Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner will einfach nicht verschwinden.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 05.03.2013, 12:16   #1
DarKxRaideR
 
GVU Trojaner will einfach nicht verschwinden. - Frage

GVU Trojaner will einfach nicht verschwinden.



Hallo liebe Community,

ich habe mir mal wieder einen ganz besonders hartnäckigen GVU Trojaner eingefangen, der abgesicherte Modus meines Windows 7 Home Premium 64-Bit geht zwar noch, aber jegliche Versuche dem Teil Herr zu werden sind gescheitert, bisher ausgeführt :

1) Panda ActiveScan Pro
2) Temp. Files gelöscht
3) Malware Bytes Anti-Malware

Leider habe ich wohl versäumt auf diesem Gerät SP1 zu installieren *peinlich*

Anbei auch die beiden OTL Files!

Zitat:
OTL logfile created on: 05.03.2013 11:32:30 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\OAPalliance\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,68 Gb Total Physical Memory | 2,83 Gb Available Physical Memory | 76,88% Memory free
7,35 Gb Paging File | 6,57 Gb Available in Paging File | 89,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,66 Gb Total Space | 427,31 Gb Free Space | 94,40% Space Free | Partition Type: NTFS

Computer Name: OAPALLIANCE-PC | User Name: OAPalliance | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\OAPalliance\Desktop\OTL.exe (OldTimer Tools)


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (mfevtp) -- C:\Programme\Common Files\mcafee\systemcore\mfevtps.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Programme\mcafee\virusscan\mcods.exe (McAfee, Inc.)
SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360213v706l0433z1j5t5641l549
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360213v706l0433z1j5t5641l549
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360213v706l0433z1j5t5641l549
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360213v706l0433z1j5t5641l549
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360213v706l0433z1j5t5641l549
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360213v706l0433z1j5t5641l549
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013.02.22 20:21:43 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\mcafee\msk\mskapbho64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\mcafee\systemcore\ScriptSn.20100513193929.dll (McAfee, Inc.)
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll File not found
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\mcafee\msk\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100513193929.dll (McAfee, Inc.)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~2\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Trigger New Acer AlaunchX] c:\OEM\Preload\Command\AlaunchX\AppInRun.exe ()
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKCU..\Run: [Global Registration] C:\Program Files (x86)\Acer\Registration\GREG.exe (Acer Incorporated)
O4:64bit: - HKLM..\RunOnce: [New Acer AlaunchX] c:\OEM\Preload\Command\AlaunchX\LaunchAlaunchX.exe (Acer Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.199 217.0.43.33 217.0.43.17
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DFEE2242-366F-42A9-B3DE-C4273AB1F84C}: DhcpNameServer = 192.168.100.199 217.0.43.33 217.0.43.17
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.03.05 11:31:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\OAPalliance\Desktop\OTL.exe
[2013.03.05 09:50:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013.03.04 18:09:38 | 000,703,352 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\OAPalliance\Desktop\autoruns.exe
[2013.03.04 14:01:48 | 000,000,000 | ---D | C] -- C:\Users\OAPalliance\AppData\Roaming\Malwarebytes
[2013.03.04 14:01:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.04 14:01:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.03.04 14:01:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.04 14:01:24 | 000,000,000 | ---D | C] -- C:\Users\OAPalliance\AppData\Local\Programs
[2013.03.04 12:34:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2013.03.04 12:31:41 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.03.04 12:24:43 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.04 12:22:54 | 000,000,000 | ---D | C] -- C:\Users\OAPalliance\AppData\Roaming\Adobe
[2013.02.23 04:57:49 | 000,000,000 | ---D | C] -- C:\Windows\de-DE
[2013.02.23 04:57:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\XPSViewer
[2013.02.23 04:57:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\de-DE
[2013.02.23 04:57:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\de
[2013.02.23 04:57:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\0407
[2013.02.23 04:57:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\de-DE
[2013.02.23 04:57:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0407
[2013.02.23 04:57:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\de
[2013.02.23 04:57:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\usbrpm.sys.mui
[2013.02.23 04:57:16 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\fvevol.sys.mui
[2013.02.23 04:57:08 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\qwavedrv.sys.mui
[2013.02.23 04:57:06 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\nwifi.sys.mui
[2013.02.23 04:57:06 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\qwavedrv.sys.mui
[2013.02.23 04:57:03 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\volsnap.sys.mui
[2013.02.23 04:57:03 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\usbport.sys.mui
[2013.02.23 04:57:03 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\processr.sys.mui
[2013.02.23 04:57:03 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\intelppm.sys.mui
[2013.02.23 04:57:03 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\amdppm.sys.mui
[2013.02.23 04:57:03 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\amdk8.sys.mui
[2013.02.23 04:57:03 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\usbhub.sys.mui
[2013.02.23 04:57:03 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\serial.sys.mui
[2013.02.23 04:57:03 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ohci1394.sys.mui
[2013.02.23 04:57:03 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\1394ohci.sys.mui
[2013.02.23 04:57:03 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerId.sys.mui
[2013.02.23 04:57:03 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerIb.sys.mui
[2013.02.23 04:57:03 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\i8042prt.sys.mui
[2013.02.23 04:57:03 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\acpi.sys.mui
[2013.02.23 04:57:03 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\battc.sys.mui
[2013.02.23 04:57:03 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\pci.sys.mui
[2013.02.23 04:57:03 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\IPMIDrv.sys.mui
[2013.02.23 04:57:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\sermouse.sys.mui
[2013.02.23 04:57:03 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\kbdclass.sys.mui
[2013.02.23 04:57:03 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mouclass.sys.mui
[2013.02.23 04:57:03 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\wacompen.sys.mui
[2013.02.23 04:57:03 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vhdmp.sys.mui
[2013.02.23 04:57:03 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vdrvroot.sys.mui
[2013.02.23 04:57:03 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\tpm.sys.mui
[2013.02.23 04:57:03 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\isapnp.sys.mui
[2013.02.23 04:57:03 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\hdaudbus.sys.mui
[2013.02.23 04:57:03 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\parport.sys.mui
[2013.02.23 04:57:03 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ataport.sys.mui
[2013.02.23 04:57:03 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\umbus.sys.mui
[2013.02.23 04:57:03 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mssmbios.sys.mui
[2013.02.23 04:57:03 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mouhid.sys.mui
[2013.02.23 04:57:03 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vwifibus.sys.mui
[2013.02.23 04:57:03 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ULIAGPKX.SYS.mui
[2013.02.23 04:57:03 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\UAGP35.SYS.mui
[2013.02.23 04:57:03 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\NV_AGP.SYS.mui
[2013.02.23 04:57:03 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\MTConfig.sys.mui
[2013.02.23 04:57:03 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\kbdhid.sys.mui
[2013.02.23 04:57:03 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\GAGP30KX.SYS.mui
[2013.02.23 04:57:03 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\AGP440.sys.mui
[2013.02.23 04:57:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\wd.sys.mui
[2013.02.23 04:57:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\disk.sys.mui
[2013.02.23 04:57:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\cdrom.sys.mui
[2013.02.23 04:57:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\amdide.sys.mui
[2013.02.23 04:57:02 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\tcpip.sys.mui
[2013.02.23 04:57:02 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mpio.sys.mui
[2013.02.23 04:57:02 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\bthport.sys.mui
[2013.02.23 04:57:02 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\msdsm.sys.mui
[2013.02.23 04:57:02 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\pcmcia.sys.mui
[2013.02.23 04:57:02 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\bthpan.sys.mui
[2013.02.23 04:57:02 | 000,004,096 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\de-DE\pscr.sys.mui
[2013.02.23 04:57:02 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\portcls.sys.mui
[2013.02.23 04:57:02 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\HdAudio.sys.mui
[2013.02.23 04:57:02 | 000,003,584 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\de-DE\atikmdag.sys.mui
[2013.02.23 04:57:02 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\serscan.sys.mui
[2013.02.23 04:57:02 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\rndismpx.sys.mui
[2013.02.23 04:57:02 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\rndismp6.sys.mui
[2013.02.23 04:57:02 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\hidbth.sys.mui
[2013.02.23 04:57:02 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\pnpmem.sys.mui
[2013.02.23 04:57:02 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\Dot4usb.sys.mui
[2013.02.23 04:57:02 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\BTHUSB.SYS.mui
[2013.02.23 04:57:02 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrParwdm.sys.mui
[2013.02.23 04:57:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ws2ifsl.sys.mui
[2013.02.23 04:57:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\bthenum.sys.mui
[2013.02.23 04:56:59 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\pacer.sys.mui
[2013.02.23 04:56:57 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\bfe.dll.mui
[2013.02.23 04:56:57 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\modem.sys.mui
[2013.02.23 04:56:56 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\afd.sys.mui
[2013.02.23 04:56:56 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ipnat.sys.mui
[2013.02.23 04:56:56 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\volmgrx.sys.mui
[2013.02.23 04:56:54 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ntfs.sys.mui
[2013.02.23 04:56:54 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\tunnel.sys.mui
[2013.02.23 04:56:54 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\luafv.sys.mui
[2013.02.23 04:56:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\ndiscap.sys.mui
[2013.02.23 04:56:54 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\rdbss.sys.mui
[2013.02.23 04:56:54 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\srv.sys.mui
[2013.02.23 04:56:54 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\scfilter.sys.mui
[2013.02.23 04:56:53 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ndisuio.sys.mui
[2013.02.23 04:56:53 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\partmgr.sys.mui
[2013.02.23 04:56:53 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mountmgr.sys.mui
[2013.02.23 04:56:51 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\tcpip.sys.mui
[2013.02.23 04:56:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ndiscap.sys.mui
[2013.02.23 04:56:51 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\RNDISMP.sys.mui
[2013.02.23 04:56:51 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\scfilter.sys.mui
[2013.02.23 04:56:49 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ndis.sys.mui
[2013.02.23 04:56:49 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\fltmgr.sys.mui
[2013.02.23 04:56:49 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\wdf01000.sys.mui
[2013.02.23 04:56:48 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\http.sys.mui
[2013.02.23 04:56:48 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\bfe.dll.mui
[2013.02.23 04:56:48 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\pacer.sys.mui
[2013.02.23 04:56:48 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\scsiport.sys.mui
[2013.02.23 04:52:25 | 000,000,000 | ---D | C] -- C:\Windows\NAPP_Dism_Log
[2013.02.22 20:43:11 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Arcade Deluxe
[2013.02.22 20:42:07 | 000,000,000 | ---D | C] -- C:\Users\OAPalliance\AppData\Local\Cyberlink
[2013.02.22 20:41:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acer Arcade Deluxe
[2013.02.22 20:41:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2013.02.22 20:41:02 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2013.02.22 20:39:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2013.02.22 20:38:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2013.02.22 20:38:47 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2013.02.22 20:38:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2013.02.22 20:38:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2013.02.22 20:38:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2013.02.22 20:38:17 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013.02.22 20:37:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2013.02.22 20:36:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2013.02.22 20:34:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent
[2013.02.22 20:33:56 | 000,056,344 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\HECIx64.sys
[2013.02.22 20:32:52 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2013.02.22 20:31:57 | 000,000,000 | ---D | C] -- C:\Users\OAPalliance\AppData\Roaming\Liteon
[2013.02.22 20:31:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye webcam
[2013.02.22 20:31:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acer Crystal Eye webcam
[2013.02.22 20:31:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Launch Manager
[2013.02.22 20:30:09 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2013.02.22 20:29:31 | 000,000,000 | ---D | C] -- C:\Users\OAPalliance\AppData\Roaming\InstallShield
[2013.02.22 20:25:33 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013.02.22 20:25:33 | 000,000,000 | ---D | C] -- C:\Users\OAPalliance\AppData\Roaming\ATI
[2013.02.22 20:25:33 | 000,000,000 | ---D | C] -- C:\Users\OAPalliance\AppData\Local\ATI
[2013.02.22 20:25:33 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013.02.22 20:24:58 | 000,000,000 | ---D | C] -- C:\Users\OAPalliance\AppData\Roaming\Intel Corporation
[2013.02.22 20:24:47 | 000,000,000 | ---D | C] -- C:\Users\OAPalliance\AppData\Local\EgisTec IPS
[2013.02.22 20:24:46 | 000,000,000 | ---D | C] -- C:\book
[2013.02.22 20:24:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem
[2013.02.22 20:24:45 | 000,000,000 | ---D | C] -- C:\Users\OAPalliance\AppData\Roaming\Macromedia
[2013.02.22 20:24:33 | 000,000,000 | R--D | C] -- C:\Users\OAPalliance\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.02.22 20:24:33 | 000,000,000 | R--D | C] -- C:\Users\OAPalliance\Searches
[2013.02.22 20:24:33 | 000,000,000 | R--D | C] -- C:\Users\OAPalliance\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.02.22 20:24:25 | 000,000,000 | ---D | C] -- C:\Users\OAPalliance\AppData\Roaming\Identities
[2013.02.22 20:24:23 | 000,000,000 | R--D | C] -- C:\Users\OAPalliance\Contacts
[2013.02.22 20:24:21 | 000,000,000 | ---D | C] -- C:\Users\OAPalliance\AppData\Local\VirtualStore
[2013.02.22 20:22:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OEM
[2013.02.22 20:21:50 | 000,000,000 | ---D | C] -- C:\Program Files\Acer Accessory Store
[2013.02.22 20:21:35 | 000,000,000 | -HSD | C] -- C:\Users\OAPalliance\Vorlagen
[2013.02.22 20:21:35 | 000,000,000 | -HSD | C] -- C:\Users\OAPalliance\AppData\Local\Verlauf
[2013.02.22 20:21:35 | 000,000,000 | -HSD | C] -- C:\Users\OAPalliance\AppData\Local\Temporary Internet Files
[2013.02.22 20:21:35 | 000,000,000 | -HSD | C] -- C:\Users\OAPalliance\Lokale Einstellungen
[2013.02.22 20:21:35 | 000,000,000 | -HSD | C] -- C:\Users\OAPalliance\AppData\Local\Anwendungsdaten
[2013.02.22 20:21:34 | 000,000,000 | --SD | C] -- C:\Users\OAPalliance\AppData\Roaming\Microsoft
[2013.02.22 20:21:34 | 000,000,000 | R--D | C] -- C:\Users\OAPalliance\Videos
[2013.02.22 20:21:34 | 000,000,000 | R--D | C] -- C:\Users\OAPalliance\Saved Games
[2013.02.22 20:21:34 | 000,000,000 | R--D | C] -- C:\Users\OAPalliance\Pictures
[2013.02.22 20:21:34 | 000,000,000 | R--D | C] -- C:\Users\OAPalliance\Music
[2013.02.22 20:21:34 | 000,000,000 | R--D | C] -- C:\Users\OAPalliance\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.02.22 20:21:34 | 000,000,000 | R--D | C] -- C:\Users\OAPalliance\Links
[2013.02.22 20:21:34 | 000,000,000 | R--D | C] -- C:\Users\OAPalliance\Favorites
[2013.02.22 20:21:34 | 000,000,000 | R--D | C] -- C:\Users\OAPalliance\Downloads
[2013.02.22 20:21:34 | 000,000,000 | R--D | C] -- C:\Users\OAPalliance\Documents
[2013.02.22 20:21:34 | 000,000,000 | R--D | C] -- C:\Users\OAPalliance\Desktop
[2013.02.22 20:21:34 | 000,000,000 | R--D | C] -- C:\Users\OAPalliance\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.02.22 20:21:34 | 000,000,000 | -HSD | C] -- C:\Users\OAPalliance\Startmenü
[2013.02.22 20:21:34 | 000,000,000 | -HSD | C] -- C:\Users\OAPalliance\SendTo
[2013.02.22 20:21:34 | 000,000,000 | -HSD | C] -- C:\Users\OAPalliance\Recent
[2013.02.22 20:21:34 | 000,000,000 | -HSD | C] -- C:\Users\OAPalliance\Netzwerkumgebung
[2013.02.22 20:21:34 | 000,000,000 | -HSD | C] -- C:\Users\OAPalliance\Documents\Eigene Videos
[2013.02.22 20:21:34 | 000,000,000 | -HSD | C] -- C:\Users\OAPalliance\Documents\Eigene Musik
[2013.02.22 20:21:34 | 000,000,000 | -HSD | C] -- C:\Users\OAPalliance\Eigene Dateien
[2013.02.22 20:21:34 | 000,000,000 | -HSD | C] -- C:\Users\OAPalliance\Documents\Eigene Bilder
[2013.02.22 20:21:34 | 000,000,000 | -HSD | C] -- C:\Users\OAPalliance\Druckumgebung
[2013.02.22 20:21:34 | 000,000,000 | -HSD | C] -- C:\Users\OAPalliance\Cookies
[2013.02.22 20:21:34 | 000,000,000 | -HSD | C] -- C:\Users\OAPalliance\Anwendungsdaten
[2013.02.22 20:21:34 | 000,000,000 | -H-D | C] -- C:\Users\OAPalliance\AppData
[2013.02.22 20:21:34 | 000,000,000 | ---D | C] -- C:\Users\OAPalliance\AppData\Local\Temp
[2013.02.22 20:21:34 | 000,000,000 | ---D | C] -- C:\Users\OAPalliance\AppData\Local\Microsoft
[2013.02.22 20:21:34 | 000,000,000 | ---D | C] -- C:\Users\OAPalliance\AppData\Roaming\Media Center Programs
[2013.02.22 20:21:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.02.22 20:21:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.02.22 20:21:29 | 000,000,000 | -HSD | C] -- C:\Programme
[2013.02.22 20:21:29 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.02.22 20:21:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2013.02.22 20:21:29 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.02.22 20:21:29 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.02.22 20:21:29 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.02.22 20:21:29 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2013.02.22 20:21:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.02.22 20:21:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2013.02.22 20:21:29 | 000,000,000 | ---D | C] -- C:\Recovery
[2013.02.22 20:07:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2013.02.22 20:06:56 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2013.02.22 20:06:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2013.02.22 20:05:51 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013.02.22 20:04:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2013.02.22 20:04:53 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013.02.22 20:04:52 | 002,719,504 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2013.02.22 20:04:52 | 001,913,888 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2013.02.22 20:04:52 | 000,612,384 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2013.02.22 20:04:52 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2013.02.22 20:04:52 | 000,332,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2013.02.22 20:04:52 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2013.02.22 20:04:52 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2013.02.22 20:04:52 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2013.02.22 20:04:52 | 000,149,536 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2013.02.22 20:04:51 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2013.02.22 20:04:51 | 001,659,936 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2013.02.22 20:04:51 | 001,325,328 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2013.02.22 20:04:51 | 001,210,912 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2013.02.22 20:04:51 | 001,178,384 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2013.02.22 20:04:51 | 001,110,800 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2013.02.22 20:04:51 | 000,504,592 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2013.02.22 20:04:51 | 000,477,216 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2013.02.22 20:04:51 | 000,474,896 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2013.02.22 20:04:51 | 000,372,936 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2013.02.22 20:04:51 | 000,325,904 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2013.02.22 20:04:51 | 000,321,440 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2013.02.22 20:04:51 | 000,315,152 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2013.02.22 20:04:51 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2013.02.22 20:04:51 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2013.02.22 20:04:51 | 000,268,560 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2013.02.22 20:04:51 | 000,265,488 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2013.02.22 20:04:51 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2013.02.22 20:04:51 | 000,123,664 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2013.02.22 20:04:51 | 000,123,152 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2013.02.22 20:04:51 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2013.02.22 20:04:51 | 000,099,016 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2013.02.22 20:04:51 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2013.02.22 20:04:51 | 000,069,664 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2013.02.22 20:04:50 | 001,247,776 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2013.02.22 20:04:50 | 000,168,288 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2013.02.22 20:04:50 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2013.02.22 20:04:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013.02.22 20:04:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013.02.22 20:02:55 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2013.03.05 11:31:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\OAPalliance\Desktop\OTL.exe
[2013.03.05 09:52:26 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.05 09:52:26 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.05 09:52:26 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.05 09:52:26 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.05 09:52:26 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.05 09:50:19 | 000,001,832 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
[2013.03.05 09:48:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.05 09:47:54 | 2960,510,976 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.23 04:57:38 | 000,295,922 | ---- | M] () -- C:\Windows\SysNative\perfi007.dat
[2013.02.23 04:57:38 | 000,038,104 | ---- | M] () -- C:\Windows\SysNative\perfd007.dat
[2013.02.23 04:57:20 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\usbrpm.sys.mui
[2013.02.23 04:57:16 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\fvevol.sys.mui
[2013.02.23 04:57:12 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\UMDF\de-DE\WpdMtpDr.dll.mui
[2013.02.23 04:57:08 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\qwavedrv.sys.mui
[2013.02.23 04:57:06 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\nwifi.sys.mui
[2013.02.23 04:57:06 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\qwavedrv.sys.mui
[2013.02.23 04:57:03 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\volsnap.sys.mui
[2013.02.23 04:57:03 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\usbport.sys.mui
[2013.02.23 04:57:03 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\processr.sys.mui
[2013.02.23 04:57:03 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\intelppm.sys.mui
[2013.02.23 04:57:03 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\amdppm.sys.mui
[2013.02.23 04:57:03 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\amdk8.sys.mui
[2013.02.23 04:57:03 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\usbhub.sys.mui
[2013.02.23 04:57:03 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\serial.sys.mui
[2013.02.23 04:57:03 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ohci1394.sys.mui
[2013.02.23 04:57:03 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\1394ohci.sys.mui
[2013.02.23 04:57:03 | 000,011,776 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerId.sys.mui
[2013.02.23 04:57:03 | 000,011,776 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerIb.sys.mui
[2013.02.23 04:57:03 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\i8042prt.sys.mui
[2013.02.23 04:57:03 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\acpi.sys.mui
[2013.02.23 04:57:03 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\battc.sys.mui
[2013.02.23 04:57:03 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\pci.sys.mui
[2013.02.23 04:57:03 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\IPMIDrv.sys.mui
[2013.02.23 04:57:03 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\sermouse.sys.mui
[2013.02.23 04:57:03 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\kbdclass.sys.mui
[2013.02.23 04:57:03 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mouclass.sys.mui
[2013.02.23 04:57:03 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\wacompen.sys.mui
[2013.02.23 04:57:03 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vhdmp.sys.mui
[2013.02.23 04:57:03 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vdrvroot.sys.mui
[2013.02.23 04:57:03 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\tpm.sys.mui
[2013.02.23 04:57:03 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\isapnp.sys.mui
[2013.02.23 04:57:03 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\hdaudbus.sys.mui
[2013.02.23 04:57:03 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\parport.sys.mui
[2013.02.23 04:57:03 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ataport.sys.mui
[2013.02.23 04:57:03 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\umbus.sys.mui
[2013.02.23 04:57:03 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mssmbios.sys.mui
[2013.02.23 04:57:03 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mouhid.sys.mui
[2013.02.23 04:57:03 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vwifibus.sys.mui
[2013.02.23 04:57:03 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ULIAGPKX.SYS.mui
[2013.02.23 04:57:03 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\UAGP35.SYS.mui
[2013.02.23 04:57:03 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\NV_AGP.SYS.mui
[2013.02.23 04:57:03 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\MTConfig.sys.mui
[2013.02.23 04:57:03 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\kbdhid.sys.mui
[2013.02.23 04:57:03 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\GAGP30KX.SYS.mui
[2013.02.23 04:57:03 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\AGP440.sys.mui
[2013.02.23 04:57:03 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\wd.sys.mui
[2013.02.23 04:57:03 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\disk.sys.mui
[2013.02.23 04:57:03 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\cdrom.sys.mui
[2013.02.23 04:57:03 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\amdide.sys.mui
[2013.02.23 04:57:02 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\tcpip.sys.mui
[2013.02.23 04:57:02 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mpio.sys.mui
[2013.02.23 04:57:02 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\bthport.sys.mui
[2013.02.23 04:57:02 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\UMDF\de-DE\WUDFUsbccidDriver.dll.mui
[2013.02.23 04:57:02 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\msdsm.sys.mui
[2013.02.23 04:57:02 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\pcmcia.sys.mui
[2013.02.23 04:57:02 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\bthpan.sys.mui
[2013.02.23 04:57:02 | 000,004,096 | ---- | M] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\de-DE\pscr.sys.mui
[2013.02.23 04:57:02 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\portcls.sys.mui
[2013.02.23 04:57:02 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\HdAudio.sys.mui
[2013.02.23 04:57:02 | 000,003,584 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\de-DE\atikmdag.sys.mui
[2013.02.23 04:57:02 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\serscan.sys.mui
[2013.02.23 04:57:02 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\rndismpx.sys.mui
[2013.02.23 04:57:02 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\rndismp6.sys.mui
[2013.02.23 04:57:02 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\hidbth.sys.mui
[2013.02.23 04:57:02 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\pnpmem.sys.mui
[2013.02.23 04:57:02 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\Dot4usb.sys.mui
[2013.02.23 04:57:02 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\BTHUSB.SYS.mui
[2013.02.23 04:57:02 | 000,002,560 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrParwdm.sys.mui
[2013.02.23 04:57:02 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ws2ifsl.sys.mui
[2013.02.23 04:57:02 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\bthenum.sys.mui
[2013.02.23 04:56:59 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\pacer.sys.mui
[2013.02.23 04:56:57 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\bfe.dll.mui
[2013.02.23 04:56:57 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\modem.sys.mui
[2013.02.23 04:56:56 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\afd.sys.mui
[2013.02.23 04:56:56 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ipnat.sys.mui
[2013.02.23 04:56:56 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\volmgrx.sys.mui
[2013.02.23 04:56:54 | 000,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ntfs.sys.mui
[2013.02.23 04:56:54 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\tunnel.sys.mui
[2013.02.23 04:56:54 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\luafv.sys.mui
[2013.02.23 04:56:54 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\ndiscap.sys.mui
[2013.02.23 04:56:54 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\rdbss.sys.mui
[2013.02.23 04:56:54 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\srv.sys.mui
[2013.02.23 04:56:54 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\scfilter.sys.mui
[2013.02.23 04:56:53 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ndisuio.sys.mui
[2013.02.23 04:56:53 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\partmgr.sys.mui
[2013.02.23 04:56:53 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mountmgr.sys.mui
[2013.02.23 04:56:51 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\tcpip.sys.mui
[2013.02.23 04:56:51 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ndiscap.sys.mui
[2013.02.23 04:56:51 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\RNDISMP.sys.mui
[2013.02.23 04:56:51 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\scfilter.sys.mui
[2013.02.23 04:56:49 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ndis.sys.mui
[2013.02.23 04:56:49 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\fltmgr.sys.mui
[2013.02.23 04:56:49 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\wdf01000.sys.mui
[2013.02.23 04:56:48 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\http.sys.mui
[2013.02.23 04:56:48 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\bfe.dll.mui
[2013.02.23 04:56:48 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\pacer.sys.mui
[2013.02.23 04:56:48 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\scsiport.sys.mui
[2013.02.23 04:52:25 | 000,011,453 | ---- | M] () -- C:\Windows\ChangeLang_Done.tag
[2013.02.22 20:35:36 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.22 20:35:36 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.22 20:32:55 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013.02.22 20:31:12 | 000,000,000 | ---- | M] () -- C:\Windows\SETUP.INI
[2013.02.22 20:31:11 | 000,000,184 | ---- | M] () -- C:\Windows\LMv4.UNI
[2013.02.22 20:22:00 | 000,002,609 | ---- | M] () -- C:\Users\Public\Desktop\eBay.lnk
[2013.02.22 20:21:50 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\Acer Zubehör Shop.lnk
[2013.02.22 20:17:48 | 000,052,953 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013.02.22 20:17:48 | 000,052,953 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013.02.22 20:11:46 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.22 20:11:07 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2013.02.22 20:10:05 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\PLD_Framework.cmd

========== Files Created - No Company Name ==========

[2013.02.23 05:01:16 | 000,011,453 | ---- | C] () -- C:\Windows\ChangeLang_Done.tag
[2013.02.23 04:58:13 | 000,295,922 | ---- | C] () -- C:\Windows\SysNative\perfi007.dat
[2013.02.23 04:58:12 | 000,643,628 | ---- | C] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.23 04:58:12 | 000,126,188 | ---- | C] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.23 04:58:12 | 000,038,104 | ---- | C] () -- C:\Windows\SysNative\perfd007.dat
[2013.02.22 20:36:10 | 000,002,435 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
[2013.02.22 20:32:55 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013.02.22 20:31:12 | 000,000,000 | ---- | C] () -- C:\Windows\SETUP.INI
[2013.02.22 20:24:38 | 000,001,409 | ---- | C] () -- C:\Users\OAPalliance\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013.02.22 20:24:34 | 000,001,443 | ---- | C] () -- C:\Users\OAPalliance\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.02.22 20:22:00 | 000,002,609 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk
[2013.02.22 20:21:50 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\Acer Zubehör Shop.lnk
[2013.02.22 20:11:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013.02.22 20:10:05 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\PLD_Framework.cmd
[2013.02.22 20:07:16 | 000,001,105 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2013.02.22 20:07:16 | 000,001,105 | ---- | C] () -- C:\Windows\SysNative\atipblup.dat
[2013.02.22 20:04:53 | 000,231,056 | ---- | C] () -- C:\Windows\SysNative\drivers\RTConvEQ.dat
[2013.02.22 20:04:53 | 000,030,856 | ---- | C] () -- C:\Windows\SysNative\drivers\RtPCEE3.DAT
[2013.02.22 20:04:53 | 000,001,352 | ---- | C] () -- C:\Windows\SysNative\drivers\RtHdatEx.dat
[2013.02.22 20:04:53 | 000,000,712 | ---- | C] () -- C:\Windows\SysNative\drivers\SamSfPa.dat
[2013.02.22 20:04:53 | 000,000,520 | ---- | C] () -- C:\Windows\SysNative\drivers\RTEQEX3.dat
[2013.02.22 20:04:53 | 000,000,520 | ---- | C] () -- C:\Windows\SysNative\drivers\RTEQEX2.dat
[2013.02.22 20:04:53 | 000,000,520 | ---- | C] () -- C:\Windows\SysNative\drivers\RTEQEX1.dat
[2013.02.22 20:04:53 | 000,000,520 | ---- | C] () -- C:\Windows\SysNative\drivers\RTEQEX0.dat
[2013.02.22 20:04:53 | 000,000,176 | ---- | C] () -- C:\Windows\SysNative\drivers\RTHDAEQ1.dat
[2013.02.22 20:04:53 | 000,000,008 | ---- | C] () -- C:\Windows\SysNative\drivers\rtkhdaud.dat
[2013.02.22 20:04:18 | 000,696,680 | ---- | C] () -- C:\Windows\SysNative\oem6.inf
[2013.02.22 20:02:56 | 2960,510,976 | -HS- | C] () -- C:\hiberfil.sys
[2010.05.14 03:29:27 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2009.07.14 02:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
Zitat:
OTL Extras logfile created on: 05.03.2013 11:32:30 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\OAPalliance\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,68 Gb Total Physical Memory | 2,83 Gb Available Physical Memory | 76,88% Memory free
7,35 Gb Paging File | 6,57 Gb Available in Paging File | 89,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,66 Gb Total Space | 427,31 Gb Free Space | 94,40% Space Free | Partition Type: NTFS

Computer Name: OAPALLIANCE-PC | User Name: OAPalliance | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11F56432-6CE4-4C7E-BD84-81B3D5F39F45}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A587D0D8-7794-4580-820D-5BA8B7BD84F5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12ADA536-652F-4FD7-9B60-F0150084D470}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{29CD4701-413E-49D3-A07B-AE91E6EECA41}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{3238093F-B8B3-4316-9764-C88A34A0560D}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{82101DBE-3B25-4341-BA89-BA39B650F3D6}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{87FFCDCF-0884-467F-8FD8-3CE1D28F3C9B}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{9DF2A7BD-9821-4ECB-8481-CF371A720DD7}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{9EB95263-38C4-4BC3-90D6-07A94960C700}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CB9A2E62-ED0E-40E6-89E1-38BA8567B7F2}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{241E3816-2EF1-A1D1-8811-4478E28E130B}" = ccc-utility64
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AFBE654A-4597-89DB-EF5F-7CC7D0475691}" = ATI Catalyst Install Manager
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{0E9118B6-0191-3642-E743-B69EBE42D4AF}" = Catalyst Control Center Graphics Full Existing
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19F3712E-BDCF-B1DA-A22E-A67537C8A2F0}" = CCC Help Polish
"{1BE1B77F-4307-B5D3-1532-CEE7ECF9CBBB}" = CCC Help Norwegian
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3CD5493C-51AF-C805-A197-DC36E8C57784}" = CCC Help Portuguese
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4BCBC4D0-1D88-462D-809E-506F34EA11C0}" = Catalyst Control Center - Branding
"{4FEF7A1D-0DAC-F687-E474-AA7A13E3D8CA}" = Catalyst Control Center Graphics Full New
"{50B9544E-CA9A-CA08-3BC8-F66A69A4E49F}" = CCC Help Spanish
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{525A74BE-B7F5-94D0-987C-0324FF58FBB1}" = CCC Help French
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5F0FF70C-5828-2178-4642-206D9F3B681F}" = Catalyst Control Center InstallProxy
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{74A8E6D0-5E5B-6CAC-F592-8EDA39FC15C0}" = CCC Help Korean
"{780B7CAD-9E59-8986-63EC-D60B8D06D6E6}" = Catalyst Control Center Graphics Light
"{7C1BA7EF-0866-BBDB-129A-F53DB0954F61}" = CCC Help Turkish
"{7E2CD483-7D07-BE78-C0C6-DE07057DC551}" = Catalyst Control Center Core Implementation
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{832BC337-E36D-0039-065C-7E4EDC5D45B4}" = CCC Help Greek
"{849EC471-5D3C-59E4-5C52-845C3AC320B3}" = CCC Help Thai
"{86021347-6DF2-7015-B152-51A17DCFDB22}" = CCC Help English
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9347A62B-EDAF-AA30-0F68-3EF11B51DCA1}" = CCC Help German
"{935E59AB-A56F-6EB5-9BA8-A1FC7A203A77}" = ccc-core-static
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95E4B940-E816-933C-D48F-2E000F2629C8}" = CCC Help Chinese Traditional
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D027EFD-8DA7-474D-FEF9-6302A77BDB27}" = CCC Help Chinese Standard
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8439DCA-AE39-2510-3EC3-730C4EE13473}" = CCC Help Finnish
"{ABEE079E-648E-488B-8301-0C3DB48C1BCE}_is1" = Acer GameZone Console
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{AC838E60-C5DB-3127-1743-E6789CC26C74}" = PX Profile Update
"{B6F57B2E-1C93-E0B3-4F6A-F5E2118709AA}" = CCC Help Swedish
"{B73424BF-A4E9-572B-3FE1-6E7AF172D192}" = Catalyst Control Center Graphics Previews Vista
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C76DD602-F340-0433-87B9-432996F4707A}" = Catalyst Control Center Localization All
"{D421F957-7D5B-D409-FA76-7400853952E3}" = CCC Help Czech
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DBB3F067-D7DF-C159-4224-3DABD84492E1}" = CCC Help Hungarian
"{DCDCE4BE-9E4B-BC42-85F6-76D4F0AE7EE0}" = CCC Help Russian
"{DF4F714F-5EDA-31FF-F597-317A29B42B8B}" = CCC Help Danish
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E1831D71-DBCA-999B-075D-7CC2B9B115C9}" = CCC Help Japanese
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E5EABF66-F9C4-430C-B97D-3CF28A58D50B}" = Alcor Micro USB Card Reader
"{EA562C1C-D6C2-070A-FE8B-B1FF6094ACB8}" = CCC Help Dutch
"{EADB1B66-8AAD-BC58-7E6E-33BC314A27D5}" = CCC Help Italian
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{E5EABF66-F9C4-430C-B97D-3CF28A58D50B}" = Alcor Micro USB Card Reader
"LManager" = Launch Manager
"MSC" = McAfee Internet Security Suite
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 22.02.2013 15:06:53 | Computer Name = WIN-V9ULR9KRBSD | Source = MsiInstaller | ID = 11935
Description =

[ System Events ]
Error - 04.03.2013 11:00:15 | Computer Name = OAPalliance-PC | Source = DCOM | ID = 10005
Description =

Error - 04.03.2013 11:00:14 | Computer Name = OAPalliance-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\System32\bcmihvsrv64.dll Fehlercode: 21

Error - 04.03.2013 11:00:18 | Computer Name = OAPalliance-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 04.03.2013 11:00:18 | Computer Name = OAPalliance-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 04.03.2013 11:00:18 | Computer Name = OAPalliance-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 04.03.2013 11:00:19 | Computer Name = OAPalliance-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 04.03.2013 11:00:19 | Computer Name = OAPalliance-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 04.03.2013 11:00:19 | Computer Name = OAPalliance-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 04.03.2013 11:00:19 | Computer Name = OAPalliance-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 04.03.2013 11:00:19 | Computer Name = OAPalliance-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068


< End of report >
Danke im vorraus.

Gruß,

DarKxRaideR

Alt 05.03.2013, 12:44   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner will einfach nicht verschwinden. - Standard

GVU Trojaner will einfach nicht verschwinden.



Hallo und

Zitat:
1) Panda ActiveScan Pro
2) Temp. Files gelöscht
3) Malware Bytes Anti-Malware
hast du noch die Logs mit Funden dazu?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 05.03.2013, 12:57   #3
DarKxRaideR
 
GVU Trojaner will einfach nicht verschwinden. - Standard

GVU Trojaner will einfach nicht verschwinden.



Natürlich, hier bitte :

Code:
ATTFilter
;***********************************************************************************************************************************************************************************
ANALYSIS: 2013-03-04 13:11:25
PROTECTIONS: 1
MALWARE: 2
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description                                  Version                       Active    Updated
;===================================================================================================================================================================================
McAfee VirusScan                                                           Yes       Yes
;===================================================================================================================================================================================
MALWARE
Id        Description                        Type                Active    Severity  Disinfectable  Disinfected Location
;===================================================================================================================================================================================
00139061  Cookie/Doubleclick                 TrackingCookie      No        0         Yes            No           c:\users\oapalliance\appdata\roaming\microsoft\windows\cookies\oapalliance@doubleclick[2].txt
00168056  Cookie/YieldManager                TrackingCookie      No        0         Yes            Yes          c:\users\oapalliance\appdata\roaming\microsoft\windows\cookies\oapalliance@ad.yieldmanager[2].txt
;===================================================================================================================================================================================
SUSPECTS
Sent      Location
;===================================================================================================================================================================================
No        c:\oem\preload\autorun\app\arcade deluxe v4.0\pcmmovie\data1.cab[_5b1ae89f08479558f9c249abf9b5c8d3]
;===================================================================================================================================================================================
VULNERABILITIES
Id        Severity       Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================
         
und hier der MBAM :

Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.04.05

Windows 7 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.7600.16385
OAPalliance :: OAPALLIANCE-PC [Administrator]

04.03.2013 14:41:34
mbam-log-2013-03-04 (14-41-34).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 297227
Laufzeit: 15 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Des weiteren fällt mir ein, das ich auch manuell folgende Datei gelöscht hatte :

C:\Programdata\FullRemove.exe
__________________

Alt 05.03.2013, 13:05   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner will einfach nicht verschwinden. - Standard

GVU Trojaner will einfach nicht verschwinden.



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Bitte nun Logs mit GMER (<<< klick für Anleitung) und MBAR (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur MBAR aus.

Anleitung MBAR:

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 05.03.2013, 13:47   #5
DarKxRaideR
 
GVU Trojaner will einfach nicht verschwinden. - Standard

GVU Trojaner will einfach nicht verschwinden.



Ergebniss ist folgendes :

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.05.02

Windows 7 x64 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.7600.16385
OAPalliance :: OAPALLIANCE-PC [administrator]

05.03.2013 13:46:21
mbar-log-2013-03-05 (13-46-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 27789
Time elapsed: 10 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         


Alt 05.03.2013, 14:00   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner will einfach nicht verschwinden. - Standard

GVU Trojaner will einfach nicht verschwinden.



Was ist mit GMER?
__________________
--> GVU Trojaner will einfach nicht verschwinden.

Alt 05.03.2013, 14:05   #7
DarKxRaideR
 
GVU Trojaner will einfach nicht verschwinden. - Standard

GVU Trojaner will einfach nicht verschwinden.



Zitat:
Zitat von cosinus Beitrag anzeigen
Was ist mit GMER?
Kommt sofort, hab leider nen leeren Log kopiert, lasse den schnell nochmal laufen, kommt also asap hierhin.

Alt 05.03.2013, 14:06   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner will einfach nicht verschwinden. - Standard

GVU Trojaner will einfach nicht verschwinden.



Ok, aber eine Bitte: lass solche Zwischenrufe, poste nur wenn es Probleme gibt oder wenn du die Logs hast (diese dann auch posten in CODE-Tags)
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 05.03.2013, 14:30   #9
DarKxRaideR
 
GVU Trojaner will einfach nicht verschwinden. - Standard

GVU Trojaner will einfach nicht verschwinden.



Code:
ATTFilter
GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-05 14:29:26
Windows 6.1.7600  x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465,76GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\OAPALL~1\AppData\Local\Temp\pglyqfog.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe                                                                                                suspicious modification

---- User IAT/EAT - GMER 2.1 ----

IAT       C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[1120] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!LoadLibraryA]  [13f588960] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
IAT       C:\Windows\Explorer.EXE[1396] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!FreeLibraryAndExitThread]                          [10002350] C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll
IAT       C:\Windows\Explorer.EXE[1396] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!CreateThread]                                      [10003450] C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll
IAT       C:\Windows\Explorer.EXE[1396] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!LoadLibraryA]                                      [100011e0] C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll

---- Devices - GMER 2.1 ----

Device    \Driver\iaStor \Device\Dev_fffffa8004ef6050                                                                                     fffffa8004acd328

---- Threads - GMER 2.1 ----

Thread    System [4:1944]                                                                                                                 fffffa8004ac5b50

---- EOF - GMER 2.1 ----
         

Alt 05.03.2013, 14:40   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner will einfach nicht verschwinden. - Standard

GVU Trojaner will einfach nicht verschwinden.



aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 05.03.2013, 15:31   #11
DarKxRaideR
 
GVU Trojaner will einfach nicht verschwinden. - Standard

GVU Trojaner will einfach nicht verschwinden.



Hier zuerst die aswMBR:

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-05 14:47:37
-----------------------------
14:47:37.363    OS Version: Windows x64 6.1.7600 
14:47:37.363    Number of processors: 4 586 0x2502
14:47:37.363    ComputerName: OAPALLIANCE-PC  UserName: OAPalliance
14:47:38.330    Initialize success
14:53:56.038    AVAST engine defs: 13030500
14:54:17.754    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:54:17.754    Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
14:54:17.910    Disk 0 MBR read successfully
14:54:17.910    Disk 0 MBR scan
14:54:17.925    Disk 0 Windows 7 default MBR code
14:54:17.956    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        13312 MB offset 2048
14:54:17.972    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 27265024
14:54:17.988    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       463526 MB offset 27469824
14:54:18.315    Disk 0 scanning C:\Windows\system32\drivers
14:55:29.061    Service scanning
14:55:49.373    Service UCORESYS D:\DMIEDIT_utility\UCORESYS.sys **LOCKED** 21
14:55:49.388    Service UCOREW64 D:\DMIEDIT_utility\UCOREW64.sys **LOCKED** 21
14:55:53.663    Modules scanning
14:55:53.663    Disk 0 trace - called modules:
14:55:53.709    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
14:55:53.709    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005f7e060]
14:55:53.725    3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004ef6050]
14:55:54.739    AVAST engine scan C:\Windows
14:56:17.250    AVAST engine scan C:\Windows\system32
15:16:04.147    AVAST engine scan C:\Windows\system32\drivers
15:16:13.335    AVAST engine scan C:\Users\OAPalliance
15:17:07.498    AVAST engine scan C:\ProgramData
15:17:33.254    Scan finished successfully
15:21:11.826    Disk 0 MBR has been saved successfully to "E:\MBR.dat"
15:21:12.029    The log file has been saved successfully to "E:\aswMBR.txt"
         
TDSS LogFile

Code:
ATTFilter
15:21:29.0314 1168  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:21:31.0326 1168  ============================================================
15:21:31.0326 1168  Current date / time: 2013/03/05 15:21:31.0326
15:21:31.0326 1168  SystemInfo:
15:21:31.0326 1168  
15:21:31.0326 1168  OS Version: 6.1.7600 ServicePack: 0.0
15:21:31.0326 1168  Product type: Workstation
15:21:31.0326 1168  ComputerName: OAPALLIANCE-PC
15:21:31.0326 1168  UserName: OAPalliance
15:21:31.0326 1168  Windows directory: C:\Windows
15:21:31.0326 1168  System windows directory: C:\Windows
15:21:31.0326 1168  Running under WOW64
15:21:31.0326 1168  Processor architecture: Intel x64
15:21:31.0326 1168  Number of processors: 4
15:21:31.0326 1168  Page size: 0x1000
15:21:31.0326 1168  Boot type: Safe boot with network
15:21:31.0326 1168  ============================================================
15:21:31.0685 1168  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:21:31.0685 1168  Drive \Device\Harddisk1\DR5 - Size: 0xEFC00000 (3.75 Gb), SectorSize: 0x200, Cylinders: 0x1E9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:21:31.0700 1168  ============================================================
15:21:31.0700 1168  \Device\Harddisk0\DR0:
15:21:31.0700 1168  MBR partitions:
15:21:31.0700 1168  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
15:21:31.0700 1168  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x38953000
15:21:31.0700 1168  \Device\Harddisk1\DR5:
15:21:31.0700 1168  MBR partitions:
15:21:31.0700 1168  \Device\Harddisk1\DR5\Partition1: MBR, Type 0xB, StartLBA 0x448, BlocksNum 0x77DBB8
15:21:31.0700 1168  ============================================================
15:21:31.0732 1168  C: <-> \Device\Harddisk0\DR0\Partition2
15:21:31.0732 1168  ============================================================
15:21:31.0732 1168  Initialize success
15:21:31.0732 1168  ============================================================
15:22:14.0117 2544  ============================================================
15:22:14.0117 2544  Scan started
15:22:14.0117 2544  Mode: Manual; SigCheck; TDLFS; 
15:22:14.0117 2544  ============================================================
15:22:14.0476 2544  ================ Scan system memory ========================
15:22:14.0476 2544  System memory - ok
15:22:14.0476 2544  ================ Scan services =============================
15:22:14.0928 2544  [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
15:22:14.0991 2544  1394ohci - ok
15:22:15.0022 2544  [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
15:22:15.0037 2544  ACPI - ok
15:22:15.0084 2544  [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
15:22:15.0147 2544  AcpiPmi - ok
15:22:15.0209 2544  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
15:22:15.0225 2544  adp94xx - ok
15:22:15.0256 2544  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
15:22:15.0256 2544  adpahci - ok
15:22:15.0271 2544  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
15:22:15.0271 2544  adpu320 - ok
15:22:15.0303 2544  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:22:15.0459 2544  AeLookupSvc - ok
15:22:15.0537 2544  [ B9384E03479D2506BC924C16A3DB87BC ] AFD             C:\Windows\system32\drivers\afd.sys
15:22:15.0583 2544  AFD - ok
15:22:15.0615 2544  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
15:22:15.0615 2544  agp440 - ok
15:22:15.0646 2544  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
15:22:15.0693 2544  ALG - ok
15:22:15.0771 2544  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
15:22:15.0786 2544  aliide - ok
15:22:15.0849 2544  [ B4143CB1DD16AE73C6177C72F33450A6 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:22:15.0942 2544  AMD External Events Utility - ok
15:22:15.0958 2544  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
15:22:15.0973 2544  amdide - ok
15:22:16.0005 2544  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
15:22:16.0036 2544  AmdK8 - ok
15:22:16.0192 2544  [ D1D06810BF7E21F5763EB06CB7E7262B ] amdkmdag        C:\Windows\system32\DRIVERS\atipmdag.sys
15:22:16.0285 2544  amdkmdag - ok
15:22:16.0332 2544  [ 6BA71D6616B56816E57394D77DD1BB6F ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
15:22:16.0363 2544  amdkmdap - ok
15:22:16.0379 2544  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
15:22:16.0395 2544  AmdPPM - ok
15:22:16.0457 2544  [ 7A4B413614C055935567CF88A9734D38 ] amdsata         C:\Windows\system32\DRIVERS\amdsata.sys
15:22:16.0473 2544  amdsata - ok
15:22:16.0504 2544  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
15:22:16.0519 2544  amdsbs - ok
15:22:16.0519 2544  [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata         C:\Windows\system32\DRIVERS\amdxata.sys
15:22:16.0519 2544  amdxata - ok
15:22:16.0597 2544  [ 391887990CDAA83DE5C56C3FDE966DA1 ] AmUStor         C:\Windows\system32\drivers\AmUStor.SYS
15:22:16.0629 2544  AmUStor - ok
15:22:16.0691 2544  [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID           C:\Windows\system32\drivers\appid.sys
15:22:16.0769 2544  AppID - ok
15:22:16.0800 2544  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:22:16.0847 2544  AppIDSvc - ok
15:22:16.0894 2544  [ D065BE66822847B7F127D1F90158376E ] Appinfo         C:\Windows\System32\appinfo.dll
15:22:16.0941 2544  Appinfo - ok
15:22:17.0003 2544  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
15:22:17.0003 2544  arc - ok
15:22:17.0019 2544  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
15:22:17.0019 2544  arcsas - ok
15:22:17.0050 2544  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:22:17.0097 2544  AsyncMac - ok
15:22:17.0128 2544  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
15:22:17.0128 2544  atapi - ok
15:22:17.0206 2544  [ 70260C7C98CC0101316F5B2650C3BB44 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
15:22:17.0253 2544  athr - ok
15:22:17.0331 2544  [ 77C149E6D702737B2E372DEE166FAEF8 ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
15:22:17.0362 2544  AtiHdmiService - ok
15:22:17.0424 2544  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:22:17.0471 2544  AudioEndpointBuilder - ok
15:22:17.0502 2544  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:22:17.0549 2544  AudioSrv - ok
15:22:17.0580 2544  [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:22:17.0643 2544  AxInstSV - ok
15:22:17.0705 2544  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
15:22:17.0736 2544  b06bdrv - ok
15:22:17.0783 2544  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:22:17.0814 2544  b57nd60a - ok
15:22:17.0939 2544  [ FDE8C8DC07E75347E4C6B455A0964217 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
15:22:17.0986 2544  BCM43XX - ok
15:22:18.0033 2544  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:22:18.0064 2544  BDESVC - ok
15:22:18.0095 2544  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:22:18.0126 2544  Beep - ok
15:22:18.0204 2544  [ 4992C609A6315671463E30F6512BC022 ] BFE             C:\Windows\System32\bfe.dll
15:22:18.0267 2544  BFE - ok
15:22:18.0298 2544  [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS            C:\Windows\System32\qmgr.dll
15:22:18.0360 2544  BITS - ok
15:22:18.0407 2544  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:22:18.0438 2544  blbdrive - ok
15:22:18.0454 2544  [ 91CE0D3DC57DD377E690A2D324022B08 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:22:18.0501 2544  bowser - ok
15:22:18.0532 2544  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:22:18.0563 2544  BrFiltLo - ok
15:22:18.0563 2544  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:22:18.0579 2544  BrFiltUp - ok
15:22:18.0641 2544  [ 94FBC06F294D58D02361918418F996E3 ] Browser         C:\Windows\System32\browser.dll
15:22:18.0703 2544  Browser - ok
15:22:18.0735 2544  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:22:18.0781 2544  Brserid - ok
15:22:18.0781 2544  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:22:18.0813 2544  BrSerWdm - ok
15:22:18.0828 2544  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:22:18.0875 2544  BrUsbMdm - ok
15:22:18.0891 2544  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:22:18.0922 2544  BrUsbSer - ok
15:22:18.0937 2544  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
15:22:18.0953 2544  BTHMODEM - ok
15:22:19.0015 2544  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
15:22:19.0062 2544  bthserv - ok
15:22:19.0125 2544  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:22:19.0171 2544  cdfs - ok
15:22:19.0234 2544  [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:22:19.0265 2544  cdrom - ok
15:22:19.0312 2544  [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc     C:\Windows\System32\certprop.dll
15:22:19.0374 2544  CertPropSvc - ok
15:22:19.0421 2544  [ 735F1CF0175CC510D1BF28EB2EA74C4C ] cfwids          C:\Windows\system32\drivers\cfwids.sys
15:22:19.0437 2544  cfwids - ok
15:22:19.0483 2544  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
15:22:19.0515 2544  circlass - ok
15:22:19.0561 2544  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
15:22:19.0577 2544  CLFS - ok
15:22:19.0733 2544  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:22:19.0733 2544  clr_optimization_v2.0.50727_32 - ok
15:22:19.0811 2544  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:22:19.0827 2544  clr_optimization_v2.0.50727_64 - ok
15:22:19.0873 2544  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:22:19.0905 2544  CmBatt - ok
15:22:19.0905 2544  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
15:22:19.0920 2544  cmdide - ok
15:22:19.0951 2544  [ F95FD4CB7DA00BA2A63CE9F6B5C053E1 ] CNG             C:\Windows\system32\Drivers\cng.sys
15:22:19.0967 2544  CNG - ok
15:22:20.0014 2544  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:22:20.0014 2544  Compbatt - ok
15:22:20.0029 2544  [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
15:22:20.0061 2544  CompositeBus - ok
15:22:20.0092 2544  COMSysApp - ok
15:22:20.0092 2544  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
15:22:20.0092 2544  crcdisk - ok
15:22:20.0154 2544  [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:22:20.0185 2544  CryptSvc - ok
15:22:20.0232 2544  [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:22:20.0295 2544  DcomLaunch - ok
15:22:20.0310 2544  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
15:22:20.0373 2544  defragsvc - ok
15:22:20.0404 2544  [ 3F1DC527070ACB87E40AFE46EF6DA749 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:22:20.0451 2544  DfsC - ok
15:22:20.0513 2544  [ CE3B9562D997F69B330D181A8875960F ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:22:20.0575 2544  Dhcp - ok
15:22:20.0638 2544  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
15:22:20.0669 2544  discache - ok
15:22:20.0731 2544  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
15:22:20.0731 2544  Disk - ok
15:22:20.0778 2544  [ 676108C4E3AA6F6B34633748BD0BEBD9 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:22:20.0825 2544  Dnscache - ok
15:22:20.0872 2544  [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc         C:\Windows\System32\dot3svc.dll
15:22:20.0919 2544  dot3svc - ok
15:22:20.0919 2544  [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS             C:\Windows\system32\dps.dll
15:22:20.0965 2544  DPS - ok
15:22:21.0012 2544  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:22:21.0028 2544  drmkaud - ok
15:22:21.0168 2544  [ 61E894FE1E9CC720C909E6E343351794 ] DsiWMIService   C:\Program Files (x86)\Launch Manager\dsiwmis.exe
15:22:21.0184 2544  DsiWMIService - ok
15:22:21.0246 2544  [ EBCE0B0924835F635F620D19F0529DCE ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:22:21.0262 2544  DXGKrnl - ok
15:22:21.0277 2544  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
15:22:21.0340 2544  EapHost - ok
15:22:21.0418 2544  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
15:22:21.0465 2544  ebdrv - ok
15:22:21.0480 2544  [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS             C:\Windows\System32\lsass.exe
15:22:21.0511 2544  EFS - ok
15:22:21.0621 2544  [ B91D81B3B54A54CCAFC03733DBC2E29E ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:22:21.0683 2544  ehRecvr - ok
15:22:21.0683 2544  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
15:22:21.0699 2544  ehSched - ok
15:22:21.0730 2544  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
15:22:21.0745 2544  elxstor - ok
15:22:21.0917 2544  [ 679EFB7FB5FAB13A68ADB9AE9C6ED4EF ] ePowerSvc       C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
15:22:21.0933 2544  ePowerSvc - ok
15:22:21.0948 2544  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
15:22:21.0948 2544  ErrDev - ok
15:22:22.0011 2544  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
15:22:22.0073 2544  EventSystem - ok
15:22:22.0104 2544  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
15:22:22.0151 2544  exfat - ok
15:22:22.0167 2544  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:22:22.0229 2544  fastfat - ok
15:22:22.0291 2544  [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax             C:\Windows\system32\fxssvc.exe
15:22:22.0323 2544  Fax - ok
15:22:22.0369 2544  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
15:22:22.0401 2544  fdc - ok
15:22:22.0447 2544  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
15:22:22.0479 2544  fdPHost - ok
15:22:22.0479 2544  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:22:22.0525 2544  FDResPub - ok
15:22:22.0541 2544  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:22:22.0557 2544  FileInfo - ok
15:22:22.0557 2544  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:22:22.0603 2544  Filetrace - ok
15:22:22.0635 2544  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:22:22.0650 2544  flpydisk - ok
15:22:22.0681 2544  [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:22:22.0697 2544  FltMgr - ok
15:22:22.0728 2544  [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A ] FontCache       C:\Windows\system32\FntCache.dll
15:22:22.0791 2544  FontCache - ok
15:22:22.0853 2544  [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:22:22.0853 2544  FontCache3.0.0.0 - ok
15:22:22.0869 2544  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:22:22.0884 2544  FsDepends - ok
15:22:22.0900 2544  [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:22:22.0900 2544  Fs_Rec - ok
15:22:22.0931 2544  [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:22:22.0947 2544  fvevol - ok
15:22:22.0947 2544  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
15:22:22.0962 2544  gagp30kx - ok
15:22:23.0009 2544  [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc           C:\Windows\System32\gpsvc.dll
15:22:23.0040 2544  gpsvc - ok
15:22:23.0118 2544  [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService     C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
15:22:23.0134 2544  GREGService - ok
15:22:23.0165 2544  [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:22:23.0165 2544  gusvc - ok
15:22:23.0259 2544  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:22:23.0290 2544  hcw85cir - ok
15:22:23.0337 2544  [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:22:23.0368 2544  HdAudAddService - ok
15:22:23.0399 2544  [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
15:22:23.0415 2544  HDAudBus - ok
15:22:23.0461 2544  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
15:22:23.0461 2544  HECIx64 - ok
15:22:23.0461 2544  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
15:22:23.0477 2544  HidBatt - ok
15:22:23.0508 2544  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
15:22:23.0524 2544  HidBth - ok
15:22:23.0539 2544  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
15:22:23.0555 2544  HidIr - ok
15:22:23.0586 2544  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
15:22:23.0633 2544  hidserv - ok
15:22:23.0695 2544  [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:22:23.0695 2544  HidUsb - ok
15:22:23.0727 2544  [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:22:23.0773 2544  hkmsvc - ok
15:22:23.0789 2544  [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:22:23.0836 2544  HomeGroupListener - ok
15:22:23.0851 2544  [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:22:23.0883 2544  HomeGroupProvider - ok
15:22:23.0914 2544  [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
15:22:23.0914 2544  HpSAMD - ok
15:22:23.0945 2544  [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:22:24.0007 2544  HTTP - ok
15:22:24.0007 2544  [ F17766A19145F111856378DF337A5D79 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:22:24.0023 2544  hwpolicy - ok
15:22:24.0085 2544  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
15:22:24.0085 2544  i8042prt - ok
15:22:24.0117 2544  [ ABBF174CB394F5C437410A788B7E404A ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
15:22:24.0132 2544  iaStor - ok
15:22:24.0226 2544  [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
15:22:24.0241 2544  IAStorDataMgrSvc - ok
15:22:24.0304 2544  [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV         C:\Windows\system32\DRIVERS\iaStorV.sys
15:22:24.0304 2544  iaStorV - ok
15:22:24.0366 2544  [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:22:24.0382 2544  idsvc - ok
15:22:24.0429 2544  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
15:22:24.0429 2544  iirsp - ok
15:22:24.0460 2544  [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT          C:\Windows\System32\ikeext.dll
15:22:24.0507 2544  IKEEXT - ok
15:22:24.0600 2544  [ C48567D80AD357613CD0EEADE18780AE ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
15:22:24.0647 2544  Impcd - ok
15:22:24.0725 2544  [ A0EAB13A78CC5FB960EC76E3D6408DA3 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:22:24.0772 2544  IntcAzAudAddService - ok
15:22:24.0787 2544  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
15:22:24.0787 2544  intelide - ok
15:22:24.0975 2544  [ 90AFAB2B5962B1CD5BB23320675D6174 ] intelkmd        C:\Windows\system32\DRIVERS\igdpmd64.sys
15:22:25.0084 2544  intelkmd - ok
15:22:25.0099 2544  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:22:25.0131 2544  intelppm - ok
15:22:25.0146 2544  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:22:25.0193 2544  IPBusEnum - ok
15:22:25.0209 2544  [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:22:25.0240 2544  IpFilterDriver - ok
15:22:25.0271 2544  [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:22:25.0333 2544  iphlpsvc - ok
15:22:25.0349 2544  [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
15:22:25.0365 2544  IPMIDRV - ok
15:22:25.0365 2544  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:22:25.0411 2544  IPNAT - ok
15:22:25.0427 2544  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:22:25.0443 2544  IRENUM - ok
15:22:25.0443 2544  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
15:22:25.0458 2544  isapnp - ok
15:22:25.0489 2544  [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
15:22:25.0505 2544  iScsiPrt - ok
15:22:25.0521 2544  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:22:25.0536 2544  kbdclass - ok
15:22:25.0552 2544  [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:22:25.0583 2544  kbdhid - ok
15:22:25.0599 2544  [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso          C:\Windows\system32\lsass.exe
15:22:25.0599 2544  KeyIso - ok
15:22:25.0630 2544  [ E8B6FCC9C83535C67F835D407620BD27 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:22:25.0645 2544  KSecDD - ok
15:22:25.0661 2544  [ BBE1BF6D9B661C354D4857D5FADB943B ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:22:25.0677 2544  KSecPkg - ok
15:22:25.0708 2544  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
15:22:25.0755 2544  ksthunk - ok
15:22:25.0786 2544  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:22:25.0848 2544  KtmRm - ok
15:22:25.0895 2544  [ 6E0698CEA0901FD1A2B9CE0859E2D8FE ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
15:22:25.0895 2544  L1C - ok
15:22:25.0957 2544  [ C926920B8978DE6ACFE9E15C709E9B57 ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:22:26.0004 2544  LanmanServer - ok
15:22:26.0051 2544  [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:22:26.0098 2544  LanmanWorkstation - ok
15:22:26.0160 2544  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:22:26.0191 2544  lltdio - ok
15:22:26.0223 2544  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:22:26.0269 2544  lltdsvc - ok
15:22:26.0285 2544  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:22:26.0316 2544  lmhosts - ok
15:22:26.0410 2544  [ A1C148801B4AF64847AEB9F3AD9594EF ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:22:26.0441 2544  LMS ( UnsignedFile.Multi.Generic ) - warning
15:22:26.0441 2544  LMS - detected UnsignedFile.Multi.Generic (1)
15:22:26.0488 2544  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
15:22:26.0503 2544  LSI_FC - ok
15:22:26.0519 2544  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
15:22:26.0519 2544  LSI_SAS - ok
15:22:26.0535 2544  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:22:26.0535 2544  LSI_SAS2 - ok
15:22:26.0566 2544  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:22:26.0566 2544  LSI_SCSI - ok
15:22:26.0597 2544  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
15:22:26.0644 2544  luafv - ok
15:22:26.0722 2544  [ E4421EE8DAC8AD4CCCF6090C9EA52211 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:22:26.0722 2544  McAfee SiteAdvisor Service - ok
15:22:26.0800 2544  [ E4421EE8DAC8AD4CCCF6090C9EA52211 ] McMPFSvc        C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:22:26.0800 2544  McMPFSvc - ok
15:22:26.0831 2544  [ E4421EE8DAC8AD4CCCF6090C9EA52211 ] mcmscsvc        C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
15:22:26.0831 2544  mcmscsvc - ok
15:22:26.0847 2544  [ E4421EE8DAC8AD4CCCF6090C9EA52211 ] McNaiAnn        C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
15:22:26.0847 2544  McNaiAnn - ok
15:22:26.0893 2544  [ E4421EE8DAC8AD4CCCF6090C9EA52211 ] McNASvc         C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
15:22:26.0893 2544  McNASvc - ok
15:22:26.0987 2544  [ 06A4F882427FDC7ECC575F6633814565 ] McODS           C:\Program Files\mcafee\VirusScan\mcods.exe
15:22:27.0003 2544  McODS - ok
15:22:27.0003 2544  [ E4421EE8DAC8AD4CCCF6090C9EA52211 ] McOobeSv        C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
15:22:27.0018 2544  McOobeSv - ok
15:22:27.0081 2544  [ E4421EE8DAC8AD4CCCF6090C9EA52211 ] McProxy         C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
15:22:27.0081 2544  McProxy - ok
15:22:27.0159 2544  [ 7BE77F9B4AF85863154FF0D2A0AEC0F1 ] McShield        C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
15:22:27.0174 2544  McShield - ok
15:22:27.0205 2544  [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:22:27.0221 2544  Mcx2Svc - ok
15:22:27.0237 2544  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
15:22:27.0252 2544  megasas - ok
15:22:27.0299 2544  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
15:22:27.0299 2544  MegaSR - ok
15:22:27.0346 2544  [ 0E7C21761AF136CC69AB4C70AF0E1AFB ] mfeapfk         C:\Windows\system32\drivers\mfeapfk.sys
15:22:27.0361 2544  mfeapfk - ok
15:22:27.0377 2544  [ 940322EEF87FCCCE14AEB2E2E3010D6B ] mfeavfk         C:\Windows\system32\drivers\mfeavfk.sys
15:22:27.0393 2544  mfeavfk - ok
15:22:27.0439 2544  [ 2810A58E1504E23AF6D4D046332CF709 ] mfefire         C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
15:22:27.0455 2544  mfefire - ok
15:22:27.0471 2544  [ E28B633FC5CA7449B67B9E3204143D82 ] mfefirek        C:\Windows\system32\drivers\mfefirek.sys
15:22:27.0486 2544  mfefirek - ok
15:22:27.0502 2544  [ D4D7BD28B9B407F0B2BA6579DE689DEC ] mfehidk         C:\Windows\system32\drivers\mfehidk.sys
15:22:27.0502 2544  mfehidk - ok
15:22:27.0517 2544  [ C0B72F83E453B883D0C56BE99F161EDF ] mfenlfk         C:\Windows\system32\DRIVERS\mfenlfk.sys
15:22:27.0517 2544  mfenlfk - ok
15:22:27.0549 2544  [ E284A06B2C3493CDE22AA9B31B123B57 ] mferkdet        C:\Windows\system32\drivers\mferkdet.sys
15:22:27.0549 2544  mferkdet - ok
15:22:27.0595 2544  [ D276436C173C3A48B17973CC4BF21CA9 ] mfevtp          C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
15:22:27.0611 2544  mfevtp - ok
15:22:27.0627 2544  [ B8D41FDB7262F758DC498CFEE44E513B ] mfewfpk         C:\Windows\system32\drivers\mfewfpk.sys
15:22:27.0627 2544  mfewfpk - ok
15:22:27.0689 2544  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
15:22:27.0736 2544  MMCSS - ok
15:22:27.0751 2544  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
15:22:27.0798 2544  Modem - ok
15:22:27.0845 2544  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:22:27.0861 2544  monitor - ok
15:22:27.0923 2544  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:22:27.0923 2544  mouclass - ok
15:22:27.0923 2544  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:22:27.0939 2544  mouhid - ok
15:22:27.0970 2544  [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:22:27.0970 2544  mountmgr - ok
15:22:27.0985 2544  [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
15:22:27.0985 2544  mpio - ok
15:22:28.0001 2544  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:22:28.0032 2544  mpsdrv - ok
15:22:28.0063 2544  [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:22:28.0126 2544  MpsSvc - ok
15:22:28.0126 2544  [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:22:28.0141 2544  MRxDAV - ok
15:22:28.0141 2544  [ 767A4C3BCF9410C286CED15A2DB17108 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:22:28.0173 2544  mrxsmb - ok
15:22:28.0188 2544  [ 920EE0FF995FCFDEB08C41605A959E1C ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:22:28.0204 2544  mrxsmb10 - ok
15:22:28.0204 2544  [ 740D7EA9D72C981510A5292CF6ADC941 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:22:28.0219 2544  mrxsmb20 - ok
15:22:28.0235 2544  [ 5C37497276E3B3A5488B23A326A754B7 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
15:22:28.0251 2544  msahci - ok
15:22:28.0282 2544  [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
15:22:28.0282 2544  msdsm - ok
15:22:28.0297 2544  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
15:22:28.0313 2544  MSDTC - ok
15:22:28.0313 2544  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:22:28.0344 2544  Msfs - ok
15:22:28.0360 2544  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:22:28.0391 2544  mshidkmdf - ok
15:22:28.0391 2544  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
15:22:28.0407 2544  msisadrv - ok
15:22:28.0453 2544  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:22:28.0500 2544  MSiSCSI - ok
15:22:28.0516 2544  msiserver - ok
15:22:28.0531 2544  [ E4421EE8DAC8AD4CCCF6090C9EA52211 ] MSK80Service    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:22:28.0547 2544  MSK80Service - ok
15:22:28.0563 2544  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:22:28.0609 2544  MSKSSRV - ok
15:22:28.0656 2544  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:22:28.0687 2544  MSPCLOCK - ok
15:22:28.0687 2544  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:22:28.0734 2544  MSPQM - ok
15:22:28.0750 2544  [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:22:28.0765 2544  MsRPC - ok
15:22:28.0781 2544  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
15:22:28.0781 2544  mssmbios - ok
15:22:28.0812 2544  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:22:28.0843 2544  MSTEE - ok
15:22:28.0859 2544  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
15:22:28.0875 2544  MTConfig - ok
15:22:28.0906 2544  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
15:22:28.0921 2544  Mup - ok
15:22:28.0984 2544  [ 6FFECC25B39DC7652A0CEC0ADA9DB589 ] mwlPSDFilter    C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
15:22:28.0999 2544  mwlPSDFilter - ok
15:22:29.0015 2544  [ 0BEFE32CA56D6EE89D58175725596A85 ] mwlPSDNServ     C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
15:22:29.0015 2544  mwlPSDNServ - ok
15:22:29.0015 2544  [ D43BC633B8660463E446E28E14A51262 ] mwlPSDVDisk     C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
15:22:29.0031 2544  mwlPSDVDisk - ok
15:22:29.0109 2544  [ 0036634E5C92BE109056F7E2380103A9 ] MWLService      C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
15:22:29.0124 2544  MWLService - ok
15:22:29.0155 2544  [ 4987E079A4530FA737A128BE54B63B12 ] napagent        C:\Windows\system32\qagentRT.dll
15:22:29.0202 2544  napagent - ok
15:22:29.0265 2544  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:22:29.0280 2544  NativeWifiP - ok
15:22:29.0327 2544  [ CAD515DBD07D082BB317D9928CE8962C ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:22:29.0358 2544  NDIS - ok
15:22:29.0389 2544  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:22:29.0436 2544  NdisCap - ok
15:22:29.0467 2544  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:22:29.0514 2544  NdisTapi - ok
15:22:29.0530 2544  [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:22:29.0577 2544  Ndisuio - ok
15:22:29.0592 2544  [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:22:29.0623 2544  NdisWan - ok
15:22:29.0623 2544  [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:22:29.0670 2544  NDProxy - ok
15:22:29.0686 2544  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:22:29.0717 2544  NetBIOS - ok
15:22:29.0717 2544  [ 9162B273A44AB9DCE5B44362731D062A ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:22:29.0764 2544  NetBT - ok
15:22:29.0779 2544  [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon        C:\Windows\system32\lsass.exe
15:22:29.0795 2544  Netlogon - ok
15:22:29.0857 2544  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
15:22:29.0904 2544  Netman - ok
15:22:29.0920 2544  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
15:22:29.0982 2544  netprofm - ok
15:22:30.0013 2544  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:22:30.0013 2544  NetTcpPortSharing - ok
15:22:30.0045 2544  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
15:22:30.0060 2544  nfrd960 - ok
15:22:30.0123 2544  [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:22:30.0169 2544  NlaSvc - ok
15:22:30.0169 2544  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:22:30.0201 2544  Npfs - ok
15:22:30.0216 2544  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
15:22:30.0263 2544  nsi - ok
15:22:30.0279 2544  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:22:30.0310 2544  nsiproxy - ok
15:22:30.0357 2544  [ 356698A13C4630D5B31C37378D469196 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:22:30.0388 2544  Ntfs - ok
15:22:30.0481 2544  [ 5B3CE960C62DBE864BE9A0BD043A3E30 ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
15:22:30.0497 2544  NTI IScheduleSvc ( UnsignedFile.Multi.Generic ) - warning
15:22:30.0497 2544  NTI IScheduleSvc - detected UnsignedFile.Multi.Generic (1)
15:22:30.0622 2544  [ 15221DD637D9D0FFC60848EBBF1DF538 ] NTIBackupSvc    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
15:22:30.0622 2544  NTIBackupSvc - ok
15:22:30.0653 2544  [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
15:22:30.0653 2544  NTIDrvr - ok
15:22:30.0684 2544  [ B5071E15D4C3F5EF5018AFF7E85A85E5 ] NTISchedulerSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
15:22:30.0684 2544  NTISchedulerSvc - ok
15:22:30.0715 2544  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
15:22:30.0762 2544  Null - ok
15:22:30.0809 2544  [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid          C:\Windows\system32\DRIVERS\nvraid.sys
15:22:30.0809 2544  nvraid - ok
15:22:30.0825 2544  [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor          C:\Windows\system32\DRIVERS\nvstor.sys
15:22:30.0825 2544  nvstor - ok
15:22:30.0840 2544  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
15:22:30.0840 2544  nv_agp - ok
15:22:30.0840 2544  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
15:22:30.0856 2544  ohci1394 - ok
15:22:30.0887 2544  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:22:30.0918 2544  p2pimsvc - ok
15:22:30.0949 2544  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:22:30.0965 2544  p2psvc - ok
15:22:30.0981 2544  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
15:22:30.0981 2544  Parport - ok
15:22:30.0996 2544  [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:22:31.0012 2544  partmgr - ok
15:22:31.0027 2544  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:22:31.0043 2544  PcaSvc - ok
15:22:31.0059 2544  [ F36F6504009F2FB0DFD1B17A116AD74B ] pci             C:\Windows\system32\DRIVERS\pci.sys
15:22:31.0059 2544  pci - ok
15:22:31.0074 2544  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
15:22:31.0074 2544  pciide - ok
15:22:31.0074 2544  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
15:22:31.0090 2544  pcmcia - ok
15:22:31.0090 2544  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
15:22:31.0105 2544  pcw - ok
15:22:31.0121 2544  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:22:31.0168 2544  PEAUTH - ok
15:22:31.0355 2544  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:22:31.0371 2544  PerfHost - ok
15:22:31.0433 2544  [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla             C:\Windows\system32\pla.dll
15:22:31.0511 2544  pla - ok
15:22:31.0589 2544  [ 23157D583244400E1D7FBAEE2E4B31B7 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:22:31.0620 2544  PlugPlay - ok
15:22:31.0636 2544  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:22:31.0667 2544  PNRPAutoReg - ok
15:22:31.0683 2544  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:22:31.0698 2544  PNRPsvc - ok
15:22:31.0729 2544  [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:22:31.0792 2544  PolicyAgent - ok
15:22:31.0807 2544  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
15:22:31.0870 2544  Power - ok
15:22:31.0917 2544  [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:22:31.0948 2544  PptpMiniport - ok
15:22:31.0979 2544  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
15:22:31.0995 2544  Processor - ok
15:22:32.0057 2544  [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc         C:\Windows\system32\profsvc.dll
15:22:32.0104 2544  ProfSvc - ok
15:22:32.0119 2544  [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
15:22:32.0135 2544  ProtectedStorage - ok
15:22:32.0182 2544  [ EE992183BD8EAEFD9973F352E587A299 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:22:32.0229 2544  Psched - ok
15:22:32.0260 2544  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
15:22:32.0291 2544  ql2300 - ok
15:22:32.0322 2544  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
15:22:32.0322 2544  ql40xx - ok
15:22:32.0353 2544  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
15:22:32.0369 2544  QWAVE - ok
15:22:32.0369 2544  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:22:32.0385 2544  QWAVEdrv - ok
15:22:32.0400 2544  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:22:32.0431 2544  RasAcd - ok
15:22:32.0494 2544  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:22:32.0525 2544  RasAgileVpn - ok
15:22:32.0572 2544  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
15:22:32.0619 2544  RasAuto - ok
15:22:32.0634 2544  [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:22:32.0681 2544  Rasl2tp - ok
15:22:32.0697 2544  [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan          C:\Windows\System32\rasmans.dll
15:22:32.0759 2544  RasMan - ok
15:22:32.0759 2544  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:22:32.0790 2544  RasPppoe - ok
15:22:32.0837 2544  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:22:32.0884 2544  RasSstp - ok
15:22:32.0915 2544  [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:22:32.0962 2544  rdbss - ok
15:22:32.0977 2544  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
15:22:32.0993 2544  rdpbus - ok
15:22:32.0993 2544  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:22:33.0024 2544  RDPCDD - ok
15:22:33.0055 2544  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:22:33.0118 2544  RDPENCDD - ok
15:22:33.0118 2544  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:22:33.0165 2544  RDPREFMP - ok
15:22:33.0165 2544  [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:22:33.0211 2544  RDPWD - ok
15:22:33.0227 2544  [ 634B9A2181D98F15941236886164EC8B ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:22:33.0227 2544  rdyboost - ok
15:22:33.0274 2544  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:22:33.0305 2544  RemoteAccess - ok
15:22:33.0352 2544  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:22:33.0399 2544  RemoteRegistry - ok
15:22:33.0461 2544  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:22:33.0508 2544  RpcEptMapper - ok
15:22:33.0539 2544  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
15:22:33.0539 2544  RpcLocator - ok
15:22:33.0570 2544  [ 7266972E86890E2B30C0C322E906B027 ] RpcSs           C:\Windows\system32\rpcss.dll
15:22:33.0601 2544  RpcSs - ok
15:22:33.0679 2544  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:22:33.0726 2544  rspndr - ok
15:22:33.0742 2544  [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs           C:\Windows\system32\lsass.exe
15:22:33.0757 2544  SamSs - ok
15:22:33.0773 2544  [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
15:22:33.0773 2544  sbp2port - ok
15:22:33.0789 2544  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:22:33.0835 2544  SCardSvr - ok
15:22:33.0851 2544  [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:22:33.0898 2544  scfilter - ok
15:22:33.0945 2544  [ EC56B171F85C7E855E7B0588AC503EEA ] Schedule        C:\Windows\system32\schedsvc.dll
15:22:34.0007 2544  Schedule - ok
15:22:34.0023 2544  [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:22:34.0069 2544  SCPolicySvc - ok
15:22:34.0069 2544  [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:22:34.0116 2544  SDRSVC - ok
15:22:34.0163 2544  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:22:34.0225 2544  secdrv - ok
15:22:34.0241 2544  [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon        C:\Windows\system32\seclogon.dll
15:22:34.0288 2544  seclogon - ok
15:22:34.0288 2544  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
15:22:34.0335 2544  SENS - ok
15:22:34.0381 2544  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:22:34.0397 2544  SensrSvc - ok
15:22:34.0444 2544  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
15:22:34.0459 2544  Serenum - ok
15:22:34.0506 2544  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
15:22:34.0522 2544  Serial - ok
15:22:34.0537 2544  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
15:22:34.0553 2544  sermouse - ok
15:22:34.0615 2544  [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv      C:\Windows\system32\sessenv.dll
15:22:34.0647 2544  SessionEnv - ok
15:22:34.0678 2544  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
15:22:34.0709 2544  sffdisk - ok
15:22:34.0709 2544  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
15:22:34.0725 2544  sffp_mmc - ok
15:22:34.0740 2544  [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
15:22:34.0740 2544  sffp_sd - ok
15:22:34.0787 2544  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
15:22:34.0803 2544  sfloppy - ok
15:22:34.0849 2544  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:22:34.0912 2544  SharedAccess - ok
15:22:34.0943 2544  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:22:34.0974 2544  ShellHWDetection - ok
15:22:35.0005 2544  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:22:35.0021 2544  SiSRaid2 - ok
15:22:35.0021 2544  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
15:22:35.0021 2544  SiSRaid4 - ok
15:22:35.0052 2544  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:22:35.0083 2544  Smb - ok
15:22:35.0146 2544  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:22:35.0161 2544  SNMPTRAP - ok
15:22:35.0177 2544  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:22:35.0193 2544  spldr - ok
15:22:35.0208 2544  [ 89E8550C5862999FCF482EA562B0E98E ] Spooler         C:\Windows\System32\spoolsv.exe
15:22:35.0224 2544  Spooler - ok
15:22:35.0302 2544  [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc          C:\Windows\system32\sppsvc.exe
15:22:35.0411 2544  sppsvc - ok
15:22:35.0411 2544  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:22:35.0442 2544  sppuinotify - ok
15:22:35.0473 2544  [ 37C3ABC2338010E110D2A6A3930F3149 ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:22:35.0489 2544  srv - ok
15:22:35.0505 2544  [ F773D2ED090B7BAA1C1A034F3CA476C8 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:22:35.0551 2544  srv2 - ok
15:22:35.0551 2544  [ CCE32BB223E9FF55D241099A858FA889 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:22:35.0583 2544  srvnet - ok
15:22:35.0645 2544  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:22:35.0707 2544  SSDPSRV - ok
15:22:35.0723 2544  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:22:35.0754 2544  SstpSvc - ok
15:22:35.0770 2544  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
15:22:35.0770 2544  stexstor - ok
15:22:35.0801 2544  [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc          C:\Windows\System32\wiaservc.dll
15:22:35.0832 2544  stisvc - ok
15:22:35.0863 2544  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
15:22:35.0879 2544  swenum - ok
15:22:35.0910 2544  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
15:22:35.0957 2544  swprv - ok
15:22:36.0019 2544  [ ED6D1424E5B0C21A57B28DD8508D6843 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
15:22:36.0019 2544  SynTP - ok
15:22:36.0066 2544  [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain         C:\Windows\system32\sysmain.dll
15:22:36.0129 2544  SysMain - ok
15:22:36.0144 2544  [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:22:36.0175 2544  TabletInputService - ok
15:22:36.0207 2544  [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:22:36.0253 2544  TapiSrv - ok
15:22:36.0269 2544  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
15:22:36.0316 2544  TBS - ok
15:22:36.0394 2544  [ 912107716BAB424C7870E8E6AF5E07E1 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:22:36.0425 2544  Tcpip - ok
15:22:36.0503 2544  [ 912107716BAB424C7870E8E6AF5E07E1 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:22:36.0534 2544  TCPIP6 - ok
15:22:36.0534 2544  [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:22:36.0565 2544  tcpipreg - ok
15:22:36.0597 2544  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:22:36.0643 2544  TDPIPE - ok
15:22:36.0675 2544  [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:22:36.0706 2544  TDTCP - ok
15:22:36.0737 2544  [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:22:36.0784 2544  tdx - ok
15:22:36.0799 2544  [ C448651339196C0E869A355171875522 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
15:22:36.0799 2544  TermDD - ok
15:22:36.0846 2544  [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService     C:\Windows\System32\termsrv.dll
15:22:36.0909 2544  TermService - ok
15:22:36.0924 2544  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
15:22:36.0940 2544  Themes - ok
15:22:36.0955 2544  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
15:22:36.0987 2544  THREADORDER - ok
15:22:37.0002 2544  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
15:22:37.0065 2544  TrkWks - ok
15:22:37.0096 2544  [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:22:37.0127 2544  TrustedInstaller - ok
15:22:37.0143 2544  [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:22:37.0189 2544  tssecsrv - ok
15:22:37.0252 2544  [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:22:37.0299 2544  tunnel - ok
15:22:37.0361 2544  [ 825E7A1F48FB8BCFBA27C178AAB4E275 ] TurboB          C:\Windows\system32\DRIVERS\TurboB.sys
15:22:37.0361 2544  TurboB - ok
15:22:37.0392 2544  [ B206BE1174D5964D49A56BB6C4E0524A ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
15:22:37.0408 2544  TurboBoost - ok
15:22:37.0439 2544  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
15:22:37.0455 2544  uagp35 - ok
15:22:37.0470 2544  [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
15:22:37.0470 2544  UBHelper - ok
15:22:37.0501 2544  UCORESYS - ok
15:22:37.0517 2544  UCOREW64 - ok
15:22:37.0517 2544  [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:22:37.0579 2544  udfs - ok
15:22:37.0626 2544  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:22:37.0642 2544  UI0Detect - ok
15:22:37.0673 2544  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
15:22:37.0689 2544  uliagpkx - ok
15:22:37.0751 2544  [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
15:22:37.0767 2544  umbus - ok
15:22:37.0798 2544  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
15:22:37.0829 2544  UmPass - ok
15:22:37.0938 2544  [ 41118D920B2B268C0ADC36421248CDCF ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
15:22:38.0001 2544  UNS ( UnsignedFile.Multi.Generic ) - warning
15:22:38.0001 2544  UNS - detected UnsignedFile.Multi.Generic (1)
15:22:38.0079 2544  [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
15:22:38.0079 2544  Updater Service - ok
15:22:38.0125 2544  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
15:22:38.0157 2544  upnphost - ok
15:22:38.0172 2544  [ B26AFB54A534D634523C4FB66765B026 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:22:38.0203 2544  usbccgp - ok
15:22:38.0203 2544  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
15:22:38.0235 2544  usbcir - ok
15:22:38.0235 2544  [ CB490987A7F6928A04BB838E3BD8A936 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
15:22:38.0266 2544  usbehci - ok
15:22:38.0313 2544  [ 18124EF0A881A00EE222D02A3EE30270 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:22:38.0344 2544  usbhub - ok
15:22:38.0359 2544  [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
15:22:38.0359 2544  usbohci - ok
15:22:38.0375 2544  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:22:38.0406 2544  usbprint - ok
15:22:38.0437 2544  [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:22:38.0453 2544  USBSTOR - ok
15:22:38.0453 2544  [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
15:22:38.0469 2544  usbuhci - ok
15:22:38.0515 2544  [ D501E12614B00A3252073101D6A1A74B ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
15:22:38.0547 2544  usbvideo - ok
15:22:38.0593 2544  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
15:22:38.0640 2544  UxSms - ok
15:22:38.0656 2544  [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc        C:\Windows\system32\lsass.exe
15:22:38.0656 2544  VaultSvc - ok
15:22:38.0718 2544  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
15:22:38.0734 2544  vdrvroot - ok
15:22:38.0749 2544  [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds             C:\Windows\System32\vds.exe
15:22:38.0765 2544  vds - ok
15:22:38.0781 2544  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:22:38.0796 2544  vga - ok
15:22:38.0796 2544  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:22:38.0859 2544  VgaSave - ok
15:22:38.0859 2544  [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
15:22:38.0859 2544  vhdmp - ok
15:22:38.0874 2544  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
15:22:38.0874 2544  viaide - ok
15:22:38.0874 2544  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
15:22:38.0890 2544  volmgr - ok
15:22:38.0921 2544  [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:22:38.0921 2544  volmgrx - ok
15:22:38.0968 2544  [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap         C:\Windows\system32\DRIVERS\volsnap.sys
15:22:38.0968 2544  volsnap - ok
15:22:38.0983 2544  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
15:22:38.0999 2544  vsmraid - ok
15:22:39.0046 2544  [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS             C:\Windows\system32\vssvc.exe
15:22:39.0093 2544  VSS - ok
15:22:39.0108 2544  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
15:22:39.0124 2544  vwifibus - ok
15:22:39.0139 2544  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
15:22:39.0171 2544  vwififlt - ok
15:22:39.0171 2544  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
15:22:39.0217 2544  W32Time - ok
15:22:39.0217 2544  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
15:22:39.0249 2544  WacomPen - ok
15:22:39.0295 2544  [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:22:39.0327 2544  WANARP - ok
15:22:39.0342 2544  [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:22:39.0389 2544  Wanarpv6 - ok
15:22:39.0451 2544  [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine        C:\Windows\system32\wbengine.exe
15:22:39.0529 2544  wbengine - ok
15:22:39.0545 2544  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:22:39.0561 2544  WbioSrvc - ok
15:22:39.0576 2544  [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:22:39.0592 2544  wcncsvc - ok
15:22:39.0623 2544  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:22:39.0639 2544  WcsPlugInService - ok
15:22:39.0670 2544  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
15:22:39.0670 2544  Wd - ok
15:22:39.0685 2544  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:22:39.0701 2544  Wdf01000 - ok
15:22:39.0732 2544  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:22:39.0763 2544  WdiServiceHost - ok
15:22:39.0763 2544  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:22:39.0779 2544  WdiSystemHost - ok
15:22:39.0826 2544  [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient       C:\Windows\System32\webclnt.dll
15:22:39.0857 2544  WebClient - ok
15:22:39.0873 2544  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:22:39.0919 2544  Wecsvc - ok
15:22:39.0935 2544  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:22:39.0966 2544  wercplsupport - ok
15:22:40.0013 2544  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:22:40.0060 2544  WerSvc - ok
15:22:40.0122 2544  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:22:40.0169 2544  WfpLwf - ok
15:22:40.0169 2544  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:22:40.0169 2544  WIMMount - ok
15:22:40.0200 2544  WinDefend - ok
15:22:40.0216 2544  WinHttpAutoProxySvc - ok
15:22:40.0325 2544  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:22:40.0387 2544  Winmgmt - ok
15:22:40.0434 2544  [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM           C:\Windows\system32\WsmSvc.dll
15:22:40.0497 2544  WinRM - ok
15:22:40.0575 2544  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:22:40.0606 2544  Wlansvc - ok
15:22:40.0621 2544  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
15:22:40.0621 2544  WmiAcpi - ok
15:22:40.0668 2544  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:22:40.0684 2544  wmiApSrv - ok
15:22:40.0715 2544  WMPNetworkSvc - ok
15:22:40.0777 2544  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:22:40.0793 2544  WPCSvc - ok
15:22:40.0809 2544  [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:22:40.0855 2544  WPDBusEnum - ok
15:22:40.0887 2544  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:22:40.0918 2544  ws2ifsl - ok
15:22:40.0933 2544  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
15:22:40.0949 2544  wscsvc - ok
15:22:40.0949 2544  WSearch - ok
15:22:41.0011 2544  [ 38340204A2D0228F1E87740FC5E554A7 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:22:41.0074 2544  wuauserv - ok
15:22:41.0074 2544  [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:22:41.0121 2544  WudfPf - ok
15:22:41.0152 2544  [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:22:41.0199 2544  WUDFRd - ok
15:22:41.0214 2544  [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:22:41.0261 2544  wudfsvc - ok
15:22:41.0277 2544  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:22:41.0323 2544  WwanSvc - ok
15:22:41.0339 2544  ================ Scan global ===============================
15:22:41.0370 2544  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:22:41.0401 2544  [ 457B44AB6D502E55F64A867D4F35C76C ] C:\Windows\system32\winsrv.dll
15:22:41.0417 2544  [ 457B44AB6D502E55F64A867D4F35C76C ] C:\Windows\system32\winsrv.dll
15:22:41.0433 2544  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:22:41.0448 2544  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:22:41.0464 2544  [Global] - ok
15:22:41.0464 2544  ================ Scan MBR ==================================
15:22:41.0464 2544  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:22:41.0838 2544  \Device\Harddisk0\DR0 - ok
15:22:41.0838 2544  [ 66D0B28C8B44E531D0C19F436252ABAA ] \Device\Harddisk1\DR5
15:22:42.0072 2544  \Device\Harddisk1\DR5 - ok
15:22:42.0072 2544  ================ Scan VBR ==================================
15:22:42.0072 2544  [ B1ADC821C09162BF30507CA68446E0D8 ] \Device\Harddisk0\DR0\Partition1
15:22:42.0088 2544  \Device\Harddisk0\DR0\Partition1 - ok
15:22:42.0135 2544  [ 56C07F3D509DDCF15221732D0CB43766 ] \Device\Harddisk0\DR0\Partition2
15:22:42.0135 2544  \Device\Harddisk0\DR0\Partition2 - ok
15:22:42.0150 2544  [ F59B9F18D4C7F38ED4ED841C11AD7582 ] \Device\Harddisk1\DR5\Partition1
15:22:42.0150 2544  \Device\Harddisk1\DR5\Partition1 - ok
15:22:42.0150 2544  ============================================================
15:22:42.0150 2544  Scan finished
15:22:42.0150 2544  ============================================================
15:22:42.0166 2320  Detected object count: 3
15:22:42.0166 2320  Actual detected object count: 3
15:27:43.0153 2320  LMS ( UnsignedFile.Multi.Generic ) - skipped by user
15:27:43.0153 2320  LMS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:27:43.0168 2320  NTI IScheduleSvc ( UnsignedFile.Multi.Generic ) - skipped by user
15:27:43.0168 2320  NTI IScheduleSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:27:43.0184 2320  UNS ( UnsignedFile.Multi.Generic ) - skipped by user
15:27:43.0184 2320  UNS ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 05.03.2013, 15:48   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner will einfach nicht verschwinden. - Standard

GVU Trojaner will einfach nicht verschwinden.



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 05.03.2013, 17:21   #13
DarKxRaideR
 
GVU Trojaner will einfach nicht verschwinden. - Standard

GVU Trojaner will einfach nicht verschwinden.



Code:
ATTFilter
ComboFix 13-03-05.01 - OAPalliance 05.03.2013  17:16:14.1.4 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3764.2747 [GMT 1:00]
ausgeführt von:: c:\users\OAPalliance\Desktop\ComboFix.exe
AV: McAfee VirusScan *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-05 bis 2013-03-05  ))))))))))))))))))))))))))))))
.
.
2013-03-05 16:18 . 2013-03-05 16:18	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-02-23 03:57 . 2013-02-23 03:57	--------	d-----w-	c:\windows\de-DE
2013-02-23 03:57 . 2013-02-23 03:57	--------	d-----w-	c:\windows\SysWow64\XPSViewer
2013-02-23 03:57 . 2013-02-23 03:57	--------	d-----w-	c:\windows\SysWow64\wbem\de-DE
2013-02-23 03:57 . 2013-02-23 03:57	--------	d-----w-	c:\windows\SysWow64\drivers\UMDF\de-DE
2013-02-23 03:57 . 2013-02-23 03:57	--------	d-----w-	c:\windows\SysWow64\drivers\de-DE
2013-02-23 03:57 . 2013-02-23 03:57	--------	d-----w-	c:\windows\SysWow64\de
2013-02-23 03:57 . 2013-02-23 03:57	--------	d-----w-	c:\windows\SysWow64\0407
2013-02-23 03:57 . 2013-02-23 03:57	--------	d-----w-	c:\windows\system32\drivers\UMDF\de-DE
2013-02-23 03:57 . 2013-02-23 03:57	--------	d-----w-	c:\windows\system32\drivers\de-DE
2013-02-23 03:57 . 2013-02-23 03:57	--------	d-----w-	c:\windows\system32\0407
2013-02-23 03:57 . 2013-02-23 03:57	--------	d-----w-	c:\windows\system32\wbem\de-DE
2013-02-23 03:57 . 2013-02-23 03:57	--------	d-----w-	c:\windows\system32\de
2013-02-23 03:57 . 2013-02-23 03:57	3584	----a-w-	c:\windows\system32\Spool\prtprocs\x64\de-DE\LXKPTPRC.DLL.mui
2013-02-23 03:52 . 2013-02-23 03:52	--------	d-----w-	c:\windows\NAPP_Dism_Log
2013-02-22 19:41 . 2013-03-05 00:44	--------	d-----w-	c:\program files (x86)\Acer Arcade Deluxe
2013-02-22 19:41 . 2013-03-05 00:44	--------	d-----w-	c:\programdata\CyberLink
2013-02-22 19:39 . 2013-02-22 19:39	--------	d-----w-	c:\program files (x86)\Microsoft SQL Server Compact Edition
2013-02-22 19:38 . 2013-02-22 19:38	--------	d-----w-	c:\program files (x86)\Microsoft
2013-02-22 19:38 . 2013-02-22 19:38	--------	d-----w-	c:\program files (x86)\Windows Live SkyDrive
2013-02-22 19:38 . 2013-02-22 19:39	--------	d-----w-	c:\program files (x86)\Windows Live
2013-02-22 19:38 . 2013-02-22 19:38	--------	d-----w-	c:\windows\PCHEALTH
2013-02-22 19:37 . 2013-02-22 19:37	--------	d-----w-	c:\program files (x86)\Common Files\Windows Live
2013-02-22 19:34 . 2013-02-22 19:34	--------	d-----w-	c:\program files (x86)\Common Files\postureAgent
2013-02-22 19:33 . 2009-09-17 11:54	56344	----a-w-	c:\windows\system32\drivers\HECIx64.sys
2013-02-22 19:32 . 2013-02-22 19:32	--------	d-----w-	c:\program files\Synaptics
2013-02-22 19:31 . 2013-03-05 00:44	--------	d-----w-	c:\program files (x86)\Acer Crystal Eye webcam
2013-02-22 19:31 . 2013-02-22 19:31	--------	d-----w-	c:\program files (x86)\Launch Manager
2013-02-22 19:30 . 2013-02-22 19:30	--------	d-----w-	c:\program files\Intel
2013-02-22 19:25 . 2013-02-22 19:25	--------	d-----w-	c:\programdata\ATI
2013-02-22 19:25 . 2009-12-29 07:55	48640	----a-w-	c:\windows\system32\wwanprotdim.dll
2013-02-22 19:24 . 2013-02-22 19:24	--------	d---a-w-	C:\book
2013-02-22 19:22 . 2013-02-22 19:22	--------	d-----w-	c:\program files (x86)\OEM
2013-02-22 19:11 . 2013-02-22 19:11	0	----a-w-	c:\windows\ativpsrm.bin
2013-02-22 19:10 . 2013-02-22 19:10	3	----a-w-	c:\windows\system32\PLD_Framework.cmd
2013-02-22 19:06 . 2013-02-22 19:06	--------	d-----w-	c:\program files\ATI
2013-02-22 19:06 . 2013-02-22 19:07	--------	d-----w-	c:\program files (x86)\ATI Technologies
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-23 03:57 . 2013-02-23 03:57	2560	----a-w-	c:\windows\SysWow64\drivers\de-DE\qwavedrv.sys.mui
2013-02-23 03:56 . 2013-02-23 03:56	5632	----a-w-	c:\windows\SysWow64\drivers\de-DE\ndiscap.sys.mui
2013-02-23 03:56 . 2013-02-23 03:56	2560	----a-w-	c:\windows\SysWow64\drivers\de-DE\scfilter.sys.mui
2013-02-23 03:56 . 2013-02-23 03:56	51712	----a-w-	c:\windows\SysWow64\drivers\de-DE\tcpip.sys.mui
2013-02-23 03:56 . 2013-02-23 03:56	29696	----a-w-	c:\windows\SysWow64\drivers\de-DE\bfe.dll.mui
2013-02-23 03:56 . 2013-02-23 03:56	16896	----a-w-	c:\windows\SysWow64\drivers\de-DE\pacer.sys.mui
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-04-17 05:55	120176	----a-w-	c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Global Registration"="c:\program files (x86)\Acer\Registration\GREG.exe" [2010-04-28 835104]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-03-03 1300560]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-02-04 1465304]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-02 98304]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-04-17 337264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Z1"="c:\users\OAPalliance\Desktop\mbar-1.01.0.1021\mbar\mbar.exe" [2013-03-05 1363016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-02 202752]
R2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-03-03 325200]
R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2010-03-10 820768]
R2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2009-12-15 355440]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2009-12-15 355440]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-06 144640]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-05-27 40448]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-01-06 62416]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-01-07 158848]
R3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-03-02 7843040]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-01-06 93840]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-04-17 305520]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-06 50432]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 UCORESYS;UCORESYS;d:\dmiedit_utility\UCORESYS.sys [x]
R3 UCOREW64;UCOREW64;d:\dmiedit_utility\UCOREW64.sys [x]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2009-12-15 355440]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-01-06 279752]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-01-06 75288]
S2 McMPFSvc;McAfee Personal Firewall;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2009-12-15 355440]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-01-06 244840]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-01-06 148520]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-01-18 75304]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-01-06 440688]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 66486097
*NewlyCreated* - ASWMBR
*NewlyCreated* - PGLYQFOG
*Deregistered* - 66486097
*Deregistered* - aswMBR
*Deregistered* - pglyqfog
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-04-17 05:58	137584	----a-w-	c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-03-10 496160]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-02-06 324608]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-02 391192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-02 166424]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-04-17 349552]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-02 410648]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-02-22 877600]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-22 10081312]
"Trigger New Acer AlaunchX"="c:\oem\Preload\Command\AlaunchX\AppInRun.exe" [2009-09-21 304672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"New Acer AlaunchX"="c:\oem\Preload\Command\AlaunchX\LaunchAlaunchX.exe" [2009-09-21 300064]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360213v706l0433z1j5t5641l549
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360213v706l0433z1j5t5641l549
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360213v706l0433z1j5t5641l549
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.100.199 217.0.43.33 217.0.43.17
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - c:\programdata\Partner\Partner.dll
Toolbar-Locked - (no file)
BHO-{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - c:\programdata\Partner\Partner64.dll
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-05  17:19:29
ComboFix-quarantined-files.txt  2013-03-05 16:19
.
Vor Suchlauf: 9 Verzeichnis(se), 458.392.276.992 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 458.353.348.608 Bytes frei
.
- - End Of File - - 5B60DDF4D8EC78832D3FBDF99DEB95AA
         

Alt 06.03.2013, 00:42   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
GVU Trojaner will einfach nicht verschwinden. - Standard

GVU Trojaner will einfach nicht verschwinden.



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 06.03.2013, 10:45   #15
DarKxRaideR
 
GVU Trojaner will einfach nicht verschwinden. - Standard

GVU Trojaner will einfach nicht verschwinden.



Also das JRT Tool lief durch und beim adwcleaner hat er dann einen Neustart gewollt, hat dann auch ohne den Fehler im Normalen Modus neu gestartet und hat auch erfolgreich den Report generiert, als ich dann den letzten Test, also das OTL nochmal laufen gelassen habe, hat sich nach wenigen Sekunden der Bildschirm wieder komplett weiss überlagert und ich konnte nichts mehr sehen, anbei die beiden Reports die ich dann im abgesicherten Modus wieder hergeholt habe und der nach der "reinfektion" ausgeführte OTL Report aus dem abgesicherten Modus:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.8 (03.04.2013:1)
OS: Windows 7 Home Premium x64
Ran by OAPalliance on 06.03.2013 at 10:04:25,29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\kt_bho_dll.dll
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-

ba73-e35ea1ea9990}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689

-ba73-e35ea1ea9990}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.03.2013 at 10:07:08,60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Code:
ATTFilter
# AdwCleaner v2.114 - Datei am 06/03/2013 um 10:09:11 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzer : OAPalliance - OAPALLIANCE-PC
# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung
# Ausgeführt unter : C:\Users\OAPalliance\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7600.16385

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[R1].txt - [1638 octets] - [05/03/2013 11:47:25]
AdwCleaner[S1].txt - [1011 octets] - [06/03/2013 10:09:11]

########## EOF - C:\AdwCleaner[S1].txt - [1071 octets] ##########
         
OTL.txt

Code:
ATTFilter
OTL logfile created on: 06.03.2013 10:39:20 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\OAPalliance\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 2,79 Gb Available Physical Memory | 75,99% Memory free
7,35 Gb Paging File | 6,48 Gb Available in Paging File | 88,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,66 Gb Total Space | 426,56 Gb Free Space | 94,23% Space Free | Partition Type: NTFS
 
Computer Name: OAPALLIANCE-PC | User Name: OAPalliance | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\OAPalliance\Desktop\OTL.exe (OldTimer Tools)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (mfevtp) -- C:\Programme\Common Files\mcafee\systemcore\mfevtps.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Programme\mcafee\virusscan\mcods.exe (McAfee, Inc.)
SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360213v706l0433z1j5t5641l549
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360213v706l0433z1j5t5641l549
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360213v706l0433z1j5t5641l549
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-365425079-1081678709-318092291-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7745g&r=27360213v706l0433z1j5t5641l549
IE - HKU\S-1-5-21-365425079-1081678709-318092291-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-365425079-1081678709-318092291-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-365425079-1081678709-318092291-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013.02.22 20:21:43 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2013.03.05 17:18:13 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\mcafee\msk\mskapbho64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\mcafee\systemcore\ScriptSn.20100513193929.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\mcafee\msk\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100513193929.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~2\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-365425079-1081678709-318092291-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-365425079-1081678709-318092291-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.199 217.0.43.33 217.0.43.17
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DFEE2242-366F-42A9-B3DE-C4273AB1F84C}: DhcpNameServer = 192.168.100.199 217.0.43.33 217.0.43.17
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.06 10:38:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013.03.06 10:16:30 | 001,233,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4.dll
[2013.03.06 10:16:30 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4r.dll
[2013.03.06 10:16:30 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4a.dll
[2013.03.06 10:14:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cyberlink
[2013.03.06 10:04:24 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.06 10:04:19 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.06 10:02:50 | 000,547,723 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\OAPalliance\Desktop\JRT.exe
[2013.03.06 09:14:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.03.05 19:12:17 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.03.05 17:15:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.05 17:15:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.05 17:15:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.05 17:15:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.05 17:14:57 | 005,036,545 | R--- | C] (Swearware) -- C:\Users\OAPalliance\Desktop\ComboFix.exe
[2013.03.05 14:46:35 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\OAPalliance\Desktop\aswMBR.exe
[2013.03.05 14:46:00 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\OAPalliance\Desktop\tdsskiller.exe
[2013.03.05 11:47:16 | 000,000,000 | ---D | C] -- C:\Users\OAPalliance\Desktop\mbar-1.01.0.1021
[2013.03.05 11:31:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\OAPalliance\Desktop\OTL.exe
[2013.03.04 18:09:38 | 000,703,352 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\OAPalliance\Desktop\autoruns.exe
[2013.03.04 14:01:48 | 000,000,000 | ---D | C] -- C:\Users\OAPalliance\AppData\Roaming\Malwarebytes
[2013.03.04 14:01:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.04 14:01:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.03.04 14:01:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.04 14:01:24 | 000,000,000 | ---D | C] -- C:\Users\OAPalliance\AppData\Local\Programs
[2013.03.04 12:34:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2013.03.04 12:24:43 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.04 12:22:54 | 000,000,000 | ---D | C] -- C:\Users\OAPalliance\AppData\Roaming\Adobe
[2013.02.23 04:57:49 | 000,000,000 | ---D | C] -- C:\Windows\de-DE
[2013.02.23 04:57:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\XPSViewer
[2013.02.23 04:57:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\de-DE
[2013.02.23 04:57:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\de
[2013.02.23 04:57:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\0407
[2013.02.23 04:57:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\de-DE
[2013.02.23 04:57:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0407
[2013.02.23 04:57:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\de
[2013.02.23 04:57:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\usbrpm.sys.mui
[2013.02.23 04:57:16 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\fvevol.sys.mui
[2013.02.23 04:57:08 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\qwavedrv.sys.mui
[2013.02.23 04:57:06 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\nwifi.sys.mui
[2013.02.23 04:57:06 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\qwavedrv.sys.mui
[2013.02.23 04:57:03 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\volsnap.sys.mui
[2013.02.23 04:57:03 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\usbport.sys.mui
[2013.02.23 04:57:03 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\processr.sys.mui
[2013.02.23 04:57:03 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\intelppm.sys.mui
[2013.02.23 04:57:03 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\amdppm.sys.mui
[2013.02.23 04:57:03 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\amdk8.sys.mui
[2013.02.23 04:57:03 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\usbhub.sys.mui
[2013.02.23 04:57:03 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\serial.sys.mui
[2013.02.23 04:57:03 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ohci1394.sys.mui
[2013.02.23 04:57:03 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\1394ohci.sys.mui
[2013.02.23 04:57:03 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerId.sys.mui
[2013.02.23 04:57:03 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerIb.sys.mui
[2013.02.23 04:57:03 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\i8042prt.sys.mui
[2013.02.23 04:57:03 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\acpi.sys.mui
[2013.02.23 04:57:03 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\battc.sys.mui
[2013.02.23 04:57:03 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\pci.sys.mui
[2013.02.23 04:57:03 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\IPMIDrv.sys.mui
[2013.02.23 04:57:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\sermouse.sys.mui
[2013.02.23 04:57:03 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\kbdclass.sys.mui
[2013.02.23 04:57:03 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mouclass.sys.mui
[2013.02.23 04:57:03 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\wacompen.sys.mui
[2013.02.23 04:57:03 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vhdmp.sys.mui
[2013.02.23 04:57:03 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vdrvroot.sys.mui
[2013.02.23 04:57:03 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\tpm.sys.mui
[2013.02.23 04:57:03 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\isapnp.sys.mui
[2013.02.23 04:57:03 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\hdaudbus.sys.mui
[2013.02.23 04:57:03 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\parport.sys.mui
[2013.02.23 04:57:03 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ataport.sys.mui
[2013.02.23 04:57:03 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\umbus.sys.mui
[2013.02.23 04:57:03 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mssmbios.sys.mui
[2013.02.23 04:57:03 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mouhid.sys.mui
[2013.02.23 04:57:03 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vwifibus.sys.mui
[2013.02.23 04:57:03 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ULIAGPKX.SYS.mui
[2013.02.23 04:57:03 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\UAGP35.SYS.mui
[2013.02.23 04:57:03 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\NV_AGP.SYS.mui
[2013.02.23 04:57:03 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\MTConfig.sys.mui
[2013.02.23 04:57:03 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\kbdhid.sys.mui
[2013.02.23 04:57:03 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\GAGP30KX.SYS.mui
[2013.02.23 04:57:03 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\AGP440.sys.mui
[2013.02.23 04:57:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\wd.sys.mui
[2013.02.23 04:57:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\disk.sys.mui
[2013.02.23 04:57:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\cdrom.sys.mui
[2013.02.23 04:57:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\amdide.sys.mui
[2013.02.23 04:57:02 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\tcpip.sys.mui
[2013.02.23 04:57:02 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mpio.sys.mui
[2013.02.23 04:57:02 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\bthport.sys.mui
[2013.02.23 04:57:02 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\msdsm.sys.mui
[2013.02.23 04:57:02 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\pcmcia.sys.mui
[2013.02.23 04:57:02 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\bthpan.sys.mui
[2013.02.23 04:57:02 | 000,004,096 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\de-DE\pscr.sys.mui
[2013.02.23 04:57:02 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\portcls.sys.mui
[2013.02.23 04:57:02 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\HdAudio.sys.mui
[2013.02.23 04:57:02 | 000,003,584 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\de-DE\atikmdag.sys.mui
[2013.02.23 04:57:02 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\serscan.sys.mui
[2013.02.23 04:57:02 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\rndismpx.sys.mui
[2013.02.23 04:57:02 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\rndismp6.sys.mui
[2013.02.23 04:57:02 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\hidbth.sys.mui
[2013.02.23 04:57:02 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\pnpmem.sys.mui
[2013.02.23 04:57:02 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\Dot4usb.sys.mui
[2013.02.23 04:57:02 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\BTHUSB.SYS.mui
[2013.02.23 04:57:02 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrParwdm.sys.mui
[2013.02.23 04:57:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ws2ifsl.sys.mui
[2013.02.23 04:57:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\bthenum.sys.mui
[2013.02.23 04:56:59 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\pacer.sys.mui
[2013.02.23 04:56:57 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\bfe.dll.mui
[2013.02.23 04:56:57 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\modem.sys.mui
[2013.02.23 04:56:56 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\afd.sys.mui
[2013.02.23 04:56:56 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ipnat.sys.mui
[2013.02.23 04:56:56 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\volmgrx.sys.mui
[2013.02.23 04:56:54 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ntfs.sys.mui
[2013.02.23 04:56:54 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\tunnel.sys.mui
[2013.02.23 04:56:54 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\luafv.sys.mui
[2013.02.23 04:56:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\ndiscap.sys.mui
[2013.02.23 04:56:54 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\rdbss.sys.mui
[2013.02.23 04:56:54 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\srv.sys.mui
[2013.02.23 04:56:54 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\scfilter.sys.mui
[2013.02.23 04:56:53 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ndisuio.sys.mui
[2013.02.23 04:56:53 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\partmgr.sys.mui
[2013.02.23 04:56:53 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mountmgr.sys.mui
[2013.02.23 04:56:51 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\tcpip.sys.mui
[2013.02.23 04:56:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ndiscap.sys.mui
[2013.02.23 04:56:51 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\RNDISMP.sys.mui
[2013.02.23 04:56:51 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\scfilter.sys.mui
[2013.02.23 04:56:49 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ndis.sys.mui
[2013.02.23 04:56:49 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\fltmgr.sys.mui
[2013.02.23 04:56:49 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\wdf01000.sys.mui
[2013.02.23 04:56:48 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\http.sys.mui
[2013.02.23 04:56:48 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\bfe.dll.mui
[2013.02.23 04:56:48 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\pacer.sys.mui
[2013.02.23 04:56:48 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\scsiport.sys.mui
[2013.02.23 04:52:25 | 000,000,000 | ---D | C] -- C:\Windows\NAPP_Dism_Log
[2013.02.22 20:43:11 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Arcade Deluxe
[2013.02.22 20:42:07 | 000,000,000 | ---D | C] -- C:\Users\OAPalliance\AppData\Local\Cyberlink
[2013.02.22 20:41:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acer Arcade Deluxe
[2013.02.22 20:41:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2013.02.22 20:41:02 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2013.02.22 20:39:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2013.02.22 20:38:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2013.02.22 20:38:47 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2013.02.22 20:38:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2013.02.22 20:38:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2013.02.22 20:38:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2013.02.22 20:38:17 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013.02.22 20:37:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2013.02.22 20:36:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2013.02.22 20:34:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent
[2013.02.22 20:33:56 | 000,056,344 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\HECIx64.sys
[2013.02.22 20:32:52 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2013.02.22 20:31:57 | 000,000,000 | ---D | C] -- C:\Users\OAPalliance\AppData\Roaming\Liteon
[2013.02.22 20:31:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye webcam
[2013.02.22 20:31:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acer Crystal Eye webcam
[2013.02.22 20:31:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Launch Manager
[2013.02.22 20:30:09 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2013.02.22 20:29:31 | 000,000,000 | ---D | C] -- C:\Users\OAPalliance\AppData\Roaming\InstallShield
[2013.02.22 20:25:33 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013.02.22 20:25:33 | 000,000,000 | ---D | C] -- C:\Users\OAPalliance\AppData\Roaming\ATI
[2013.02.22 20:25:33 | 000,000,000 | ---D | C] -- C:\Users\OAPalliance\AppData\Local\ATI
[2013.02.22 20:25:33 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013.02.22 20:24:58 | 000,000,000 | ---D | C] -- C:\Users\OAPalliance\AppData\Roaming\Intel Corporation
[2013.02.22 20:24:47 | 000,000,000 | ---D | C] -- C:\Users\OAPalliance\AppData\Local\EgisTec IPS
[2013.02.22 20:24:46 | 000,000,000 | ---D | C] -- C:\book
[2013.02.22 20:24:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem
[2013.02.22 20:24:45 | 000,000,000 | ---D | C] -- C:\Users\OAPalliance\AppData\Roaming\Macromedia
[2013.02.22 20:24:33 | 000,000,000 | R--D | C] -- C:\Users\OAPalliance\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.02.22 20:24:33 | 000,000,000 | R--D | C] -- C:\Users\OAPalliance\Searches
[2013.02.22 20:24:33 | 000,000,000 | R--D | C] -- C:\Users\OAPalliance\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.02.22 20:24:25 | 000,000,000 | ---D | C] -- C:\Users\OAPalliance\AppData\Roaming\Identities
[2013.02.22 20:24:23 | 000,000,000 | R--D | C] -- C:\Users\OAPalliance\Contacts
[2013.02.22 20:24:21 | 000,000,000 | ---D | C] -- C:\Users\OAPalliance\AppData\Local\VirtualStore
[2013.02.22 20:22:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OEM
[2013.02.22 20:21:50 | 000,000,000 | ---D | C] -- C:\Program Files\Acer Accessory Store
[2013.02.22 20:21:35 | 000,000,000 | -HSD | C] -- C:\Users\OAPalliance\Vorlagen
[2013.02.22 20:21:35 | 000,000,000 | -HSD | C] -- C:\Users\OAPalliance\AppData\Local\Verlauf
[2013.02.22 20:21:35 | 000,000,000 | -HSD | C] -- C:\Users\OAPalliance\AppData\Local\Temporary Internet Files
[2013.02.22 20:21:35 | 000,000,000 | -HSD | C] -- C:\Users\OAPalliance\Lokale Einstellungen
[2013.02.22 20:21:35 | 000,000,000 | -HSD | C] -- C:\Users\OAPalliance\AppData\Local\Anwendungsdaten
[2013.02.22 20:21:34 | 000,000,000 | --SD | C] -- C:\Users\OAPalliance\AppData\Roaming\Microsoft
[2013.02.22 20:21:34 | 000,000,000 | R--D | C] -- C:\Users\OAPalliance\Videos
[2013.02.22 20:21:34 | 000,000,000 | R--D | C] -- C:\Users\OAPalliance\Saved Games
[2013.02.22 20:21:34 | 000,000,000 | R--D | C] -- C:\Users\OAPalliance\Pictures
[2013.02.22 20:21:34 | 000,000,000 | R--D | C] -- C:\Users\OAPalliance\Music
[2013.02.22 20:21:34 | 000,000,000 | R--D | C] -- C:\Users\OAPalliance\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.02.22 20:21:34 | 000,000,000 | R--D | C] -- C:\Users\OAPalliance\Links
[2013.02.22 20:21:34 | 000,000,000 | R--D | C] -- C:\Users\OAPalliance\Favorites
[2013.02.22 20:21:34 | 000,000,000 | R--D | C] -- C:\Users\OAPalliance\Downloads
[2013.02.22 20:21:34 | 000,000,000 | R--D | C] -- C:\Users\OAPalliance\Documents
[2013.02.22 20:21:34 | 000,000,000 | R--D | C] -- C:\Users\OAPalliance\Desktop
[2013.02.22 20:21:34 | 000,000,000 | R--D | C] -- C:\Users\OAPalliance\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.02.22 20:21:34 | 000,000,000 | -HSD | C] -- C:\Users\OAPalliance\Startmenü
[2013.02.22 20:21:34 | 000,000,000 | -HSD | C] -- C:\Users\OAPalliance\SendTo
[2013.02.22 20:21:34 | 000,000,000 | -HSD | C] -- C:\Users\OAPalliance\Recent
[2013.02.22 20:21:34 | 000,000,000 | -HSD | C] -- C:\Users\OAPalliance\Netzwerkumgebung
[2013.02.22 20:21:34 | 000,000,000 | -HSD | C] -- C:\Users\OAPalliance\Documents\Eigene Videos
[2013.02.22 20:21:34 | 000,000,000 | -HSD | C] -- C:\Users\OAPalliance\Documents\Eigene Musik
[2013.02.22 20:21:34 | 000,000,000 | -HSD | C] -- C:\Users\OAPalliance\Eigene Dateien
[2013.02.22 20:21:34 | 000,000,000 | -HSD | C] -- C:\Users\OAPalliance\Documents\Eigene Bilder
[2013.02.22 20:21:34 | 000,000,000 | -HSD | C] -- C:\Users\OAPalliance\Druckumgebung
[2013.02.22 20:21:34 | 000,000,000 | -HSD | C] -- C:\Users\OAPalliance\Cookies
[2013.02.22 20:21:34 | 000,000,000 | -HSD | C] -- C:\Users\OAPalliance\Anwendungsdaten
[2013.02.22 20:21:34 | 000,000,000 | -H-D | C] -- C:\Users\OAPalliance\AppData
[2013.02.22 20:21:34 | 000,000,000 | ---D | C] -- C:\Users\OAPalliance\AppData\Local\Temp
[2013.02.22 20:21:34 | 000,000,000 | ---D | C] -- C:\Users\OAPalliance\AppData\Local\Microsoft
[2013.02.22 20:21:34 | 000,000,000 | ---D | C] -- C:\Users\OAPalliance\AppData\Roaming\Media Center Programs
[2013.02.22 20:21:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.02.22 20:21:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.02.22 20:21:29 | 000,000,000 | -HSD | C] -- C:\Programme
[2013.02.22 20:21:29 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.02.22 20:21:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2013.02.22 20:21:29 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.02.22 20:21:29 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.02.22 20:21:29 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.02.22 20:21:29 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2013.02.22 20:21:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.02.22 20:21:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2013.02.22 20:21:29 | 000,000,000 | ---D | C] -- C:\Recovery
[2013.02.22 20:07:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2013.02.22 20:06:56 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2013.02.22 20:06:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2013.02.22 20:05:51 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013.02.22 20:04:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2013.02.22 20:04:53 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013.02.22 20:04:52 | 002,719,504 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2013.02.22 20:04:52 | 001,913,888 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2013.02.22 20:04:52 | 000,612,384 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2013.02.22 20:04:52 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2013.02.22 20:04:52 | 000,332,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2013.02.22 20:04:52 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2013.02.22 20:04:52 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2013.02.22 20:04:52 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2013.02.22 20:04:52 | 000,149,536 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2013.02.22 20:04:51 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2013.02.22 20:04:51 | 001,659,936 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2013.02.22 20:04:51 | 001,325,328 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2013.02.22 20:04:51 | 001,210,912 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2013.02.22 20:04:51 | 001,178,384 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2013.02.22 20:04:51 | 001,110,800 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2013.02.22 20:04:51 | 000,504,592 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2013.02.22 20:04:51 | 000,477,216 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2013.02.22 20:04:51 | 000,474,896 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2013.02.22 20:04:51 | 000,372,936 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2013.02.22 20:04:51 | 000,325,904 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2013.02.22 20:04:51 | 000,321,440 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2013.02.22 20:04:51 | 000,315,152 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2013.02.22 20:04:51 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2013.02.22 20:04:51 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2013.02.22 20:04:51 | 000,268,560 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2013.02.22 20:04:51 | 000,265,488 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2013.02.22 20:04:51 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2013.02.22 20:04:51 | 000,123,664 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2013.02.22 20:04:51 | 000,123,152 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2013.02.22 20:04:51 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2013.02.22 20:04:51 | 000,099,016 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2013.02.22 20:04:51 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2013.02.22 20:04:51 | 000,069,664 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2013.02.22 20:04:50 | 001,247,776 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2013.02.22 20:04:50 | 000,168,288 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2013.02.22 20:04:50 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2013.02.22 20:04:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013.02.22 20:04:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013.02.22 20:02:55 | 000,000,000 | -HSD | C] -- C:\System Volume Information
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.06 10:41:13 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.06 10:41:13 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.06 10:41:13 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.06 10:41:13 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.06 10:41:13 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.06 10:38:41 | 000,001,832 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
[2013.03.06 10:36:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.06 10:36:19 | 2960,510,976 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.06 10:33:29 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.06 10:33:29 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.06 10:03:49 | 000,597,667 | ---- | M] () -- C:\Users\OAPalliance\Desktop\adwcleaner.exe
[2013.03.06 10:02:57 | 000,547,723 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\OAPalliance\Desktop\JRT.exe
[2013.03.05 17:18:13 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.03.05 17:14:58 | 005,036,545 | R--- | M] (Swearware) -- C:\Users\OAPalliance\Desktop\ComboFix.exe
[2013.03.05 14:46:35 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\OAPalliance\Desktop\aswMBR.exe
[2013.03.05 14:46:05 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\OAPalliance\Desktop\tdsskiller.exe
[2013.03.05 14:02:30 | 000,377,856 | ---- | M] () -- C:\Users\OAPalliance\Desktop\gmer_2.1.19155.exe
[2013.03.05 11:46:40 | 013,786,977 | ---- | M] () -- C:\Users\OAPalliance\Desktop\mbar-1.01.0.1021.zip
[2013.03.05 11:31:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\OAPalliance\Desktop\OTL.exe
[2013.02.23 04:57:38 | 000,295,922 | ---- | M] () -- C:\Windows\SysNative\perfi007.dat
[2013.02.23 04:57:38 | 000,038,104 | ---- | M] () -- C:\Windows\SysNative\perfd007.dat
[2013.02.23 04:57:20 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\usbrpm.sys.mui
[2013.02.23 04:57:16 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\fvevol.sys.mui
[2013.02.23 04:57:12 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\UMDF\de-DE\WpdMtpDr.dll.mui
[2013.02.23 04:57:08 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\qwavedrv.sys.mui
[2013.02.23 04:57:06 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\nwifi.sys.mui
[2013.02.23 04:57:06 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\qwavedrv.sys.mui
[2013.02.23 04:57:03 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\volsnap.sys.mui
[2013.02.23 04:57:03 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\usbport.sys.mui
[2013.02.23 04:57:03 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\processr.sys.mui
[2013.02.23 04:57:03 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\intelppm.sys.mui
[2013.02.23 04:57:03 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\amdppm.sys.mui
[2013.02.23 04:57:03 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\amdk8.sys.mui
[2013.02.23 04:57:03 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\usbhub.sys.mui
[2013.02.23 04:57:03 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\serial.sys.mui
[2013.02.23 04:57:03 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ohci1394.sys.mui
[2013.02.23 04:57:03 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\1394ohci.sys.mui
[2013.02.23 04:57:03 | 000,011,776 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerId.sys.mui
[2013.02.23 04:57:03 | 000,011,776 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerIb.sys.mui
[2013.02.23 04:57:03 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\i8042prt.sys.mui
[2013.02.23 04:57:03 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\acpi.sys.mui
[2013.02.23 04:57:03 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\battc.sys.mui
[2013.02.23 04:57:03 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\pci.sys.mui
[2013.02.23 04:57:03 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\IPMIDrv.sys.mui
[2013.02.23 04:57:03 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\sermouse.sys.mui
[2013.02.23 04:57:03 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\kbdclass.sys.mui
[2013.02.23 04:57:03 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mouclass.sys.mui
[2013.02.23 04:57:03 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\wacompen.sys.mui
[2013.02.23 04:57:03 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vhdmp.sys.mui
[2013.02.23 04:57:03 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vdrvroot.sys.mui
[2013.02.23 04:57:03 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\tpm.sys.mui
[2013.02.23 04:57:03 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\isapnp.sys.mui
[2013.02.23 04:57:03 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\hdaudbus.sys.mui
[2013.02.23 04:57:03 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\parport.sys.mui
[2013.02.23 04:57:03 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ataport.sys.mui
[2013.02.23 04:57:03 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\umbus.sys.mui
[2013.02.23 04:57:03 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mssmbios.sys.mui
[2013.02.23 04:57:03 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mouhid.sys.mui
[2013.02.23 04:57:03 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vwifibus.sys.mui
[2013.02.23 04:57:03 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ULIAGPKX.SYS.mui
[2013.02.23 04:57:03 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\UAGP35.SYS.mui
[2013.02.23 04:57:03 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\NV_AGP.SYS.mui
[2013.02.23 04:57:03 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\MTConfig.sys.mui
[2013.02.23 04:57:03 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\kbdhid.sys.mui
[2013.02.23 04:57:03 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\GAGP30KX.SYS.mui
[2013.02.23 04:57:03 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\AGP440.sys.mui
[2013.02.23 04:57:03 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\wd.sys.mui
[2013.02.23 04:57:03 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\disk.sys.mui
[2013.02.23 04:57:03 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\cdrom.sys.mui
[2013.02.23 04:57:03 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\amdide.sys.mui
[2013.02.23 04:57:02 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\tcpip.sys.mui
[2013.02.23 04:57:02 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mpio.sys.mui
[2013.02.23 04:57:02 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\bthport.sys.mui
[2013.02.23 04:57:02 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\UMDF\de-DE\WUDFUsbccidDriver.dll.mui
[2013.02.23 04:57:02 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\msdsm.sys.mui
[2013.02.23 04:57:02 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\pcmcia.sys.mui
[2013.02.23 04:57:02 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\bthpan.sys.mui
[2013.02.23 04:57:02 | 000,004,096 | ---- | M] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\de-DE\pscr.sys.mui
[2013.02.23 04:57:02 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\portcls.sys.mui
[2013.02.23 04:57:02 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\HdAudio.sys.mui
[2013.02.23 04:57:02 | 000,003,584 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\de-DE\atikmdag.sys.mui
[2013.02.23 04:57:02 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\serscan.sys.mui
[2013.02.23 04:57:02 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\rndismpx.sys.mui
[2013.02.23 04:57:02 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\rndismp6.sys.mui
[2013.02.23 04:57:02 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\hidbth.sys.mui
[2013.02.23 04:57:02 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\pnpmem.sys.mui
[2013.02.23 04:57:02 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\Dot4usb.sys.mui
[2013.02.23 04:57:02 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\BTHUSB.SYS.mui
[2013.02.23 04:57:02 | 000,002,560 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrParwdm.sys.mui
[2013.02.23 04:57:02 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ws2ifsl.sys.mui
[2013.02.23 04:57:02 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\bthenum.sys.mui
[2013.02.23 04:56:59 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\pacer.sys.mui
[2013.02.23 04:56:57 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\bfe.dll.mui
[2013.02.23 04:56:57 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\modem.sys.mui
[2013.02.23 04:56:56 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\afd.sys.mui
[2013.02.23 04:56:56 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ipnat.sys.mui
[2013.02.23 04:56:56 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\volmgrx.sys.mui
[2013.02.23 04:56:54 | 000,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ntfs.sys.mui
[2013.02.23 04:56:54 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\tunnel.sys.mui
[2013.02.23 04:56:54 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\luafv.sys.mui
[2013.02.23 04:56:54 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\ndiscap.sys.mui
[2013.02.23 04:56:54 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\rdbss.sys.mui
[2013.02.23 04:56:54 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\srv.sys.mui
[2013.02.23 04:56:54 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\scfilter.sys.mui
[2013.02.23 04:56:53 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ndisuio.sys.mui
[2013.02.23 04:56:53 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\partmgr.sys.mui
[2013.02.23 04:56:53 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mountmgr.sys.mui
[2013.02.23 04:56:51 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\tcpip.sys.mui
[2013.02.23 04:56:51 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ndiscap.sys.mui
[2013.02.23 04:56:51 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\RNDISMP.sys.mui
[2013.02.23 04:56:51 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\scfilter.sys.mui
[2013.02.23 04:56:49 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ndis.sys.mui
[2013.02.23 04:56:49 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\fltmgr.sys.mui
[2013.02.23 04:56:49 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\wdf01000.sys.mui
[2013.02.23 04:56:48 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\http.sys.mui
[2013.02.23 04:56:48 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\bfe.dll.mui
[2013.02.23 04:56:48 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\pacer.sys.mui
[2013.02.23 04:56:48 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\scsiport.sys.mui
[2013.02.23 04:52:25 | 000,011,453 | ---- | M] () -- C:\Windows\ChangeLang_Done.tag
[2013.02.22 20:32:55 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013.02.22 20:31:11 | 000,000,184 | ---- | M] () -- C:\Windows\LMv4.UNI
[2013.02.22 20:21:50 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\Acer Zubehör Shop.lnk
[2013.02.22 20:17:48 | 000,052,953 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013.02.22 20:17:48 | 000,052,953 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013.02.22 20:11:46 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.22 20:11:07 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2013.02.22 20:10:05 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\PLD_Framework.cmd
 
========== Files Created - No Company Name ==========
 
[2013.03.05 17:15:37 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.05 17:15:37 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.05 17:15:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.05 17:15:37 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.05 17:15:37 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.05 14:03:42 | 000,377,856 | ---- | C] () -- C:\Users\OAPalliance\Desktop\gmer_2.1.19155.exe
[2013.03.05 11:46:40 | 013,786,977 | ---- | C] () -- C:\Users\OAPalliance\Desktop\mbar-1.01.0.1021.zip
[2013.03.05 11:46:36 | 000,597,667 | ---- | C] () -- C:\Users\OAPalliance\Desktop\adwcleaner.exe
[2013.02.23 05:01:16 | 000,011,453 | ---- | C] () -- C:\Windows\ChangeLang_Done.tag
[2013.02.23 04:58:13 | 000,295,922 | ---- | C] () -- C:\Windows\SysNative\perfi007.dat
[2013.02.23 04:58:12 | 000,643,866 | ---- | C] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.23 04:58:12 | 000,126,394 | ---- | C] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.23 04:58:12 | 000,038,104 | ---- | C] () -- C:\Windows\SysNative\perfd007.dat
[2013.02.22 20:36:10 | 000,002,435 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
[2013.02.22 20:32:55 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013.02.22 20:24:38 | 000,001,409 | ---- | C] () -- C:\Users\OAPalliance\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013.02.22 20:24:34 | 000,001,443 | ---- | C] () -- C:\Users\OAPalliance\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.02.22 20:21:50 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\Acer Zubehör Shop.lnk
[2013.02.22 20:11:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013.02.22 20:10:05 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\PLD_Framework.cmd
[2013.02.22 20:07:16 | 000,001,105 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2013.02.22 20:07:16 | 000,001,105 | ---- | C] () -- C:\Windows\SysNative\atipblup.dat
[2013.02.22 20:04:53 | 000,231,056 | ---- | C] () -- C:\Windows\SysNative\drivers\RTConvEQ.dat
[2013.02.22 20:04:53 | 000,030,856 | ---- | C] () -- C:\Windows\SysNative\drivers\RtPCEE3.DAT
[2013.02.22 20:04:53 | 000,001,352 | ---- | C] () -- C:\Windows\SysNative\drivers\RtHdatEx.dat
[2013.02.22 20:04:53 | 000,000,712 | ---- | C] () -- C:\Windows\SysNative\drivers\SamSfPa.dat
[2013.02.22 20:04:53 | 000,000,520 | ---- | C] () -- C:\Windows\SysNative\drivers\RTEQEX3.dat
[2013.02.22 20:04:53 | 000,000,520 | ---- | C] () -- C:\Windows\SysNative\drivers\RTEQEX2.dat
[2013.02.22 20:04:53 | 000,000,520 | ---- | C] () -- C:\Windows\SysNative\drivers\RTEQEX1.dat
[2013.02.22 20:04:53 | 000,000,520 | ---- | C] () -- C:\Windows\SysNative\drivers\RTEQEX0.dat
[2013.02.22 20:04:53 | 000,000,176 | ---- | C] () -- C:\Windows\SysNative\drivers\RTHDAEQ1.dat
[2013.02.22 20:04:53 | 000,000,008 | ---- | C] () -- C:\Windows\SysNative\drivers\rtkhdaud.dat
[2013.02.22 20:04:18 | 000,696,680 | ---- | C] () -- C:\Windows\SysNative\oem6.inf
[2013.02.22 20:02:56 | 2960,510,976 | -HS- | C] () -- C:\hiberfil.sys
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2009.07.14 02:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
Extras.txt

Code:
ATTFilter
OTL Extras logfile created on: 06.03.2013 10:39:20 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\OAPalliance\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 2,79 Gb Available Physical Memory | 75,99% Memory free
7,35 Gb Paging File | 6,48 Gb Available in Paging File | 88,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,66 Gb Total Space | 426,56 Gb Free Space | 94,23% Space Free | Partition Type: NTFS
 
Computer Name: OAPALLIANCE-PC | User Name: OAPalliance | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11F56432-6CE4-4C7E-BD84-81B3D5F39F45}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A587D0D8-7794-4580-820D-5BA8B7BD84F5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12ADA536-652F-4FD7-9B60-F0150084D470}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{19146BDF-4B53-45CF-942E-075B2B1D1C84}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\dms\clmsservice.exe | 
"{1E26BF55-F490-4D62-B313-932FB5839731}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe | 
"{227BE239-292F-41E1-8364-F7A2CABA9717}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\powercinema.exe | 
"{29CD4701-413E-49D3-A07B-AE91E6EECA41}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{2CCCA3DE-8843-4AA2-8937-048FFF0848A4}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\dmp\clbrowserengine.exe | 
"{3238093F-B8B3-4316-9764-C88A34A0560D}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{82101DBE-3B25-4341-BA89-BA39B650F3D6}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{87FFCDCF-0884-467F-8FD8-3CE1D28F3C9B}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{9C1FB447-0DC8-4AEE-AB2F-38CFEB3D88D5}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovie.exe | 
"{9DF2A7BD-9821-4ECB-8481-CF371A720DD7}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{9EB95263-38C4-4BC3-90D6-07A94960C700}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{AC01BBEA-AC42-4A74-95DB-9D92FA08B53D}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\pcmservice.exe | 
"{CB9A2E62-ED0E-40E6-89E1-38BA8567B7F2}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{F9F15209-31F0-496F-BA17-C66BE5B93F77}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovieservice.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{241E3816-2EF1-A1D1-8811-4478E28E130B}" = ccc-utility64
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AFBE654A-4597-89DB-EF5F-7CC7D0475691}" = ATI Catalyst Install Manager
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{0E9118B6-0191-3642-E743-B69EBE42D4AF}" = Catalyst Control Center Graphics Full Existing
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19F3712E-BDCF-B1DA-A22E-A67537C8A2F0}" = CCC Help Polish
"{1BE1B77F-4307-B5D3-1532-CEE7ECF9CBBB}" = CCC Help Norwegian
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3CD5493C-51AF-C805-A197-DC36E8C57784}" = CCC Help Portuguese
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaShow Espresso
"{4BCBC4D0-1D88-462D-809E-506F34EA11C0}" = Catalyst Control Center - Branding
"{4FEF7A1D-0DAC-F687-E474-AA7A13E3D8CA}" = Catalyst Control Center Graphics Full New
"{50B9544E-CA9A-CA08-3BC8-F66A69A4E49F}" = CCC Help Spanish
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{525A74BE-B7F5-94D0-987C-0324FF58FBB1}" = CCC Help French
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5F0FF70C-5828-2178-4642-206D9F3B681F}" = Catalyst Control Center InstallProxy
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{74A8E6D0-5E5B-6CAC-F592-8EDA39FC15C0}" = CCC Help Korean
"{780B7CAD-9E59-8986-63EC-D60B8D06D6E6}" = Catalyst Control Center Graphics Light
"{7C1BA7EF-0866-BBDB-129A-F53DB0954F61}" = CCC Help Turkish
"{7E2CD483-7D07-BE78-C0C6-DE07057DC551}" = Catalyst Control Center Core Implementation
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{832BC337-E36D-0039-065C-7E4EDC5D45B4}" = CCC Help Greek
"{849EC471-5D3C-59E4-5C52-845C3AC320B3}" = CCC Help Thai
"{86021347-6DF2-7015-B152-51A17DCFDB22}" = CCC Help English
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9347A62B-EDAF-AA30-0F68-3EF11B51DCA1}" = CCC Help German
"{935E59AB-A56F-6EB5-9BA8-A1FC7A203A77}" = ccc-core-static
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95E4B940-E816-933C-D48F-2E000F2629C8}" = CCC Help Chinese Traditional
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D027EFD-8DA7-474D-FEF9-6302A77BDB27}" = CCC Help Chinese Standard
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8439DCA-AE39-2510-3EC3-730C4EE13473}" = CCC Help Finnish
"{ABEE079E-648E-488B-8301-0C3DB48C1BCE}_is1" = Acer GameZone Console
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{AC838E60-C5DB-3127-1743-E6789CC26C74}" = PX Profile Update
"{B6F57B2E-1C93-E0B3-4F6A-F5E2118709AA}" = CCC Help Swedish
"{B73424BF-A4E9-572B-3FE1-6E7AF172D192}" = Catalyst Control Center Graphics Previews Vista
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = Acer Arcade Movie
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C76DD602-F340-0433-87B9-432996F4707A}" = Catalyst Control Center Localization All
"{D421F957-7D5B-D409-FA76-7400853952E3}" = CCC Help Czech
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DBB3F067-D7DF-C159-4224-3DABD84492E1}" = CCC Help Hungarian
"{DCDCE4BE-9E4B-BC42-85F6-76D4F0AE7EE0}" = CCC Help Russian
"{DF4F714F-5EDA-31FF-F597-317A29B42B8B}" = CCC Help Danish
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E1831D71-DBCA-999B-075D-7CC2B9B115C9}" = CCC Help Japanese
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E5EABF66-F9C4-430C-B97D-3CF28A58D50B}" = Alcor Micro USB Card Reader
"{EA562C1C-D6C2-070A-FE8B-B1FF6094ACB8}" = CCC Help Dutch
"{EADB1B66-8AAD-BC58-7E6E-33BC314A27D5}" = CCC Help Italian
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{E5EABF66-F9C4-430C-B97D-3CF28A58D50B}" = Alcor Micro USB Card Reader
"LManager" = Launch Manager
"MSC" = McAfee Internet Security Suite
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ System Events ]
Error - 06.03.2013 05:37:31 | Computer Name = OAPalliance-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 06.03.2013 05:37:31 | Computer Name = OAPalliance-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 06.03.2013 05:37:31 | Computer Name = OAPalliance-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 06.03.2013 05:37:36 | Computer Name = OAPalliance-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 06.03.2013 05:37:36 | Computer Name = OAPalliance-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 06.03.2013 05:37:36 | Computer Name = OAPalliance-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 06.03.2013 05:37:36 | Computer Name = OAPalliance-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 06.03.2013 05:37:36 | Computer Name = OAPalliance-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 06.03.2013 05:37:36 | Computer Name = OAPalliance-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 06.03.2013 05:40:44 | Computer Name = OAPalliance-PC | Source = DCOM | ID = 10005
Description = 
 
 
< End of report >
         

Antwort

Themen zu GVU Trojaner will einfach nicht verschwinden.
adobe flash player, autorun, bho, error, explorer, explorer.exe, firefox, flash player, format, home, igdpmd64.sys, install.exe, launch, logfile, malware, malware bytes, microsoft, msiinstaller, phishing, pmmupdate.exe, programme, realtek, registry, rundll, siteadvisor, software, svchost.exe, symantec, trojaner, windows, winlogon




Ähnliche Themen: GVU Trojaner will einfach nicht verschwinden.


  1. ZeuS/ZBot will wohl einfach nicht verschwinden....
    Plagegeister aller Art und deren Bekämpfung - 31.05.2013 (17)
  2. xxx.xxx File will nicht verschwinden xxx.xxx File will nicht verschwinden
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (2)
  3. BKA Trojaner verschwindet einfach nicht !
    Plagegeister aller Art und deren Bekämpfung - 17.08.2011 (1)
  4. Trojaner lässt sich einfach nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 01.12.2010 (1)
  5. Trojaner win32.Agent.fbx, bekomm ihn einfach nicht weg
    Plagegeister aller Art und deren Bekämpfung - 04.11.2010 (1)
  6. Problem mit Pc .. Dateien verschwinden einfach
    Log-Analyse und Auswertung - 18.10.2009 (1)
  7. virus will einfach nicht verschwinden
    Log-Analyse und Auswertung - 09.02.2009 (54)
  8. Virus will nicht vom Pc Verschwinden!
    Log-Analyse und Auswertung - 10.07.2008 (1)
  9. Trojaner - einfach nicht zu löschen...
    Plagegeister aller Art und deren Bekämpfung - 10.07.2008 (9)
  10. Ich bekomme den Trojaner einfach nicht weg :(
    Plagegeister aller Art und deren Bekämpfung - 13.06.2008 (2)
  11. Windows System Alert will einfach nicht verschwinden
    Log-Analyse und Auswertung - 13.06.2007 (8)
  12. ich bekomm die trojaner einfach nicht weg..
    Log-Analyse und Auswertung - 02.04.2006 (1)
  13. ich kriege meine Trojaner einfach nicht gelöscht....
    Plagegeister aller Art und deren Bekämpfung - 06.01.2006 (4)
  14. Bekomme den Trojaner einfach nicht weg
    Plagegeister aller Art und deren Bekämpfung - 20.11.2004 (3)
  15. trojaner-will einfach nicht weg
    Plagegeister aller Art und deren Bekämpfung - 10.11.2004 (3)
  16. Trojaner will einfach nicht weg
    Plagegeister aller Art und deren Bekämpfung - 02.10.2004 (15)
  17. Virus/Trojaner StartPage-CH kriege ich einfach nicht weg!!!
    Plagegeister aller Art und deren Bekämpfung - 16.07.2004 (2)

Zum Thema GVU Trojaner will einfach nicht verschwinden. - Hallo liebe Community, ich habe mir mal wieder einen ganz besonders hartnäckigen GVU Trojaner eingefangen, der abgesicherte Modus meines Windows 7 Home Premium 64-Bit geht zwar noch, aber jegliche Versuche - GVU Trojaner will einfach nicht verschwinden....
Archiv
Du betrachtest: GVU Trojaner will einfach nicht verschwinden. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.