| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows Vista: Erst BKA und jetzt GVU Trojaner....Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.10.2012, 19:54
| #31 |
 |  Windows Vista: Erst BKA und jetzt GVU Trojaner....Code:
ATTFilter OTL logfile created on: 09.10.2012 20:11:27 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\XXX\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,50 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 65,12% Memory free 7,18 Gb Paging File | 6,08 Gb Available in Paging File | 84,73% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 149,04 Gb Total Space | 68,58 Gb Free Space | 46,01% Space Free | Partition Type: NTFS Drive D: | 137,33 Gb Total Space | 137,10 Gb Free Space | 99,84% Space Free | Partition Type: NTFS Computer Name: XXXX-XX | User Name: XXXX | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\XXX\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Norton 360\Engine\3.8.3.6\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) PRC - C:\Program Files\AkkuLine.de\AkkuLine Batterie-Tool\AL-Batterie-Tool.exe (AkkuLine.de) PRC - C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) PRC - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS) PRC - C:\Program Files\ASUS\Wireless Console 3\wcourier.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe (SRS Labs, Inc.) PRC - C:\Program files\P4G\BatteryLife.exe (ATK) PRC - C:\Program Files\ASUS\ATK Hotkey\HControl.exe (ASUS) PRC - C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) PRC - C:\Program Files\ASUS\ATK Hotkey\WDC.exe (ASUS) PRC - C:\Program Files\ASUS\SmartLogon\sensorsrv.exe (ASUS) PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK) PRC - C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.) PRC - C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe (ASUS) PRC - C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (ASUS) PRC - C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe (ASUS) PRC - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe () PRC - C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe (ASUS) PRC - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.) PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.) PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION) PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe () PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe () PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION) PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\2467a133aee73396c830b9b0a9c7ec0d\Microsoft.VisualBasic.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\8455a2be044530a091b714f5a6415d6b\CustomMarshalers.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4b5eaa70d2900b98ccf6fd9915f34d69\System.EnterpriseServices.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4b5eaa70d2900b98ccf6fd9915f34d69\System.EnterpriseServices.Wrapper.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\b6d83a652c94b32fc8f99a6df0acd7f4\System.Transactions.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Program Files\ICQ7.2\MDb.dll () MOD - C:\Program Files\WinRAR\rarext.dll () MOD - C:\Program Files\asus\VirtualCamera\virtualCamera.ax () MOD - C:\Windows\System32\msjetoledb40.dll () MOD - C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll () MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll () MOD - C:\Program files\P4G\OvrClk.dll () MOD - C:\Program files\P4G\DevMng.dll () MOD - C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll () MOD - C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - C:\Program Files\ASUS\ASUS Live Update\ALU.exe () MOD - C:\Program Files\ASUS\ATK Hotkey\MsgTran.dll () MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll () MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll () MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll () MOD - C:\Program Files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll () MOD - C:\Program Files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll () MOD - C:\Program Files\ATKGFNEX\AGFNEX.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (N360) -- C:\Program Files\Norton 360\Engine\3.8.3.6\ccSvcHst.exe (Symantec Corporation) SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe () SRV - (SRS_VolSync_Service) -- C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe (SRS Labs, Inc.) SRV - (ASLDRService) -- C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe () SRV - (ADSMService) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (EPSON_EB_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION) SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe () SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20121008.025\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20121008.025\NAVENG.SYS (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20121006.001\IDSvix86.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (ccHP) -- C:\Windows\System32\drivers\N360\0308030.006\cchpx86.sys (Symantec Corporation) DRV - (SYMTDI) -- C:\Windows\System32\drivers\N360\0308030.006\symtdi.sys (Symantec Corporation) DRV - (SYMFW) -- C:\Windows\System32\drivers\N360\0308030.006\symfw.sys (Symantec Corporation) DRV - (SYMNDISV) -- C:\Windows\System32\drivers\N360\0308030.006\symndisv.sys (Symantec Corporation) DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (SymEFA) -- C:\Windows\System32\drivers\N360\0308030.006\SymEFA.sys (Symantec Corporation) DRV - (SRTSP) -- C:\Windows\System32\drivers\N360\0308030.006\srtsp.sys (Symantec Corporation) DRV - (BHDrvx86) -- C:\Windows\System32\drivers\N360\0308030.006\BHDrvx86.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\Windows\System32\drivers\N360\0308030.006\srtspx.sys (Symantec Corporation) DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation) DRV - (AsDsm) -- C:\Windows\System32\drivers\AsDsm.sys (ASUSTek Computer Inc) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (SRS_PremiumSound_Service) -- C:\Windows\System32\drivers\SRS_PremiumSound_i386.sys () DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100) DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation) DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( ) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (CRFILTER) -- C:\Windows\System32\drivers\CRFILTER.sys (Generic) DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys () DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUS IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1510155998-2412716386-4037089523-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS IE - HKU\S-1-5-21-1510155998-2412716386-4037089523-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKU\S-1-5-21-1510155998-2412716386-4037089523-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1510155998-2412716386-4037089523-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-1510155998-2412716386-4037089523-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\S-1-5-21-1510155998-2412716386-4037089523-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1510155998-2412716386-4037089523-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-1510155998-2412716386-4037089523-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUS_deDE342 IE - HKU\S-1-5-21-1510155998-2412716386-4037089523-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1510155998-2412716386-4037089523-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q=" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.meinvz.net/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7 FF - prefs.js..extensions.enabledItems: {AA994882-F391-4d2e-806F-8908DA4814ED}:2.11.9 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.7&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: c:\Program Files\Sony\Media Go\npmediago.dll (Sony Creative Software Inc) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011.10.11 13:46:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.08 12:54:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.08 12:54:02 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.08 12:54:11 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.08 12:54:02 | 000,000,000 | ---D | M] [2009.08.29 22:05:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions [2012.06.25 17:53:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\ozrd7br3.default\extensions [2010.04.28 21:27:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\ozrd7br3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.06.20 06:44:32 | 000,000,950 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\ozrd7br3.default\searchplugins\icqplugin-1.xml [2011.12.06 06:09:12 | 000,000,950 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\ozrd7br3.default\searchplugins\icqplugin-10.xml [2012.06.24 17:21:28 | 000,000,950 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\ozrd7br3.default\searchplugins\icqplugin-11.xml [2012.06.24 17:51:38 | 000,000,950 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\ozrd7br3.default\searchplugins\icqplugin-12.xml [2011.03.15 20:37:46 | 000,000,950 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\ozrd7br3.default\searchplugins\icqplugin-2.xml [2011.03.29 14:00:27 | 000,000,950 | ---- | M] () -- C:\Users\XXx\AppData\Roaming\mozilla\firefox\profiles\ozrd7br3.default\searchplugins\icqplugin-3.xml [2011.03.29 19:41:31 | 000,000,950 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\ozrd7br3.default\searchplugins\icqplugin-4.xml [2011.06.15 11:18:04 | 000,000,950 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\ozrd7br3.default\searchplugins\icqplugin-5.xml [2011.06.28 18:24:34 | 000,000,950 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\ozrd7br3.default\searchplugins\icqplugin-6.xml [2011.08.29 13:25:55 | 000,000,950 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\ozrd7br3.default\searchplugins\icqplugin-7.xml [2011.10.20 19:29:18 | 000,000,950 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\ozrd7br3.default\searchplugins\icqplugin-8.xml [2011.11.04 15:27:55 | 000,000,950 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\ozrd7br3.default\searchplugins\icqplugin-9.xml [2010.12.08 07:51:30 | 000,001,056 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\ozrd7br3.default\searchplugins\icqplugin.xml [2011.01.01 17:57:11 | 000,001,218 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\ozrd7br3.default\searchplugins\kikin-search.xml [2012.10.09 17:16:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012.10.05 21:41:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.09.08 12:54:11 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.01 17:07:56 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.3.6\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.3.6\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.3.6\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKU\S-1-5-21-1510155998-2412716386-4037089523-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-1510155998-2412716386-4037089523-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.3.6\coIEPlg.dll (Symantec Corporation) O4 - HKLM..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe (ATK) O4 - HKLM..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe () O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DisableS3S4] c:\DisableS3S4.cmd File not found O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files\ASUS\Wireless Console 3\wcourier.exe () O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1510155998-2412716386-4037089523-1000..\Run: [ALBATTTOOL] C:\Program Files\AkkuLine.de\AkkuLine Batterie-Tool\AL-Batterie-Tool.exe (AkkuLine.de) O4 - HKU\S-1-5-21-1510155998-2412716386-4037089523-1000..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O4 - Startup: C:\Users\Miri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - Reg Error: Key error. File not found O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{156BAF28-F88F-4754-AC5D-370EA53622DA}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.3.6\coIEPlg.dll (Symantec Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\XXX\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\XXX\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{189a3b69-6a90-11df-963b-0026189eadce}\Shell - "" = AutoRun O33 - MountPoints2\{189a3b69-6a90-11df-963b-0026189eadce}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{7a38294f-a3a0-11df-b9a8-806e6f6e6963}\Shell\AutoRun\command - "" = F:\programs\nu2menu\nu2menu.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: SymEFA.sys - C:\Windows\System32\drivers\N360\0308030.006\SymEFA.sys (Symantec Corporation) SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: SymEFA.sys - C:\Windows\System32\drivers\N360\0308030.006\SymEFA.sys (Symantec Corporation) SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.10.09 20:09:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe [2012.10.08 10:18:40 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices [2012.10.07 21:56:43 | 002,322,184 | ---- | C] (ESET) -- C:\Users\XXX\Desktop\esetsmartinstaller_enu(2).exe [2012.10.05 16:14:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\IO [2012.10.05 16:05:06 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\YourFileDownloader [2012.10.05 16:01:26 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\AVS4YOU [2012.10.05 15:56:51 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU [2012.10.05 15:56:39 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\AVS4YOU [2012.10.05 15:54:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia [2012.10.05 15:54:03 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU [2012.10.05 15:45:16 | 000,000,000 | ---D | C] -- C:\Program Files\RADVideo [2012.10.05 15:45:16 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bink and Smacker [2012.10.05 13:21:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES [2012.10.05 13:21:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES [2012.10.05 13:21:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN [2012.10.05 10:37:15 | 000,000,000 | ---D | C] -- C:\_OTL [2012.10.04 13:44:58 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.10.04 08:55:25 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2012.10.04 08:18:42 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Malwarebytes [2012.10.04 08:18:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.04 08:18:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.04 08:18:27 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.10.04 08:18:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.10.04 07:49:59 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\XXX\Desktop\mbam-setup-1.65.0.1400.exe [2012.10.03 23:06:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders [2012.10.03 23:06:19 | 000,000,000 | ---D | C] -- C:\4ed1fa912e6d986eeaf033225816dd [2012.10.03 19:04:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.09.23 15:39:24 | 000,000,000 | ---D | C] -- C:\Users\XXX\Application Data ========== Files - Modified Within 30 Days ========== [2012.10.09 20:09:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\XXX\Desktop\OTL.exe [2012.10.09 19:34:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.09 19:15:12 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.09 19:15:12 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.09 17:39:01 | 000,000,238 | ---- | M] () -- C:\Windows\tasks\Epson Printer Software Downloader.job [2012.10.09 17:22:46 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.10.09 17:22:46 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.10.09 17:22:46 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.10.09 17:22:46 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.10.09 17:15:20 | 000,031,776 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.10.09 17:15:17 | 000,031,776 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.10.09 17:15:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.09 17:14:06 | 3757,232,128 | -HS- | M] () -- C:\hiberfil.sys [2012.10.09 09:08:06 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe [2012.10.08 18:33:15 | 000,538,327 | ---- | M] () -- C:\Users\XXX\Desktop\adwcleaner(1).exe [2012.10.08 10:23:22 | 000,398,024 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.10.08 10:18:08 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2012.10.08 10:17:23 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2012.10.08 08:33:28 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat [2012.10.08 08:33:28 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat [2012.10.08 08:33:14 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2012.10.07 21:56:45 | 002,322,184 | ---- | M] (ESET) -- C:\Users\XXX\Desktop\esetsmartinstaller_enu(2).exe [2012.10.07 20:36:41 | 000,001,356 | ---- | M] () -- C:\Users\XXX\AppData\Local\d3d9caps.dat [2012.10.07 20:35:48 | 083,023,306 | ---- | M] () -- C:\ProgramData\0tbpw.pad [2012.10.04 08:18:29 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.04 07:50:06 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\XXX\Desktop\mbam-setup-1.65.0.1400.exe ========== Files Created - No Company Name ========== [2012.10.08 18:33:08 | 000,538,327 | ---- | C] () -- C:\Users\XXX\Desktop\adwcleaner(1).exe [2012.10.08 10:18:08 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2012.10.08 10:17:23 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2012.10.08 08:33:14 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2012.10.07 23:49:18 | 3757,232,128 | -HS- | C] () -- C:\hiberfil.sys [2012.10.04 17:47:11 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd [2012.10.04 17:47:10 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man [2012.10.04 17:47:02 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf [2012.10.04 17:47:00 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2012.10.04 17:47:00 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2012.10.04 17:46:57 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf [2012.10.04 17:46:54 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf [2012.10.04 17:46:43 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF [2012.10.04 17:46:41 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs [2012.10.04 17:46:02 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml [2012.10.04 08:18:29 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.01 12:21:31 | 083,023,306 | ---- | C] () -- C:\ProgramData\0tbpw.pad [2012.09.06 13:13:47 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2012.08.26 19:47:40 | 000,013,054 | ---- | C] () -- C:\Users\XXX\Gesa.ods [2012.08.19 20:02:25 | 000,022,221 | ---- | C] () -- C:\Users\XXX\1. Mahnung Nintendo 3DS.odt [2012.06.15 07:44:34 | 000,243,637 | ---- | C] () -- C:\Users\XXX\Bestellung bei Mac.ods [2012.06.08 15:10:20 | 000,036,175 | ---- | C] () -- C:\Users\XXX\Seraps Kredit.ods [2011.06.20 19:12:19 | 000,008,142 | ---- | C] () -- C:\Users\XXX\ESt2010_XXXXXX_XXXXX.elfo [2011.06.20 18:58:15 | 000,008,876 | ---- | C] () -- C:\Users\XXX\ESt2009_XXXXXX_XXXXX.elfo [2011.04.19 09:49:04 | 000,001,940 | ---- | C] () -- C:\Users\xXX\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2010.11.06 15:28:08 | 000,004,096 | -H-- | C] () -- C:\Users\XXX\AppData\Local\keyfile3.drm [2010.10.21 06:29:53 | 000,001,356 | ---- | C] () -- C:\Users\XXX\AppData\Local\d3d9caps.dat [2009.10.02 16:05:32 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.10.02 16:04:21 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.08.30 17:39:40 | 000,033,280 | ---- | C] () -- C:\Users\XXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.09.04 11:42:29 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Canneverbe Limited [2011.10.27 11:24:00 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\elsterformular [2012.08.28 13:49:10 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Epson [2012.06.27 18:06:11 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\ICQ [2009.08.30 18:46:27 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\McLoad [2010.05.14 07:44:00 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\OCS [2011.02.02 22:04:11 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\OpenOffice.org [2010.05.14 07:44:06 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Opera [2010.03.31 13:16:48 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Sony [2010.03.31 13:12:29 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Sony Setup [2012.10.05 16:05:06 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\YourFileDownloader ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2009.09.02 18:20:30 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Adobe [2011.11.22 23:46:31 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Apple Computer [2012.10.05 15:56:39 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\AVS4YOU [2012.09.04 11:42:29 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Canneverbe Limited [2011.10.27 11:24:00 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\elsterformular [2012.08.28 13:49:10 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Epson [2009.09.11 15:42:34 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Google [2012.06.27 18:06:11 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\ICQ [2009.08.29 16:35:27 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Identities [2010.05.30 17:35:09 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\InstallShield [2009.08.29 16:35:54 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Macromedia [2012.10.04 08:18:42 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Malwarebytes [2009.08.30 18:46:27 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\McLoad [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Media Center Programs [2010.09.16 13:59:37 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Media Player Classic [2012.10.05 09:45:57 | 000,000,000 | --SD | M] -- C:\Users\XXX\AppData\Roaming\Microsoft [2009.08.29 22:05:04 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Mozilla [2010.05.14 07:44:00 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\OCS [2011.02.02 22:04:11 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\OpenOffice.org [2010.05.14 07:44:06 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Opera [2010.03.31 13:16:48 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Sony [2010.03.31 13:12:29 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Sony Setup [2012.09.05 15:18:31 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\vlc [2009.09.29 21:52:37 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\WinRAR [2012.10.05 16:05:06 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\YourFileDownloader < %APPDATA%\*.exe /s > [2009.08.30 18:46:27 | 000,196,610 | ---- | M] (ThinkLABs-ltd.) -- C:\Users\XXX\AppData\Roaming\McLoad\Uninstall-Mcload.exe [2010.03.31 13:16:09 | 000,010,134 | R--- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe [2010.05.14 07:44:00 | 000,106,496 | ---- | M] (OCS) -- C:\Users\XXX\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [2010.05.14 07:44:00 | 000,040,960 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2010.03.31 13:13:14 | 032,494,896 | ---- | M] (Apple Inc.) -- C:\Users\XXX\AppData\Roaming\Sony Setup\9234765D-29DF-48d0-93FB-284B7B6009B9\QuickTimeInstaller.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2004.08.16 20:14:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\DRIVERS\ATAPI.SYS < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll [2004.08.16 20:21:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\NETLOGON.DLL < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: NVSTOR32.SYS > [2008.11.13 03:02:17 | 000,146,464 | ---- | M] (NVIDIA Corporation) MD5=BB4DD678706510D9249EED1DA0219900 -- C:\Windows\System32\drivers\nvstor32.sys [2008.11.13 03:02:17 | 000,146,464 | ---- | M] (NVIDIA Corporation) MD5=BB4DD678706510D9249EED1DA0219900 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_b40e17fb\nvstor32.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2004.08.16 20:24:42 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\SCECLI.DLL [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2004.08.16 20:28:49 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\USER32.DLL [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2004.08.16 20:28:50 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\USERINIT.EXE < MD5 for: WININIT.EXE > [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2004.08.16 20:30:47 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\WINLOGON.EXE [2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2004.08.16 20:31:54 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\DRIVERS\WS2IFSL.SYS [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2012.10.08 08:33:13 | 000,607,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\msfeeds.dll < End of report > |
|
09.10.2012, 19:58
| #32 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows Vista: Erst BKA und jetzt GVU Trojaner.... Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL
O4 - HKLM..\Run: [DisableS3S4] c:\DisableS3S4.cmd File not found
:Files
C:\4ed1fa912e6d986eeaf033225816dd
C:\ProgramData\*.pad
C:\ProgramData\*.dat
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ |
|
10.10.2012, 08:40
| #33 |
| | Windows Vista: Erst BKA und jetzt GVU Trojaner....Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DisableS3S4 deleted successfully.
========== FILES ==========
C:\4ed1fa912e6d986eeaf033225816dd\cc5daa74fab0e0399a550cc233\ja-jp folder moved successfully.
C:\4ed1fa912e6d986eeaf033225816dd\cc5daa74fab0e0399a550cc233\fr-fr folder moved successfully.
C:\4ed1fa912e6d986eeaf033225816dd\cc5daa74fab0e0399a550cc233\es-es folder moved successfully.
C:\4ed1fa912e6d986eeaf033225816dd\cc5daa74fab0e0399a550cc233\en-us folder moved successfully.
C:\4ed1fa912e6d986eeaf033225816dd\cc5daa74fab0e0399a550cc233\de-de folder moved successfully.
C:\4ed1fa912e6d986eeaf033225816dd\cc5daa74fab0e0399a550cc233 folder moved successfully.
C:\4ed1fa912e6d986eeaf033225816dd folder moved successfully.
C:\ProgramData\0tbpw.pad moved successfully.
C:\ProgramData\nvModes.dat moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\XXX\Desktop\cmd.bat deleted successfully.
C:\Users\XXX\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes
User: Default User
User: XXX
->Temp folder emptied: 5969642 bytes
->Temporary Internet Files folder emptied: 89466 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 22356433 bytes
->Flash cache emptied: 529 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 263706 bytes
RecycleBin emptied: 20556445 bytes
Total Files Cleaned = 47,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 10102012_093028
Files\Folders moved on Reboot...
File\Folder C:\Users\XXX\AppData\Local\Temp\~DFEA42.tmp not found!
File\Folder C:\Users\XXX\AppData\Local\Temp\~DFEBE2.tmp not found!
File\Folder C:\Users\XXX\AppData\Local\Temp\~DFF3E9.tmp not found!
File\Folder C:\Users\XXX\AppData\Local\Temp\~DFF3F5.tmp not found!
File\Folder C:\Windows\temp\JET3E28.tmp not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
10.10.2012, 12:52
| #34 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Vista: Erst BKA und jetzt GVU Trojaner.... Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
10.10.2012, 19:39
| #35 |
| | Windows Vista: Erst BKA und jetzt GVU Trojaner....Code:
ATTFilter 20:31:53.0711 0248 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
20:31:55.0736 0248 ============================================================
20:31:55.0736 0248 Current date / time: 2012/10/10 20:31:55.0736
20:31:55.0736 0248 SystemInfo:
20:31:55.0736 0248
20:31:55.0736 0248 OS Version: 6.0.6002 ServicePack: 2.0
20:31:55.0736 0248 Product type: Workstation
20:31:55.0736 0248 ComputerName: XXXX-XX
20:31:55.0737 0248 UserName: XXXX
20:31:55.0737 0248 Windows directory: C:\Windows
20:31:55.0737 0248 System windows directory: C:\Windows
20:31:55.0737 0248 Processor architecture: Intel x86
20:31:55.0737 0248 Number of processors: 2
20:31:55.0737 0248 Page size: 0x1000
20:31:55.0737 0248 Boot type: Normal boot
20:31:55.0737 0248 ============================================================
20:31:57.0319 0248 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:31:57.0322 0248 ============================================================
20:31:57.0322 0248 \Device\Harddisk0\DR0:
20:31:57.0323 0248 MBR partitions:
20:31:57.0323 0248 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1770D7A, BlocksNum 0x12A14C00
20:31:57.0340 0248 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x141859B9, BlocksNum 0x112A7D08
20:31:57.0340 0248 ============================================================
20:31:57.0383 0248 C: <-> \Device\Harddisk0\DR0\Partition1
20:31:57.0411 0248 D: <-> \Device\Harddisk0\DR0\Partition2
20:31:57.0412 0248 ============================================================
20:31:57.0412 0248 Initialize success
20:31:57.0412 0248 ============================================================
20:32:46.0437 7796 ============================================================
20:32:46.0437 7796 Scan started
20:32:46.0437 7796 Mode: Manual; SigCheck; TDLFS;
20:32:46.0437 7796 ============================================================
20:32:46.0948 7796 ================ Scan system memory ========================
20:32:46.0948 7796 System memory - ok
20:32:46.0949 7796 ================ Scan services =============================
20:32:47.0122 7796 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
20:32:47.0239 7796 ACPI - ok
20:32:47.0340 7796 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:32:47.0359 7796 AdobeFlashPlayerUpdateSvc - ok
20:32:47.0423 7796 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
20:32:47.0456 7796 adp94xx - ok
20:32:47.0556 7796 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
20:32:47.0580 7796 adpahci - ok
20:32:47.0614 7796 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
20:32:47.0633 7796 adpu160m - ok
20:32:47.0654 7796 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
20:32:47.0677 7796 adpu320 - ok
20:32:47.0808 7796 [ C0BF554D2277F7A4C735D475ADE2E3B2 ] ADSMService C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
20:32:48.0049 7796 ADSMService ( UnsignedFile.Multi.Generic ) - warning
20:32:48.0049 7796 ADSMService - detected UnsignedFile.Multi.Generic (1)
20:32:48.0084 7796 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:32:48.0200 7796 AeLookupSvc - ok
20:32:48.0268 7796 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
20:32:48.0344 7796 AFD - ok
20:32:48.0392 7796 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:32:48.0418 7796 agp440 - ok
20:32:48.0452 7796 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
20:32:48.0481 7796 aic78xx - ok
20:32:48.0530 7796 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
20:32:48.0697 7796 ALG - ok
20:32:48.0721 7796 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
20:32:48.0741 7796 aliide - ok
20:32:48.0785 7796 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
20:32:48.0806 7796 amdagp - ok
20:32:48.0845 7796 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
20:32:48.0865 7796 amdide - ok
20:32:48.0891 7796 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
20:32:48.0940 7796 AmdK7 - ok
20:32:48.0952 7796 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
20:32:49.0007 7796 AmdK8 - ok
20:32:49.0067 7796 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
20:32:49.0107 7796 Appinfo - ok
20:32:49.0277 7796 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:32:49.0360 7796 Apple Mobile Device - ok
20:32:49.0381 7796 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
20:32:49.0403 7796 arc - ok
20:32:49.0439 7796 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
20:32:49.0462 7796 arcsas - ok
20:32:49.0508 7796 [ 104DB777372411C55850C4A2AE6877EF ] AsDsm C:\Windows\system32\drivers\AsDsm.sys
20:32:49.0534 7796 AsDsm - ok
20:32:49.0638 7796 [ EB1807795CD3EEAA3288B4A30DE254E8 ] ASLDRService C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
20:32:49.0654 7796 ASLDRService - ok
20:32:49.0679 7796 [ 7B4D08D2017AC06689D422E06C43F0AA ] ASMMAP C:\Program Files\ATKGFNEX\ASMMAP.sys
20:32:49.0698 7796 ASMMAP - ok
20:32:49.0740 7796 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:32:49.0790 7796 AsyncMac - ok
20:32:49.0840 7796 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
20:32:49.0869 7796 atapi - ok
20:32:50.0028 7796 [ 11A2F8D47E6208A6F68711AACDEDBD48 ] athr C:\Windows\system32\DRIVERS\athr.sys
20:32:50.0244 7796 athr - ok
20:32:50.0275 7796 [ 7C157574A181B19B9DCF5F339E25337E ] ATKGFNEXSrv C:\Program Files\ATKGFNEX\GFNEXSrv.exe
20:32:50.0287 7796 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - warning
20:32:50.0287 7796 ATKGFNEXSrv - detected UnsignedFile.Multi.Generic (1)
20:32:50.0392 7796 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:32:50.0446 7796 AudioEndpointBuilder - ok
20:32:50.0457 7796 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
20:32:50.0503 7796 Audiosrv - ok
20:32:50.0564 7796 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
20:32:50.0619 7796 Beep - ok
20:32:50.0765 7796 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
20:32:50.0819 7796 BFE - ok
20:32:50.0957 7796 [ 76154FA6A742C613B44BB636B1A7C057 ] BHDrvx86 C:\Windows\System32\Drivers\N360\0308030.006\BHDrvx86.sys
20:32:50.0981 7796 BHDrvx86 - ok
20:32:51.0052 7796 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
20:32:51.0194 7796 BITS - ok
20:32:51.0244 7796 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
20:32:51.0296 7796 blbdrive - ok
20:32:51.0359 7796 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:32:51.0406 7796 Bonjour Service - ok
20:32:51.0458 7796 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:32:51.0516 7796 bowser - ok
20:32:51.0598 7796 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
20:32:51.0657 7796 BrFiltLo - ok
20:32:51.0694 7796 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
20:32:51.0749 7796 BrFiltUp - ok
20:32:51.0787 7796 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
20:32:51.0839 7796 Browser - ok
20:32:51.0881 7796 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
20:32:52.0052 7796 Brserid - ok
20:32:52.0120 7796 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
20:32:52.0223 7796 BrSerWdm - ok
20:32:52.0279 7796 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
20:32:52.0370 7796 BrUsbMdm - ok
20:32:52.0398 7796 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
20:32:52.0457 7796 BrUsbSer - ok
20:32:52.0501 7796 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
20:32:52.0587 7796 BTHMODEM - ok
20:32:52.0646 7796 [ 3182B846490DC4D71FABD4A8CB6B73EA ] ccHP C:\Windows\System32\Drivers\N360\0308030.006\ccHPx86.sys
20:32:52.0680 7796 ccHP - ok
20:32:52.0717 7796 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:32:52.0771 7796 cdfs - ok
20:32:52.0818 7796 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:32:52.0851 7796 cdrom - ok
20:32:52.0910 7796 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
20:32:52.0951 7796 CertPropSvc - ok
20:32:52.0993 7796 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
20:32:53.0052 7796 circlass - ok
20:32:53.0084 7796 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
20:32:53.0113 7796 CLFS - ok
20:32:53.0314 7796 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:32:53.0350 7796 clr_optimization_v2.0.50727_32 - ok
20:32:53.0409 7796 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:32:53.0498 7796 clr_optimization_v4.0.30319_32 - ok
20:32:53.0542 7796 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:32:53.0612 7796 CmBatt - ok
20:32:53.0667 7796 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:32:53.0694 7796 cmdide - ok
20:32:53.0746 7796 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:32:53.0772 7796 Compbatt - ok
20:32:53.0781 7796 COMSysApp - ok
20:32:53.0807 7796 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
20:32:53.0837 7796 crcdisk - ok
20:32:53.0869 7796 [ D18893845AE1C5833B5B2EA9B7F5C670 ] CRFILTER C:\Windows\system32\DRIVERS\CRFILTER.sys
20:32:53.0905 7796 CRFILTER - ok
20:32:53.0935 7796 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
20:32:53.0994 7796 Crusoe - ok
20:32:54.0074 7796 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:32:54.0129 7796 CryptSvc - ok
20:32:54.0187 7796 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:32:54.0295 7796 DcomLaunch - ok
20:32:54.0349 7796 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:32:54.0422 7796 DfsC - ok
20:32:54.0534 7796 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
20:32:54.0704 7796 DFSR - ok
20:32:54.0771 7796 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
20:32:54.0822 7796 Dhcp - ok
20:32:54.0879 7796 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
20:32:54.0907 7796 disk - ok
20:32:54.0986 7796 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:32:55.0026 7796 Dnscache - ok
20:32:55.0079 7796 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:32:55.0140 7796 dot3svc - ok
20:32:55.0179 7796 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
20:32:55.0299 7796 DPS - ok
20:32:55.0348 7796 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:32:55.0423 7796 drmkaud - ok
20:32:55.0469 7796 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:32:55.0521 7796 DXGKrnl - ok
20:32:55.0584 7796 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
20:32:55.0624 7796 E1G60 - ok
20:32:55.0682 7796 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
20:32:55.0734 7796 EapHost - ok
20:32:55.0785 7796 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
20:32:55.0811 7796 Ecache - ok
20:32:55.0909 7796 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
20:32:55.0945 7796 eeCtrl - ok
20:32:56.0015 7796 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:32:56.0049 7796 ehRecvr - ok
20:32:56.0072 7796 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
20:32:56.0121 7796 ehSched - ok
20:32:56.0147 7796 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
20:32:56.0188 7796 ehstart - ok
20:32:56.0259 7796 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
20:32:56.0298 7796 elxstor - ok
20:32:56.0360 7796 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
20:32:56.0484 7796 EMDMgmt - ok
20:32:56.0583 7796 [ EC6A73CD8413F68655E5E0B99C415A21 ] EPSON_EB_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
20:32:56.0611 7796 EPSON_EB_RPCV4_01 - ok
20:32:56.0646 7796 [ 8FE6AB59CAB8F2C038FEA9522A5EEBA7 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
20:32:56.0688 7796 EPSON_PM_RPCV4_01 - ok
20:32:56.0744 7796 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:32:56.0765 7796 EraserUtilRebootDrv - ok
20:32:56.0818 7796 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:32:56.0880 7796 ErrDev - ok
20:32:56.0929 7796 [ 27D322191A177793448AFB6B9B11C75A ] ETD C:\Windows\system32\DRIVERS\ETD.sys
20:32:56.0965 7796 ETD - ok
20:32:57.0011 7796 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
20:32:57.0058 7796 EventSystem - ok
20:32:57.0111 7796 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
20:32:57.0150 7796 exfat - ok
20:32:57.0196 7796 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:32:57.0248 7796 fastfat - ok
20:32:57.0300 7796 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:32:57.0345 7796 fdc - ok
20:32:57.0380 7796 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
20:32:57.0412 7796 fdPHost - ok
20:32:57.0501 7796 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
20:32:57.0578 7796 FDResPub - ok
20:32:57.0604 7796 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:32:57.0625 7796 FileInfo - ok
20:32:57.0656 7796 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:32:57.0714 7796 Filetrace - ok
20:32:57.0733 7796 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:32:57.0773 7796 flpydisk - ok
20:32:57.0825 7796 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:32:57.0852 7796 FltMgr - ok
20:32:57.0926 7796 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
20:32:57.0990 7796 FontCache - ok
20:32:58.0075 7796 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:32:58.0102 7796 FontCache3.0.0.0 - ok
20:32:58.0161 7796 [ 491E9D9A26A745F6AE7D570849F4BD87 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
20:32:58.0177 7796 fssfltr - ok
20:32:58.0258 7796 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
20:32:58.0307 7796 fsssvc - ok
20:32:58.0356 7796 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:32:58.0416 7796 Fs_Rec - ok
20:32:58.0461 7796 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
20:32:58.0480 7796 gagp30kx - ok
20:32:58.0510 7796 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:32:58.0524 7796 GEARAspiWDM - ok
20:32:58.0578 7796 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
20:32:58.0652 7796 gpsvc - ok
20:32:58.0718 7796 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:32:58.0738 7796 gusvc - ok
20:32:58.0807 7796 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:32:58.0873 7796 HdAudAddService - ok
20:32:58.0925 7796 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:32:58.0970 7796 HDAudBus - ok
20:32:58.0991 7796 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
20:32:59.0076 7796 HidBth - ok
20:32:59.0103 7796 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
20:32:59.0183 7796 HidIr - ok
20:32:59.0216 7796 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
20:32:59.0242 7796 hidserv - ok
20:32:59.0288 7796 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:32:59.0335 7796 HidUsb - ok
20:32:59.0371 7796 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:32:59.0424 7796 hkmsvc - ok
20:32:59.0459 7796 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
20:32:59.0476 7796 HpCISSs - ok
20:32:59.0530 7796 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:32:59.0576 7796 HTTP - ok
20:32:59.0598 7796 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
20:32:59.0615 7796 i2omp - ok
20:32:59.0686 7796 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:32:59.0728 7796 i8042prt - ok
20:32:59.0789 7796 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
20:32:59.0816 7796 iaStorV - ok
20:32:59.0872 7796 [ B1A28FA1AFDE10B95FF9354B15701D70 ] ICQ Service C:\Program Files\ICQ6Toolbar\ICQ Service.exe
20:32:59.0894 7796 ICQ Service - ok
20:32:59.0957 7796 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:33:00.0068 7796 idsvc - ok
20:33:00.0244 7796 [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20121009.001\IDSvix86.sys
20:33:00.0274 7796 IDSVix86 - ok
20:33:00.0308 7796 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
20:33:00.0333 7796 iirsp - ok
20:33:00.0393 7796 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
20:33:00.0457 7796 IKEEXT - ok
20:33:00.0584 7796 [ 9ED3CF7322A49DAC3ECA62BB9928CA54 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
20:33:00.0829 7796 IntcAzAudAddService - ok
20:33:00.0859 7796 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
20:33:00.0884 7796 intelide - ok
20:33:00.0936 7796 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:33:01.0009 7796 intelppm - ok
20:33:01.0047 7796 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:33:01.0101 7796 IPBusEnum - ok
20:33:01.0124 7796 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:33:01.0169 7796 IpFilterDriver - ok
20:33:01.0213 7796 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:33:01.0277 7796 iphlpsvc - ok
20:33:01.0286 7796 IpInIp - ok
20:33:01.0315 7796 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
20:33:01.0369 7796 IPMIDRV - ok
20:33:01.0406 7796 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
20:33:01.0466 7796 IPNAT - ok
20:33:01.0538 7796 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:33:01.0631 7796 iPod Service - ok
20:33:01.0660 7796 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:33:01.0727 7796 IRENUM - ok
20:33:01.0760 7796 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:33:01.0782 7796 isapnp - ok
20:33:01.0843 7796 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
20:33:01.0867 7796 iScsiPrt - ok
20:33:01.0875 7796 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
20:33:01.0896 7796 iteatapi - ok
20:33:01.0917 7796 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
20:33:01.0936 7796 iteraid - ok
20:33:01.0960 7796 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:33:01.0977 7796 kbdclass - ok
20:33:02.0019 7796 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:33:02.0061 7796 kbdhid - ok
20:33:02.0116 7796 [ 7F2B8D0B31FB4A797E5786EF124C5A80 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
20:33:02.0129 7796 kbfiltr - ok
20:33:02.0164 7796 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
20:33:02.0202 7796 KeyIso - ok
20:33:02.0243 7796 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:33:02.0273 7796 KSecDD - ok
20:33:02.0338 7796 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
20:33:02.0398 7796 KtmRm - ok
20:33:02.0464 7796 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
20:33:02.0508 7796 LanmanServer - ok
20:33:02.0611 7796 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:33:02.0659 7796 LanmanWorkstation - ok
20:33:02.0740 7796 [ ABF90FC5A127F481219B873C1B8DFC1C ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
20:33:02.0763 7796 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
20:33:02.0763 7796 LightScribeService - detected UnsignedFile.Multi.Generic (1)
20:33:02.0800 7796 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:33:02.0851 7796 lltdio - ok
20:33:02.0899 7796 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:33:02.0959 7796 lltdsvc - ok
20:33:02.0996 7796 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:33:03.0062 7796 lmhosts - ok
20:33:03.0141 7796 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
20:33:03.0167 7796 LSI_FC - ok
20:33:03.0221 7796 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
20:33:03.0250 7796 LSI_SAS - ok
20:33:03.0313 7796 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
20:33:03.0347 7796 LSI_SCSI - ok
20:33:03.0383 7796 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
20:33:03.0449 7796 luafv - ok
20:33:03.0504 7796 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:33:03.0554 7796 Mcx2Svc - ok
20:33:03.0663 7796 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
20:33:03.0696 7796 MDM - ok
20:33:03.0758 7796 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
20:33:03.0797 7796 megasas - ok
20:33:03.0832 7796 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
20:33:03.0870 7796 MegaSR - ok
20:33:03.0891 7796 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
20:33:03.0951 7796 MMCSS - ok
20:33:03.0977 7796 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
20:33:04.0015 7796 Modem - ok
20:33:04.0100 7796 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:33:04.0162 7796 monitor - ok
20:33:04.0187 7796 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:33:04.0207 7796 mouclass - ok
20:33:04.0230 7796 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:33:04.0295 7796 mouhid - ok
20:33:04.0319 7796 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
20:33:04.0348 7796 MountMgr - ok
20:33:04.0427 7796 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:33:04.0450 7796 MozillaMaintenance - ok
20:33:04.0501 7796 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
20:33:04.0528 7796 mpio - ok
20:33:04.0553 7796 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:33:04.0609 7796 mpsdrv - ok
20:33:04.0642 7796 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
20:33:04.0698 7796 MpsSvc - ok
20:33:04.0767 7796 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
20:33:04.0795 7796 Mraid35x - ok
20:33:04.0839 7796 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:33:04.0888 7796 MRxDAV - ok
20:33:04.0918 7796 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:33:04.0985 7796 mrxsmb - ok
20:33:05.0019 7796 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:33:05.0065 7796 mrxsmb10 - ok
20:33:05.0086 7796 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:33:05.0116 7796 mrxsmb20 - ok
20:33:05.0156 7796 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
20:33:05.0176 7796 msahci - ok
20:33:05.0199 7796 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:33:05.0222 7796 msdsm - ok
20:33:05.0248 7796 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
20:33:05.0311 7796 MSDTC - ok
20:33:05.0339 7796 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:33:05.0379 7796 Msfs - ok
20:33:05.0430 7796 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:33:05.0450 7796 msisadrv - ok
20:33:05.0476 7796 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:33:05.0536 7796 MSiSCSI - ok
20:33:05.0545 7796 msiserver - ok
20:33:05.0589 7796 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:33:05.0618 7796 MSKSSRV - ok
20:33:05.0634 7796 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:33:05.0687 7796 MSPCLOCK - ok
20:33:05.0718 7796 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:33:05.0765 7796 MSPQM - ok
20:33:05.0901 7796 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:33:05.0927 7796 MsRPC - ok
20:33:05.0973 7796 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:33:05.0995 7796 mssmbios - ok
20:33:06.0035 7796 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:33:06.0095 7796 MSTEE - ok
20:33:06.0146 7796 [ BB16693616427EAC1A436E106EA8D318 ] MTsensor C:\Windows\system32\DRIVERS\ATKACPI.sys
20:33:06.0161 7796 MTsensor - ok
20:33:06.0206 7796 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
20:33:06.0225 7796 Mup - ok
20:33:06.0295 7796 [ 64C89DB40949FD0E7C8FF303676A91F1 ] N360 C:\Program Files\Norton 360\Engine\3.8.3.6\ccSvcHst.exe
20:33:06.0310 7796 N360 - ok
20:33:06.0331 7796 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
20:33:06.0385 7796 napagent - ok
20:33:06.0451 7796 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:33:06.0480 7796 NativeWifiP - ok
20:33:06.0608 7796 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20121009.025\NAVENG.SYS
20:33:06.0625 7796 NAVENG - ok
20:33:06.0832 7796 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20121009.025\NAVEX15.SYS
20:33:06.0896 7796 NAVEX15 - ok
20:33:06.0986 7796 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:33:07.0028 7796 NDIS - ok
20:33:07.0074 7796 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:33:07.0117 7796 NdisTapi - ok
20:33:07.0145 7796 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:33:07.0199 7796 Ndisuio - ok
20:33:07.0267 7796 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:33:07.0321 7796 NdisWan - ok
20:33:07.0349 7796 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:33:07.0382 7796 NDProxy - ok
20:33:07.0399 7796 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:33:07.0457 7796 NetBIOS - ok
20:33:07.0561 7796 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
20:33:07.0623 7796 netbt - ok
20:33:07.0766 7796 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
20:33:07.0803 7796 Netlogon - ok
20:33:07.0849 7796 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
20:33:07.0901 7796 Netman - ok
20:33:07.0928 7796 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
20:33:07.0996 7796 netprofm - ok
20:33:08.0035 7796 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:33:08.0060 7796 NetTcpPortSharing - ok
20:33:08.0102 7796 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
20:33:08.0118 7796 nfrd960 - ok
20:33:08.0135 7796 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:33:08.0193 7796 NlaSvc - ok
20:33:08.0241 7796 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:33:08.0267 7796 Npfs - ok
20:33:08.0312 7796 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
20:33:08.0368 7796 nsi - ok
20:33:08.0396 7796 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:33:08.0427 7796 nsiproxy - ok
20:33:08.0494 7796 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:33:08.0560 7796 Ntfs - ok
20:33:08.0575 7796 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
20:33:08.0643 7796 ntrigdigi - ok
20:33:08.0673 7796 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
20:33:08.0704 7796 Null - ok
20:33:08.0752 7796 [ 5942C96A3AC3029490961949F9009344 ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
20:33:08.0766 7796 NVHDA - ok
20:33:09.0025 7796 [ 5CE5B23855262ACABAECCE156F48DD88 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:33:09.0487 7796 nvlddmkm - ok
20:33:09.0518 7796 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:33:09.0538 7796 nvraid - ok
20:33:09.0587 7796 [ AF1BD777AF00E96C45C77192D7453369 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
20:33:09.0615 7796 nvsmu - ok
20:33:09.0626 7796 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:33:09.0647 7796 nvstor - ok
20:33:09.0667 7796 [ BB4DD678706510D9249EED1DA0219900 ] nvstor32 C:\Windows\system32\DRIVERS\nvstor32.sys
20:33:09.0685 7796 nvstor32 - ok
20:33:09.0744 7796 [ 6DF4CC671CD9704840C5522627F3ED43 ] nvsvc C:\Windows\system32\nvvsvc.exe
20:33:09.0773 7796 nvsvc - ok
20:33:09.0800 7796 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:33:09.0832 7796 nv_agp - ok
20:33:09.0841 7796 NwlnkFlt - ok
20:33:09.0853 7796 NwlnkFwd - ok
20:33:09.0945 7796 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:33:10.0062 7796 odserv - ok
20:33:10.0085 7796 [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
20:33:10.0147 7796 ohci1394 - ok
20:33:10.0197 7796 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:33:10.0217 7796 ose - ok
20:33:10.0278 7796 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
20:33:10.0424 7796 p2pimsvc - ok
20:33:10.0467 7796 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
20:33:10.0537 7796 p2psvc - ok
20:33:10.0595 7796 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
20:33:10.0660 7796 Parport - ok
20:33:10.0769 7796 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:33:10.0789 7796 partmgr - ok
20:33:10.0812 7796 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
20:33:10.0894 7796 Parvdm - ok
20:33:10.0929 7796 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
20:33:10.0955 7796 PcaSvc - ok
20:33:11.0002 7796 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
20:33:11.0027 7796 pci - ok
20:33:11.0055 7796 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
20:33:11.0078 7796 pciide - ok
20:33:11.0106 7796 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
20:33:11.0130 7796 pcmcia - ok
20:33:11.0179 7796 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:33:11.0316 7796 PEAUTH - ok
20:33:11.0404 7796 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
20:33:11.0499 7796 pla - ok
20:33:11.0553 7796 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:33:11.0611 7796 PlugPlay - ok
20:33:11.0654 7796 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
20:33:11.0710 7796 PNRPAutoReg - ok
20:33:11.0742 7796 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
20:33:11.0806 7796 PNRPsvc - ok
20:33:11.0842 7796 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:33:11.0925 7796 PolicyAgent - ok
20:33:11.0983 7796 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:33:12.0043 7796 PptpMiniport - ok
20:33:12.0073 7796 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
20:33:12.0114 7796 Processor - ok
20:33:12.0159 7796 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
20:33:12.0216 7796 ProfSvc - ok
20:33:12.0259 7796 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
20:33:12.0283 7796 ProtectedStorage - ok
20:33:12.0312 7796 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
20:33:12.0355 7796 PSched - ok
20:33:12.0428 7796 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
20:33:12.0528 7796 ql2300 - ok
20:33:12.0538 7796 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
20:33:12.0560 7796 ql40xx - ok
20:33:12.0601 7796 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
20:33:12.0646 7796 QWAVE - ok
20:33:12.0671 7796 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:33:12.0693 7796 QWAVEdrv - ok
20:33:12.0730 7796 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:33:12.0786 7796 RasAcd - ok
20:33:12.0823 7796 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
20:33:12.0879 7796 RasAuto - ok
20:33:12.0998 7796 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:33:13.0058 7796 Rasl2tp - ok
20:33:13.0100 7796 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
20:33:13.0158 7796 RasMan - ok
20:33:13.0202 7796 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:33:13.0244 7796 RasPppoe - ok
20:33:13.0308 7796 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:33:13.0346 7796 RasSstp - ok
20:33:13.0382 7796 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:33:13.0419 7796 rdbss - ok
20:33:13.0454 7796 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:33:13.0500 7796 RDPCDD - ok
20:33:13.0540 7796 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
20:33:13.0572 7796 rdpdr - ok
20:33:13.0580 7796 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:33:13.0630 7796 RDPENCDD - ok
20:33:13.0698 7796 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:33:13.0751 7796 RDPWD - ok
20:33:13.0790 7796 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:33:13.0832 7796 RemoteAccess - ok
20:33:13.0885 7796 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:33:13.0944 7796 RemoteRegistry - ok
20:33:13.0974 7796 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
20:33:14.0000 7796 RpcLocator - ok
20:33:14.0038 7796 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
20:33:14.0083 7796 RpcSs - ok
20:33:14.0118 7796 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:33:14.0172 7796 rspndr - ok
20:33:14.0227 7796 [ BEB0AACE3330D858BBB40FFB7AAC3627 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
20:33:14.0277 7796 RTL8169 - ok
20:33:14.0302 7796 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
20:33:14.0326 7796 SamSs - ok
20:33:14.0359 7796 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:33:14.0380 7796 sbp2port - ok
20:33:14.0415 7796 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:33:14.0463 7796 SCardSvr - ok
20:33:14.0513 7796 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
20:33:14.0594 7796 Schedule - ok
20:33:14.0644 7796 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
20:33:14.0680 7796 SCPolicySvc - ok
20:33:14.0720 7796 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
20:33:14.0783 7796 sdbus - ok
20:33:14.0821 7796 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:33:14.0876 7796 SDRSVC - ok
20:33:14.0899 7796 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:33:14.0979 7796 secdrv - ok
20:33:15.0005 7796 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
20:33:15.0039 7796 seclogon - ok
20:33:15.0052 7796 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
20:33:15.0099 7796 SENS - ok
20:33:15.0130 7796 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
20:33:15.0200 7796 Serenum - ok
20:33:15.0229 7796 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
20:33:15.0287 7796 Serial - ok
20:33:15.0313 7796 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
20:33:15.0350 7796 sermouse - ok
20:33:15.0407 7796 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
20:33:15.0467 7796 SessionEnv - ok
20:33:15.0477 7796 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:33:15.0509 7796 sffdisk - ok
20:33:15.0537 7796 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:33:15.0571 7796 sffp_mmc - ok
20:33:15.0588 7796 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:33:15.0635 7796 sffp_sd - ok
20:33:15.0663 7796 [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:33:15.0712 7796 sfloppy - ok
20:33:15.0748 7796 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:33:15.0807 7796 SharedAccess - ok
20:33:15.0930 7796 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:33:15.0973 7796 ShellHWDetection - ok
20:33:16.0016 7796 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
20:33:16.0035 7796 sisagp - ok
20:33:16.0052 7796 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
20:33:16.0075 7796 SiSRaid2 - ok
20:33:16.0088 7796 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
20:33:16.0112 7796 SiSRaid4 - ok
20:33:16.0234 7796 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
20:33:16.0485 7796 slsvc - ok
20:33:16.0531 7796 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
20:33:16.0579 7796 SLUINotify - ok
20:33:16.0621 7796 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:33:16.0670 7796 Smb - ok
20:33:16.0744 7796 [ C8A58FC905C9184FA70E37F71060C64D ] smserial C:\Windows\system32\DRIVERS\smserial.sys
20:33:16.0886 7796 smserial - ok
20:33:16.0945 7796 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:33:16.0977 7796 SNMPTRAP - ok
20:33:17.0059 7796 [ 060F51141B20B8156804446A04AB8B2A ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
20:33:17.0184 7796 SNP2UVC - ok
20:33:17.0206 7796 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
20:33:17.0226 7796 spldr - ok
20:33:17.0267 7796 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
20:33:17.0297 7796 Spooler - ok
20:33:17.0340 7796 [ B747EA555A72070F258B3E31E1392D62 ] SRS_PremiumSound_Service C:\Windows\system32\drivers\srs_PremiumSound_i386.sys
20:33:17.0361 7796 SRS_PremiumSound_Service - ok
20:33:17.0423 7796 [ 543B82F5846CEF761EE98D727C15D539 ] SRS_VolSync_Service C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe
20:33:17.0449 7796 SRS_VolSync_Service - ok
20:33:17.0543 7796 [ E81F6CAEAB9AD5732E94C07C97866AA2 ] SRTSP C:\Windows\System32\Drivers\N360\0308030.006\SRTSP.SYS
20:33:17.0574 7796 SRTSP - ok
20:33:17.0612 7796 [ E28DE499D942B08058BFFAC69D4122B6 ] SRTSPX C:\Windows\system32\drivers\N360\0308030.006\SRTSPX.SYS
20:33:17.0635 7796 SRTSPX - ok
20:33:17.0748 7796 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:33:17.0824 7796 srv - ok
20:33:17.0849 7796 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:33:17.0920 7796 srv2 - ok
20:33:17.0959 7796 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:33:18.0015 7796 srvnet - ok
20:33:18.0169 7796 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:33:18.0230 7796 SSDPSRV - ok
20:33:18.0250 7796 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:33:18.0301 7796 SstpSvc - ok
20:33:18.0366 7796 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
20:33:18.0432 7796 stisvc - ok
20:33:18.0470 7796 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:33:18.0496 7796 swenum - ok
20:33:18.0541 7796 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
20:33:18.0605 7796 swprv - ok
20:33:18.0643 7796 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
20:33:18.0663 7796 Symc8xx - ok
20:33:18.0692 7796 [ D0885F6E24259A6C65E68D6AD749910A ] SymEFA C:\Windows\system32\drivers\N360\0308030.006\SYMEFA.SYS
20:33:18.0718 7796 SymEFA - ok
20:33:18.0751 7796 [ A54FF04BD6E75DC4D8CB6F3E352635E0 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
20:33:18.0769 7796 SymEvent - ok
20:33:18.0817 7796 [ A8C45C36309EE066F9191E511F88ED76 ] SYMFW C:\Windows\System32\Drivers\N360\0308030.006\SYMFW.SYS
20:33:18.0836 7796 SYMFW - ok
20:33:18.0870 7796 [ 34F1C9D5DCC19DF1E824D6B73767B8AF ] SymIM C:\Windows\system32\DRIVERS\SymIMv.sys
20:33:18.0886 7796 SymIM - ok
20:33:18.0935 7796 [ D8B16289F39B63456F48EA95243A788A ] SYMNDISV C:\Windows\System32\Drivers\N360\0308030.006\SYMNDISV.SYS
20:33:18.0953 7796 SYMNDISV - ok
20:33:18.0992 7796 [ 26BC80EC79D7BA478249C266CBDF17B4 ] SYMTDI C:\Windows\System32\Drivers\N360\0308030.006\SYMTDI.SYS
20:33:19.0015 7796 SYMTDI - ok
20:33:19.0051 7796 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
20:33:19.0070 7796 Sym_hi - ok
20:33:19.0077 7796 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
20:33:19.0097 7796 Sym_u3 - ok
20:33:19.0151 7796 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
20:33:19.0221 7796 SysMain - ok
20:33:19.0250 7796 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:33:19.0299 7796 TabletInputService - ok
20:33:19.0340 7796 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:33:19.0401 7796 TapiSrv - ok
20:33:19.0425 7796 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
20:33:19.0469 7796 TBS - ok
20:33:19.0530 7796 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:33:19.0618 7796 Tcpip - ok
20:33:19.0661 7796 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
20:33:19.0706 7796 Tcpip6 - ok
20:33:19.0760 7796 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:33:19.0809 7796 tcpipreg - ok
20:33:19.0842 7796 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:33:19.0900 7796 TDPIPE - ok
20:33:19.0927 7796 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:33:19.0985 7796 TDTCP - ok
20:33:20.0022 7796 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:33:20.0055 7796 tdx - ok
20:33:20.0090 7796 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:33:20.0113 7796 TermDD - ok
20:33:20.0159 7796 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
20:33:20.0223 7796 TermService - ok
20:33:20.0277 7796 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
20:33:20.0307 7796 Themes - ok
20:33:20.0332 7796 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
20:33:20.0369 7796 THREADORDER - ok
20:33:20.0398 7796 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
20:33:20.0456 7796 TrkWks - ok
20:33:20.0521 7796 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:33:20.0547 7796 TrustedInstaller - ok
20:33:20.0590 7796 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:33:20.0652 7796 tssecsrv - ok
20:33:20.0701 7796 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
20:33:20.0741 7796 tunmp - ok
20:33:20.0845 7796 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:33:20.0879 7796 tunnel - ok
20:33:20.0907 7796 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
20:33:20.0924 7796 uagp35 - ok
20:33:20.0968 7796 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:33:21.0011 7796 udfs - ok
20:33:21.0052 7796 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:33:21.0107 7796 UI0Detect - ok
20:33:21.0128 7796 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:33:21.0147 7796 uliagpkx - ok
20:33:21.0170 7796 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
20:33:21.0193 7796 uliahci - ok
20:33:21.0203 7796 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
20:33:21.0221 7796 UlSata - ok
20:33:21.0245 7796 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
20:33:21.0264 7796 ulsata2 - ok
20:33:21.0284 7796 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:33:21.0338 7796 umbus - ok
20:33:21.0357 7796 [ 88BD96A1BAEED33EE8BDF9499C07A841 ] UMPass C:\Windows\system32\DRIVERS\umpass.sys
20:33:21.0409 7796 UMPass - ok
20:33:21.0451 7796 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
20:33:21.0514 7796 upnphost - ok
20:33:21.0559 7796 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
20:33:21.0596 7796 USBAAPL - ok
20:33:21.0632 7796 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:33:21.0666 7796 usbccgp - ok
20:33:21.0703 7796 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:33:21.0765 7796 usbcir - ok
20:33:21.0834 7796 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:33:21.0865 7796 usbehci - ok
20:33:21.0880 7796 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:33:21.0918 7796 usbhub - ok
20:33:21.0942 7796 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
20:33:21.0996 7796 usbohci - ok
20:33:22.0042 7796 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:33:22.0096 7796 usbprint - ok
20:33:22.0146 7796 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:33:22.0183 7796 usbscan - ok
20:33:22.0220 7796 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:33:22.0281 7796 USBSTOR - ok
20:33:22.0317 7796 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:33:22.0376 7796 usbuhci - ok
20:33:22.0416 7796 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
20:33:22.0468 7796 usbvideo - ok
20:33:22.0578 7796 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
20:33:22.0637 7796 UxSms - ok
20:33:22.0709 7796 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
20:33:22.0796 7796 vds - ok
20:33:22.0838 7796 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:33:22.0879 7796 vga - ok
20:33:22.0893 7796 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
20:33:22.0950 7796 VgaSave - ok
20:33:22.0982 7796 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
20:33:23.0006 7796 viaagp - ok
20:33:23.0033 7796 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
20:33:23.0072 7796 ViaC7 - ok
20:33:23.0082 7796 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
20:33:23.0102 7796 viaide - ok
20:33:23.0232 7796 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:33:23.0254 7796 volmgr - ok
20:33:23.0302 7796 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:33:23.0335 7796 volmgrx - ok
20:33:23.0396 7796 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:33:23.0433 7796 volsnap - ok
20:33:23.0493 7796 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
20:33:23.0523 7796 vsmraid - ok
20:33:23.0584 7796 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
20:33:23.0744 7796 VSS - ok
20:33:23.0774 7796 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
20:33:23.0831 7796 W32Time - ok
20:33:23.0855 7796 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
20:33:23.0949 7796 WacomPen - ok
20:33:23.0979 7796 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
20:33:24.0020 7796 Wanarp - ok
20:33:24.0034 7796 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:33:24.0081 7796 Wanarpv6 - ok
20:33:24.0129 7796 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:33:24.0209 7796 wcncsvc - ok
20:33:24.0274 7796 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:33:24.0338 7796 WcsPlugInService - ok
20:33:24.0371 7796 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
20:33:24.0392 7796 Wd - ok
20:33:24.0425 7796 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:33:24.0463 7796 Wdf01000 - ok
20:33:24.0484 7796 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:33:24.0549 7796 WdiServiceHost - ok
20:33:24.0555 7796 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:33:24.0602 7796 WdiSystemHost - ok
20:33:24.0646 7796 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
20:33:24.0697 7796 WebClient - ok
20:33:24.0739 7796 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:33:24.0772 7796 Wecsvc - ok
20:33:24.0801 7796 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:33:24.0853 7796 wercplsupport - ok
20:33:24.0887 7796 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
20:33:24.0933 7796 WerSvc - ok
20:33:24.0986 7796 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
20:33:25.0011 7796 WinDefend - ok
20:33:25.0020 7796 WinHttpAutoProxySvc - ok
20:33:25.0093 7796 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:33:25.0132 7796 Winmgmt - ok
20:33:25.0192 7796 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
20:33:25.0319 7796 WinRM - ok
20:33:25.0382 7796 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:33:25.0500 7796 Wlansvc - ok
20:33:25.0533 7796 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
20:33:25.0584 7796 WmiAcpi - ok
20:33:25.0633 7796 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:33:25.0688 7796 wmiApSrv - ok
20:33:25.0868 7796 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
20:33:25.0972 7796 WMPNetworkSvc - ok
20:33:26.0012 7796 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:33:26.0052 7796 WPCSvc - ok
20:33:26.0111 7796 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:33:26.0139 7796 WPDBusEnum - ok
20:33:26.0212 7796 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
20:33:26.0233 7796 WpdUsb - ok
20:33:26.0499 7796 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:33:26.0750 7796 WPFFontCache_v0400 - ok
20:33:26.0806 7796 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:33:26.0857 7796 ws2ifsl - ok
20:33:26.0905 7796 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
20:33:26.0964 7796 wscsvc - ok
20:33:26.0972 7796 WSearch - ok
20:33:27.0175 7796 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
20:33:27.0896 7796 wuauserv - ok
20:33:27.0926 7796 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:33:27.0975 7796 WUDFRd - ok
20:33:28.0007 7796 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:33:28.0081 7796 wudfsvc - ok
20:33:28.0131 7796 [ 7D1F3B131D503EF43EE594B5A2B9B427 ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
20:33:28.0220 7796 yukonwlh - ok
20:33:28.0241 7796 ================ Scan global ===============================
20:33:28.0276 7796 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
20:33:28.0313 7796 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
20:33:28.0368 7796 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
20:33:28.0418 7796 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
20:33:28.0441 7796 [Global] - ok
20:33:28.0442 7796 ================ Scan MBR ==================================
20:33:28.0460 7796 [ 64B1E91C5C6C2157642651010728F90F ] \Device\Harddisk0\DR0
20:33:28.0817 7796 \Device\Harddisk0\DR0 - ok
20:33:28.0818 7796 ================ Scan VBR ==================================
20:33:28.0827 7796 [ 5B127AFA6FE23E0AA9C720D68D59EF5E ] \Device\Harddisk0\DR0\Partition1
20:33:28.0831 7796 \Device\Harddisk0\DR0\Partition1 - ok
20:33:28.0837 7796 [ C9FCB18462E718206001105EA9CF8FAD ] \Device\Harddisk0\DR0\Partition2
20:33:28.0843 7796 \Device\Harddisk0\DR0\Partition2 - ok
20:33:28.0844 7796 ============================================================
20:33:28.0844 7796 Scan finished
20:33:28.0844 7796 ============================================================
20:33:28.0884 5356 Detected object count: 3
20:33:28.0884 5356 Actual detected object count: 3
20:33:56.0370 5356 ADSMService ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:56.0370 5356 ADSMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:33:56.0371 5356 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:56.0371 5356 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:33:56.0375 5356 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
20:33:56.0375 5356 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
| Themen zu Windows Vista: Erst BKA und jetzt GVU Trojaner.... |
| bho, bonjour, continue, error, excel, firefox, flash player, frage, gfnexsrv.exe, home, infizierte dateien, install.exe, internet, kaspersky, logfile, mozilla, object, office 2007, plug-in, realtek, registry, scan, security, software, svchost.exe, sweetim, symantec, tower, trojaner, usb, usb 2.0, vista, windows, zahlung |
Linear-Darstellung
