvc - ok
15:22:35.0863 2544 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:22:35.0879 2544 swenum - ok
15:22:35.0910 2544 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:22:35.0957 2544 swprv - ok
15:22:36.0019 2544 [ ED6D1424E5B0C21A57B28DD8508D6843 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
15:22:36.0019 2544 SynTP - ok
15:22:36.0066 2544 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
15:22:36.0129 2544 SysMain - ok
15:22:36.0144 2544 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:22:36.0175 2544 TabletInputService - ok
15:22:36.0207 2544 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
15:22:36.0253 2544 TapiSrv - ok
15:22:36.0269 2544 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:22:36.0316 2544 TBS - ok
15:22:36.0394 2544 [ 912107716BAB424C7870E8E6AF5E07E1 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:22:36.0425 2544 Tcpip - ok
15:22:36.0503 2544 [ 912107716BAB424C7870E8E6AF5E07E1 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:22:36.0534 2544 TCPIP6 - ok
15:22:36.0534 2544 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:22:36.0565 2544 tcpipreg - ok
15:22:36.0597 2544 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:22:36.0643 2544 TDPIPE - ok
15:22:36.0675 2544 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:22:36.0706 2544 TDTCP - ok
15:22:36.0737 2544 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:22:36.0784 2544 tdx - ok
15:22:36.0799 2544 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:22:36.0799 2544 TermDD - ok
15:22:36.0846 2544 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
15:22:36.0909 2544 TermService - ok
15:22:36.0924 2544 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:22:36.0940 2544 Themes - ok
15:22:36.0955 2544 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:22:36.0987 2544 THREADORDER - ok
15:22:37.0002 2544 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:22:37.0065 2544 TrkWks - ok
15:22:37.0096 2544 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:22:37.0127 2544 TrustedInstaller - ok
15:22:37.0143 2544 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:22:37.0189 2544 tssecsrv - ok
15:22:37.0252 2544 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:22:37.0299 2544 tunnel - ok
15:22:37.0361 2544 [ 825E7A1F48FB8BCFBA27C178AAB4E275 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
15:22:37.0361 2544 TurboB - ok
15:22:37.0392 2544 [ B206BE1174D5964D49A56BB6C4E0524A ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
15:22:37.0408 2544 TurboBoost - ok
15:22:37.0439 2544 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
15:22:37.0455 2544 uagp35 - ok
15:22:37.0470 2544 [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
15:22:37.0470 2544 UBHelper - ok
15:22:37.0501 2544 UCORESYS - ok
15:22:37.0517 2544 UCOREW64 - ok
15:22:37.0517 2544 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:22:37.0579 2544 udfs - ok
15:22:37.0626 2544 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:22:37.0642 2544 UI0Detect - ok
15:22:37.0673 2544 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
15:22:37.0689 2544 uliagpkx - ok
15:22:37.0751 2544 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:22:37.0767 2544 umbus - ok
15:22:37.0798 2544 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
15:22:37.0829 2544 UmPass - ok
15:22:37.0938 2544 [ 41118D920B2B268C0ADC36421248CDCF ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
15:22:38.0001 2544 UNS ( UnsignedFile.Multi.Generic ) - warning
15:22:38.0001 2544 UNS - detected UnsignedFile.Multi.Generic (1)
15:22:38.0079 2544 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
15:22:38.0079 2544 Updater Service - ok
15:22:38.0125 2544 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:22:38.0157 2544 upnphost - ok
15:22:38.0172 2544 [ B26AFB54A534D634523C4FB66765B026 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:22:38.0203 2544 usbccgp - ok
15:22:38.0203 2544 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
15:22:38.0235 2544 usbcir - ok
15:22:38.0235 2544 [ CB490987A7F6928A04BB838E3BD8A936 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:22:38.0266 2544 usbehci - ok
15:22:38.0313 2544 [ 18124EF0A881A00EE222D02A3EE30270 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:22:38.0344 2544 usbhub - ok
15:22:38.0359 2544 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
15:22:38.0359 2544 usbohci - ok
15:22:38.0375 2544 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:22:38.0406 2544 usbprint - ok
15:22:38.0437 2544 [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:22:38.0453 2544 USBSTOR - ok
15:22:38.0453 2544 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
15:22:38.0469 2544 usbuhci - ok
15:22:38.0515 2544 [ D501E12614B00A3252073101D6A1A74B ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
15:22:38.0547 2544 usbvideo - ok
15:22:38.0593 2544 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:22:38.0640 2544 UxSms - ok
15:22:38.0656 2544 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\Windows\system32\lsass.exe
15:22:38.0656 2544 VaultSvc - ok
15:22:38.0718 2544 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
15:22:38.0734 2544 vdrvroot - ok
15:22:38.0749 2544 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
15:22:38.0765 2544 vds - ok
15:22:38.0781 2544 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:22:38.0796 2544 vga - ok
15:22:38.0796 2544 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:22:38.0859 2544 VgaSave - ok
15:22:38.0859 2544 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
15:22:38.0859 2544 vhdmp - ok
15:22:38.0874 2544 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
15:22:38.0874 2544 viaide - ok
15:22:38.0874 2544 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
15:22:38.0890 2544 volmgr - ok
15:22:38.0921 2544 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:22:38.0921 2544 volmgrx - ok
15:22:38.0968 2544 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
15:22:38.0968 2544 volsnap - ok
15:22:38.0983 2544 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
15:22:38.0999 2544 vsmraid - ok
15:22:39.0046 2544 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
15:22:39.0093 2544 VSS - ok
15:22:39.0108 2544 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
15:22:39.0124 2544 vwifibus - ok
15:22:39.0139 2544 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
15:22:39.0171 2544 vwififlt - ok
15:22:39.0171 2544 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:22:39.0217 2544 W32Time - ok
15:22:39.0217 2544 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
15:22:39.0249 2544 WacomPen - ok
15:22:39.0295 2544 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:22:39.0327 2544 WANARP - ok
15:22:39.0342 2544 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:22:39.0389 2544 Wanarpv6 - ok
15:22:39.0451 2544 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
15:22:39.0529 2544 wbengine - ok
15:22:39.0545 2544 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:22:39.0561 2544 WbioSrvc - ok
15:22:39.0576 2544 [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:22:39.0592 2544 wcncsvc - ok
15:22:39.0623 2544 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:22:39.0639 2544 WcsPlugInService - ok
15:22:39.0670 2544 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
15:22:39.0670 2544 Wd - ok
15:22:39.0685 2544 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:22:39.0701 2544 Wdf01000 - ok
15:22:39.0732 2544 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:22:39.0763 2544 WdiServiceHost - ok
15:22:39.0763 2544 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:22:39.0779 2544 WdiSystemHost - ok
15:22:39.0826 2544 [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient C:\Windows\System32\webclnt.dll
15:22:39.0857 2544 WebClient - ok
15:22:39.0873 2544 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:22:39.0919 2544 Wecsvc - ok
15:22:39.0935 2544 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:22:39.0966 2544 wercplsupport - ok
15:22:40.0013 2544 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:22:40.0060 2544 WerSvc - ok
15:22:40.0122 2544 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:22:40.0169 2544 WfpLwf - ok
15:22:40.0169 2544 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:22:40.0169 2544 WIMMount - ok
15:22:40.0200 2544 WinDefend - ok
15:22:40.0216 2544 WinHttpAutoProxySvc - ok
15:22:40.0325 2544 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:22:40.0387 2544 Winmgmt - ok
15:22:40.0434 2544 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
15:22:40.0497 2544 WinRM - ok
15:22:40.0575 2544 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:22:40.0606 2544 Wlansvc - ok
15:22:40.0621 2544 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
15:22:40.0621 2544 WmiAcpi - ok
15:22:40.0668 2544 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:22:40.0684 2544 wmiApSrv - ok
15:22:40.0715 2544 WMPNetworkSvc - ok
15:22:40.0777 2544 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:22:40.0793 2544 WPCSvc - ok
15:22:40.0809 2544 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:22:40.0855 2544 WPDBusEnum - ok
15:22:40.0887 2544 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:22:40.0918 2544 ws2ifsl - ok
15:22:40.0933 2544 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
15:22:40.0949 2544 wscsvc - ok
15:22:40.0949 2544 WSearch - ok
15:22:41.0011 2544 [ 38340204A2D0228F1E87740FC5E554A7 ] wuauserv C:\Windows\system32\wuaueng.dll
15:22:41.0074 2544 wuauserv - ok
15:22:41.0074 2544 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:22:41.0121 2544 WudfPf - ok
15:22:41.0152 2544 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:22:41.0199 2544 WUDFRd - ok
15:22:41.0214 2544 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:22:41.0261 2544 wudfsvc - ok
15:22:41.0277 2544 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
15:22:41.0323 2544 WwanSvc - ok
15:22:41.0339 2544 ================ Scan global ===============================
15:22:41.0370 2544 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:22:41.0401 2544 [ 457B44AB6D502E55F64A867D4F35C76C ] C:\Windows\system32\winsrv.dll
15:22:41.0417 2544 [ 457B44AB6D502E55F64A867D4F35C76C ] C:\Windows\system32\winsrv.dll
15:22:41.0433 2544 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:22:41.0448 2544 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:22:41.0464 2544 [Global] - ok
15:22:41.0464 2544 ================ Scan MBR ==================================
15:22:41.0464 2544 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:22:41.0838 2544 \Device\Harddisk0\DR0 - ok
15:22:41.0838 2544 [ 66D0B28C8B44E531D0C19F436252ABAA ] \Device\Harddisk1\DR5
15:22:42.0072 2544 \Device\Harddisk1\DR5 - ok
15:22:42.0072 2544 ================ Scan VBR ==================================
15:22:42.0072 2544 [ B1ADC821C09162BF30507CA68446E0D8 ] \Device\Harddisk0\DR0\Partition1
15:22:42.0088 2544 \Device\Harddisk0\DR0\Partition1 - ok
15:22:42.0135 2544 [ 56C07F3D509DDCF15221732D0CB43766 ] \Device\Harddisk0\DR0\Partition2
15:22:42.0135 2544 \Device\Harddisk0\DR0\Partition2 - ok
15:22:42.0150 2544 [ F59B9F18D4C7F38ED4ED841C11AD7582 ] \Device\Harddisk1\DR5\Partition1
15:22:42.0150 2544 \Device\Harddisk1\DR5\Partition1 - ok
15:22:42.0150 2544 ============================================================
15:22:42.0150 2544 Scan finished
15:22:42.0150 2544 ============================================================
15:22:42.0166 2320 Detected object count: 3
15:22:42.0166 2320 Actual detected object count: 3
15:27:43.0153 2320 LMS ( UnsignedFile.Multi.Generic ) - skipped by user
15:27:43.0153 2320 LMS ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:27:43.0168 2320 NTI IScheduleSvc ( UnsignedFile.Multi.Generic ) - skipped by user
15:27:43.0168 2320 NTI IScheduleSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:27:43.0184 2320 UNS ( UnsignedFile.Multi.Generic ) - skipped by user
15:27:43.0184 2320 UNS ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
05.03.2013, 15:48
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner will einfach nicht verschwinden. Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.03.2013, 17:21
| #13 |
| | GVU Trojaner will einfach nicht verschwinden.Code:
ATTFilter ComboFix 13-03-05.01 - OAPalliance 05.03.2013 17:16:14.1.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3764.2747 [GMT 1:00]
ausgeführt von:: c:\users\OAPalliance\Desktop\ComboFix.exe
AV: McAfee VirusScan *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-05 bis 2013-03-05 ))))))))))))))))))))))))))))))
.
.
2013-03-05 16:18 . 2013-03-05 16:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-23 03:57 . 2013-02-23 03:57 -------- d-----w- c:\windows\de-DE
2013-02-23 03:57 . 2013-02-23 03:57 -------- d-----w- c:\windows\SysWow64\XPSViewer
2013-02-23 03:57 . 2013-02-23 03:57 -------- d-----w- c:\windows\SysWow64\wbem\de-DE
2013-02-23 03:57 . 2013-02-23 03:57 -------- d-----w- c:\windows\SysWow64\drivers\UMDF\de-DE
2013-02-23 03:57 . 2013-02-23 03:57 -------- d-----w- c:\windows\SysWow64\drivers\de-DE
2013-02-23 03:57 . 2013-02-23 03:57 -------- d-----w- c:\windows\SysWow64\de
2013-02-23 03:57 . 2013-02-23 03:57 -------- d-----w- c:\windows\SysWow64\0407
2013-02-23 03:57 . 2013-02-23 03:57 -------- d-----w- c:\windows\system32\drivers\UMDF\de-DE
2013-02-23 03:57 . 2013-02-23 03:57 -------- d-----w- c:\windows\system32\drivers\de-DE
2013-02-23 03:57 . 2013-02-23 03:57 -------- d-----w- c:\windows\system32\0407
2013-02-23 03:57 . 2013-02-23 03:57 -------- d-----w- c:\windows\system32\wbem\de-DE
2013-02-23 03:57 . 2013-02-23 03:57 -------- d-----w- c:\windows\system32\de
2013-02-23 03:57 . 2013-02-23 03:57 3584 ----a-w- c:\windows\system32\Spool\prtprocs\x64\de-DE\LXKPTPRC.DLL.mui
2013-02-23 03:52 . 2013-02-23 03:52 -------- d-----w- c:\windows\NAPP_Dism_Log
2013-02-22 19:41 . 2013-03-05 00:44 -------- d-----w- c:\program files (x86)\Acer Arcade Deluxe
2013-02-22 19:41 . 2013-03-05 00:44 -------- d-----w- c:\programdata\CyberLink
2013-02-22 19:39 . 2013-02-22 19:39 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2013-02-22 19:38 . 2013-02-22 19:38 -------- d-----w- c:\program files (x86)\Microsoft
2013-02-22 19:38 . 2013-02-22 19:38 -------- d-----w- c:\program files (x86)\Windows Live SkyDrive
2013-02-22 19:38 . 2013-02-22 19:39 -------- d-----w- c:\program files (x86)\Windows Live
2013-02-22 19:38 . 2013-02-22 19:38 -------- d-----w- c:\windows\PCHEALTH
2013-02-22 19:37 . 2013-02-22 19:37 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2013-02-22 19:34 . 2013-02-22 19:34 -------- d-----w- c:\program files (x86)\Common Files\postureAgent
2013-02-22 19:33 . 2009-09-17 11:54 56344 ----a-w- c:\windows\system32\drivers\HECIx64.sys
2013-02-22 19:32 . 2013-02-22 19:32 -------- d-----w- c:\program files\Synaptics
2013-02-22 19:31 . 2013-03-05 00:44 -------- d-----w- c:\program files (x86)\Acer Crystal Eye webcam
2013-02-22 19:31 . 2013-02-22 19:31 -------- d-----w- c:\program files (x86)\Launch Manager
2013-02-22 19:30 . 2013-02-22 19:30 -------- d-----w- c:\program files\Intel
2013-02-22 19:25 . 2013-02-22 19:25 -------- d-----w- c:\programdata\ATI
2013-02-22 19:25 . 2009-12-29 07:55 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-02-22 19:24 . 2013-02-22 19:24 -------- d---a-w- C:\book
2013-02-22 19:22 . 2013-02-22 19:22 -------- d-----w- c:\program files (x86)\OEM
2013-02-22 19:11 . 2013-02-22 19:11 0 ----a-w- c:\windows\ativpsrm.bin
2013-02-22 19:10 . 2013-02-22 19:10 3 ----a-w- c:\windows\system32\PLD_Framework.cmd
2013-02-22 19:06 . 2013-02-22 19:06 -------- d-----w- c:\program files\ATI
2013-02-22 19:06 . 2013-02-22 19:07 -------- d-----w- c:\program files (x86)\ATI Technologies
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-23 03:57 . 2013-02-23 03:57 2560 ----a-w- c:\windows\SysWow64\drivers\de-DE\qwavedrv.sys.mui
2013-02-23 03:56 . 2013-02-23 03:56 5632 ----a-w- c:\windows\SysWow64\drivers\de-DE\ndiscap.sys.mui
2013-02-23 03:56 . 2013-02-23 03:56 2560 ----a-w- c:\windows\SysWow64\drivers\de-DE\scfilter.sys.mui
2013-02-23 03:56 . 2013-02-23 03:56 51712 ----a-w- c:\windows\SysWow64\drivers\de-DE\tcpip.sys.mui
2013-02-23 03:56 . 2013-02-23 03:56 29696 ----a-w- c:\windows\SysWow64\drivers\de-DE\bfe.dll.mui
2013-02-23 03:56 . 2013-02-23 03:56 16896 ----a-w- c:\windows\SysWow64\drivers\de-DE\pacer.sys.mui
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-04-17 05:55 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Global Registration"="c:\program files (x86)\Acer\Registration\GREG.exe" [2010-04-28 835104]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-03-03 1300560]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-02-04 1465304]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-02 98304]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-04-17 337264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Z1"="c:\users\OAPalliance\Desktop\mbar-1.01.0.1021\mbar\mbar.exe" [2013-03-05 1363016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-02 202752]
R2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-03-03 325200]
R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2010-03-10 820768]
R2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2009-12-15 355440]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2009-12-15 355440]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-06 144640]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-05-27 40448]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-01-06 62416]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-01-07 158848]
R3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-03-02 7843040]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-01-06 93840]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-04-17 305520]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-06 50432]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 UCORESYS;UCORESYS;d:\dmiedit_utility\UCORESYS.sys [x]
R3 UCOREW64;UCOREW64;d:\dmiedit_utility\UCOREW64.sys [x]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2009-12-15 355440]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-01-06 279752]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-01-06 75288]
S2 McMPFSvc;McAfee Personal Firewall;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2009-12-15 355440]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-01-06 244840]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-01-06 148520]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-01-18 75304]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-01-06 440688]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 66486097
*NewlyCreated* - ASWMBR
*NewlyCreated* - PGLYQFOG
*Deregistered* - 66486097
*Deregistered* - aswMBR
*Deregistered* - pglyqfog
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-04-17 05:58 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-03-10 496160]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-02-06 324608]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-02 391192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-02 166424]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-04-17 349552]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-02 410648]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-02-22 877600]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-22 10081312]
"Trigger New Acer AlaunchX"="c:\oem\Preload\Command\AlaunchX\AppInRun.exe" [2009-09-21 304672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"New Acer AlaunchX"="c:\oem\Preload\Command\AlaunchX\LaunchAlaunchX.exe" [2009-09-21 300064]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360213v706l0433z1j5t5641l549
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360213v706l0433z1j5t5641l549
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360213v706l0433z1j5t5641l549
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.100.199 217.0.43.33 217.0.43.17
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - c:\programdata\Partner\Partner.dll
Toolbar-Locked - (no file)
BHO-{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - c:\programdata\Partner\Partner64.dll
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-05 17:19:29
ComboFix-quarantined-files.txt 2013-03-05 16:19
.
Vor Suchlauf: 9 Verzeichnis(se), 458.392.276.992 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 458.353.348.608 Bytes frei
.
- - End Of File - - 5B60DDF4D8EC78832D3FBDF99DEB95AA
|
|
06.03.2013, 00:42
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner will einfach nicht verschwinden. JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.03.2013, 10:45
| #15 |
| | GVU Trojaner will einfach nicht verschwinden. Also das JRT Tool lief durch und beim adwcleaner hat er dann einen Neustart gewollt, hat dann auch ohne den Fehler im Normalen Modus neu gestartet und hat auch erfolgreich den Report generiert, als ich dann den letzten Test, also das OTL nochmal laufen gelassen habe, hat sich nach wenigen Sekunden der Bildschirm wieder komplett weiss überlagert und ich konnte nichts mehr sehen, anbei die beiden Reports die ich dann im abgesicherten Modus wieder hergeholt habe und der nach der "reinfektion" ausgeführte OTL Report aus dem abgesicherten Modus: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.8 (03.04.2013:1)
OS: Windows 7 Home Premium x64
Ran by OAPalliance on 06.03.2013 at 10:04:25,29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\kt_bho_dll.dll
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-
ba73-e35ea1ea9990}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689
-ba73-e35ea1ea9990}
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.03.2013 at 10:07:08,60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.114 - Datei am 06/03/2013 um 10:09:11 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium (64 bits)
# Benutzer : OAPalliance - OAPALLIANCE-PC
# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung
# Ausgeführt unter : C:\Users\OAPalliance\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7600.16385
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[R1].txt - [1638 octets] - [05/03/2013 11:47:25]
AdwCleaner[S1].txt - [1011 octets] - [06/03/2013 10:09:11]
########## EOF - C:\AdwCleaner[S1].txt - [1071 octets] ##########
Code:
ATTFilter OTL logfile created on: 06.03.2013 10:39:20 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\OAPalliance\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,68 Gb Total Physical Memory | 2,79 Gb Available Physical Memory | 75,99% Memory free 7,35 Gb Paging File | 6,48 Gb Available in Paging File | 88,11% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 452,66 Gb Total Space | 426,56 Gb Free Space | 94,23% Space Free | Partition Type: NTFS Computer Name: OAPALLIANCE-PC | User Name: OAPalliance | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\OAPalliance\Desktop\OTL.exe (OldTimer Tools) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe () SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe () SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (MWLService) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group) SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) SRV - (mfevtp) -- C:\Programme\Common Files\mcafee\systemcore\mfevtps.exe (McAfee, Inc.) SRV - (McODS) -- C:\Programme\mcafee\virusscan\mcods.exe (McAfee, Inc.) SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.) DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.) DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.) DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.) DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.) DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.) DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.) DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.) DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys () DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360213v706l0433z1j5t5641l549 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360213v706l0433z1j5t5641l549 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360213v706l0433z1j5t5641l549 IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-365425079-1081678709-318092291-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360213v706l0433z1j5t5641l549 IE - HKU\S-1-5-21-365425079-1081678709-318092291-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-365425079-1081678709-318092291-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-365425079-1081678709-318092291-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013.02.22 20:21:43 | 000,000,000 | ---D | M] O1 HOSTS File: ([2013.03.05 17:18:13 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\mcafee\msk\mskapbho64.dll () O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\mcafee\systemcore\ScriptSn.20100513193929.dll (McAfee, Inc.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\mcafee\msk\mskapbho.dll () O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100513193929.dll (McAfee, Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~2\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-365425079-1081678709-318092291-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-365425079-1081678709-318092291-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.199 217.0.43.33 217.0.43.17 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DFEE2242-366F-42A9-B3DE-C4273AB1F84C}: DhcpNameServer = 192.168.100.199 217.0.43.33 217.0.43.17 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.06 10:38:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2013.03.06 10:16:30 | 001,233,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4.dll [2013.03.06 10:16:30 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4r.dll [2013.03.06 10:16:30 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4a.dll [2013.03.06 10:14:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cyberlink [2013.03.06 10:04:24 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.03.06 10:04:19 | 000,000,000 | ---D | C] -- C:\JRT [2013.03.06 10:02:50 | 000,547,723 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\OAPalliance\Desktop\JRT.exe [2013.03.06 09:14:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.03.05 19:12:17 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.03.05 17:15:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.03.05 17:15:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.03.05 17:15:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.03.05 17:15:29 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.03.05 17:14:57 | 005,036,545 | R--- | C] (Swearware) -- C:\Users\OAPalliance\Desktop\ComboFix.exe [2013.03.05 14:46:35 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\OAPalliance\Desktop\aswMBR.exe [2013.03.05 14:46:00 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\OAPalliance\Desktop\tdsskiller.exe [2013.03.05 11:47:16 | 000,000,000 | ---D | C] -- C:\Users\OAPalliance\Desktop\mbar-1.01.0.1021 [2013.03.05 11:31:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\OAPalliance\Desktop\OTL.exe [2013.03.04 18:09:38 | 000,703,352 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\OAPalliance\Desktop\autoruns.exe [2013.03.04 14:01:48 | 000,000,000 | ---D | C] -- C:\Users\OAPalliance\AppData\Roaming\Malwarebytes [2013.03.04 14:01:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.04 14:01:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.03.04 14:01:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.04 14:01:24 | 000,000,000 | ---D | C] -- C:\Users\OAPalliance\AppData\Local\Programs [2013.03.04 12:34:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security [2013.03.04 12:24:43 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.03.04 12:22:54 | 000,000,000 | ---D | C] -- C:\Users\OAPalliance\AppData\Roaming\Adobe [2013.02.23 04:57:49 | 000,000,000 | ---D | C] -- C:\Windows\de-DE [2013.02.23 04:57:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\XPSViewer [2013.02.23 04:57:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\de-DE [2013.02.23 04:57:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\de [2013.02.23 04:57:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\0407 [2013.02.23 04:57:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\de-DE [2013.02.23 04:57:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0407 [2013.02.23 04:57:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\de [2013.02.23 04:57:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\usbrpm.sys.mui [2013.02.23 04:57:16 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\fvevol.sys.mui [2013.02.23 04:57:08 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\qwavedrv.sys.mui [2013.02.23 04:57:06 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\nwifi.sys.mui [2013.02.23 04:57:06 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\qwavedrv.sys.mui [2013.02.23 04:57:03 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\volsnap.sys.mui [2013.02.23 04:57:03 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\usbport.sys.mui [2013.02.23 04:57:03 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\processr.sys.mui [2013.02.23 04:57:03 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\intelppm.sys.mui [2013.02.23 04:57:03 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\amdppm.sys.mui [2013.02.23 04:57:03 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\amdk8.sys.mui [2013.02.23 04:57:03 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\usbhub.sys.mui [2013.02.23 04:57:03 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\serial.sys.mui [2013.02.23 04:57:03 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ohci1394.sys.mui [2013.02.23 04:57:03 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\1394ohci.sys.mui [2013.02.23 04:57:03 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerId.sys.mui [2013.02.23 04:57:03 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerIb.sys.mui [2013.02.23 04:57:03 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\i8042prt.sys.mui [2013.02.23 04:57:03 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\acpi.sys.mui [2013.02.23 04:57:03 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\battc.sys.mui [2013.02.23 04:57:03 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\pci.sys.mui [2013.02.23 04:57:03 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\IPMIDrv.sys.mui [2013.02.23 04:57:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\sermouse.sys.mui [2013.02.23 04:57:03 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\kbdclass.sys.mui [2013.02.23 04:57:03 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mouclass.sys.mui [2013.02.23 04:57:03 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\wacompen.sys.mui [2013.02.23 04:57:03 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vhdmp.sys.mui [2013.02.23 04:57:03 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vdrvroot.sys.mui [2013.02.23 04:57:03 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\tpm.sys.mui [2013.02.23 04:57:03 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\isapnp.sys.mui [2013.02.23 04:57:03 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\hdaudbus.sys.mui [2013.02.23 04:57:03 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\parport.sys.mui [2013.02.23 04:57:03 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ataport.sys.mui [2013.02.23 04:57:03 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\umbus.sys.mui [2013.02.23 04:57:03 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mssmbios.sys.mui [2013.02.23 04:57:03 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mouhid.sys.mui [2013.02.23 04:57:03 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vwifibus.sys.mui [2013.02.23 04:57:03 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ULIAGPKX.SYS.mui [2013.02.23 04:57:03 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\UAGP35.SYS.mui [2013.02.23 04:57:03 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\NV_AGP.SYS.mui [2013.02.23 04:57:03 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\MTConfig.sys.mui [2013.02.23 04:57:03 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\kbdhid.sys.mui [2013.02.23 04:57:03 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\GAGP30KX.SYS.mui [2013.02.23 04:57:03 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\AGP440.sys.mui [2013.02.23 04:57:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\wd.sys.mui [2013.02.23 04:57:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\disk.sys.mui [2013.02.23 04:57:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\cdrom.sys.mui [2013.02.23 04:57:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\amdide.sys.mui [2013.02.23 04:57:02 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\tcpip.sys.mui [2013.02.23 04:57:02 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mpio.sys.mui [2013.02.23 04:57:02 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\bthport.sys.mui [2013.02.23 04:57:02 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\msdsm.sys.mui [2013.02.23 04:57:02 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\pcmcia.sys.mui [2013.02.23 04:57:02 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\bthpan.sys.mui [2013.02.23 04:57:02 | 000,004,096 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\de-DE\pscr.sys.mui [2013.02.23 04:57:02 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\portcls.sys.mui [2013.02.23 04:57:02 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\HdAudio.sys.mui [2013.02.23 04:57:02 | 000,003,584 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\de-DE\atikmdag.sys.mui [2013.02.23 04:57:02 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\serscan.sys.mui [2013.02.23 04:57:02 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\rndismpx.sys.mui [2013.02.23 04:57:02 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\rndismp6.sys.mui [2013.02.23 04:57:02 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\hidbth.sys.mui [2013.02.23 04:57:02 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\pnpmem.sys.mui [2013.02.23 04:57:02 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\Dot4usb.sys.mui [2013.02.23 04:57:02 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\BTHUSB.SYS.mui [2013.02.23 04:57:02 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrParwdm.sys.mui [2013.02.23 04:57:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ws2ifsl.sys.mui [2013.02.23 04:57:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\bthenum.sys.mui [2013.02.23 04:56:59 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\pacer.sys.mui [2013.02.23 04:56:57 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\bfe.dll.mui [2013.02.23 04:56:57 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\modem.sys.mui [2013.02.23 04:56:56 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\afd.sys.mui [2013.02.23 04:56:56 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ipnat.sys.mui [2013.02.23 04:56:56 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\volmgrx.sys.mui [2013.02.23 04:56:54 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ntfs.sys.mui [2013.02.23 04:56:54 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\tunnel.sys.mui [2013.02.23 04:56:54 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\luafv.sys.mui [2013.02.23 04:56:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\ndiscap.sys.mui [2013.02.23 04:56:54 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\rdbss.sys.mui [2013.02.23 04:56:54 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\srv.sys.mui [2013.02.23 04:56:54 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\scfilter.sys.mui [2013.02.23 04:56:53 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ndisuio.sys.mui [2013.02.23 04:56:53 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\partmgr.sys.mui [2013.02.23 04:56:53 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mountmgr.sys.mui [2013.02.23 04:56:51 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\tcpip.sys.mui [2013.02.23 04:56:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ndiscap.sys.mui [2013.02.23 04:56:51 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\RNDISMP.sys.mui [2013.02.23 04:56:51 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\scfilter.sys.mui [2013.02.23 04:56:49 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ndis.sys.mui [2013.02.23 04:56:49 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\fltmgr.sys.mui [2013.02.23 04:56:49 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\wdf01000.sys.mui [2013.02.23 04:56:48 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\http.sys.mui [2013.02.23 04:56:48 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\bfe.dll.mui [2013.02.23 04:56:48 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\pacer.sys.mui [2013.02.23 04:56:48 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\scsiport.sys.mui [2013.02.23 04:52:25 | 000,000,000 | ---D | C] -- C:\Windows\NAPP_Dism_Log [2013.02.22 20:43:11 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Arcade Deluxe [2013.02.22 20:42:07 | 000,000,000 | ---D | C] -- C:\Users\OAPalliance\AppData\Local\Cyberlink [2013.02.22 20:41:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acer Arcade Deluxe [2013.02.22 20:41:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp [2013.02.22 20:41:02 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink [2013.02.22 20:39:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition [2013.02.22 20:38:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft [2013.02.22 20:38:47 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2013.02.22 20:38:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive [2013.02.22 20:38:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live [2013.02.22 20:38:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live [2013.02.22 20:38:17 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2013.02.22 20:37:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live [2013.02.22 20:36:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2013.02.22 20:34:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent [2013.02.22 20:33:56 | 000,056,344 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\HECIx64.sys [2013.02.22 20:32:52 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics [2013.02.22 20:31:57 | 000,000,000 | ---D | C] -- C:\Users\OAPalliance\AppData\Roaming\Liteon [2013.02.22 20:31:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye webcam [2013.02.22 20:31:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acer Crystal Eye webcam [2013.02.22 20:31:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Launch Manager [2013.02.22 20:30:09 | 000,000,000 | ---D | C] -- C:\Program Files\Intel [2013.02.22 20:29:31 | 000,000,000 | ---D | C] -- C:\Users\OAPalliance\AppData\Roaming\InstallShield [2013.02.22 20:25:33 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll [2013.02.22 20:25:33 | 000,000,000 | ---D | C] -- C:\Users\OAPalliance\AppData\Roaming\ATI [2013.02.22 20:25:33 | 000,000,000 | ---D | C] -- C:\Users\OAPalliance\AppData\Local\ATI [2013.02.22 20:25:33 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2013.02.22 20:24:58 | 000,000,000 | ---D | C] -- C:\Users\OAPalliance\AppData\Roaming\Intel Corporation [2013.02.22 20:24:47 | 000,000,000 | ---D | C] -- C:\Users\OAPalliance\AppData\Local\EgisTec IPS [2013.02.22 20:24:46 | 000,000,000 | ---D | C] -- C:\book [2013.02.22 20:24:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem [2013.02.22 20:24:45 | 000,000,000 | ---D | C] -- C:\Users\OAPalliance\AppData\Roaming\Macromedia [2013.02.22 20:24:33 | 000,000,000 | R--D | C] -- C:\Users\OAPalliance\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.02.22 20:24:33 | 000,000,000 | R--D | C] -- C:\Users\OAPalliance\Searches [2013.02.22 20:24:33 | 000,000,000 | R--D | C] -- C:\Users\OAPalliance\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.02.22 20:24:25 | 000,000,000 | ---D | C] -- C:\Users\OAPalliance\AppData\Roaming\Identities [2013.02.22 20:24:23 | 000,000,000 | R--D | C] -- C:\Users\OAPalliance\Contacts [2013.02.22 20:24:21 | 000,000,000 | ---D | C] -- C:\Users\OAPalliance\AppData\Local\VirtualStore [2013.02.22 20:22:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OEM [2013.02.22 20:21:50 | 000,000,000 | ---D | C] -- C:\Program Files\Acer Accessory Store [2013.02.22 20:21:35 | 000,000,000 | -HSD | C] -- C:\Users\OAPalliance\Vorlagen [2013.02.22 20:21:35 | 000,000,000 | -HSD | C] -- C:\Users\OAPalliance\AppData\Local\Verlauf [2013.02.22 20:21:35 | 000,000,000 | -HSD | C] -- C:\Users\OAPalliance\AppData\Local\Temporary Internet Files [2013.02.22 20:21:35 | 000,000,000 | -HSD | C] -- C:\Users\OAPalliance\Lokale Einstellungen [2013.02.22 20:21:35 | 000,000,000 | -HSD | C] -- C:\Users\OAPalliance\AppData\Local\Anwendungsdaten [2013.02.22 20:21:34 | 000,000,000 | --SD | C] -- C:\Users\OAPalliance\AppData\Roaming\Microsoft [2013.02.22 20:21:34 | 000,000,000 | R--D | C] -- C:\Users\OAPalliance\Videos [2013.02.22 20:21:34 | 000,000,000 | R--D | C] -- C:\Users\OAPalliance\Saved Games [2013.02.22 20:21:34 | 000,000,000 | R--D | C] -- C:\Users\OAPalliance\Pictures [2013.02.22 20:21:34 | 000,000,000 | R--D | C] -- C:\Users\OAPalliance\Music [2013.02.22 20:21:34 | 000,000,000 | R--D | C] -- C:\Users\OAPalliance\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013.02.22 20:21:34 | 000,000,000 | R--D | C] -- C:\Users\OAPalliance\Links [2013.02.22 20:21:34 | 000,000,000 | R--D | C] -- C:\Users\OAPalliance\Favorites [2013.02.22 20:21:34 | 000,000,000 | R--D | C] -- C:\Users\OAPalliance\Downloads [2013.02.22 20:21:34 | 000,000,000 | R--D | C] -- C:\Users\OAPalliance\Documents [2013.02.22 20:21:34 | 000,000,000 | R--D | C] -- C:\Users\OAPalliance\Desktop [2013.02.22 20:21:34 | 000,000,000 | R--D | C] -- C:\Users\OAPalliance\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.02.22 20:21:34 | 000,000,000 | -HSD | C] -- C:\Users\OAPalliance\Startmenü [2013.02.22 20:21:34 | 000,000,000 | -HSD | C] -- C:\Users\OAPalliance\SendTo [2013.02.22 20:21:34 | 000,000,000 | -HSD | C] -- C:\Users\OAPalliance\Recent [2013.02.22 20:21:34 | 000,000,000 | -HSD | C] -- C:\Users\OAPalliance\Netzwerkumgebung [2013.02.22 20:21:34 | 000,000,000 | -HSD | C] -- C:\Users\OAPalliance\Documents\Eigene Videos [2013.02.22 20:21:34 | 000,000,000 | -HSD | C] -- C:\Users\OAPalliance\Documents\Eigene Musik [2013.02.22 20:21:34 | 000,000,000 | -HSD | C] -- C:\Users\OAPalliance\Eigene Dateien [2013.02.22 20:21:34 | 000,000,000 | -HSD | C] -- C:\Users\OAPalliance\Documents\Eigene Bilder [2013.02.22 20:21:34 | 000,000,000 | -HSD | C] -- C:\Users\OAPalliance\Druckumgebung [2013.02.22 20:21:34 | 000,000,000 | -HSD | C] -- C:\Users\OAPalliance\Cookies [2013.02.22 20:21:34 | 000,000,000 | -HSD | C] -- C:\Users\OAPalliance\Anwendungsdaten [2013.02.22 20:21:34 | 000,000,000 | -H-D | C] -- C:\Users\OAPalliance\AppData [2013.02.22 20:21:34 | 000,000,000 | ---D | C] -- C:\Users\OAPalliance\AppData\Local\Temp [2013.02.22 20:21:34 | 000,000,000 | ---D | C] -- C:\Users\OAPalliance\AppData\Local\Microsoft [2013.02.22 20:21:34 | 000,000,000 | ---D | C] -- C:\Users\OAPalliance\AppData\Roaming\Media Center Programs [2013.02.22 20:21:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2013.02.22 20:21:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2013.02.22 20:21:29 | 000,000,000 | -HSD | C] -- C:\Programme [2013.02.22 20:21:29 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2013.02.22 20:21:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2013.02.22 20:21:29 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2013.02.22 20:21:29 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2013.02.22 20:21:29 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2013.02.22 20:21:29 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2013.02.22 20:21:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2013.02.22 20:21:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2013.02.22 20:21:29 | 000,000,000 | ---D | C] -- C:\Recovery [2013.02.22 20:07:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2013.02.22 20:06:56 | 000,000,000 | ---D | C] -- C:\Program Files\ATI [2013.02.22 20:06:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2013.02.22 20:05:51 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2013.02.22 20:04:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2013.02.22 20:04:53 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2013.02.22 20:04:52 | 002,719,504 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll [2013.02.22 20:04:52 | 001,913,888 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll [2013.02.22 20:04:52 | 000,612,384 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl [2013.02.22 20:04:52 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2013.02.22 20:04:52 | 000,332,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll [2013.02.22 20:04:52 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2013.02.22 20:04:52 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2013.02.22 20:04:52 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2013.02.22 20:04:52 | 000,149,536 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll [2013.02.22 20:04:51 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll [2013.02.22 20:04:51 | 001,659,936 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll [2013.02.22 20:04:51 | 001,325,328 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll [2013.02.22 20:04:51 | 001,210,912 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll [2013.02.22 20:04:51 | 001,178,384 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll [2013.02.22 20:04:51 | 001,110,800 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll [2013.02.22 20:04:51 | 000,504,592 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll [2013.02.22 20:04:51 | 000,477,216 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll [2013.02.22 20:04:51 | 000,474,896 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll [2013.02.22 20:04:51 | 000,372,936 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2013.02.22 20:04:51 | 000,325,904 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2013.02.22 20:04:51 | 000,321,440 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2013.02.22 20:04:51 | 000,315,152 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll [2013.02.22 20:04:51 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2013.02.22 20:04:51 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2013.02.22 20:04:51 | 000,268,560 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll [2013.02.22 20:04:51 | 000,265,488 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll [2013.02.22 20:04:51 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2013.02.22 20:04:51 | 000,123,664 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll [2013.02.22 20:04:51 | 000,123,152 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll [2013.02.22 20:04:51 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll [2013.02.22 20:04:51 | 000,099,016 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2013.02.22 20:04:51 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2013.02.22 20:04:51 | 000,069,664 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll [2013.02.22 20:04:50 | 001,247,776 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll [2013.02.22 20:04:50 | 000,168,288 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll [2013.02.22 20:04:50 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2013.02.22 20:04:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2013.02.22 20:04:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2013.02.22 20:02:55 | 000,000,000 | -HSD | C] -- C:\System Volume Information ========== Files - Modified Within 30 Days ========== [2013.03.06 10:41:13 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.06 10:41:13 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.06 10:41:13 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.06 10:41:13 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.06 10:41:13 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.06 10:38:41 | 000,001,832 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk [2013.03.06 10:36:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.06 10:36:19 | 2960,510,976 | -HS- | M] () -- C:\hiberfil.sys [2013.03.06 10:33:29 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.06 10:33:29 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.06 10:03:49 | 000,597,667 | ---- | M] () -- C:\Users\OAPalliance\Desktop\adwcleaner.exe [2013.03.06 10:02:57 | 000,547,723 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\OAPalliance\Desktop\JRT.exe [2013.03.05 17:18:13 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.03.05 17:14:58 | 005,036,545 | R--- | M] (Swearware) -- C:\Users\OAPalliance\Desktop\ComboFix.exe [2013.03.05 14:46:35 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\OAPalliance\Desktop\aswMBR.exe [2013.03.05 14:46:05 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\OAPalliance\Desktop\tdsskiller.exe [2013.03.05 14:02:30 | 000,377,856 | ---- | M] () -- C:\Users\OAPalliance\Desktop\gmer_2.1.19155.exe [2013.03.05 11:46:40 | 013,786,977 | ---- | M] () -- C:\Users\OAPalliance\Desktop\mbar-1.01.0.1021.zip [2013.03.05 11:31:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\OAPalliance\Desktop\OTL.exe [2013.02.23 04:57:38 | 000,295,922 | ---- | M] () -- C:\Windows\SysNative\perfi007.dat [2013.02.23 04:57:38 | 000,038,104 | ---- | M] () -- C:\Windows\SysNative\perfd007.dat [2013.02.23 04:57:20 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\usbrpm.sys.mui [2013.02.23 04:57:16 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\fvevol.sys.mui [2013.02.23 04:57:12 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\UMDF\de-DE\WpdMtpDr.dll.mui [2013.02.23 04:57:08 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\qwavedrv.sys.mui [2013.02.23 04:57:06 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\nwifi.sys.mui [2013.02.23 04:57:06 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\qwavedrv.sys.mui [2013.02.23 04:57:03 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\volsnap.sys.mui [2013.02.23 04:57:03 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\usbport.sys.mui [2013.02.23 04:57:03 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\processr.sys.mui [2013.02.23 04:57:03 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\intelppm.sys.mui [2013.02.23 04:57:03 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\amdppm.sys.mui [2013.02.23 04:57:03 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\amdk8.sys.mui [2013.02.23 04:57:03 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\usbhub.sys.mui [2013.02.23 04:57:03 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\serial.sys.mui [2013.02.23 04:57:03 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ohci1394.sys.mui [2013.02.23 04:57:03 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\1394ohci.sys.mui [2013.02.23 04:57:03 | 000,011,776 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerId.sys.mui [2013.02.23 04:57:03 | 000,011,776 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerIb.sys.mui [2013.02.23 04:57:03 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\i8042prt.sys.mui [2013.02.23 04:57:03 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\acpi.sys.mui [2013.02.23 04:57:03 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\battc.sys.mui [2013.02.23 04:57:03 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\pci.sys.mui [2013.02.23 04:57:03 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\IPMIDrv.sys.mui [2013.02.23 04:57:03 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\sermouse.sys.mui [2013.02.23 04:57:03 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\kbdclass.sys.mui [2013.02.23 04:57:03 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mouclass.sys.mui [2013.02.23 04:57:03 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\wacompen.sys.mui [2013.02.23 04:57:03 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vhdmp.sys.mui [2013.02.23 04:57:03 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vdrvroot.sys.mui [2013.02.23 04:57:03 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\tpm.sys.mui [2013.02.23 04:57:03 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\isapnp.sys.mui [2013.02.23 04:57:03 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\hdaudbus.sys.mui [2013.02.23 04:57:03 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\parport.sys.mui [2013.02.23 04:57:03 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ataport.sys.mui [2013.02.23 04:57:03 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\umbus.sys.mui [2013.02.23 04:57:03 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mssmbios.sys.mui [2013.02.23 04:57:03 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mouhid.sys.mui [2013.02.23 04:57:03 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vwifibus.sys.mui [2013.02.23 04:57:03 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ULIAGPKX.SYS.mui [2013.02.23 04:57:03 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\UAGP35.SYS.mui [2013.02.23 04:57:03 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\NV_AGP.SYS.mui [2013.02.23 04:57:03 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\MTConfig.sys.mui [2013.02.23 04:57:03 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\kbdhid.sys.mui [2013.02.23 04:57:03 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\GAGP30KX.SYS.mui [2013.02.23 04:57:03 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\AGP440.sys.mui [2013.02.23 04:57:03 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\wd.sys.mui [2013.02.23 04:57:03 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\disk.sys.mui [2013.02.23 04:57:03 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\cdrom.sys.mui [2013.02.23 04:57:03 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\amdide.sys.mui [2013.02.23 04:57:02 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\tcpip.sys.mui [2013.02.23 04:57:02 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mpio.sys.mui [2013.02.23 04:57:02 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\bthport.sys.mui [2013.02.23 04:57:02 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\UMDF\de-DE\WUDFUsbccidDriver.dll.mui [2013.02.23 04:57:02 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\msdsm.sys.mui [2013.02.23 04:57:02 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\pcmcia.sys.mui [2013.02.23 04:57:02 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\bthpan.sys.mui [2013.02.23 04:57:02 | 000,004,096 | ---- | M] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\de-DE\pscr.sys.mui [2013.02.23 04:57:02 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\portcls.sys.mui [2013.02.23 04:57:02 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\HdAudio.sys.mui [2013.02.23 04:57:02 | 000,003,584 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\de-DE\atikmdag.sys.mui [2013.02.23 04:57:02 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\serscan.sys.mui [2013.02.23 04:57:02 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\rndismpx.sys.mui [2013.02.23 04:57:02 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\rndismp6.sys.mui [2013.02.23 04:57:02 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\hidbth.sys.mui [2013.02.23 04:57:02 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\pnpmem.sys.mui [2013.02.23 04:57:02 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\Dot4usb.sys.mui [2013.02.23 04:57:02 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\BTHUSB.SYS.mui [2013.02.23 04:57:02 | 000,002,560 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrParwdm.sys.mui [2013.02.23 04:57:02 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ws2ifsl.sys.mui [2013.02.23 04:57:02 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\bthenum.sys.mui [2013.02.23 04:56:59 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\pacer.sys.mui [2013.02.23 04:56:57 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\bfe.dll.mui [2013.02.23 04:56:57 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\modem.sys.mui [2013.02.23 04:56:56 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\afd.sys.mui [2013.02.23 04:56:56 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ipnat.sys.mui [2013.02.23 04:56:56 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\volmgrx.sys.mui [2013.02.23 04:56:54 | 000,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ntfs.sys.mui [2013.02.23 04:56:54 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\tunnel.sys.mui [2013.02.23 04:56:54 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\luafv.sys.mui [2013.02.23 04:56:54 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\ndiscap.sys.mui [2013.02.23 04:56:54 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\rdbss.sys.mui [2013.02.23 04:56:54 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\srv.sys.mui [2013.02.23 04:56:54 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\scfilter.sys.mui [2013.02.23 04:56:53 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ndisuio.sys.mui [2013.02.23 04:56:53 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\partmgr.sys.mui [2013.02.23 04:56:53 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mountmgr.sys.mui [2013.02.23 04:56:51 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\tcpip.sys.mui [2013.02.23 04:56:51 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ndiscap.sys.mui [2013.02.23 04:56:51 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\RNDISMP.sys.mui [2013.02.23 04:56:51 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\scfilter.sys.mui [2013.02.23 04:56:49 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ndis.sys.mui [2013.02.23 04:56:49 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\fltmgr.sys.mui [2013.02.23 04:56:49 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\wdf01000.sys.mui [2013.02.23 04:56:48 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\http.sys.mui [2013.02.23 04:56:48 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\bfe.dll.mui [2013.02.23 04:56:48 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\pacer.sys.mui [2013.02.23 04:56:48 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\scsiport.sys.mui [2013.02.23 04:52:25 | 000,011,453 | ---- | M] () -- C:\Windows\ChangeLang_Done.tag [2013.02.22 20:32:55 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf [2013.02.22 20:31:11 | 000,000,184 | ---- | M] () -- C:\Windows\LMv4.UNI [2013.02.22 20:21:50 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\Acer Zubehör Shop.lnk [2013.02.22 20:17:48 | 000,052,953 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2013.02.22 20:17:48 | 000,052,953 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2013.02.22 20:11:46 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.22 20:11:07 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin [2013.02.22 20:10:05 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\PLD_Framework.cmd ========== Files Created - No Company Name ========== [2013.03.05 17:15:37 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.03.05 17:15:37 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.03.05 17:15:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.03.05 17:15:37 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.03.05 17:15:37 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.03.05 14:03:42 | 000,377,856 | ---- | C] () -- C:\Users\OAPalliance\Desktop\gmer_2.1.19155.exe [2013.03.05 11:46:40 | 013,786,977 | ---- | C] () -- C:\Users\OAPalliance\Desktop\mbar-1.01.0.1021.zip [2013.03.05 11:46:36 | 000,597,667 | ---- | C] () -- C:\Users\OAPalliance\Desktop\adwcleaner.exe [2013.02.23 05:01:16 | 000,011,453 | ---- | C] () -- C:\Windows\ChangeLang_Done.tag [2013.02.23 04:58:13 | 000,295,922 | ---- | C] () -- C:\Windows\SysNative\perfi007.dat [2013.02.23 04:58:12 | 000,643,866 | ---- | C] () -- C:\Windows\SysNative\perfh007.dat [2013.02.23 04:58:12 | 000,126,394 | ---- | C] () -- C:\Windows\SysNative\perfc007.dat [2013.02.23 04:58:12 | 000,038,104 | ---- | C] () -- C:\Windows\SysNative\perfd007.dat [2013.02.22 20:36:10 | 000,002,435 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk [2013.02.22 20:32:55 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf [2013.02.22 20:24:38 | 000,001,409 | ---- | C] () -- C:\Users\OAPalliance\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2013.02.22 20:24:34 | 000,001,443 | ---- | C] () -- C:\Users\OAPalliance\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.02.22 20:21:50 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\Acer Zubehör Shop.lnk [2013.02.22 20:11:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2013.02.22 20:10:05 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\PLD_Framework.cmd [2013.02.22 20:07:16 | 000,001,105 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2013.02.22 20:07:16 | 000,001,105 | ---- | C] () -- C:\Windows\SysNative\atipblup.dat [2013.02.22 20:04:53 | 000,231,056 | ---- | C] () -- C:\Windows\SysNative\drivers\RTConvEQ.dat [2013.02.22 20:04:53 | 000,030,856 | ---- | C] () -- C:\Windows\SysNative\drivers\RtPCEE3.DAT [2013.02.22 20:04:53 | 000,001,352 | ---- | C] () -- C:\Windows\SysNative\drivers\RtHdatEx.dat [2013.02.22 20:04:53 | 000,000,712 | ---- | C] () -- C:\Windows\SysNative\drivers\SamSfPa.dat [2013.02.22 20:04:53 | 000,000,520 | ---- | C] () -- C:\Windows\SysNative\drivers\RTEQEX3.dat [2013.02.22 20:04:53 | 000,000,520 | ---- | C] () -- C:\Windows\SysNative\drivers\RTEQEX2.dat [2013.02.22 20:04:53 | 000,000,520 | ---- | C] () -- C:\Windows\SysNative\drivers\RTEQEX1.dat [2013.02.22 20:04:53 | 000,000,520 | ---- | C] () -- C:\Windows\SysNative\drivers\RTEQEX0.dat [2013.02.22 20:04:53 | 000,000,176 | ---- | C] () -- C:\Windows\SysNative\drivers\RTHDAEQ1.dat [2013.02.22 20:04:53 | 000,000,008 | ---- | C] () -- C:\Windows\SysNative\drivers\rtkhdaud.dat [2013.02.22 20:04:18 | 000,696,680 | ---- | C] () -- C:\Windows\SysNative\oem6.inf [2013.02.22 20:02:56 | 2960,510,976 | -HS- | C] () -- C:\hiberfil.sys ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2009.07.14 02:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 06.03.2013 10:39:20 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\OAPalliance\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,68 Gb Total Physical Memory | 2,79 Gb Available Physical Memory | 75,99% Memory free
7,35 Gb Paging File | 6,48 Gb Available in Paging File | 88,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,66 Gb Total Space | 426,56 Gb Free Space | 94,23% Space Free | Partition Type: NTFS
Computer Name: OAPALLIANCE-PC | User Name: OAPalliance | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11F56432-6CE4-4C7E-BD84-81B3D5F39F45}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A587D0D8-7794-4580-820D-5BA8B7BD84F5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12ADA536-652F-4FD7-9B60-F0150084D470}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{19146BDF-4B53-45CF-942E-075B2B1D1C84}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\dms\clmsservice.exe |
"{1E26BF55-F490-4D62-B313-932FB5839731}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |
"{227BE239-292F-41E1-8364-F7A2CABA9717}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\powercinema.exe |
"{29CD4701-413E-49D3-A07B-AE91E6EECA41}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{2CCCA3DE-8843-4AA2-8937-048FFF0848A4}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\dmp\clbrowserengine.exe |
"{3238093F-B8B3-4316-9764-C88A34A0560D}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{82101DBE-3B25-4341-BA89-BA39B650F3D6}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{87FFCDCF-0884-467F-8FD8-3CE1D28F3C9B}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{9C1FB447-0DC8-4AEE-AB2F-38CFEB3D88D5}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovie.exe |
"{9DF2A7BD-9821-4ECB-8481-CF371A720DD7}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{9EB95263-38C4-4BC3-90D6-07A94960C700}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{AC01BBEA-AC42-4A74-95DB-9D92FA08B53D}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\pcmservice.exe |
"{CB9A2E62-ED0E-40E6-89E1-38BA8567B7F2}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{F9F15209-31F0-496F-BA17-C66BE5B93F77}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovieservice.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{241E3816-2EF1-A1D1-8811-4478E28E130B}" = ccc-utility64
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AFBE654A-4597-89DB-EF5F-7CC7D0475691}" = ATI Catalyst Install Manager
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{0E9118B6-0191-3642-E743-B69EBE42D4AF}" = Catalyst Control Center Graphics Full Existing
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19F3712E-BDCF-B1DA-A22E-A67537C8A2F0}" = CCC Help Polish
"{1BE1B77F-4307-B5D3-1532-CEE7ECF9CBBB}" = CCC Help Norwegian
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3CD5493C-51AF-C805-A197-DC36E8C57784}" = CCC Help Portuguese
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaShow Espresso
"{4BCBC4D0-1D88-462D-809E-506F34EA11C0}" = Catalyst Control Center - Branding
"{4FEF7A1D-0DAC-F687-E474-AA7A13E3D8CA}" = Catalyst Control Center Graphics Full New
"{50B9544E-CA9A-CA08-3BC8-F66A69A4E49F}" = CCC Help Spanish
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{525A74BE-B7F5-94D0-987C-0324FF58FBB1}" = CCC Help French
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5F0FF70C-5828-2178-4642-206D9F3B681F}" = Catalyst Control Center InstallProxy
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{74A8E6D0-5E5B-6CAC-F592-8EDA39FC15C0}" = CCC Help Korean
"{780B7CAD-9E59-8986-63EC-D60B8D06D6E6}" = Catalyst Control Center Graphics Light
"{7C1BA7EF-0866-BBDB-129A-F53DB0954F61}" = CCC Help Turkish
"{7E2CD483-7D07-BE78-C0C6-DE07057DC551}" = Catalyst Control Center Core Implementation
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{832BC337-E36D-0039-065C-7E4EDC5D45B4}" = CCC Help Greek
"{849EC471-5D3C-59E4-5C52-845C3AC320B3}" = CCC Help Thai
"{86021347-6DF2-7015-B152-51A17DCFDB22}" = CCC Help English
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9347A62B-EDAF-AA30-0F68-3EF11B51DCA1}" = CCC Help German
"{935E59AB-A56F-6EB5-9BA8-A1FC7A203A77}" = ccc-core-static
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95E4B940-E816-933C-D48F-2E000F2629C8}" = CCC Help Chinese Traditional
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D027EFD-8DA7-474D-FEF9-6302A77BDB27}" = CCC Help Chinese Standard
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8439DCA-AE39-2510-3EC3-730C4EE13473}" = CCC Help Finnish
"{ABEE079E-648E-488B-8301-0C3DB48C1BCE}_is1" = Acer GameZone Console
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{AC838E60-C5DB-3127-1743-E6789CC26C74}" = PX Profile Update
"{B6F57B2E-1C93-E0B3-4F6A-F5E2118709AA}" = CCC Help Swedish
"{B73424BF-A4E9-572B-3FE1-6E7AF172D192}" = Catalyst Control Center Graphics Previews Vista
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = Acer Arcade Movie
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C76DD602-F340-0433-87B9-432996F4707A}" = Catalyst Control Center Localization All
"{D421F957-7D5B-D409-FA76-7400853952E3}" = CCC Help Czech
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DBB3F067-D7DF-C159-4224-3DABD84492E1}" = CCC Help Hungarian
"{DCDCE4BE-9E4B-BC42-85F6-76D4F0AE7EE0}" = CCC Help Russian
"{DF4F714F-5EDA-31FF-F597-317A29B42B8B}" = CCC Help Danish
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E1831D71-DBCA-999B-075D-7CC2B9B115C9}" = CCC Help Japanese
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E5EABF66-F9C4-430C-B97D-3CF28A58D50B}" = Alcor Micro USB Card Reader
"{EA562C1C-D6C2-070A-FE8B-B1FF6094ACB8}" = CCC Help Dutch
"{EADB1B66-8AAD-BC58-7E6E-33BC314A27D5}" = CCC Help Italian
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{E5EABF66-F9C4-430C-B97D-3CF28A58D50B}" = Alcor Micro USB Card Reader
"LManager" = Launch Manager
"MSC" = McAfee Internet Security Suite
"WinLiveSuite_Wave3" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ System Events ]
Error - 06.03.2013 05:37:31 | Computer Name = OAPalliance-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 06.03.2013 05:37:31 | Computer Name = OAPalliance-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 06.03.2013 05:37:31 | Computer Name = OAPalliance-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 06.03.2013 05:37:36 | Computer Name = OAPalliance-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 06.03.2013 05:37:36 | Computer Name = OAPalliance-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 06.03.2013 05:37:36 | Computer Name = OAPalliance-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 06.03.2013 05:37:36 | Computer Name = OAPalliance-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 06.03.2013 05:37:36 | Computer Name = OAPalliance-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 06.03.2013 05:37:36 | Computer Name = OAPalliance-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 06.03.2013 05:40:44 | Computer Name = OAPalliance-PC | Source = DCOM | ID = 10005
Description =
< End of report >
|
|
| Themen zu GVU Trojaner will einfach nicht verschwinden. |
| adobe flash player, autorun, bho, error, explorer, explorer.exe, firefox, flash player, format, home, igdpmd64.sys, install.exe, launch, logfile, malware, malware bytes, microsoft, msiinstaller, phishing, pmmupdate.exe, programme, realtek, registry, rundll, siteadvisor, software, svchost.exe, symantec, trojaner, windows, winlogon |
Linear-Darstellung
