TechSpot

[A] Infected with the W32/Patched.UA virus

Inactive
By chrisbucanac
Oct 28, 2012
  1. Hi, I really hope you can help me...
    I cought the W32/Patched.UA virus in my service.exe. I found several pages telling just to remove a certain list of different files and regitry entries, but all those files are just not there or are not deletable.

    I found you forum an really hope I can save my system: Its a Win7 64 bit.
    I already run the system check via USB drive, as you always ask for.
    thank you


    Here is the logfile:



    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-10-2012
    Ran by SYSTEM at 28-10-2012 04:40:00
    Running from H:\
    Windows 7 Professional (X64) OS Language: German Standard
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11776104 2011-02-11] (Realtek Semiconductor)
    HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1680976 2010-10-29] (Logitech, Inc.)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-04] (Adobe Systems Incorporated)
    HKLM\...\Run: [VIRTU] C:\Program Files\Lucidlogix Technologies\VIRTU\VirtuControlPanel.Exe /hide [2657568 2011-07-19] ()
    HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284184 2011-02-09] (Intel Corporation)
    HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [281768 2011-03-28] (Avira GmbH)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run [167936 2011-03-24] (Applian Technologies, Inc.)
    HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2010-10-25] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [821144 2010-10-25] (Adobe Systems Inc.)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-11-13] (Apple Inc.)
    HKLM-x32\...\Run: [Driver Genius] [x]
    HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-29] ()
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
    HKLM-x32\...\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [221184 2005-02-17] (InstallShield Software Corporation)
    Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
    AppInit_DLLs: C:\PROGRA~1\LUCIDL~1\VIRTU\appinit_dll.dll C:\PROGRA~1\LUCIDL~1\VIRTU\APPINI~1.DLL
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\basICColor display4 VideoLUT Loader.lnk
    ShortcutTarget: basICColor display4 VideoLUT Loader.lnk -> C:\Program Files (x86)\basICColor Software\basICColor display 4.1\LUTLoader.exe (Color Solutions)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\CineForm Status.lnk
    ShortcutTarget: CineForm Status.lnk -> C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe (GoPro)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk
    ShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\maComfort.lnk
    ShortcutTarget: maComfort.lnk -> C:\Program Files (x86)\maComfort\maComfort.exe ()

    ==================== Services (Whitelisted) ===================

    2 AAV UpdateService; "C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe" [128296 2008-10-24] ()
    2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [136360 2011-03-28] (Avira GmbH)
    2 AntiVirService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [269480 2011-07-02] (Avira GmbH)
    3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
    2 Crypkey License; crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.)
    2 hasplms; C:\Windows\system32\hasplms.exe -run [4941768 2012-06-27] (SafeNet Inc.)
    2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [542040 2012-03-26] ()
    3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [77520 2012-03-26] ()
    2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [329544 2012-03-26] ()
    3 IDVistaService; C:\Program Files (x86)\Input Director\IDVistaService.exe [13824 2009-02-08] ()
    2 InputDirector; C:\Program Files (x86)\Input Director\IDWinService.exe [36864 2010-02-01] ()
    2 PaceLicenseDServices; "C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe" [2932224 2011-07-09] (PACE Anti-Piracy, Inc.)
    3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]
    2 postgresql-x64-9.0; C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N "postgresql-x64-9.0" -D "C:/Program Files/PostgreSQL/9.0/data" -w [x]
    3 rpcapd; "C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini" [x]
    2 SkypeUpdate; C:\programs\Portable\Skype\SkypePortable4\Updater\Updater.exe [x]

    ==================== Drivers (Whitelisted) =====================

    3 61883; C:\Windows\System32\Drivers\61883.sys [60288 2009-07-14] (Microsoft Corporation)
    3 akshhl; C:\Windows\System32\Drivers\akshhl.sys [57088 2011-09-08] (SafeNet Inc.)
    3 aksusb; C:\Windows\System32\Drivers\aksusb.sys [296576 2012-06-06] (SafeNet Inc.)
    1 AppleCharger; C:\Windows\System32\Drivers\AppleCharger.sys [21104 2011-01-10] ()
    2 avgntflt; C:\Windows\System32\Drivers\avgntflt.sys [88288 2011-07-02] (Avira GmbH)
    1 avipbb; C:\Windows\System32\Drivers\avipbb.sys [123784 2011-07-02] (Avira GmbH)
    1 cdrblock; C:\Windows\System32\Drivers\cdrblock.sys [36696 2011-04-21] (Grass Valley K.K.)
    3 EyeOneDisplay; C:\Windows\System32\Drivers\i1display_x64.sys [7808 2007-03-28] (GretagMacbeth LLC)
    3 gdrv; \??\C:\Windows\gdrv.sys [25640 2011-06-15] (Windows (R) Server 2003 DDK provider)
    2 hardlock; C:\Windows\System32\Drivers\hardlock.sys [321536 2011-10-07] (SafeNet Inc.)
    1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] ()
    1 NPF; C:\Windows\System32\Drivers\NPF.sys [47632 2010-01-27] (CACE Technologies, Inc.)
    1 NPF; C:\Windows\SysWow64\Drivers\NPF.sys [30336 2003-04-04] (Politecnico di Torino)
    3 prwntdrv; \??\C:\Windows\system32\prwntdrv.sys [16776 2010-08-25] ()
    2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [142120 2007-04-27] (SafeNet, Inc.)
    2 PDIHWCTL; \??\C:\Windows\system32\drivers\pdihwctl.sys [x]
    3 SliceDisk5; \??\C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys [x]

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2025-09-05 00:09 - 2025-09-05 00:14 - 00000000 ____D C:\Program Files\NewBlue
    2025-09-05 00:08 - 2025-09-05 00:13 - 00000000 ____D C:\Program Files (x86)\NewBlue
    2012-10-28 04:39 - 2012-10-28 04:39 - 00000000 ____D C:\FRST
    2012-10-28 04:12 - 2012-10-28 04:12 - 00000000 ____D C:\Users\All Users\PC Tools
    2012-10-28 01:43 - 2012-10-28 01:43 - 00262144 ____A C:\Windows\Minidump\102812-22682-01.dmp
    2012-10-28 00:50 - 2012-10-28 02:41 - 00000000 ____D C:\Program Files (x86)\CyberLink
    2012-10-27 18:12 - 2012-10-28 02:41 - 00000000 ____D C:\Program Files (x86)\BitrateViewer
    2012-10-27 00:32 - 2012-10-28 02:41 - 00000000 ____D C:\Program Files (x86)\Boris FX, Inc
    2012-10-11 12:57 - 2012-10-11 12:57 - 00007168 ____A C:\My3DGraph.grf
    2012-10-11 12:36 - 2012-10-11 12:58 - 00000000 ____D C:\Users\Public\CineForm
    2012-10-11 12:36 - 2012-10-11 12:36 - 00000000 ____D C:\Program Files (x86)\GoPro
    2012-10-11 12:36 - 2012-10-11 12:36 - 00000000 ____D C:\Program Files (x86)\CineForm
    2012-10-10 15:13 - 2012-09-14 20:19 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2012-10-10 15:13 - 2012-09-14 19:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2012-10-10 15:13 - 2012-08-31 19:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
    2012-10-10 15:13 - 2012-08-30 19:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-10-10 15:13 - 2012-08-30 18:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-10-10 15:13 - 2012-08-30 18:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-10-10 15:13 - 2012-08-24 19:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2012-10-10 15:13 - 2012-08-24 17:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2012-10-10 15:13 - 2012-08-20 19:48 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2012-10-10 15:13 - 2012-08-20 19:48 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
    2012-10-10 15:13 - 2012-08-20 19:48 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
    2012-10-10 15:13 - 2012-08-20 19:48 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
    2012-10-10 15:13 - 2012-08-20 19:48 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2012-10-10 15:13 - 2012-08-20 19:48 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
    2012-10-10 15:13 - 2012-08-20 19:48 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
    2012-10-10 15:13 - 2012-08-20 19:46 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
    2012-10-10 15:13 - 2012-08-20 19:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2012-10-10 15:13 - 2012-08-20 19:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    2012-10-10 15:13 - 2012-08-20 19:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-10-10 15:13 - 2012-08-20 19:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-10-10 15:13 - 2012-08-20 19:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-10-10 15:13 - 2012-08-20 19:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2012-10-10 15:13 - 2012-08-20 19:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-10-10 15:13 - 2012-08-20 19:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    2012-10-10 15:13 - 2012-08-20 19:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-10-10 15:13 - 2012-08-20 19:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-10-10 15:13 - 2012-08-20 19:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-10-10 15:13 - 2012-08-20 19:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    2012-10-10 15:13 - 2012-08-20 19:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    2012-10-10 15:13 - 2012-08-20 19:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-10-10 15:13 - 2012-08-20 19:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    2012-10-10 15:13 - 2012-08-20 19:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2012-10-10 15:13 - 2012-08-20 19:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2012-10-10 15:13 - 2012-08-20 19:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2012-10-10 15:13 - 2012-08-20 19:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2012-10-10 15:13 - 2012-08-20 19:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    2012-10-10 15:13 - 2012-08-20 19:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-10-10 15:13 - 2012-08-20 19:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    2012-10-10 15:13 - 2012-08-20 19:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    2012-10-10 15:13 - 2012-08-20 19:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-10-10 15:13 - 2012-08-20 19:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    2012-10-10 15:13 - 2012-08-20 19:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    2012-10-10 15:13 - 2012-08-20 19:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    2012-10-10 15:13 - 2012-08-20 19:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    2012-10-10 15:13 - 2012-08-20 18:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2012-10-10 15:13 - 2012-08-20 18:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2012-10-10 15:13 - 2012-08-20 18:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2012-10-10 15:13 - 2012-08-20 18:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2012-10-10 15:13 - 2012-08-20 18:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2012-10-10 15:13 - 2012-08-20 18:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2012-10-10 15:13 - 2012-08-20 18:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-10-10 15:13 - 2012-08-20 18:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-10-10 15:13 - 2012-08-20 18:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2012-10-10 15:13 - 2012-08-20 18:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2012-10-10 15:13 - 2012-08-20 18:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-10-10 15:13 - 2012-08-20 18:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2012-10-10 15:13 - 2012-08-20 18:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-10-10 15:13 - 2012-08-20 18:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-10-10 15:13 - 2012-08-20 18:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2012-10-10 15:13 - 2012-08-20 18:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-10-10 15:13 - 2012-08-20 18:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-10-10 15:13 - 2012-08-20 18:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2012-10-10 15:13 - 2012-08-20 18:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2012-10-10 15:13 - 2012-08-20 18:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-10-10 15:13 - 2012-08-20 18:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2012-10-10 15:13 - 2012-08-20 18:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2012-10-10 15:13 - 2012-08-20 18:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2012-10-10 15:13 - 2012-08-20 18:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2012-10-10 15:13 - 2012-08-20 18:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-10-10 15:13 - 2012-08-20 18:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2012-10-10 15:13 - 2012-08-20 18:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2012-10-10 15:13 - 2012-08-20 18:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2012-10-10 15:13 - 2012-08-20 18:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2012-10-10 15:13 - 2012-08-20 16:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2012-10-10 15:13 - 2012-08-20 16:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2012-10-10 15:13 - 2012-08-20 16:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2012-10-10 15:13 - 2012-08-20 16:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-10-10 15:13 - 2012-08-20 16:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2012-10-10 15:13 - 2012-08-20 16:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2012-10-10 15:13 - 2012-08-11 01:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
    2012-10-10 15:13 - 2012-08-11 00:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2012-10-10 15:13 - 2012-06-02 06:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-10-10 15:13 - 2012-06-02 06:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-10-10 15:13 - 2012-06-02 06:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-10-10 15:13 - 2012-06-02 05:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-10-10 15:13 - 2012-06-02 05:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-10-10 15:13 - 2012-06-02 05:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll


    ==================== 3 Months Modified Files ==================

    2012-10-28 04:29 - 2012-08-25 13:16 - 00001120 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-208996254-2709365253-2112509887-1003UA.job
    2012-10-28 04:16 - 2012-08-14 18:01 - 00001108 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-10-28 04:16 - 2012-06-21 23:44 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-10-28 04:13 - 2009-07-14 18:58 - 04085498 ____A C:\Windows\System32\perfh007.dat
    2012-10-28 04:13 - 2009-07-14 18:58 - 01197526 ____A C:\Windows\System32\perfc007.dat
    2012-10-28 04:13 - 2009-07-14 06:13 - 00005732 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-10-28 04:03 - 2011-09-16 23:53 - 00001138 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-208996254-2709365253-2112509887-1003UA.job
    2012-10-28 03:48 - 2009-07-14 05:45 - 00013568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-10-28 03:48 - 2009-07-14 05:45 - 00013568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-10-28 03:41 - 2012-08-14 18:01 - 00001104 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-10-28 03:41 - 2012-06-26 14:35 - 00005332 ____A C:\Windows\error.log
    2012-10-28 03:41 - 2012-06-26 14:35 - 00001204 ____A C:\Windows\errord.log
    2012-10-28 03:41 - 2012-06-03 00:37 - 08405015 ____A C:\Windows\TmpFile1
    2012-10-28 03:41 - 2012-04-25 16:04 - 00018805 ____A C:\Windows\setupact.log
    2012-10-28 03:41 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-10-28 03:24 - 2011-06-10 22:12 - 01741946 ____A C:\Windows\WindowsUpdate.log
    2012-10-28 01:43 - 2012-10-28 01:43 - 00262144 ____A C:\Windows\Minidump\102812-22682-01.dmp
    2012-10-28 01:42 - 2012-06-26 07:54 - 627759634 ____N C:\Windows\MEMORY.DMP
    2012-10-19 09:43 - 2012-08-25 13:16 - 00001068 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-208996254-2709365253-2112509887-1003Core.job
    2012-10-19 00:03 - 2011-09-16 23:53 - 00001116 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-208996254-2709365253-2112509887-1003Core.job
    2012-10-17 01:26 - 2011-06-15 21:37 - 00000021 ____A C:\Windows\SurCode.INI
    2012-10-11 12:57 - 2012-10-11 12:57 - 00007168 ____A C:\My3DGraph.grf
    2012-10-11 12:36 - 2012-04-26 00:42 - 00009188 ____A C:\Windows\DPINST.LOG
    2012-10-11 10:04 - 2009-07-14 05:45 - 05391808 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-10-11 10:03 - 2012-04-30 21:00 - 00017364 ____A C:\Windows\PFRO.log
    2012-10-11 02:01 - 2011-06-12 17:43 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-10-09 12:16 - 2012-06-21 23:44 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-10-09 12:16 - 2011-06-12 18:07 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-09-30 00:15 - 2012-05-02 23:18 - 00000032 ____A C:\Windows\Menu.INI
    2012-09-26 18:31 - 2012-09-26 18:31 - 01424896 ____A (CineForm Inc.) C:\Windows\System32\CFHD.dll
    2012-09-26 18:28 - 2012-09-26 18:28 - 01458176 ____A (CineForm Inc.) C:\Windows\SysWOW64\CFHD.dll
    2012-09-21 01:07 - 2012-09-21 01:07 - 00262144 ____A C:\Windows\Minidump\092112-37299-01.dmp
    2012-09-14 20:19 - 2012-10-10 15:13 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2012-09-14 19:28 - 2012-10-10 15:13 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2012-08-31 19:19 - 2012-10-10 15:13 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
    2012-08-30 19:03 - 2012-10-10 15:13 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-08-30 18:12 - 2012-10-10 15:13 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-08-30 18:12 - 2012-10-10 15:13 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-08-26 23:28 - 2009-07-14 06:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-08-24 19:05 - 2012-10-10 15:13 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2012-08-24 17:57 - 2012-10-10 15:13 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2012-08-24 12:15 - 2012-09-26 23:30 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-08-24 11:39 - 2012-09-26 23:30 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-08-24 11:31 - 2012-09-26 23:30 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-08-24 11:22 - 2012-09-26 23:30 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-08-24 11:21 - 2012-09-26 23:30 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-08-24 11:20 - 2012-09-26 23:30 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-08-24 11:18 - 2012-09-26 23:30 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-08-24 11:17 - 2012-09-26 23:30 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-08-24 11:14 - 2012-09-26 23:30 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-08-24 11:14 - 2012-09-26 23:30 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-08-24 11:13 - 2012-09-26 23:30 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-08-24 11:12 - 2012-09-26 23:30 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-08-24 11:11 - 2012-09-26 23:30 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-08-24 11:10 - 2012-09-26 23:30 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-08-24 11:09 - 2012-09-26 23:30 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-08-24 11:04 - 2012-09-26 23:30 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-08-24 08:27 - 2012-09-26 23:30 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-08-24 08:03 - 2012-09-26 23:30 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-08-24 07:59 - 2012-09-26 23:30 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-08-24 07:51 - 2012-09-26 23:30 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-08-24 07:51 - 2012-09-26 23:30 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-08-24 07:51 - 2012-09-26 23:30 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-08-24 07:49 - 2012-09-26 23:30 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-08-24 07:48 - 2012-09-26 23:30 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-08-24 07:47 - 2012-09-26 23:30 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-08-24 07:47 - 2012-09-26 23:30 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-08-24 07:47 - 2012-09-26 23:30 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-08-24 07:45 - 2012-09-26 23:30 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-08-24 07:44 - 2012-09-26 23:30 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-08-24 07:44 - 2012-09-26 23:30 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-08-24 07:43 - 2012-09-26 23:30 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-08-24 07:40 - 2012-09-26 23:30 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-08-22 19:12 - 2012-09-12 14:10 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-08-22 19:12 - 2012-09-12 14:10 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
    2012-08-22 19:12 - 2012-09-12 14:10 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
    2012-08-22 19:12 - 2012-09-12 14:10 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
    2012-08-21 22:01 - 2012-09-26 23:28 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
    2012-08-20 19:48 - 2012-10-10 15:13 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2012-08-20 19:48 - 2012-10-10 15:13 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
    2012-08-20 19:48 - 2012-10-10 15:13 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
    2012-08-20 19:48 - 2012-10-10 15:13 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
    2012-08-20 19:48 - 2012-10-10 15:13 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2012-08-20 19:48 - 2012-10-10 15:13 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
    2012-08-20 19:48 - 2012-10-10 15:13 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
    2012-08-20 19:46 - 2012-10-10 15:13 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
    2012-08-20 19:38 - 2012-10-10 15:13 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 19:38 - 2012-10-10 15:13 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    2012-08-20 19:38 - 2012-10-10 15:13 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 19:38 - 2012-10-10 15:13 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-08-20 19:38 - 2012-10-10 15:13 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-08-20 19:38 - 2012-10-10 15:13 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2012-08-20 19:38 - 2012-10-10 15:13 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-08-20 19:38 - 2012-10-10 15:13 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    2012-08-20 19:38 - 2012-10-10 15:13 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-08-20 19:38 - 2012-10-10 15:13 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-08-20 19:38 - 2012-10-10 15:13 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-08-20 19:38 - 2012-10-10 15:13 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    2012-08-20 19:38 - 2012-10-10 15:13 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    2012-08-20 19:38 - 2012-10-10 15:13 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-08-20 19:38 - 2012-10-10 15:13 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    2012-08-20 19:38 - 2012-10-10 15:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 19:38 - 2012-10-10 15:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2012-08-20 19:38 - 2012-10-10 15:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2012-08-20 19:38 - 2012-10-10 15:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2012-08-20 19:38 - 2012-10-10 15:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    2012-08-20 19:38 - 2012-10-10 15:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-08-20 19:38 - 2012-10-10 15:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    2012-08-20 19:38 - 2012-10-10 15:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    2012-08-20 19:38 - 2012-10-10 15:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-08-20 19:38 - 2012-10-10 15:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    2012-08-20 19:38 - 2012-10-10 15:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    2012-08-20 19:38 - 2012-10-10 15:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    2012-08-20 19:38 - 2012-10-10 15:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    2012-08-20 18:40 - 2012-10-10 15:13 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2012-08-20 18:38 - 2012-10-10 15:13 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2012-08-20 18:37 - 2012-10-10 15:13 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2012-08-20 18:37 - 2012-10-10 15:13 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2012-08-20 18:37 - 2012-10-10 15:13 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2012-08-20 18:32 - 2012-10-10 15:13 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2012-08-20 18:32 - 2012-10-10 15:13 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-08-20 18:32 - 2012-10-10 15:13 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-08-20 18:32 - 2012-10-10 15:13 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2012-08-20 18:32 - 2012-10-10 15:13 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2012-08-20 18:32 - 2012-10-10 15:13 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-08-20 18:32 - 2012-10-10 15:13 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2012-08-20 18:32 - 2012-10-10 15:13 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-08-20 18:32 - 2012-10-10 15:13 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-08-20 18:32 - 2012-10-10 15:13 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2012-08-20 18:32 - 2012-10-10 15:13 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-08-20 18:32 - 2012-10-10 15:13 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-08-20 18:32 - 2012-10-10 15:13 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2012-08-20 18:32 - 2012-10-10 15:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2012-08-20 18:32 - 2012-10-10 15:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-08-20 18:32 - 2012-10-10 15:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2012-08-20 18:32 - 2012-10-10 15:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2012-08-20 18:32 - 2012-10-10 15:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2012-08-20 18:32 - 2012-10-10 15:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2012-08-20 18:32 - 2012-10-10 15:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-08-20 18:32 - 2012-10-10 15:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2012-08-20 18:32 - 2012-10-10 15:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2012-08-20 18:32 - 2012-10-10 15:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2012-08-20 18:32 - 2012-10-10 15:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2012-08-20 16:38 - 2012-10-10 15:13 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2012-08-20 16:38 - 2012-10-10 15:13 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2012-08-20 16:33 - 2012-10-10 15:13 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 16:33 - 2012-10-10 15:13 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 16:33 - 2012-10-10 15:13 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 16:33 - 2012-10-10 15:13 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2012-08-14 18:43 - 2012-08-14 18:43 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
    2012-08-11 01:56 - 2012-10-10 15:13 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
    2012-08-11 00:56 - 2012-10-10 15:13 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2012-08-02 18:58 - 2012-09-12 14:10 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
    2012-08-02 17:57 - 2012-09-12 14:10 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll


    ZeroAccess:
    C:\Windows\Installer\{3261f29f-47ae-5086-2ff2-b91082b31060}
    C:\Windows\Installer\{3261f29f-47ae-5086-2ff2-b91082b31060}\@
    C:\Windows\Installer\{3261f29f-47ae-5086-2ff2-b91082b31060}\L
    C:\Windows\Installer\{3261f29f-47ae-5086-2ff2-b91082b31060}\U
    C:\Windows\Installer\{3261f29f-47ae-5086-2ff2-b91082b31060}\U\00000001.@
    C:\Windows\Installer\{3261f29f-47ae-5086-2ff2-b91082b31060}\U\80000000.@
    C:\Windows\Installer\{3261f29f-47ae-5086-2ff2-b91082b31060}\U\800000cb.@

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2012-08-15 10:52:04
    Restore point made on: 2012-08-18 07:16:25
    Restore point made on: 2012-08-22 19:35:43
    Restore point made on: 2012-09-12 00:37:55
    Restore point made on: 2012-09-13 02:00:13
    Restore point made on: 2012-09-21 01:47:54
    Restore point made on: 2012-09-26 23:30:46
    Restore point made on: 2012-10-04 02:48:27
    Restore point made on: 2012-10-10 15:46:56
    Restore point made on: 2012-10-11 02:00:27
    Restore point made on: 2012-10-11 12:36:56
    Restore point made on: 2012-10-19 19:04:49
    Restore point made on: 2012-10-27 01:05:28
    Restore point made on: 2012-10-28 00:48:52
    Restore point made on: 2012-10-28 00:50:02
    Restore point made on: 2012-10-28 00:55:29

    ==================== Memory info ===========================

    Percentage of memory in use: 7%
    Total physical RAM: 16301.07 MB
    Available physical RAM: 15129.93 MB
    Total Pagefile: 16299.22 MB
    Available Pagefile: 15128.51 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.89 MB

    ==================== Partitions =============================

    1 Drive c: (System) (Fixed) (Total:119.14 GB) (Free:67.43 GB) NTFS
    2 Drive d: (Raid) (Fixed) (Total:2794.4 GB) (Free:319.87 GB) NTFS
    3 Drive e: (progs_temp) (Fixed) (Total:186.31 GB) (Free:2.32 GB) NTFS
    4 Drive f: (temp) (Fixed) (Total:149.05 GB) (Free:127.82 GB) NTFS
    5 Drive h: () (Removable) (Total:14.92 GB) (Free:14.88 GB) FAT32
    10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    11 Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Datentr„ger ### Status Gr”áe Frei Dyn GPT
    --------------- ------------- ------- ------- --- ---
    Datentr„ger 0 Online 119 GB 0 B
    Datentr„ger 1 Online 2794 GB 0 B *
    Datentr„ger 2 Online 186 GB 0 B
    Datentr„ger 3 Online 149 GB 0 B
    Datentr„ger 4 Online 14 GB 0 B
    Datentr„ger 5 Kein Medium 0 B 0 B
    Datentr„ger 6 Kein Medium 0 B 0 B
    Datentr„ger 7 Kein Medium 0 B 0 B
    Datentr„ger 8 Kein Medium 0 B 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Typ GrӇe Offset
    ------------- ---------------- ------- -------
    Partition 1 Prim„r 100 MB 1024 KB
    Partition 2 Prim„r 119 GB 101 MB

    ==================================================================================

    Disk: 0
    Partition 1
    Typ : 07
    Versteckt: Nein
    Aktiv : Ja

    Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 0 Y System-rese NTFS Partition 100 MB Fehlerfre

    =========================================================

    Disk: 0
    Partition 2
    Typ : 07
    Versteckt: Nein
    Aktiv : Nein

    Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C System NTFS Partition 119 GB Fehlerfre

    =========================================================

    Disk: 0
    Partition 2
    Typ : 07
    Versteckt: Nein
    Aktiv : Nein

    Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C System NTFS Partition 119 GB Fehlerfre

    =========================================================

    Partitions of Disk 1:
    ===============

    Partition ### Typ GrӇe Offset
    ------------- ---------------- ------- -------
    Partition 1 Reserviert 128 MB 17 KB
    Partition 2 Prim„r 2794 GB 129 MB

    ==================================================================================

    Disk: 1
    Partition 1
    Typ : e3c9e316-0b5c-4db8-817d-f92df00215ae
    Versteckt : Ja
    Erforderlich: Nein
    Attribut : 0000000000000000

    Dieser Partition ist kein Volume zugewiesen.

    =========================================================

    Disk: 1
    Partition 2
    Typ : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Versteckt : Nein
    Erforderlich: Nein
    Attribut : 0000000000000000

    Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 D Raid NTFS Partition 2794 GB Fehlerfre

    =========================================================

    Disk: 1
    Partition 2
    Typ : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Versteckt : Nein
    Erforderlich: Nein
    Attribut : 0000000000000000

    Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 D Raid NTFS Partition 2794 GB Fehlerfre

    =========================================================

    Partitions of Disk 2:
    ===============

    Partition ### Typ GrӇe Offset
    ------------- ---------------- ------- -------
    Partition 1 Prim„r 186 GB 1024 KB

    ==================================================================================

    Disk: 2
    Partition 1
    Typ : 07
    Versteckt: Nein
    Aktiv : Nein

    Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E progs_temp NTFS Partition 186 GB Fehlerfre

    =========================================================

    Disk: 2
    Partition 1
    Typ : 07
    Versteckt: Nein
    Aktiv : Nein

    Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E progs_temp NTFS Partition 186 GB Fehlerfre

    =========================================================

    Partitions of Disk 3:
    ===============

    Partition ### Typ GrӇe Offset
    ------------- ---------------- ------- -------
    Partition 1 Prim„r 149 GB 1024 KB

    ==================================================================================

    Disk: 3
    Partition 1
    Typ : 07
    Versteckt: Nein
    Aktiv : Nein

    Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 F temp NTFS Partition 149 GB Fehlerfre

    =========================================================

    Disk: 3
    Partition 1
    Typ : 07
    Versteckt: Nein
    Aktiv : Nein

    Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 F temp NTFS Partition 149 GB Fehlerfre

    =========================================================

    Partitions of Disk 4:
    ===============

    Partition ### Typ GrӇe Offset
    ------------- ---------------- ------- -------
    Partition 1 Prim„r 14 GB 5208 KB

    ==================================================================================

    Disk: 4
    Partition 1
    Typ : 0C
    Versteckt: Nein
    Aktiv : Ja

    Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 H FAT32 Wechselmed 14 GB Fehlerfre

    =========================================================

    Disk: 4
    Partition 1
    Typ : 0C
    Versteckt: Nein
    Aktiv : Ja

    Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 H FAT32 Wechselmed 14 GB Fehlerfre

    =========================================================

    Last Boot: 2012-10-26 05:28

    ==================== End Of Log =============================
     
  2. Broni

    Broni Malware Annihilator Posts: 47,612   +267

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==========================================

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes in your reply.
     
  3. chrisbucanac

    chrisbucanac TS Rookie Topic Starter

    Farbar Recovery Scan Tool (x64) Version: 26-10-2012
    Ran by SYSTEM at 2012-10-28 10:01:49
    Running from H:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-14 00:19] - [2009-07-14 02:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-14 00:19] - [2009-07-14 02:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

    ====== End Of Search ======
     
  4. Broni

    Broni Malware Annihilator Posts: 47,612   +267

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next...

    Restart normally...

    ===================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    =================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    =================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    Alternate download: http://www.filehippo.com/download_malwarebytes_anti_malware/
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ===============================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     

    Attached Files:

  5. chrisbucanac

    chrisbucanac TS Rookie Topic Starter

    Thank you. The first tool TDSSkiller didnt find anything. And the last one aswMBR crashed dring the scan. I saved the logfile as far as possible. The filepath while the crash happened wasnt completely visible. It was
    windows/assembly/GAC_MSIL/Microsoft.VisualStudio.Tools.Applications... something.
    I checked the folder and it must be one of those:

    Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0
    Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0resources
    Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v10.0
    Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0
    Microsoft.VisualStudio.Tools.Applications.Contract.v10.0
    Microsoft.VisualStudio.Tools.Applications.Contract.v9.0
    Microsoft.VisualStudio.Tools.Applications.HostAdapter.v10.0
    Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0
    Microsoft.VisualStudio.Tools.Applications.Hosting.v10.0.resources
    Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0
    Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0.resources
    Microsoft.VisualStudio.Tools.Applications.Runtime.v10.0
    Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0
    Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.resources
    Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0
    Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0.resources
    Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0
    Microsoft.VisualStudio.Tools.Applications.ServerDocument.v10.0.resources

    Thanks a lot for helping!
    Here the logfiles:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-10-2012
    Ran by SYSTEM at 2012-10-30 16:26:43 Run:1
    Running from L:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
    C:\Windows\Installer\{3261f29f-47ae-5086-2ff2-b91082b31060} moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====








    16:36:40.0410 5456 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
    16:36:40.0426 5456 ============================================================
    16:36:40.0426 5456 Current date / time: 2012/10/30 16:36:40.0426
    16:36:40.0426 5456 SystemInfo:
    16:36:40.0426 5456
    16:36:40.0426 5456 OS Version: 6.1.7601 ServicePack: 1.0
    16:36:40.0426 5456 Product type: Workstation
    16:36:40.0426 5456 ComputerName: WORKSTATION
    16:36:40.0426 5456 UserName: Chris
    16:36:40.0426 5456 Windows directory: C:\Windows
    16:36:40.0426 5456 System windows directory: C:\Windows
    16:36:40.0426 5456 Running under WOW64
    16:36:40.0426 5456 Processor architecture: Intel x64
    16:36:40.0426 5456 Number of processors: 8
    16:36:40.0426 5456 Page size: 0x1000
    16:36:40.0426 5456 Boot type: Normal boot
    16:36:40.0426 5456 ============================================================
    16:36:40.0816 5456 Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    16:36:40.0816 5456 Drive \Device\Harddisk1\DR1 - Size: 0x2BAA1A00000 (2794.53 Gb), SectorSize: 0x200, Cylinders: 0x59102, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    16:36:40.0832 5456 Drive \Device\Harddisk2\DR2 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    16:36:40.0972 5456 Drive \Device\Harddisk3\DR3 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    16:36:40.0972 5456 Drive \Device\Harddisk8\DR8 - Size: 0x3BC400000 (14.94 Gb), SectorSize: 0x200, Cylinders: 0x79E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    16:36:40.0988 5456 ============================================================
    16:36:40.0988 5456 \Device\Harddisk0\DR0:
    16:36:40.0988 5456 MBR partitions:
    16:36:40.0988 5456 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    16:36:40.0988 5456 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEE49000
    16:36:40.0988 5456 \Device\Harddisk1\DR1:
    16:36:40.0988 5456 GPT partitions:
    16:36:40.0988 5456 \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {D704F883-8443-48B9-AE0C-46AB65DA86B7}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000
    16:36:40.0988 5456 \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {742A6641-B756-43DF-83E0-6C64910DE86E}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0x5D4CC000
    16:36:40.0988 5456 MBR partitions:
    16:36:40.0988 5456 \Device\Harddisk2\DR2:
    16:36:40.0988 5456 MBR partitions:
    16:36:40.0988 5456 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1749E000
    16:36:40.0988 5456 \Device\Harddisk3\DR3:
    16:36:40.0988 5456 MBR partitions:
    16:36:40.0988 5456 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A18800
    16:36:40.0988 5456 \Device\Harddisk8\DR8:
    16:36:40.0988 5456 MBR partitions:
    16:36:40.0988 5456 \Device\Harddisk8\DR8\Partition1: MBR, Type 0xC, StartLBA 0x28B0, BlocksNum 0x1DDF750
    16:36:40.0988 5456 ============================================================
    16:36:40.0988 5456 C: <-> \Device\Harddisk0\DR0\Partition2
    16:36:41.0019 5456 E: <-> \Device\Harddisk2\DR2\Partition1
    16:36:41.0097 5456 D: <-> \Device\Harddisk1\DR1\Partition2
    16:36:41.0112 5456 F: <-> \Device\Harddisk3\DR3\Partition1
    16:36:41.0112 5456 ============================================================
    16:36:41.0112 5456 Initialize success
    16:36:41.0112 5456 ============================================================
    16:36:49.0302 5512 ============================================================
    16:36:49.0302 5512 Scan started
    16:36:49.0302 5512 Mode: Manual;
    16:36:49.0302 5512 ============================================================
    16:36:49.0911 5512 ================ Scan system memory ========================
    16:36:49.0911 5512 System memory - ok
    16:36:49.0911 5512 ================ Scan services =============================
    16:36:49.0926 5512 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    16:36:49.0926 5512 1394ohci - ok
    16:36:49.0926 5512 [ E0A8525A951ADDB4655BC2068566407D ] 61883 C:\Windows\system32\DRIVERS\61883.sys
    16:36:49.0926 5512 61883 - ok
    16:36:49.0942 5512 [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
    16:36:49.0942 5512 AAV UpdateService - ok
    16:36:49.0942 5512 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    16:36:49.0942 5512 ACPI - ok
    16:36:49.0942 5512 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    16:36:49.0942 5512 AcpiPmi - ok
    16:36:49.0958 5512 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    16:36:49.0958 5512 AdobeFlashPlayerUpdateSvc - ok
    16:36:49.0973 5512 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    16:36:49.0973 5512 adp94xx - ok
    16:36:49.0973 5512 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    16:36:49.0989 5512 adpahci - ok
    16:36:49.0989 5512 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    16:36:49.0989 5512 adpu320 - ok
    16:36:50.0004 5512 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    16:36:50.0004 5512 AeLookupSvc - ok
    16:36:50.0004 5512 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    16:36:50.0020 5512 AFD - ok
    16:36:50.0020 5512 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    16:36:50.0020 5512 agp440 - ok
    16:36:50.0020 5512 [ 44F360B65C37A42EB5B71C2E5179FDD5 ] aksdf C:\Windows\system32\drivers\aksdf.sys
    16:36:50.0020 5512 aksdf - ok
    16:36:50.0036 5512 [ BC61697103C9EFC3DBA83777CEA8E76B ] aksfridge C:\Windows\system32\DRIVERS\aksfridge.sys
    16:36:50.0036 5512 aksfridge - ok
    16:36:50.0036 5512 [ A56F1B0F967AEF8A82D7771E6D166DEF ] akshasp C:\Windows\system32\DRIVERS\akshasp.sys
    16:36:50.0036 5512 akshasp - ok
    16:36:50.0036 5512 [ BC0EE7F8D0BE561793B80871F4F10627 ] akshhl C:\Windows\system32\DRIVERS\akshhl.sys
    16:36:50.0051 5512 akshhl - ok
    16:36:50.0051 5512 [ B13237DDA02267B5D5B8A68780CB4817 ] aksusb C:\Windows\system32\DRIVERS\aksusb.sys
    16:36:50.0051 5512 aksusb - ok
    16:36:50.0067 5512 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    16:36:50.0067 5512 ALG - ok
    16:36:50.0067 5512 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    16:36:50.0067 5512 aliide - ok
    16:36:50.0067 5512 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    16:36:50.0067 5512 amdide - ok
    16:36:50.0082 5512 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    16:36:50.0082 5512 AmdK8 - ok
    16:36:50.0082 5512 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    16:36:50.0082 5512 AmdPPM - ok
    16:36:50.0082 5512 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    16:36:50.0098 5512 amdsata - ok
    16:36:50.0098 5512 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    16:36:50.0098 5512 amdsbs - ok
    16:36:50.0098 5512 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    16:36:50.0098 5512 amdxata - ok
    16:36:50.0114 5512 [ C27D46B06D340293670450FCE9DFB166 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    16:36:50.0114 5512 AntiVirSchedulerService - ok
    16:36:50.0114 5512 [ 72D90E56563165984224493069C69ED4 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    16:36:50.0114 5512 AntiVirService - ok
    16:36:50.0114 5512 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    16:36:50.0114 5512 AppID - ok
    16:36:50.0129 5512 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    16:36:50.0129 5512 AppIDSvc - ok
    16:36:50.0129 5512 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    16:36:50.0129 5512 Appinfo - ok
    16:36:50.0129 5512 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    16:36:50.0129 5512 Apple Mobile Device - ok
    16:36:50.0145 5512 [ 6BE11AD81D4527D299F0CB5F3731AABC ] AppleCharger C:\Windows\system32\DRIVERS\AppleCharger.sys
    16:36:50.0145 5512 AppleCharger - ok
    16:36:50.0145 5512 [ 95EF7247C50C7241FDAE39A9B3AFF4AE ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe
    16:36:50.0145 5512 AppleChargerSrv - ok
    16:36:50.0145 5512 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
    16:36:50.0160 5512 AppMgmt - ok
    16:36:50.0160 5512 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    16:36:50.0160 5512 arc - ok
    16:36:50.0160 5512 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    16:36:50.0160 5512 arcsas - ok
    16:36:50.0176 5512 aspnet_state - ok
    16:36:50.0176 5512 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    16:36:50.0176 5512 AsyncMac - ok
    16:36:50.0176 5512 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
    16:36:50.0176 5512 atapi - ok
    16:36:50.0192 5512 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    16:36:50.0192 5512 AudioEndpointBuilder - ok
    16:36:50.0192 5512 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    16:36:50.0207 5512 AudioSrv - ok
    16:36:50.0207 5512 [ 16FABE84916623D0607E4A975544032C ] Avc C:\Windows\system32\DRIVERS\avc.sys
    16:36:50.0207 5512 Avc - ok
    16:36:50.0207 5512 [ B1224E6B086CD6548315B04AB575A23E ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
    16:36:50.0207 5512 avgntflt - ok
    16:36:50.0207 5512 [ ED45F12CFA62B83765C9C1496758CC87 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
    16:36:50.0223 5512 avipbb - ok
    16:36:50.0223 5512 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    16:36:50.0223 5512 AxInstSV - ok
    16:36:50.0238 5512 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    16:36:50.0238 5512 b06bdrv - ok
    16:36:50.0238 5512 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    16:36:50.0254 5512 b57nd60a - ok
    16:36:50.0254 5512 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    16:36:50.0254 5512 BDESVC - ok
    16:36:50.0254 5512 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    16:36:50.0254 5512 Beep - ok
    16:36:50.0270 5512 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
    16:36:50.0270 5512 BITS - ok
    16:36:50.0285 5512 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    16:36:50.0285 5512 blbdrive - ok
    16:36:50.0285 5512 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    16:36:50.0285 5512 Bonjour Service - ok
    16:36:50.0285 5512 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    16:36:50.0301 5512 bowser - ok
    16:36:50.0301 5512 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    16:36:50.0301 5512 BrFiltLo - ok
    16:36:50.0301 5512 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    16:36:50.0301 5512 BrFiltUp - ok
    16:36:50.0301 5512 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    16:36:50.0301 5512 Browser - ok
    16:36:50.0316 5512 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    16:36:50.0316 5512 Brserid - ok
    16:36:50.0316 5512 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    16:36:50.0316 5512 BrSerWdm - ok
    16:36:50.0316 5512 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    16:36:50.0316 5512 BrUsbMdm - ok
    16:36:50.0332 5512 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    16:36:50.0332 5512 BrUsbSer - ok
    16:36:50.0332 5512 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    16:36:50.0332 5512 BTHMODEM - ok
    16:36:50.0332 5512 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    16:36:50.0332 5512 bthserv - ok
    16:36:50.0348 5512 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    16:36:50.0348 5512 cdfs - ok
    16:36:50.0348 5512 [ E40877BEED8342983FD336763CBA7BEE ] cdrblock C:\Windows\system32\DRIVERS\cdrblock.sys
    16:36:50.0348 5512 cdrblock - ok
    16:36:50.0348 5512 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    16:36:50.0363 5512 cdrom - ok
    16:36:50.0363 5512 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    16:36:50.0363 5512 CertPropSvc - ok
    16:36:50.0363 5512 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    16:36:50.0363 5512 circlass - ok
    16:36:50.0363 5512 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    16:36:50.0379 5512 CLFS - ok
    16:36:50.0379 5512 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    16:36:50.0379 5512 clr_optimization_v2.0.50727_32 - ok
    16:36:50.0379 5512 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    16:36:50.0394 5512 clr_optimization_v2.0.50727_64 - ok
    16:36:50.0394 5512 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    16:36:50.0394 5512 clr_optimization_v4.0.30319_32 - ok
    16:36:50.0394 5512 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    16:36:50.0394 5512 clr_optimization_v4.0.30319_64 - ok
    16:36:50.0410 5512 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    16:36:50.0410 5512 CmBatt - ok
    16:36:50.0410 5512 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    16:36:50.0410 5512 cmdide - ok
    16:36:50.0410 5512 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    16:36:50.0426 5512 CNG - ok
    16:36:50.0426 5512 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    16:36:50.0426 5512 Compbatt - ok
    16:36:50.0426 5512 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    16:36:50.0441 5512 CompositeBus - ok
    16:36:50.0441 5512 COMSysApp - ok
    16:36:50.0441 5512 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    16:36:50.0441 5512 crcdisk - ok
    16:36:50.0441 5512 Crypkey License - ok
    16:36:50.0441 5512 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
    16:36:50.0441 5512 CryptSvc - ok
    16:36:50.0457 5512 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
    16:36:50.0457 5512 CSC - ok
    16:36:50.0472 5512 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
    16:36:50.0472 5512 CscService - ok
    16:36:50.0472 5512 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    16:36:50.0488 5512 DcomLaunch - ok
    16:36:50.0488 5512 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    16:36:50.0488 5512 defragsvc - ok
    16:36:50.0488 5512 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    16:36:50.0504 5512 DfsC - ok
    16:36:50.0504 5512 [ 105373D52E71D2D1355AD3ACD18259C3 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
    16:36:50.0504 5512 dg_ssudbus - ok
    16:36:50.0504 5512 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    16:36:50.0504 5512 Dhcp - ok
    16:36:50.0519 5512 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    16:36:50.0519 5512 discache - ok
    16:36:50.0519 5512 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    16:36:50.0519 5512 Disk - ok
    16:36:50.0519 5512 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    16:36:50.0519 5512 Dnscache - ok
    16:36:50.0535 5512 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    16:36:50.0535 5512 dot3svc - ok
    16:36:50.0535 5512 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    16:36:50.0535 5512 DPS - ok
    16:36:50.0535 5512 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    16:36:50.0535 5512 drmkaud - ok
    16:36:50.0550 5512 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    16:36:50.0566 5512 DXGKrnl - ok
    16:36:50.0566 5512 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    16:36:50.0566 5512 EapHost - ok
    16:36:50.0582 5512 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    16:36:50.0613 5512 ebdrv - ok
    16:36:50.0613 5512 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    16:36:50.0613 5512 EFS - ok
    16:36:50.0628 5512 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    16:36:50.0628 5512 ehRecvr - ok
    16:36:50.0644 5512 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    16:36:50.0644 5512 ehSched - ok
    16:36:50.0644 5512 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    16:36:50.0660 5512 elxstor - ok
    16:36:50.0660 5512 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    16:36:50.0660 5512 ErrDev - ok
    16:36:50.0660 5512 [ 3663291D0D26001A2BB67678AB61D14C ] EtronHub3 C:\Windows\system32\Drivers\EtronHub3.sys
    16:36:50.0660 5512 EtronHub3 - ok
    16:36:50.0660 5512 [ 744420D6C062C38F7361870F010D6D4B ] EtronXHCI C:\Windows\system32\Drivers\EtronXHCI.sys
    16:36:50.0675 5512 EtronXHCI - ok
    16:36:50.0675 5512 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    16:36:50.0675 5512 EventSystem - ok
    16:36:50.0675 5512 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    16:36:50.0691 5512 exfat - ok
    16:36:50.0691 5512 [ A33E0921D0C256E348E0F6D66C77B7F7 ] EyeOneDisplay C:\Windows\system32\Drivers\i1display_x64.sys
    16:36:50.0691 5512 EyeOneDisplay - ok
    16:36:50.0691 5512 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    16:36:50.0691 5512 fastfat - ok
    16:36:50.0706 5512 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    16:36:50.0706 5512 Fax - ok
    16:36:50.0706 5512 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    16:36:50.0706 5512 fdc - ok
    16:36:50.0722 5512 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    16:36:50.0722 5512 fdPHost - ok
    16:36:50.0722 5512 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    16:36:50.0722 5512 FDResPub - ok
    16:36:50.0722 5512 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    16:36:50.0722 5512 FileInfo - ok
    16:36:50.0738 5512 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    16:36:50.0738 5512 Filetrace - ok
    16:36:50.0738 5512 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    16:36:50.0738 5512 flpydisk - ok
    16:36:50.0738 5512 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    16:36:50.0753 5512 FltMgr - ok
    16:36:50.0753 5512 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    16:36:50.0769 5512 FontCache - ok
    16:36:50.0769 5512 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    16:36:50.0769 5512 FontCache3.0.0.0 - ok
    16:36:50.0769 5512 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    16:36:50.0769 5512 FsDepends - ok
    16:36:50.0784 5512 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    16:36:50.0784 5512 Fs_Rec - ok
    16:36:50.0784 5512 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    16:36:50.0784 5512 fvevol - ok
    16:36:50.0800 5512 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    16:36:50.0800 5512 gagp30kx - ok
    16:36:50.0800 5512 [ 7907E14F9BCF3A4689C9A74A1A873CB6 ] gdrv C:\Windows\gdrv.sys
    16:36:50.0800 5512 gdrv - ok
    16:36:50.0800 5512 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    16:36:50.0800 5512 GEARAspiWDM - ok
    16:36:50.0816 5512 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    16:36:50.0831 5512 gpsvc - ok
    16:36:50.0831 5512 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    16:36:50.0831 5512 gupdate - ok
    16:36:50.0831 5512 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    16:36:50.0831 5512 gupdatem - ok
    16:36:50.0831 5512 [ D619BA1712B83D14149850E758B835AD ] hardlock C:\Windows\system32\drivers\hardlock.sys
    16:36:50.0847 5512 hardlock - ok
    16:36:50.0847 5512 hasplms - ok
    16:36:50.0847 5512 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    16:36:50.0847 5512 hcw85cir - ok
    16:36:50.0862 5512 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    16:36:50.0862 5512 HdAudAddService - ok
    16:36:50.0862 5512 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    16:36:50.0862 5512 HDAudBus - ok
    16:36:50.0878 5512 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    16:36:50.0878 5512 HidBatt - ok
    16:36:50.0878 5512 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    16:36:50.0878 5512 HidBth - ok
    16:36:50.0878 5512 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    16:36:50.0878 5512 HidIr - ok
    16:36:50.0894 5512 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
    16:36:50.0894 5512 hidserv - ok
    16:36:50.0894 5512 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    16:36:50.0894 5512 HidUsb - ok
    16:36:50.0894 5512 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    16:36:50.0894 5512 hkmsvc - ok
    16:36:50.0894 5512 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    16:36:50.0909 5512 HomeGroupListener - ok
    16:36:50.0909 5512 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    16:36:50.0909 5512 HomeGroupProvider - ok
    16:36:50.0909 5512 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    16:36:50.0909 5512 HpSAMD - ok
    16:36:50.0925 5512 [ 575546EE9A39DD5CB3B4E34A146A8A3E ] hshld C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
    16:36:50.0940 5512 hshld - ok
    16:36:50.0940 5512 [ 2CFEA9C337B699ACA38487E8A7438F35 ] HssSrv C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
    16:36:50.0940 5512 HssSrv - ok
    16:36:50.0940 5512 [ 4EFB7FC2A11DB10AB6205206D60C432B ] HssTrayService C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE
    16:36:50.0956 5512 HssTrayService - ok
    16:36:50.0956 5512 HssWd - ok
    16:36:50.0956 5512 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    16:36:50.0972 5512 HTTP - ok
    16:36:50.0972 5512 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    16:36:50.0972 5512 hwpolicy - ok
    16:36:50.0972 5512 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    16:36:50.0987 5512 i8042prt - ok
    16:36:50.0987 5512 [ A88F2BB473F3C48E5966B04C9462B0FB ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
    16:36:50.0987 5512 iaStor - ok
    16:36:50.0987 5512 [ 63E9357187B6EB0D81B5D6D6E54C6FF7 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    16:36:50.0987 5512 IAStorDataMgrSvc - ok
    16:36:51.0003 5512 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    16:36:51.0003 5512 iaStorV - ok
    16:36:51.0018 5512 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    16:36:51.0034 5512 idsvc - ok
    16:36:51.0034 5512 [ 704C3164CF06A67886C305EA3677510B ] IDVistaService C:\Program Files (x86)\Input Director\IDVistaService.exe
    16:36:51.0034 5512 IDVistaService - ok
    16:36:51.0128 5512 [ 78527E6A4D78B1153925914C55872BEB ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
    16:36:51.0206 5512 igfx - ok
    16:36:51.0206 5512 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    16:36:51.0206 5512 iirsp - ok
    16:36:51.0221 5512 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    16:36:51.0221 5512 IKEEXT - ok
    16:36:51.0221 5512 [ FB7F9FAD063AE5269A6147E3A48ACD03 ] InputDirector C:\Program Files (x86)\Input Director\IDWinService.exe
    16:36:51.0237 5512 InputDirector - ok
    16:36:51.0252 5512 [ 2CC2F7C5990BB76767038F4B16D17A56 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    16:36:51.0268 5512 IntcAzAudAddService - ok
    16:36:51.0268 5512 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
    16:36:51.0284 5512 IntcDAud - ok
    16:36:51.0284 5512 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    16:36:51.0284 5512 intelide - ok
    16:36:51.0284 5512 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    16:36:51.0284 5512 intelppm - ok
    16:36:51.0284 5512 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    16:36:51.0284 5512 IPBusEnum - ok
    16:36:51.0299 5512 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    16:36:51.0299 5512 IpFilterDriver - ok
    16:36:51.0299 5512 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    16:36:51.0299 5512 IPMIDRV - ok
    16:36:51.0299 5512 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    16:36:51.0315 5512 IPNAT - ok
    16:36:51.0315 5512 [ 4472C8825B5E41D8697D5962F47AB1C9 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    16:36:51.0315 5512 iPod Service - ok
    16:36:51.0330 5512 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    16:36:51.0330 5512 IRENUM - ok
    16:36:51.0330 5512 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    16:36:51.0330 5512 isapnp - ok
    16:36:51.0330 5512 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    16:36:51.0346 5512 iScsiPrt - ok
    16:36:51.0346 5512 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
    16:36:51.0346 5512 kbdclass - ok
    16:36:51.0346 5512 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
    16:36:51.0346 5512 kbdhid - ok
    16:36:51.0346 5512 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    16:36:51.0362 5512 KeyIso - ok
    16:36:51.0362 5512 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    16:36:51.0362 5512 KSecDD - ok
    16:36:51.0362 5512 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    16:36:51.0362 5512 KSecPkg - ok
    16:36:51.0377 5512 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    16:36:51.0377 5512 ksthunk - ok
    16:36:51.0377 5512 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    16:36:51.0377 5512 KtmRm - ok
    16:36:51.0393 5512 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
    16:36:51.0393 5512 LanmanServer - ok
    16:36:51.0393 5512 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    16:36:51.0393 5512 LanmanWorkstation - ok
    16:36:51.0393 5512 [ 4ADC135F525D38A498F83B089228CC2D ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
    16:36:51.0408 5512 LBTServ - ok
    16:36:51.0408 5512 [ 24E09882BA51B9830AE029888A3AAF18 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
    16:36:51.0408 5512 LHidFilt - ok
    16:36:51.0424 5512 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    16:36:51.0424 5512 lltdio - ok
    16:36:51.0424 5512 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    16:36:51.0424 5512 lltdsvc - ok
    16:36:51.0440 5512 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    16:36:51.0440 5512 lmhosts - ok
    16:36:51.0440 5512 [ 2F94325D8C10E2B715F3D753C2422AAC ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
    16:36:51.0440 5512 LMouFilt - ok
    16:36:51.0440 5512 [ 0803906D607A9B83184447B75B60ECC2 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    16:36:51.0440 5512 LMS - ok
    16:36:51.0455 5512 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    16:36:51.0455 5512 LSI_FC - ok
    16:36:51.0455 5512 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    16:36:51.0455 5512 LSI_SAS - ok
    16:36:51.0471 5512 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    16:36:51.0471 5512 LSI_SAS2 - ok
    16:36:51.0471 5512 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    16:36:51.0471 5512 LSI_SCSI - ok
    16:36:51.0471 5512 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    16:36:51.0486 5512 luafv - ok
    16:36:51.0486 5512 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    16:36:51.0486 5512 Mcx2Svc - ok
    16:36:51.0486 5512 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    16:36:51.0486 5512 megasas - ok
    16:36:51.0502 5512 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    16:36:51.0502 5512 MegaSR - ok
    16:36:51.0502 5512 [ 1C6E73FC46B509EFF9D0086AA37132DF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
    16:36:51.0502 5512 MEIx64 - ok
    16:36:51.0502 5512 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    16:36:51.0502 5512 MMCSS - ok
    16:36:51.0518 5512 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    16:36:51.0518 5512 Modem - ok
    16:36:51.0518 5512 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    16:36:51.0518 5512 monitor - ok
    16:36:51.0518 5512 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    16:36:51.0518 5512 mouclass - ok
    16:36:51.0518 5512 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    16:36:51.0533 5512 mouhid - ok
    16:36:51.0533 5512 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    16:36:51.0533 5512 mountmgr - ok
    16:36:51.0533 5512 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    16:36:51.0549 5512 mpio - ok
    16:36:51.0549 5512 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    16:36:51.0549 5512 mpsdrv - ok
    16:36:51.0549 5512 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    16:36:51.0549 5512 MRxDAV - ok
    16:36:51.0564 5512 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    16:36:51.0564 5512 mrxsmb - ok
    16:36:51.0564 5512 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    16:36:51.0580 5512 mrxsmb10 - ok
    16:36:51.0580 5512 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    16:36:51.0580 5512 mrxsmb20 - ok
    16:36:51.0580 5512 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
    16:36:51.0580 5512 msahci - ok
    16:36:51.0580 5512 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    16:36:51.0596 5512 msdsm - ok
    16:36:51.0596 5512 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    16:36:51.0596 5512 MSDTC - ok
    16:36:51.0611 5512 [ 72949A24D37A20A54B3D4D3DADBB55E9 ] MSDV C:\Windows\system32\DRIVERS\msdv.sys
    16:36:51.0611 5512 MSDV - ok
    16:36:51.0611 5512 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    16:36:51.0611 5512 Msfs - ok
    16:36:51.0611 5512 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    16:36:51.0611 5512 mshidkmdf - ok
    16:36:51.0611 5512 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    16:36:51.0611 5512 msisadrv - ok
    16:36:51.0627 5512 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    16:36:51.0627 5512 MSiSCSI - ok
    16:36:51.0627 5512 msiserver - ok
    16:36:51.0627 5512 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    16:36:51.0627 5512 MSKSSRV - ok
    16:36:51.0627 5512 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    16:36:51.0642 5512 MSPCLOCK - ok
    16:36:51.0642 5512 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    16:36:51.0642 5512 MSPQM - ok
    16:36:51.0642 5512 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    16:36:51.0642 5512 MsRPC - ok
    16:36:51.0658 5512 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    16:36:51.0658 5512 mssmbios - ok
    16:36:51.0658 5512 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    16:36:51.0658 5512 MSTEE - ok
    16:36:51.0658 5512 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    16:36:51.0658 5512 MTConfig - ok
    16:36:51.0658 5512 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    16:36:51.0658 5512 Mup - ok
    16:36:51.0674 5512 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    16:36:51.0674 5512 napagent - ok
    16:36:51.0674 5512 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    16:36:51.0689 5512 NativeWifiP - ok
    16:36:51.0689 5512 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
    16:36:51.0705 5512 NDIS - ok
    16:36:51.0705 5512 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    16:36:51.0705 5512 NdisCap - ok
    16:36:51.0705 5512 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    16:36:51.0705 5512 NdisTapi - ok
    16:36:51.0705 5512 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    16:36:51.0720 5512 Ndisuio - ok
    16:36:51.0720 5512 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    16:36:51.0720 5512 NdisWan - ok
    16:36:51.0720 5512 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    16:36:51.0720 5512 NDProxy - ok
    16:36:51.0736 5512 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    16:36:51.0736 5512 NetBIOS - ok
    16:36:51.0736 5512 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    16:36:51.0736 5512 NetBT - ok
    16:36:51.0736 5512 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    16:36:51.0736 5512 Netlogon - ok
    16:36:51.0752 5512 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    16:36:51.0752 5512 Netman - ok
    16:36:51.0752 5512 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    16:36:51.0752 5512 netprofm - ok
    16:36:51.0767 5512 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    16:36:51.0767 5512 NetTcpPortSharing - ok
    16:36:51.0767 5512 [ 2263727032E9B19231A706046B8C82D3 ] NetworkX C:\Windows\system32\ckldrv.sys
    16:36:51.0767 5512 NetworkX - ok
    16:36:51.0767 5512 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    16:36:51.0767 5512 nfrd960 - ok
    16:36:51.0783 5512 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    16:36:51.0783 5512 NlaSvc - ok
    16:36:51.0783 5512 [ C31FA031335EFF434B2D94278E74BCCE ] NPF C:\Windows\system32\drivers\npf.sys
    16:36:51.0783 5512 NPF - ok
    16:36:51.0783 5512 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    16:36:51.0798 5512 Npfs - ok
    16:36:51.0798 5512 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    16:36:51.0798 5512 nsi - ok
    16:36:51.0798 5512 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    16:36:51.0798 5512 nsiproxy - ok
    16:36:51.0814 5512 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    16:36:51.0830 5512 Ntfs - ok
    16:36:51.0830 5512 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    16:36:51.0830 5512 Null - ok
    16:36:51.0830 5512 [ 8D4AAC74B571FC356560E5B308955E93 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
    16:36:51.0845 5512 NVHDA - ok
    16:36:51.0939 5512 [ 0EB204639119370F5F8F2871FBF4E14B ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
    16:36:51.0986 5512 nvlddmkm - ok
    16:36:52.0001 5512 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    16:36:52.0001 5512 nvraid - ok
    16:36:52.0001 5512 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    16:36:52.0001 5512 nvstor - ok
    16:36:52.0017 5512 [ 32FF8EE6DCEE5C0CB91FF892FB1CA364 ] NVSvc C:\Windows\system32\nvvsvc.exe
    16:36:52.0017 5512 NVSvc - ok
    16:36:52.0032 5512 [ BD012DC22C78BE1071BC21EB125D782F ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    16:36:52.0048 5512 nvUpdatusService - ok
    16:36:52.0048 5512 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    16:36:52.0064 5512 nv_agp - ok
    16:36:52.0064 5512 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    16:36:52.0064 5512 ohci1394 - ok
    16:36:52.0064 5512 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    16:36:52.0079 5512 ose64 - ok
    16:36:52.0110 5512 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    16:36:52.0142 5512 osppsvc - ok
    16:36:52.0142 5512 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    16:36:52.0157 5512 p2pimsvc - ok
    16:36:52.0157 5512 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    16:36:52.0173 5512 p2psvc - ok
    16:36:52.0188 5512 [ F7BAC457D6AE2F7E18FA69C8180A7843 ] PaceLicenseDServices C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
    16:36:52.0204 5512 PaceLicenseDServices - ok
    16:36:52.0204 5512 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    16:36:52.0220 5512 Parport - ok
    16:36:52.0220 5512 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    16:36:52.0220 5512 partmgr - ok
    16:36:52.0220 5512 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    16:36:52.0220 5512 PcaSvc - ok
    16:36:52.0235 5512 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    16:36:52.0235 5512 pci - ok
    16:36:52.0235 5512 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    16:36:52.0235 5512 pciide - ok
    16:36:52.0235 5512 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    16:36:52.0251 5512 pcmcia - ok
    16:36:52.0251 5512 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    16:36:52.0251 5512 pcw - ok
    16:36:52.0251 5512 PDIHWCTL - ok
    16:36:52.0266 5512 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    16:36:52.0266 5512 PEAUTH - ok
    16:36:52.0282 5512 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
    16:36:52.0298 5512 PeerDistSvc - ok
    16:36:52.0313 5512 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    16:36:52.0313 5512 PerfHost - ok
    16:36:52.0329 5512 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    16:36:52.0344 5512 pla - ok
    16:36:52.0344 5512 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    16:36:52.0344 5512 PlugPlay - ok
    16:36:52.0344 5512 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    16:36:52.0360 5512 PNRPAutoReg - ok
    16:36:52.0360 5512 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    16:36:52.0360 5512 PNRPsvc - ok
    16:36:52.0360 5512 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    16:36:52.0376 5512 PolicyAgent - ok
    16:36:52.0376 5512 postgresql-x64-9.0 - ok
    16:36:52.0376 5512 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    16:36:52.0391 5512 Power - ok
    16:36:52.0391 5512 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    16:36:52.0391 5512 PptpMiniport - ok
    16:36:52.0391 5512 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    16:36:52.0391 5512 Processor - ok
    16:36:52.0407 5512 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    16:36:52.0407 5512 ProfSvc - ok
    16:36:52.0407 5512 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    16:36:52.0407 5512 ProtectedStorage - ok
    16:36:52.0407 5512 [ 577C79B8F5C6A6925F6EF0AE1B0D4051 ] prwntdrv C:\Windows\system32\prwntdrv.sys
    16:36:52.0407 5512 prwntdrv - ok
    16:36:52.0407 5512 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    16:36:52.0422 5512 Psched - ok
    16:36:52.0422 5512 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
    16:36:52.0422 5512 PxHlpa64 - ok
    16:36:52.0438 5512 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    16:36:52.0454 5512 ql2300 - ok
    16:36:52.0454 5512 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    16:36:52.0454 5512 ql40xx - ok
    16:36:52.0454 5512 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    16:36:52.0469 5512 QWAVE - ok
    16:36:52.0469 5512 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    16:36:52.0469 5512 QWAVEdrv - ok
    16:36:52.0469 5512 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    16:36:52.0469 5512 RasAcd - ok
    16:36:52.0485 5512 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    16:36:52.0485 5512 RasAgileVpn - ok
     
  6. chrisbucanac

    chrisbucanac TS Rookie Topic Starter

    16:36:52.0485 5512 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    16:36:52.0485 5512 RasAuto - ok
    16:36:52.0485 5512 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    16:36:52.0500 5512 Rasl2tp - ok
    16:36:52.0500 5512 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    16:36:52.0500 5512 RasMan - ok
    16:36:52.0516 5512 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    16:36:52.0516 5512 RasPppoe - ok
    16:36:52.0516 5512 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    16:36:52.0516 5512 RasSstp - ok
    16:36:52.0516 5512 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    16:36:52.0532 5512 rdbss - ok
    16:36:52.0532 5512 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    16:36:52.0532 5512 rdpbus - ok
    16:36:52.0532 5512 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    16:36:52.0532 5512 RDPCDD - ok
    16:36:52.0547 5512 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
    16:36:52.0547 5512 RDPDR - ok
    16:36:52.0547 5512 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    16:36:52.0547 5512 RDPENCDD - ok
    16:36:52.0547 5512 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    16:36:52.0547 5512 RDPREFMP - ok
    16:36:52.0563 5512 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    16:36:52.0563 5512 RDPWD - ok
    16:36:52.0563 5512 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    16:36:52.0563 5512 rdyboost - ok
    16:36:52.0578 5512 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    16:36:52.0578 5512 RemoteAccess - ok
    16:36:52.0578 5512 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    16:36:52.0594 5512 RemoteRegistry - ok
    16:36:52.0594 5512 [ 599091EDC1013A4A79CFE171638CF262 ] rpcapd C:\Program Files (x86)\WinPcap\rpcapd.exe
    16:36:52.0594 5512 rpcapd - ok
    16:36:52.0594 5512 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    16:36:52.0594 5512 RpcEptMapper - ok
    16:36:52.0594 5512 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    16:36:52.0610 5512 RpcLocator - ok
    16:36:52.0610 5512 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    16:36:52.0610 5512 RpcSs - ok
    16:36:52.0610 5512 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    16:36:52.0610 5512 rspndr - ok
    16:36:52.0625 5512 [ 6D3C7E7D82D3DC92DC2A8B0DF9F20F8A ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    16:36:52.0625 5512 RTL8167 - ok
    16:36:52.0625 5512 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
    16:36:52.0625 5512 s3cap - ok
    16:36:52.0641 5512 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    16:36:52.0641 5512 SamSs - ok
    16:36:52.0641 5512 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    16:36:52.0641 5512 sbp2port - ok
    16:36:52.0641 5512 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    16:36:52.0656 5512 SCardSvr - ok
    16:36:52.0656 5512 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    16:36:52.0656 5512 scfilter - ok
    16:36:52.0656 5512 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    16:36:52.0672 5512 Schedule - ok
    16:36:52.0672 5512 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    16:36:52.0672 5512 SCPolicySvc - ok
    16:36:52.0672 5512 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    16:36:52.0688 5512 SDRSVC - ok
    16:36:52.0688 5512 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    16:36:52.0688 5512 secdrv - ok
    16:36:52.0688 5512 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    16:36:52.0688 5512 seclogon - ok
    16:36:52.0688 5512 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
    16:36:52.0703 5512 SENS - ok
    16:36:52.0703 5512 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    16:36:52.0703 5512 SensrSvc - ok
    16:36:52.0703 5512 [ 84AC127242DD3CCDE02F9A4673214B1F ] Sentinel64 C:\Windows\System32\Drivers\Sentinel64.sys
    16:36:52.0703 5512 Sentinel64 - ok
    16:36:52.0703 5512 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    16:36:52.0719 5512 Serenum - ok
    16:36:52.0719 5512 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    16:36:52.0719 5512 Serial - ok
    16:36:52.0719 5512 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    16:36:52.0719 5512 sermouse - ok
    16:36:52.0734 5512 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    16:36:52.0734 5512 SessionEnv - ok
    16:36:52.0734 5512 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    16:36:52.0734 5512 sffdisk - ok
    16:36:52.0734 5512 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    16:36:52.0734 5512 sffp_mmc - ok
    16:36:52.0734 5512 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    16:36:52.0750 5512 sffp_sd - ok
    16:36:52.0750 5512 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    16:36:52.0750 5512 sfloppy - ok
    16:36:52.0750 5512 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    16:36:52.0750 5512 ShellHWDetection - ok
    16:36:52.0750 5512 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    16:36:52.0766 5512 SiSRaid2 - ok
    16:36:52.0766 5512 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    16:36:52.0766 5512 SiSRaid4 - ok
    16:36:52.0812 5512 [ 6128E98EAAED364ED1A32708D2FD22CB ] SkypeUpdate E:\programs\Portable\Skype\SkypePortable4\Updater\Updater.exe
    16:36:52.0844 5512 SkypeUpdate - ok
    16:36:52.0844 5512 SliceDisk5 - ok
    16:36:52.0844 5512 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    16:36:52.0844 5512 Smb - ok
    16:36:52.0859 5512 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    16:36:52.0859 5512 SNMPTRAP - ok
    16:36:52.0859 5512 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    16:36:52.0859 5512 spldr - ok
    16:36:52.0875 5512 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
    16:36:52.0875 5512 Spooler - ok
    16:36:52.0890 5512 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    16:36:52.0922 5512 sppsvc - ok
    16:36:52.0922 5512 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    16:36:52.0922 5512 sppuinotify - ok
    16:36:52.0937 5512 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    16:36:52.0937 5512 srv - ok
    16:36:52.0937 5512 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    16:36:52.0953 5512 srv2 - ok
    16:36:52.0953 5512 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    16:36:52.0953 5512 srvnet - ok
    16:36:52.0968 5512 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    16:36:52.0968 5512 SSDPSRV - ok
    16:36:52.0968 5512 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    16:36:52.0968 5512 SstpSvc - ok
    16:36:52.0968 5512 [ 74425FFA11C133D045E1C3BE2EAD481D ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
    16:36:52.0984 5512 ssudmdm - ok
    16:36:52.0984 5512 [ FC0A58529A02B1EED55DDC58696B7908 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    16:36:52.0984 5512 Stereo Service - ok
    16:36:52.0984 5512 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    16:36:52.0984 5512 stexstor - ok
    16:36:53.0000 5512 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    16:36:53.0000 5512 stisvc - ok
    16:36:53.0000 5512 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
    16:36:53.0000 5512 storflt - ok
    16:36:53.0000 5512 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
    16:36:53.0015 5512 StorSvc - ok
    16:36:53.0015 5512 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
    16:36:53.0015 5512 storvsc - ok
    16:36:53.0015 5512 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    16:36:53.0015 5512 swenum - ok
    16:36:53.0031 5512 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    16:36:53.0031 5512 SwitchBoard - ok
    16:36:53.0031 5512 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    16:36:53.0046 5512 swprv - ok
    16:36:53.0062 5512 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    16:36:53.0062 5512 SysMain - ok
    16:36:53.0062 5512 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    16:36:53.0078 5512 TabletInputService - ok
    16:36:53.0124 5512 [ C4C20CFA4F42E9B7454E895C5C47BCD3 ] TabletServicePen C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    16:36:53.0156 5512 TabletServicePen - ok
    16:36:53.0156 5512 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    16:36:53.0171 5512 TapiSrv - ok
    16:36:53.0171 5512 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    16:36:53.0171 5512 TBS - ok
    16:36:53.0187 5512 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    16:36:53.0218 5512 Tcpip - ok
    16:36:53.0234 5512 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    16:36:53.0234 5512 TCPIP6 - ok
    16:36:53.0234 5512 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    16:36:53.0249 5512 tcpipreg - ok
    16:36:53.0249 5512 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    16:36:53.0249 5512 TDPIPE - ok
    16:36:53.0249 5512 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    16:36:53.0249 5512 TDTCP - ok
    16:36:53.0249 5512 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    16:36:53.0265 5512 tdx - ok
    16:36:53.0280 5512 [ 8A9828975A857E477EFEF5A61BA45AC0 ] TeamViewer6 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
    16:36:53.0280 5512 TeamViewer6 - ok
    16:36:53.0296 5512 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    16:36:53.0296 5512 TermDD - ok
    16:36:53.0296 5512 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    16:36:53.0312 5512 TermService - ok
    16:36:53.0312 5512 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    16:36:53.0312 5512 Themes - ok
    16:36:53.0312 5512 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    16:36:53.0312 5512 THREADORDER - ok
    16:36:53.0312 5512 [ 7625DCF246E488E523DC1F64C38ABDA2 ] TouchServicePen C:\Program Files\Tablet\Pen\Pen_TouchService.exe
    16:36:53.0327 5512 TouchServicePen - ok
    16:36:53.0327 5512 [ 8DD33A57339ADAE34CDB12994ACBC50F ] Tpkd C:\Windows\system32\drivers\Tpkd.sys
    16:36:53.0327 5512 Tpkd - ok
    16:36:53.0343 5512 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    16:36:53.0343 5512 TrkWks - ok
    16:36:53.0343 5512 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    16:36:53.0343 5512 TrustedInstaller - ok
    16:36:53.0343 5512 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    16:36:53.0343 5512 tssecsrv - ok
    16:36:53.0358 5512 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    16:36:53.0358 5512 TsUsbFlt - ok
    16:36:53.0358 5512 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    16:36:53.0358 5512 tunnel - ok
    16:36:53.0358 5512 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    16:36:53.0374 5512 uagp35 - ok
    16:36:53.0374 5512 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    16:36:53.0374 5512 udfs - ok
    16:36:53.0390 5512 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    16:36:53.0390 5512 UI0Detect - ok
    16:36:53.0390 5512 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    16:36:53.0390 5512 uliagpkx - ok
    16:36:53.0390 5512 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
    16:36:53.0405 5512 umbus - ok
    16:36:53.0405 5512 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    16:36:53.0405 5512 UmPass - ok
    16:36:53.0405 5512 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
    16:36:53.0405 5512 UmRdpService - ok
    16:36:53.0405 5512 [ 9DC07E73A4ABB9ACF692113B36A5009F ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys
    16:36:53.0421 5512 UnlockerDriver5 - ok
    16:36:53.0436 5512 [ EB79C6C91A99930015EF29AE7FA802D1 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    16:36:53.0452 5512 UNS - ok
    16:36:53.0452 5512 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    16:36:53.0452 5512 upnphost - ok
    16:36:53.0468 5512 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    16:36:53.0468 5512 usbccgp - ok
    16:36:53.0468 5512 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    16:36:53.0468 5512 usbcir - ok
    16:36:53.0468 5512 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
    16:36:53.0483 5512 usbehci - ok
    16:36:53.0483 5512 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    16:36:53.0483 5512 usbhub - ok
    16:36:53.0499 5512 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    16:36:53.0499 5512 usbohci - ok
    16:36:53.0499 5512 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    16:36:53.0499 5512 usbprint - ok
    16:36:53.0499 5512 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    16:36:53.0499 5512 USBSTOR - ok
    16:36:53.0499 5512 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    16:36:53.0514 5512 usbuhci - ok
    16:36:53.0514 5512 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    16:36:53.0514 5512 UxSms - ok
    16:36:53.0514 5512 [ 8556E8A66AA4BEB1995FB04666D73877 ] UxTuneUp C:\Windows\System32\uxtuneup.dll
    16:36:53.0514 5512 UxTuneUp - ok
    16:36:53.0514 5512 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    16:36:53.0514 5512 VaultSvc - ok
    16:36:53.0530 5512 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    16:36:53.0530 5512 vdrvroot - ok
    16:36:53.0530 5512 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    16:36:53.0546 5512 vds - ok
    16:36:53.0546 5512 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    16:36:53.0546 5512 vga - ok
    16:36:53.0546 5512 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    16:36:53.0546 5512 VgaSave - ok
    16:36:53.0546 5512 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    16:36:53.0561 5512 vhdmp - ok
    16:36:53.0561 5512 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    16:36:53.0561 5512 viaide - ok
    16:36:53.0561 5512 [ 4D8F9CBA2BA93D09175B09C5F09B5465 ] VirtuWDDM C:\Windows\system32\DRIVERS\VirtuWDDM.sys
    16:36:53.0577 5512 VirtuWDDM - ok
    16:36:53.0577 5512 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
    16:36:53.0577 5512 vmbus - ok
    16:36:53.0577 5512 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
    16:36:53.0577 5512 VMBusHID - ok
    16:36:53.0592 5512 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    16:36:53.0592 5512 volmgr - ok
    16:36:53.0592 5512 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    16:36:53.0608 5512 volmgrx - ok
    16:36:53.0608 5512 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    16:36:53.0608 5512 volsnap - ok
    16:36:53.0608 5512 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    16:36:53.0624 5512 vsmraid - ok
    16:36:53.0639 5512 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    16:36:53.0655 5512 VSS - ok
    16:36:53.0655 5512 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
    16:36:53.0655 5512 vwifibus - ok
    16:36:53.0655 5512 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    16:36:53.0655 5512 W32Time - ok
    16:36:53.0670 5512 [ FE75777289278A4941FE6139E82B3BD9 ] wacmoumonitor C:\Windows\system32\DRIVERS\wacmoumonitor.sys
    16:36:53.0670 5512 wacmoumonitor - ok
    16:36:53.0670 5512 [ E04D43C7D1641E95D35CAE6086C7E350 ] wacommousefilter C:\Windows\system32\DRIVERS\wacommousefilter.sys
    16:36:53.0670 5512 wacommousefilter - ok
    16:36:53.0670 5512 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    16:36:53.0670 5512 WacomPen - ok
    16:36:53.0686 5512 [ EC1CEB237E365330C1FCFC4876AA0AC0 ] wacomvhid C:\Windows\system32\DRIVERS\wacomvhid.sys
    16:36:53.0686 5512 wacomvhid - ok
    16:36:53.0686 5512 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    16:36:53.0686 5512 WANARP - ok
    16:36:53.0686 5512 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    16:36:53.0686 5512 Wanarpv6 - ok
    16:36:53.0702 5512 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    16:36:53.0717 5512 wbengine - ok
    16:36:53.0717 5512 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    16:36:53.0717 5512 WbioSrvc - ok
    16:36:53.0733 5512 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    16:36:53.0733 5512 wcncsvc - ok
    16:36:53.0733 5512 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    16:36:53.0733 5512 WcsPlugInService - ok
    16:36:53.0748 5512 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    16:36:53.0748 5512 Wd - ok
    16:36:53.0748 5512 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    16:36:53.0764 5512 Wdf01000 - ok
    16:36:53.0764 5512 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    16:36:53.0764 5512 WdiServiceHost - ok
    16:36:53.0764 5512 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    16:36:53.0764 5512 WdiSystemHost - ok
    16:36:53.0764 5512 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    16:36:53.0780 5512 WebClient - ok
    16:36:53.0780 5512 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    16:36:53.0780 5512 Wecsvc - ok
    16:36:53.0795 5512 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    16:36:53.0795 5512 wercplsupport - ok
    16:36:53.0795 5512 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    16:36:53.0795 5512 WerSvc - ok
    16:36:53.0795 5512 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    16:36:53.0795 5512 WfpLwf - ok
    16:36:53.0795 5512 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    16:36:53.0811 5512 WIMMount - ok
    16:36:53.0811 5512 WinHttpAutoProxySvc - ok
    16:36:53.0811 5512 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    16:36:53.0811 5512 Winmgmt - ok
    16:36:53.0826 5512 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    16:36:53.0842 5512 WinRM - ok
    16:36:53.0858 5512 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    16:36:53.0858 5512 WinUsb - ok
    16:36:53.0873 5512 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    16:36:53.0873 5512 Wlansvc - ok
    16:36:53.0873 5512 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    16:36:53.0873 5512 WmiAcpi - ok
    16:36:53.0889 5512 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    16:36:53.0889 5512 wmiApSrv - ok
    16:36:53.0889 5512 WMPNetworkSvc - ok
    16:36:53.0889 5512 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    16:36:53.0889 5512 WPCSvc - ok
    16:36:53.0904 5512 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    16:36:53.0904 5512 WPDBusEnum - ok
    16:36:53.0904 5512 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    16:36:53.0904 5512 ws2ifsl - ok
    16:36:53.0904 5512 WSearch - ok
    16:36:53.0920 5512 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    16:36:53.0936 5512 wuauserv - ok
    16:36:53.0951 5512 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    16:36:53.0951 5512 WudfPf - ok
    16:36:53.0951 5512 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    16:36:53.0951 5512 WUDFRd - ok
    16:36:53.0967 5512 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    16:36:53.0967 5512 wudfsvc - ok
    16:36:53.0967 5512 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    16:36:53.0967 5512 WwanSvc - ok
    16:36:53.0982 5512 ================ Scan global ===============================
    16:36:53.0982 5512 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    16:36:53.0982 5512 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
    16:36:53.0982 5512 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
    16:36:53.0982 5512 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    16:36:53.0998 5512 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    16:36:53.0998 5512 [Global] - ok
    16:36:53.0998 5512 ================ Scan MBR ==================================
    16:36:53.0998 5512 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    16:36:54.0045 5512 \Device\Harddisk0\DR0 - ok
    16:36:54.0045 5512 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
    16:36:54.0045 5512 \Device\Harddisk1\DR1 - ok
    16:36:54.0045 5512 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk2\DR2
    16:36:54.0045 5512 \Device\Harddisk2\DR2 - ok
    16:36:54.0092 5512 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk3\DR3
    16:36:54.0092 5512 \Device\Harddisk3\DR3 - ok
    16:36:54.0092 5512 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk8\DR8
    16:36:55.0371 5512 \Device\Harddisk8\DR8 - ok
    16:36:55.0371 5512 ================ Scan VBR ==================================
    16:36:55.0371 5512 [ 710BC42CBC044ACB964F9BC06BE92CD9 ] \Device\Harddisk0\DR0\Partition1
    16:36:55.0371 5512 \Device\Harddisk0\DR0\Partition1 - ok
    16:36:55.0371 5512 [ 9C4D463808AE26700CB2D46DC1890F4D ] \Device\Harddisk0\DR0\Partition2
    16:36:55.0371 5512 \Device\Harddisk0\DR0\Partition2 - ok
    16:36:55.0371 5512 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk1\DR1\Partition1
    16:36:55.0371 5512 \Device\Harddisk1\DR1\Partition1 - ok
    16:36:55.0371 5512 [ 35FC923A3D9F92C3A4A60C1309E87497 ] \Device\Harddisk1\DR1\Partition2
    16:36:55.0371 5512 \Device\Harddisk1\DR1\Partition2 - ok
    16:36:55.0386 5512 [ 8A58E79D8F45463D6912A0F2EC5A2FC9 ] \Device\Harddisk2\DR2\Partition1
    16:36:55.0386 5512 \Device\Harddisk2\DR2\Partition1 - ok
    16:36:55.0386 5512 [ 49B8B5F39559D7779B458B09AB1EA0B6 ] \Device\Harddisk3\DR3\Partition1
    16:36:55.0386 5512 \Device\Harddisk3\DR3\Partition1 - ok
    16:36:55.0386 5512 [ E46DC2F1D53D753E6E227CB242E611E8 ] \Device\Harddisk8\DR8\Partition1
    16:36:55.0386 5512 \Device\Harddisk8\DR8\Partition1 - ok
    16:36:55.0386 5512 ============================================================
    16:36:55.0386 5512 Scan finished
    16:36:55.0386 5512 ============================================================
    16:36:55.0386 5504 Detected object count: 0
    16:36:55.0386 5504 Actual detected object count: 0



    RogueKiller V8.2.0 [10/22/2012] durch Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Kommentare: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Betriebssystem: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Gestartet in : Normaler Modus
    Benutzer : Chris [Admin Rechte]
    Funktion : Scannen -- Datum : 10/30/2012 16:40:38

    ¤¤¤ Böswillige Prozesse : 0 ¤¤¤

    ¤¤¤ Registry-Einträge : 15 ¤¤¤
    [Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\61883 (system32\DRIVERS\61883.sys) -> GEFUNDEN
    [Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\61883 (system32\DRIVERS\61883.sys) -> GEFUNDEN
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> GEFUNDEN
    [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> GEFUNDEN
    [HJ] HKLM\[...]\System : EnableLUA (0) -> GEFUNDEN
    [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> GEFUNDEN
    [HJ] HKLM\[...]\Wow6432Node\Security Center : AntiVirusDisableNotify (1) -> GEFUNDEN
    [HJ] HKLM\[...]\Wow6432Node\Security Center : FirewallDisableNotify (1) -> GEFUNDEN
    [HJ] HKLM\[...]\Wow6432Node\Security Center : UpdatesDisableNotify (1) -> GEFUNDEN
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> GEFUNDEN
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> GEFUNDEN
    [HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> GEFUNDEN
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> GEFUNDEN
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> GEFUNDEN
    [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (E:\Users\Chris\AppData\Local\{3261f29f-47ae-5086-2ff2-b91082b31060}\n.) -> GEFUNDEN

    ¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤
    [ZeroAccess][FILE] @ : E:\Users\Chris\AppData\Local\{3261f29f-47ae-5086-2ff2-b91082b31060}\@ --> GEFUNDEN
    [ZeroAccess][FOLDER] U : E:\Users\Chris\AppData\Local\{3261f29f-47ae-5086-2ff2-b91082b31060}\U --> GEFUNDEN
    [ZeroAccess][FOLDER] L : E:\Users\Chris\AppData\Local\{3261f29f-47ae-5086-2ff2-b91082b31060}\L --> GEFUNDEN

    ¤¤¤ Treiber : [NICHT GELADEN] ¤¤¤

    ¤¤¤ Externe Hives: ¤¤¤
    -> E:\Users\Administrator\NTUSER.DAT

    ¤¤¤ Infektion : ZeroAccess ¤¤¤

    ¤¤¤ Hosts-Datei: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost
    127.0.0.1 activate.adobe.com
    127.0.0.1 practivate.adobe.com
    127.0.0.1 lmlicenses.wip4.adobe.com
    127.0.0.1 lm.licenses.adobe.com


    ¤¤¤ MBR überprüfen: ¤¤¤

    +++++ PhysicalDrive0: C300-CTFDDAC128MAG +++++
    --- User ---
    [MBR] 3adc105a37c1574ffb036c983a30aac0
    [BSP] 2ab11587620ab34ab5a0a477d4ac8289 : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 122002 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: Raid +++++
    --- User ---
    [MBR] 4b711cf614d818eefe563bea1fa7db19
    [BSP] 3ecc38f2a309cae94c60af5c55666ff4 : MBR Code unknown
    Partition table:
    0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097151 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive2: ST3200822AS +++++
    --- User ---
    [MBR] 9ab118d9f3b00d1b52bc0fff7f604f8b
    [BSP] 3d382330aa270593c7a1c1788d5fad17 : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 190780 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive3: ST9160823AS +++++
    --- User ---
    [MBR] a34dc56c332b43db7d9328458dfc3744
    [BSP] 6231e4dc0035ec7de7e45330e0d1252d : Windows 7 MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 152625 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Abgeschlossen : << RKreport[1].txt >>
    RKreport[1].txt





    RogueKiller V8.2.0 [10/22/2012] durch Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Kommentare: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Betriebssystem: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Gestartet in : Normaler Modus
    Benutzer : Chris [Admin Rechte]
    Funktion : Entfernen -- Datum : 10/30/2012 16:42:02

    ¤¤¤ Böswillige Prozesse : 0 ¤¤¤

    ¤¤¤ Registry-Einträge : 13 ¤¤¤
    [Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\61883 (system32\DRIVERS\61883.sys) -> GELÖSCHT
    [Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\61883 (system32\DRIVERS\61883.sys) -> GELÖSCHT
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> ERSETZT (2)
    [HJ] HKLM\[...]\System : EnableLUA (0) -> ERSETZT (1)
    [HJ] HKLM\[...]\Wow6432Node\Security Center : AntiVirusDisableNotify (1) -> ERSETZT (0)
    [HJ] HKLM\[...]\Wow6432Node\Security Center : FirewallDisableNotify (1) -> ERSETZT (0)
    [HJ] HKLM\[...]\Wow6432Node\Security Center : UpdatesDisableNotify (1) -> ERSETZT (0)
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> ERSETZT (1)
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> ERSETZT (0)
    [HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> ERSETZT (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> ERSETZT (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ERSETZT (0)
    [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (E:\Users\Chris\AppData\Local\{3261f29f-47ae-5086-2ff2-b91082b31060}\n.) -> ERSETZT (C:\Windows\system32\shell32.dll)

    ¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤
    [ZeroAccess][FILE] @ : E:\Users\Chris\AppData\Local\{3261f29f-47ae-5086-2ff2-b91082b31060}\@ --> ENTFERNT
    [ZeroAccess][FOLDER] ROOT : E:\Users\Chris\AppData\Local\{3261f29f-47ae-5086-2ff2-b91082b31060}\U --> ENTFERNT
    [ZeroAccess][FOLDER] ROOT : E:\Users\Chris\AppData\Local\{3261f29f-47ae-5086-2ff2-b91082b31060}\L --> ENTFERNT

    ¤¤¤ Treiber : [NICHT GELADEN] ¤¤¤

    ¤¤¤ Externe Hives: ¤¤¤
    -> E:\Users\Administrator\NTUSER.DAT

    ¤¤¤ Infektion : ZeroAccess ¤¤¤

    ¤¤¤ Hosts-Datei: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost
    127.0.0.1 activate.adobe.com
    127.0.0.1 practivate.adobe.com
    127.0.0.1 lmlicenses.wip4.adobe.com
    127.0.0.1 lm.licenses.adobe.com


    ¤¤¤ MBR überprüfen: ¤¤¤

    +++++ PhysicalDrive0: C300-CTFDDAC128MAG +++++
    --- User ---
    [MBR] 3adc105a37c1574ffb036c983a30aac0
    [BSP] 2ab11587620ab34ab5a0a477d4ac8289 : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 122002 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: Raid +++++
    --- User ---
    [MBR] 4b711cf614d818eefe563bea1fa7db19
    [BSP] 3ecc38f2a309cae94c60af5c55666ff4 : MBR Code unknown
    Partition table:
    0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097151 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive2: ST3200822AS +++++
    --- User ---
    [MBR] 9ab118d9f3b00d1b52bc0fff7f604f8b
    [BSP] 3d382330aa270593c7a1c1788d5fad17 : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 190780 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive3: ST9160823AS +++++
    --- User ---
    [MBR] a34dc56c332b43db7d9328458dfc3744
    [BSP] 6231e4dc0035ec7de7e45330e0d1252d : Windows 7 MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 152625 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Abgeschlossen : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt


    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Datenbank Version: v2012.10.30.06

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Chris :: WORKSTATION [Administrator]

    30.10.2012 16:44:38
    mbam-log-2012-10-30 (16-44-38).txt

    Art des Suchlaufs: Quick-Scan
    Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
    Deaktivierte Suchlaufeinstellungen: P2P
    Durchsuchte Objekte: 275170
    Laufzeit: 1 Minute(n), 41 Sekunde(n)

    Infizierte Speicherprozesse: 0
    (Keine bösartigen Objekte gefunden)

    Infizierte Speichermodule: 0
    (Keine bösartigen Objekte gefunden)

    Infizierte Registrierungsschlüssel: 2
    HKCU\SOFTWARE\4ECYTQ9SIC (Trojan.FakeAlert.SA) -> Erfolgreich gelöscht und in Quarantäne gestellt.
    HKCU\SOFTWARE\QK9G0Z54EX (Trojan.FakeAlert.SA) -> Erfolgreich gelöscht und in Quarantäne gestellt.

    Infizierte Registrierungswerte: 0
    (Keine bösartigen Objekte gefunden)

    Infizierte Dateiobjekte der Registrierung: 0
    (Keine bösartigen Objekte gefunden)

    Infizierte Verzeichnisse: 0
    (Keine bösartigen Objekte gefunden)

    Infizierte Dateien: 1
    E:\Users\Chris\Downloads\u1006.exe (VirTool.Vbcrypt) -> Erfolgreich gelöscht und in Quarantäne gestellt.

    (Ende)






    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-10-30 17:03:50
    -----------------------------
    17:03:50.284 OS Version: Windows x64 6.1.7601 Service Pack 1
    17:03:50.284 Number of processors: 8 586 0x2A07
    17:03:50.300 ComputerName: WORKSTATION UserName: Chris
    17:03:50.409 Initialize success
    17:03:54.699 AVAST engine defs: 12103000
    17:04:11.422 The log file has been saved successfully to "E:\Users\Chris\Desktop\aswMBR.txt"
    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-10-30 17:03:50
    -----------------------------
    17:03:50.284 OS Version: Windows x64 6.1.7601 Service Pack 1
    17:03:50.284 Number of processors: 8 586 0x2A07
    17:03:50.300 ComputerName: WORKSTATION UserName: Chris
    17:03:50.409 Initialize success
    17:03:54.699 AVAST engine defs: 12103000
    17:04:11.422 The log file has been saved successfully to "E:\Users\Chris\Desktop\aswMBR.txt"
    17:04:25.078 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
    17:04:25.078 Disk 0 Vendor: C300-CTF 0006 Size: 122104MB BusType: 8
    17:04:25.094 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-3
    17:04:25.094 Disk 1 Vendor: Intel___ 1.0. Size: 2861594MB BusType: 8
    17:04:25.094 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-1
    17:04:25.094 Disk 2 Vendor: ST320082 3.01 Size: 190782MB BusType: 8
    17:04:25.094 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IAAStorageDevice-2
    17:04:25.094 Disk 3 Vendor: ST916082 3.AD Size: 152627MB BusType: 8
    17:04:25.094 Disk 0 MBR read successfully
    17:04:25.109 Disk 0 MBR scan
    17:04:25.109 Disk 0 Windows 7 default MBR code
    17:04:25.109 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    17:04:25.109 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 122002 MB offset 206848
    17:04:25.125 Disk 0 scanning C:\Windows\system32\drivers
    17:04:28.994 Service scanning
    17:04:35.764 Modules scanning
    17:04:35.764 Disk 0 trace - called modules:
    17:04:35.764 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    17:04:35.764 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8016c9d790]
    17:04:35.764 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa800eb3a050]
    17:04:35.889 AVAST engine scan C:\Windows
    17:04:36.872 AVAST engine scan C:\Windows\system32
    17:05:12.319 Disk 0 MBR has been saved successfully to "E:\Users\Chris\Desktop\MBR.dat"
    17:05:12.319 The log file has been saved successfully to "E:\Users\Chris\Desktop\aswMBR.txt"
    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-10-30 17:03:50
    -----------------------------
    17:03:50.284 OS Version: Windows x64 6.1.7601 Service Pack 1
    17:03:50.284 Number of processors: 8 586 0x2A07
    17:03:50.300 ComputerName: WORKSTATION UserName: Chris
    17:03:50.409 Initialize success
    17:03:54.699 AVAST engine defs: 12103000
    17:04:11.422 The log file has been saved successfully to "E:\Users\Chris\Desktop\aswMBR.txt"
    17:04:25.078 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
    17:04:25.078 Disk 0 Vendor: C300-CTF 0006 Size: 122104MB BusType: 8
    17:04:25.094 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-3
    17:04:25.094 Disk 1 Vendor: Intel___ 1.0. Size: 2861594MB BusType: 8
    17:04:25.094 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-1
    17:04:25.094 Disk 2 Vendor: ST320082 3.01 Size: 190782MB BusType: 8
    17:04:25.094 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IAAStorageDevice-2
    17:04:25.094 Disk 3 Vendor: ST916082 3.AD Size: 152627MB BusType: 8
    17:04:25.094 Disk 0 MBR read successfully
    17:04:25.109 Disk 0 MBR scan
    17:04:25.109 Disk 0 Windows 7 default MBR code
    17:04:25.109 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    17:04:25.109 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 122002 MB offset 206848
    17:04:25.125 Disk 0 scanning C:\Windows\system32\drivers
    17:04:28.994 Service scanning
    17:04:35.764 Modules scanning
    17:04:35.764 Disk 0 trace - called modules:
    17:04:35.764 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    17:04:35.764 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8016c9d790]
    17:04:35.764 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa800eb3a050]
    17:04:35.889 AVAST engine scan C:\Windows
    17:04:36.872 AVAST engine scan C:\Windows\system32
    17:05:21.232 Disk 0 MBR has been saved successfully to "E:\Users\Chris\Desktop\MBR.dat"
    17:05:21.232 The log file has been saved successfully to "E:\Users\Chris\Desktop\aswMBR.txt"
     
  7. Broni

    Broni Malware Annihilator Posts: 47,612   +267

    Good :)

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    =================================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  8. chrisbucanac

    chrisbucanac TS Rookie Topic Starter

    ComboFix 12-10-30.03 - Chris 30.10.2012 17:59:12.2.8 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.16301.13322 [GMT 1:00]
    ausgeführt von:: e:\users\Chris\Desktop\ComboFix.exe
    AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\11696_63834688_MVM_11.tmp
    C:\11696_63834688_MVM_9.tmp
    c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
    c:\program files (x86)\Complitly
    c:\program files (x86)\Complitly\chrome\ComplitlyChrome.crx
    c:\program files (x86)\Complitly\FireFoxExtension.exe
    c:\program files (x86)\Complitly\InstTracker.exe
    c:\program files (x86)\Complitly\support@Complitly.com\chrome.manifest
    c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\appIcon.png
    c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\browserOverlay.xul
    c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\options.js
    c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\options.xul
    c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\utils.js
    c:\program files (x86)\Complitly\support@Complitly.com\defaults\preferences\predictad.js
    c:\program files (x86)\Complitly\support@Complitly.com\install.rdf
    c:\program files (x86)\Complitly\unins000.dat
    c:\program files (x86)\Complitly\unins000.exe
    c:\programdata\Amazon.ico
    c:\programdata\MercadoLivre.ico
    C:\uninstall.exe
    c:\windows\SysWow64\cseDVH.dll
    c:\windows\SysWow64\URTTemp
    c:\windows\SysWow64\URTTemp\regtlib.exe
    e:\users\Chris\AppData\Roaming\698e8de9c79e614b8d6a96b5ce9682e6-i686.cache-2
    e:\users\Chris\AppData\Roaming\chrtmp
    e:\users\Chris\AppData\Roaming\Help\coredb\storage
    e:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
    .
    .
    ((((((((((((((((((((((( Dateien erstellt von 2012-09-28 bis 2012-10-30 ))))))))))))))))))))))))))))))
    .
    .
    2025-09-04 23:11 . 2025-09-04 23:11 -------- d-----w- c:\programdata\eSellerate
    2025-09-04 23:09 . 2025-09-04 23:09 -------- d-----w- c:\program files (x86)\Common Files\eSellerate
    2025-09-04 23:09 . 2025-09-04 23:14 -------- d-----w- c:\program files\NewBlue
    2025-09-04 23:08 . 2025-09-04 23:13 -------- d-----w- c:\program files (x86)\NewBlue
    2012-10-30 17:05 . 2012-10-30 17:05 -------- d-----w- e:\users\UpdatusUser\AppData\Local\temp
    2012-10-30 17:05 . 2012-10-30 17:05 -------- d-----w- e:\users\postgres\AppData\Local\temp
    2012-10-30 16:07 . 2012-10-30 16:07 -------- d-----w- e:\users\Chris\AppData\Local\Diagnostics
    2012-10-30 15:43 . 2012-10-30 15:43 -------- d-----w- e:\users\Chris\AppData\Roaming\Malwarebytes
    2012-10-30 15:43 . 2012-10-30 15:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-10-30 15:43 . 2012-10-30 15:43 -------- d-----w- c:\programdata\Malwarebytes
    2012-10-30 15:43 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-10-29 11:20 . 2012-10-29 11:20 -------- d-----w- e:\users\Chris\AppData\Local\ElevatedDiagnostics
    2012-10-28 03:52 . 2011-11-22 18:43 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
    2012-10-28 03:52 . 2012-10-28 04:45 -------- d-----w- c:\program files (x86)\PC Tools Security
    2012-10-28 03:52 . 2012-10-28 03:54 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
    2012-10-28 03:39 . 2012-10-28 03:39 -------- d-----w- C:\FRST
    2012-10-28 03:12 . 2012-10-28 03:55 -------- d-----w- c:\programdata\PC Tools
    2012-10-28 03:12 . 2012-10-28 03:12 -------- d-----w- e:\users\Chris\AppData\Roaming\TestApp
    2012-10-27 23:50 . 2012-10-28 01:41 -------- d-----w- c:\program files (x86)\CyberLink
    2012-10-27 17:12 . 2012-10-28 04:45 -------- d-----w- c:\program files (x86)\BitrateViewer
    2012-10-27 00:05 . 2012-10-27 00:05 -------- d-----w- e:\users\Chris\AppData\Local\BorisFX
    2012-10-26 23:32 . 2012-10-28 04:45 -------- d-----w- c:\program files (x86)\Boris FX, Inc
    2012-10-26 21:23 . 2012-10-26 21:23 -------- d-----w- e:\users\Chris\AppData\Roaming\Media Player Classic
    2012-10-11 11:44 . 2012-10-11 11:44 -------- d-----w- c:\program files (x86)\Common Files\CineForm
    2012-10-11 11:38 . 2012-10-21 23:41 -------- d-----w- e:\users\Chris\AppData\Local\GoPro
    2012-10-11 11:38 . 2012-10-11 11:38 -------- d-----w- e:\users\Chris\AppData\Roaming\GoPro
    2012-10-11 11:36 . 2012-10-11 11:36 -------- d-----w- c:\program files (x86)\CineForm
    2012-10-11 11:36 . 2012-10-11 11:36 -------- d-----w- c:\program files (x86)\GoPro
    .
    .
    .
    (((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-11 01:01 . 2011-06-12 16:43 65309168 ----a-w- c:\windows\system32\MRT.exe
    2012-10-09 11:16 . 2012-06-21 22:44 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-10-09 11:16 . 2011-06-12 17:07 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-26 17:31 . 2012-09-26 17:31 1424896 ----a-w- c:\windows\system32\CFHD.dll
    2012-09-26 17:28 . 2012-09-26 17:28 1458176 ----a-w- c:\windows\SysWow64\CFHD.dll
    2012-08-24 11:15 . 2012-09-26 22:30 17810944 ----a-w- c:\windows\system32\mshtml.dll
    2012-08-24 10:39 . 2012-09-26 22:30 10925568 ----a-w- c:\windows\system32\ieframe.dll
    2012-08-24 10:31 . 2012-09-26 22:30 2312704 ----a-w- c:\windows\system32\jscript9.dll
    2012-08-24 10:22 . 2012-09-26 22:30 1346048 ----a-w- c:\windows\system32\urlmon.dll
    2012-08-24 10:21 . 2012-09-26 22:30 1392128 ----a-w- c:\windows\system32\wininet.dll
    2012-08-24 10:20 . 2012-09-26 22:30 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-08-24 10:18 . 2012-09-26 22:30 237056 ----a-w- c:\windows\system32\url.dll
    2012-08-24 10:17 . 2012-09-26 22:30 85504 ----a-w- c:\windows\system32\jsproxy.dll
    2012-08-24 10:14 . 2012-09-26 22:30 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-08-24 10:14 . 2012-09-26 22:30 816640 ----a-w- c:\windows\system32\jscript.dll
    2012-08-24 10:13 . 2012-09-26 22:30 599040 ----a-w- c:\windows\system32\vbscript.dll
    2012-08-24 10:12 . 2012-09-26 22:30 2144768 ----a-w- c:\windows\system32\iertutil.dll
    2012-08-24 10:11 . 2012-09-26 22:30 729088 ----a-w- c:\windows\system32\msfeeds.dll
    2012-08-24 10:10 . 2012-09-26 22:30 96768 ----a-w- c:\windows\system32\mshtmled.dll
    2012-08-24 10:09 . 2012-09-26 22:30 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-08-24 10:04 . 2012-09-26 22:30 248320 ----a-w- c:\windows\system32\ieui.dll
    2012-08-24 06:59 . 2012-09-26 22:30 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
    2012-08-24 06:51 . 2012-09-26 22:30 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-08-24 06:51 . 2012-09-26 22:30 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2012-08-24 06:47 . 2012-09-26 22:30 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-08-24 06:47 . 2012-09-26 22:30 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2012-08-24 06:43 . 2012-09-26 22:30 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-08-22 18:12 . 2012-09-12 13:10 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-08-22 18:12 . 2012-09-12 13:10 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
    2012-08-22 18:12 . 2012-09-12 13:10 376688 ----a-w- c:\windows\system32\drivers\netio.sys
    2012-08-22 18:12 . 2012-09-12 13:10 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-08-21 21:01 . 2012-09-26 22:28 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
    2012-08-20 17:38 . 2012-10-10 14:13 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-08-02 17:58 . 2012-09-12 13:10 574464 ----a-w- c:\windows\system32\d3d10level9.dll
    2012-08-02 16:57 . 2012-09-12 13:10 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
    2010-01-26 09:11 . 2011-08-19 17:27 444283 ----a-w- c:\program files (x86)\Common Files\WinPcapNmap.exe
    .
    .
    (((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files (x86)\Freecorder\prxtbFre1.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
    2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\Freecorder\prxtbFre1.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}]
    2011-08-25 07:46 139768 ----a-w- e:\users\Chris\AppData\Roaming\Complitly\Complitly.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
    2012-03-26 21:45 233288 ----a-w- c:\program files (x86)\Hotspot Shield\HssIE\HssIE.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files (x86)\Freecorder\prxtbFre1.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- e:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- e:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- e:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- e:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "SugarSync"="c:\program files (x86)\SugarSync\SugarSyncManager.exe" [2012-09-21 10855544]
    "Facebook Update"="e:\users\Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-02-09 284184]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" [2011-03-24 167936]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-12 421736]
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
    .
    e:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - e:\users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    basICColor display4 VideoLUT Loader.lnk - c:\program files (x86)\basICColor Software\basICColor display 4.1\LUTLoader.exe [2011-8-8 851968]
    CineForm Status.lnk - c:\program files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe [2012-9-26 152064]
    Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
    maComfort.lnk - c:\program files (x86)\maComfort\maComfort.exe [2011-2-26 525872]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    "SoftwareSASGeneration"= 3 (0x3)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    "AppInit_DLLs"=c:\progra~1\LUCIDL~1\VIRTU\x86\appinit_dll.dll c:\progra~1\LUCIDL~1\VIRTU\x86\appinit_dll.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer2"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "BambooCore"=c:\program files (x86)\Bamboo Dock\BambooCore.exe
    "SwitchBoard"=c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    "ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001
    .
    R1 cdrblock;cdrblock;c:\windows\system32\DRIVERS\cdrblock.sys [2011-04-21 36696]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-14 116648]
    R2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-03-26 542040]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-02-09 13336]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
    R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys [x]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
    R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-07-30 102240]
    R3 EyeOneDisplay;EyeOneDisplay;c:\windows\system32\Drivers\i1display_x64.sys [2007-03-28 7808]
    R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-14 116648]
    R3 IDVistaService;Input Director Vista Service;c:\program files (x86)\Input Director\IDVistaService.exe [2009-02-08 13824]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 prwntdrv;prwntdrv;c:\windows\system32\prwntdrv.sys [2010-08-25 16776]
    R3 SliceDisk5;SliceDisk5;c:\program files\A-FF Find and Mount\slicedisk-x64.sys [x]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-07-30 203104]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2011-09-08 13312]
    R4 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 528760]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
    S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-01-10 21104]
    S1 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-01-27 47632]
    S2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296]
    S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [2011-11-24 78208]
    S2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run [x]
    S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-03-26 329544]
    S2 InputDirector;Input Director Service;c:\program files (x86)\Input Director\IDWinService.exe [2010-02-01 36864]
    S2 PaceLicenseDServices;PACE License Services;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2011-07-09 2932224]
    S2 postgresql-x64-9.0;postgresql-x64-9.0 - PostgreSQL Server 9.0;C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N postgresql-x64-9.0 -D C:/Program Files/PostgreSQL/9.0/data -w [x]
    S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [2007-04-27 142120]
    S2 SkypeUpdate;Skype Updater;e:\programs\Portable\Skype\SkypePortable4\Updater\Updater.exe [2012-02-29 158856]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
    S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 6583160]
    S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
    S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-03-07 40832]
    S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-03-07 65280]
    S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-09-21 56344]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800]
    S3 VirtuWDDM;VirtuWDDM;c:\windows\system32\DRIVERS\VirtuWDDM.sys [2011-07-19 66336]
    .
    .
    --- Andere Dienste/Treiber im Speicher ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Inhalt des "geplante Tasks" Ordners
    .
    2012-10-30 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-21 11:16]
    .
    2012-10-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-208996254-2709365253-2112509887-1003Core.job
    - e:\users\Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-16 22:58]
    .
    2012-10-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-208996254-2709365253-2112509887-1003UA.job
    - e:\users\Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-16 22:58]
    .
    2012-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-14 17:01]
    .
    2012-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-14 17:01]
    .
    2012-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-208996254-2709365253-2112509887-1003Core.job
    - e:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-25 17:06]
    .
    2012-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-208996254-2709365253-2112509887-1003UA.job
    - e:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-25 17:06]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- e:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- e:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- e:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- e:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
    @="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
    [HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
    2012-09-21 17:40 480888 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
    @="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
    [HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
    2012-09-21 17:40 480888 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
    @="{A759AFF6-5851-457D-A540-F4ECED148351}"
    [HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
    2012-09-21 17:40 480888 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
    @="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
    [HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
    2012-09-21 17:40 480888 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-11 11776104]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-11-29 167960]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-11-29 391704]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-11-29 418328]
    "VIRTU"="c:\program files\Lucidlogix Technologies\VIRTU\VirtuControlPanel.Exe" [2011-07-19 2657568]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\progra~1\LUCIDL~1\VIRTU\appinit_dll.dll c:\progra~1\LUCIDL~1\VIRTU\appinit_dll.dll
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    ------- Zusätzlicher Suchlauf -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = about:blank
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = local
    IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.178.1
    FF - ProfilePath - e:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\99blgq2o.default\
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    .
    - - - - Entfernte verwaiste Registrierungseinträge - - - -
    .
    Wow6432Node-HKCU-Run-WinRAR Add-on - e:\programs\Portable\WinRAR Unplugged 3.9.3\Launch WinRAR.exe
    Wow6432Node-HKCU-Run-RK Launcher - e:\programs\Portable\RK Launcher\RKLauncher.exe
    Wow6432Node-HKCU-Run-ISUSPM Startup - c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
    Wow6432Node-HKLM-Run-Driver Genius - (no file)
    Wow6432Node-HKLM-Run-ISUSPM Startup - c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
    WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
    AddRemove-Magic Bullet Looks - c:\windows\unvise32.exe
    AddRemove-{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 - c:\program files (x86)\Complitly\unins000.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-x64-9.0]
    "ImagePath"="C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.0\" -D \"C:/Program Files/PostgreSQL/9.0/data\" -w"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-x64-9.0]
    "ImagePath"="C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.0\" -D \"C:/Program Files/PostgreSQL/9.0/data\" -w"
    .
    --------------------- Gesperrte Registrierungsschluessel ---------------------
    .
    [HKEY_USERS\S-1-5-21-208996254-2709365253-2112509887-1003\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Locales\e*n**‹ÏŠ—y]
    "LP_LastUpdateTime"="0"
    "LP_LastCheckTime"=dword:50870f4d
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
    "Version"=hex:8f,bf,00,76,ff,46,81,d9,29,17,10,d3,ba,3b,6f,f8,17,c0,72,08,02,
    2e,be,e8,ce,49,ed,e5,fd,33,5e,0d,00,30,7e,21,e3,6e,11,96,c2,55,a2,ed,c8,a6,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
    "Version"=hex:8f,bf,00,76,ff,46,81,d9,29,17,10,d3,ba,3b,6f,f8,17,c0,72,08,02,
    2e,be,e8,ce,49,ed,e5,fd,33,5e,0d,00,30,7e,21,e3,6e,11,96,c2,55,a2,ed,c8,a6,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Weitere laufende Prozesse ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\system32\crypserv.exe
    c:\windows\system32\hasplms.exe
    c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
    c:\program files (x86)\Input Director\InputDirectorSessionHelper.exe
    c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    .
    **************************************************************************
    .
    Zeit der Fertigstellung: 2012-10-30 18:21:50 - PC wurde neu gestartet
    ComboFix-quarantined-files.txt 2012-10-30 17:21
    .
    Vor Suchlauf: 17 Verzeichnis(se), 71.883.739.136 Bytes frei
    Nach Suchlauf: 19 Verzeichnis(se), 71.574.519.808 Bytes frei
    .
    - - End Of File - - FF7010463AB152E655F76E26FB1FBE50
     
  9. chrisbucanac

    chrisbucanac TS Rookie Topic Starter

    Even uninstalled AntiVir and combofix still said it was active.
     
  10. Broni

    Broni Malware Annihilator Posts: 47,612   +267

    Combofix log looks good.

    You can reinstall Avira now.

    Any current issues?

    ================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  11. Broni

    Broni Malware Annihilator Posts: 47,612   +267

    Still with me?
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,612   +267

    This topic is marked as abandoned and closed due to inactivity.
    This member will NOT be eligible to receive any more help in malware removal forum.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.