| |
| |||||||
Log-Analyse und Auswertung: GVU auf winVistaWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
05.12.2012, 02:26
| #1 |
| |  GVU auf winVista Hallo Trojaner-Board, meine Schwester hat es nun auch mit dem GVU Trojaner erwischt. Sie benutzt windows vista als 32bit system und seit kurzem kommt nun immer der Bildschirm der GVU der sie auffordert 100€ in Vouchern zu zahlen. Ich habe nach einem Neustart F8 und dann dden abgesicherten Modus gestartet. In diesem habe ich mich dann erkundigt und die Scans mit OTL und GMER gemacht. Vielen Dank schon einmal im Vorraus Gruß tinusch OTL: OTL logfile created on: 05.12.2012 01:09:28 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\emi\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 2,46 Gb Available Physical Memory | 82,02% Memory free 6,19 Gb Paging File | 5,86 Gb Available in Paging File | 94,78% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 142,16 Gb Total Space | 93,36 Gb Free Space | 65,67% Space Free | Partition Type: NTFS Drive D: | 142,18 Gb Total Space | 126,31 Gb Free Space | 88,84% Space Free | Partition Type: NTFS Drive F: | 488,01 Mb Total Space | 146,88 Mb Free Space | 30,10% Space Free | Partition Type: FAT32 Computer Name: EMI-PC | User Name: emi | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.05 01:04:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\emi\Desktop\OTL.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.01.21 03:23:32 | 000,319,544 | ---- | M] (Microsoft Corporation) -- c:\Programme\Windows Defender\MpCmdRun.exe ========== Modules (No Company Name) ========== MOD - [2009.12.12 15:12:03 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll ========== Services (SafeList) ========== SRV - [2012.05.08 22:24:08 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 22:24:07 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Stopped] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service) SRV - [2008.11.28 10:56:06 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2008.10.04 03:09:02 | 000,069,632 | ---- | M] () [Auto | Stopped] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService) SRV - [2008.07.29 16:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Stopped] -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () [Auto | Stopped] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) SRV - [2007.02.20 15:11:28 | 000,815,104 | ---- | M] (Hauppauge Computer Works) [On_Demand | Stopped] -- C:\Programme\WinTV\HCWTVServer.exe -- (HauppaugeTVServer) SRV - [2006.10.26 23:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2006.10.26 18:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.05.08 22:24:08 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 22:24:08 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.12.15 15:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.12.11 03:30:58 | 004,172,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008.10.17 13:49:50 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/08/16 06:44:19] [Kernel | Auto | Stopped] -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) DRV - [2008.10.08 09:43:08 | 000,005,632 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidshim.sys -- (hidshim) DRV - [2008.10.08 09:43:06 | 000,022,528 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nuvotonhidgeneric.sys -- (nuvotonhidgeneric) DRV - [2008.10.01 10:04:16 | 000,012,832 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2008.08.26 20:25:28 | 000,150,560 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2008.05.21 13:36:12 | 003,663,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2008.01.09 11:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri) DRV - [2007.11.02 14:22:38 | 000,103,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217mgmt.sys -- (s217mgmt) DRV - [2007.11.02 13:22:38 | 000,105,896 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217unic.sys -- (s217unic) DRV - [2007.11.02 13:22:38 | 000,100,008 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217obex.sys -- (s217obex) DRV - [2007.11.02 13:22:38 | 000,024,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217nd5.sys -- (s217nd5) DRV - [2007.11.02 13:22:36 | 000,109,992 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217mdm.sys -- (s217mdm) DRV - [2007.11.02 13:22:36 | 000,083,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217bus.sys -- (s217bus) DRV - [2007.11.02 13:22:36 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217mdfl.sys -- (s217mdfl) DRV - [2007.06.04 18:02:34 | 000,015,488 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw95rc.sys -- (hcw95rc) DRV - [2007.06.04 18:00:06 | 000,467,456 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw95bda.sys -- (hcw95bda) DRV - [2006.11.29 01:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0809&m=aspire_8730 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0809&m=aspire_8730 IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0809&m=aspire_8730 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0809&m=aspire_8730 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE352DE352 IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=9Oh725mCXT6xII8jORLUzMFCNzU?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "igoogle.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: toolbar@gmx.net:1.7.5 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.21 00:33:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.21 00:33:41 | 000,000,000 | ---D | M] [2010.02.11 22:54:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\emi\AppData\Roaming\mozilla\Extensions [2012.12.05 00:56:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\emi\AppData\Roaming\mozilla\Firefox\Profiles\0xz71nle.default\extensions [2010.02.11 22:55:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\emi\AppData\Roaming\mozilla\Firefox\Profiles\0xz71nle.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.02.11 23:10:21 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\emi\AppData\Roaming\mozilla\Firefox\Profiles\0xz71nle.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2012.05.05 15:08:04 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Users\emi\AppData\Roaming\mozilla\Firefox\Profiles\0xz71nle.default\extensions\toolbar@gmx.net [2012.12.05 00:56:02 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.12.18 21:04:16 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.12.18 21:04:16 | 000,000,000 | ---D | M] (Skype extension) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1} [2011.03.05 15:00:16 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.03.05 15:00:16 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.03.05 15:00:16 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.03.05 15:00:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.03.05 15:00:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [EPGServiceTool] C:\Programme\WinTV\EPG Services\System\EPGClient.exe (Hauppauge Inc.) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [{F9B99432-4FE6-7F65-022E-13C1B823E209}] C:\Users\emi\AppData\Roaming\Haodeq\hagoar.exe File not found O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_TATIHTU.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10l_Plugin.exe (Adobe Systems, Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3944893E-B4CC-4E20-878D-D8ED8E789562}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7D678203-2C02-414F-96DB-C6EFF72E0132}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\emi\Desktop\fotos\Portugal Feb 12\Foto0198.jpg O24 - Desktop BackupWallPaper: C:\Users\emi\Desktop\fotos\Portugal Feb 12\Foto0198.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{c0137485-3c26-11df-ad03-001f16be9af3}\Shell\AutoRun\command - "" = F:\installer.exe O33 - MountPoints2\{dd3bdede-b045-11df-b767-001f16be9af3}\Shell\Auto\command - "" = F:\AdobeR.exe e O33 - MountPoints2\{dd3bdede-b045-11df-b767-001f16be9af3}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\AdobeR.exe e O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.12.05 01:05:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\emi\Desktop\OTL.exe [2012.11.30 23:28:34 | 000,000,000 | -HSD | C] -- C:\found.000 [2010.07.04 21:31:30 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeD1FD.dll ========== Files - Modified Within 30 Days ========== [2012.12.05 01:06:06 | 000,302,592 | ---- | M] () -- C:\Users\emi\Desktop\3ivibyd1.exe [2012.12.05 01:04:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\emi\Desktop\OTL.exe [2012.12.05 01:04:21 | 000,000,020 | ---- | M] () -- C:\Users\emi\defogger_reenable [2012.12.05 01:00:30 | 000,001,356 | ---- | M] () -- C:\Users\emi\AppData\Local\d3d9caps.dat [2012.12.05 00:57:50 | 000,627,900 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.12.05 00:57:50 | 000,595,530 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.12.05 00:57:50 | 000,126,014 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.12.05 00:57:50 | 000,103,604 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.12.05 00:44:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.05 00:43:09 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.05 00:43:09 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.05 00:23:09 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2012.12.05 00:22:54 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.04 23:30:24 | 095,023,320 | ---- | M] () -- C:\ProgramData\0tbpw.pad [2012.12.04 23:21:06 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.28 22:02:51 | 000,000,906 | ---- | M] () -- C:\Users\emi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk [2012.11.28 11:47:24 | 000,019,968 | ---- | M] () -- C:\Users\emi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.26 09:17:15 | 280,858,728 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.11.21 22:30:31 | 000,002,631 | ---- | M] () -- C:\Users\emi\Desktop\Microsoft Office Word 2007.lnk [2012.11.17 11:45:07 | 000,399,960 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.12 08:00:40 | 000,007,842 | ---- | M] () -- C:\Users\emi\Desktop\halloballobrumm_2012_11_12_N5LgxMHgYvtKAL98ddToBw.zip ========== Files Created - No Company Name ========== [2012.12.05 01:06:45 | 000,302,592 | ---- | C] () -- C:\Users\emi\Desktop\3ivibyd1.exe [2012.12.05 01:04:06 | 000,000,020 | ---- | C] () -- C:\Users\emi\defogger_reenable [2012.11.30 23:22:32 | 000,333,257 | RHS- | C] () -- C:\bootmgr [2012.11.28 22:02:51 | 000,000,906 | ---- | C] () -- C:\Users\emi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk [2012.11.28 22:02:49 | 095,023,320 | ---- | C] () -- C:\ProgramData\0tbpw.pad [2012.11.12 08:00:40 | 000,007,842 | ---- | C] () -- C:\Users\emi\Desktop\halloballobrumm_2012_11_12_N5LgxMHgYvtKAL98ddToBw.zip [2012.10.25 17:01:19 | 000,000,552 | ---- | C] () -- C:\Users\emi\AppData\Local\d3d8caps.dat [2011.08.08 19:46:34 | 000,001,356 | ---- | C] () -- C:\Users\emi\AppData\Local\d3d9caps.dat [2010.02.11 23:57:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.11.17 23:46:13 | 000,019,968 | ---- | C] () -- C:\Users\emi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2009.01.22 18:59:31 | 000,000,000 | ---D | M] -- C:\Users\emi\AppData\Roaming\Acer GameZone Console [2012.03.17 00:37:57 | 000,000,000 | ---D | M] -- C:\Users\emi\AppData\Roaming\Acnienl [2010.07.05 00:29:11 | 000,000,000 | ---D | M] -- C:\Users\emi\AppData\Roaming\DAEMON Tools Lite [2009.11.08 11:24:07 | 000,000,000 | ---D | M] -- C:\Users\emi\AppData\Roaming\eSobi [2012.03.17 09:25:46 | 000,000,000 | ---D | M] -- C:\Users\emi\AppData\Roaming\Haodeq [2012.02.01 23:41:30 | 000,000,000 | ---D | M] -- C:\Users\emi\AppData\Roaming\Ikyw [2009.11.10 22:01:46 | 000,000,000 | ---D | M] -- C:\Users\emi\AppData\Roaming\OpenOffice.org [2009.12.01 09:57:33 | 000,000,000 | ---D | M] -- C:\Users\emi\AppData\Roaming\PowerCinema [2009.11.30 11:08:00 | 000,000,000 | ---D | M] -- C:\Users\emi\AppData\Roaming\SoftDMA [2012.02.01 23:28:49 | 000,000,000 | ---D | M] -- C:\Users\emi\AppData\Roaming\Udemnei ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:F3176E45 < End of report > Extras: OTL Extras logfile created on: 05.12.2012 01:09:28 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\emi\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 2,46 Gb Available Physical Memory | 82,02% Memory free 6,19 Gb Paging File | 5,86 Gb Available in Paging File | 94,78% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 142,16 Gb Total Space | 93,36 Gb Free Space | 65,67% Space Free | Partition Type: NTFS Drive D: | 142,18 Gb Total Space | 126,31 Gb Free Space | 88,84% Space Free | Partition Type: NTFS Drive F: | 488,01 Mb Total Space | 146,88 Mb Free Space | 30,10% Space Free | Partition Type: FAT32 Computer Name: EMI-PC | User Name: emi | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02310D32-CDD0-42EC-BF6C-3277FB4394E5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{30C85D19-42F1-4678-B6C9-0C64AAD6D47E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{3FEB35C9-39B2-4DF5-A4DE-6A24F56B715E}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00007600-C351-4D0D-887F-438367E21DD4}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{0A6D7344-CBC6-475A-B122-34BD90B19049}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{191874F7-7B02-40C8-B114-0E75255B4C7E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{1A2792E7-BF7C-477B-AD5F-60F9CC7AE695}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{42FC34A1-5051-465F-A937-7359311584DE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{5DB012BB-DF24-4364-8955-39DC01884B89}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{6272C2FD-8887-4476-BE24-2DD4062582E7}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{64755B72-E7A8-45C8-B80F-8F8D431A8AE7}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | "{721D69FD-8D47-4E02-9795-358159BD8C7C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{727DC909-3A31-4704-9E16-A4466D594F7A}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{7494DCAD-E537-42D3-B0DE-E94820A1E397}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{7EDA4E37-47CE-474A-AABE-70E15EF081D3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{872D9259-BBF9-4197-AE85-4F78236D0E82}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | "{AE63E44C-E0D7-489E-96C7-5E8A294D6731}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{BC329D73-E8D3-4B0B-81C5-C8CB438B22B7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{E9131088-D67C-4FD0-B6BC-07CD8088D9E4}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{E9C2B4A3-4CB1-4EC8-BE52-9D8652148EE2}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | "{EA35326E-3E14-489D-9BC3-40DA24F4438D}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{F11AFCBE-EC56-4978-9C73-39553942E437}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | "TCP Query User{1096C4A3-8C6F-4A52-AFCD-4DF37F98B2A7}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | "TCP Query User{1AF99745-A891-41BA-A0DF-34E1DCF39C75}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{D3B61B53-DD53-4220-A872-D5C5F295614B}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{0A80B0F3-94C3-406B-80F9-C99B959B2CB2}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{A5A8CFBD-2B62-4B32-BD54-43999F2AA5AA}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{E96D7E38-12E3-4429-8037-454F6A426FEF}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{060AAE5B-9455-4D30-E03C-41442C580A47}" = Catalyst Control Center Localization Polish "{0E44E447-6ED1-B31B-E0C6-E0A8533762C9}" = CCC Help German "{0E592AF6-6381-0BD5-1990-44366C40282A}" = CCC Help Danish "{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge "{222E0321-4496-CD3B-71BE-BBFCB4A09A3A}" = Catalyst Control Center Localization Chinese Standard "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16 "{29D1E00F-2447-6D6A-C552-1E7F5A6449EA}" = Catalyst Control Center Graphics Full New "{2A66D903-1ED8-D5CF-6A13-4ADF3D7ECD05}" = Catalyst Control Center Localization Norwegian "{2C26B97F-698E-4E04-B398-8203B147859B}_is1" = TOPP Vorlagen-Druckstudio (5156) "{2E41963B-151C-4D8B-BE5D-15A4F161719F}" = GoGear Spark Device Manager "{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00 "{302E9B7B-2B6A-4C29-9A02-9F2110649779}" = Nuvoton EC Generic HID Driver "{31C09120-6DDC-787F-7255-967B81777C7E}" = CCC Help Polish "{32FC88B4-52B5-86FA-3E61-5E3AD43855D2}" = CCC Help Chinese Traditional "{3329E4B5-8A30-1A98-5E87-1811857AD34A}" = Catalyst Control Center Localization Chinese Traditional "{3BDC4390-55D4-CC3E-7D4F-399F7D3D64F3}" = CCC Help Chinese Standard "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{425640DF-10DB-F749-5ACE-41F5E00D3155}" = CCC Help Portuguese "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update "{4E646581-8E6D-B265-8894-E4E569572655}" = CCC Help Czech "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{51B4EC5E-25AD-077B-CEAE-B882F23FB605}" = Catalyst Control Center Graphics Previews Vista "{56EEFA3A-9E17-9922-68C8-FD1BD151AE65}" = ccc-utility "{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management "{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail "{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion "{5D37080C-C718-87B4-2BCE-E04D23402BF0}" = CCC Help Norwegian "{5DE17717-8B56-25F2-FB34-9AF121FA8167}" = Catalyst Control Center Core Implementation "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{60DF23EB-65DC-6933-C0DE-87D7F305A933}" = CCC Help Russian "{61BF161D-B3CF-B966-DFE2-D36A74FE2FD3}" = CCC Help Thai "{6A85F81E-9285-0964-BC23-714FC45263D0}" = CCC Help Greek "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6B58131B-E1C3-9FC8-160C-C1E01B200C94}" = ATI Catalyst Install Manager "{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie "{6BD84F7F-660E-02B0-D324-A15456320EDA}" = Catalyst Control Center InstallProxy "{6C309974-85FF-6875-0DA8-FD3C2B399DC4}" = Catalyst Control Center Localization Spanish "{6E3970FD-8A5E-A3A1-4E7E-71F8C49DFF63}" = Catalyst Control Center Localization Portuguese "{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole "{72291519-2DCA-BA30-798F-48C4E64E2313}" = Catalyst Control Center Localization Czech "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72BFF3AC-28AC-27EA-6FBD-5B2D14FEFCC7}" = Catalyst Control Center Localization French "{734DCD79-13DA-855A-0EFB-83CE364C3452}" = CCC Help Dutch "{751AB006-C405-3CB4-7827-86882BF1BA51}" = Catalyst Control Center Localization Korean "{75CFDE75-80CA-E0AF-7A29-98E57C0C81EF}" = Skins "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update "{79BFBCBB-2085-5908-FF53-7BB34CE952B7}" = CCC Help Swedish "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{7B260281-BD06-400C-F51A-3FEB65108CB8}" = CCC Help Hungarian "{7B268071-3D05-DBBF-3B44-59B7857D408F}" = Catalyst Control Center Localization Turkish "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110052107}" = Beetle Junior "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110082360}" = Alien Shooter "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110422467}" = Tiks Texas Hold em "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11219217}" = Cradle of Rome "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112548397}" = The Rise of Atlantis "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113848220}" = Agatha Christie Peril at End House "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113919217}" = Mythic Mahjong "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}" = Go-Go Gourmet "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11408540}" = Magic Match Adventures "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114717227}" = Magic Farm "{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call "{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger "{83D87171-666D-3D0C-8346-6D7AE6EACDF8}" = Catalyst Control Center Localization Hungarian "{85EB55AA-7CB2-5BF1-14E3-07CA055D2020}" = CCC Help Italian "{8875D8E2-F967-AD9C-5738-7BBC8EF482D7}" = Catalyst Control Center Localization Thai "{89E26372-ED92-510E-7911-161F8F55E677}" = CCC Help English "{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync "{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{94EED5A2-2464-3468-1674-DE5948D933B4}" = Catalyst Control Center Localization Danish "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95156C6A-B0D1-4AA7-0513-D733BEEBBC18}" = CCC Help Japanese "{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A511966D-B370-4AD8-597A-9CF792F943C9}" = CCC Help Finnish "{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management "{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.9.2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch "{AE9EF716-D8C6-3854-9221-546B03005611}" = ccc-core-static "{B00A7D65-6C5C-7A14-A22F-D52DD7798AB3}" = Catalyst Control Center Localization Japanese "{B1541910-5E93-0610-A8E5-FC9170D1A4F8}" = CCC Help Spanish "{B1CE6512-B757-0283-6C06-5A58B295A0E7}" = CCC Help Turkish "{B24C006F-470C-91A5-1AFA-F16EEFE0CD7A}" = Catalyst Control Center Localization Italian "{B5BCBD49-202F-4238-8398-D83D423A48B4}" = Windows Live Anmelde-Assistent "{BC1280C0-7FA5-2434-5820-26352484E790}" = Catalyst Control Center Graphics Light "{C05EEF5D-DBA7-46E3-546F-4DEB8C26B261}" = CCC Help Korean "{C7D35D4A-18A4-1853-2E43-6AC00FCDEE3A}" = Catalyst Control Center Localization Russian "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{CCF22908-ECD2-4068-84F1-BA02DA1EC72D}" = GoGear Spark Device Manager "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! "{D704735D-9558-C09C-07BC-DD6259D3ED83}" = Catalyst Control Center Localization Dutch "{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{DCA87C0C-DC10-C275-384E-B7C85A0145AC}" = CCC Help French "{DE12C2CE-11A1-789A-9BF6-8A7212FBA668}" = Catalyst Control Center Localization Greek "{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials "{E08F6426-8A5F-115D-744F-E38B9426E3EE}" = Catalyst Control Center Localization Swedish "{E4C774A3-D902-4A42-D5A8-09B07D5568C1}" = Catalyst Control Center Graphics Full Existing "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F65931E9-22ED-98E3-D540-C78FBC36144F}" = Catalyst Control Center Localization Finnish "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FD2F10F2-BC65-0CAB-A26A-51AFFED6012A}" = Catalyst Control Center Localization German "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Avira AntiVir Desktop" = Avira Free Antivirus "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP "DivX Setup.divx.com" = DivX-Setup "dm-Fotowelt" = dm-Fotowelt "ENTERPRISE" = Microsoft Office Enterprise 2007 "EPSON BX535WD Series" = EPSON BX535WD Series Printer Uninstall "Google Desktop" = Google Desktop "GridVista" = Acer GridVista "Hauppauge German Help Files and Resources" = Hauppauge German Help Files and Resources "Hauppauge WinTV" = Hauppauge WinTV "Hauppauge WinTV DVB-T EPG Service" = Hauppauge WinTV DVB-T EPG Service "Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote "Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler "Hauppauge WinTV TV Services" = Hauppauge WinTV TV Services "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "JDownloader" = JDownloader "LManager" = Launch Manager "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25) "SynTPDeinstKey" = Synaptics Pointing Device Driver "VLC media player" = VLC media player 1.0.5 "VTPlus32 für WinTV (German)" = VTPlus32 für WinTV (German) "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 27.03.2012 18:32:09 | Computer Name = emi-PC | Source = EventSystem | ID = 4621 Description = Error - 28.03.2012 06:44:19 | Computer Name = emi-PC | Source = EventSystem | ID = 4621 Description = Error - 29.03.2012 18:47:00 | Computer Name = emi-PC | Source = EventSystem | ID = 4621 Description = Error - 30.03.2012 05:03:38 | Computer Name = emi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 30.03.2012 05:03:42 | Computer Name = emi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 30.03.2012 05:03:42 | Computer Name = emi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 30.03.2012 08:50:29 | Computer Name = emi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 30.03.2012 08:50:32 | Computer Name = emi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 30.03.2012 08:50:33 | Computer Name = emi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 30.03.2012 08:50:47 | Computer Name = emi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = [ System Events ] Error - 30.11.2012 18:32:34 | Computer Name = emi-PC | Source = Service Control Manager | ID = 7026 Description = Error - 04.12.2012 18:33:14 | Computer Name = emi-PC | Source = Dhcp | ID = 1001 Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server für die Netzwerkkarte mit der Netzwerkadresse 001E65805064 zugeteilt werden. Der folgende Fehler ist aufgetreten: %%1223. Es wird weiterhin im Hintergrund versucht, eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen. Error - 04.12.2012 19:24:22 | Computer Name = emi-PC | Source = Service Control Manager | ID = 7000 Description = Error - 04.12.2012 19:24:22 | Computer Name = emi-PC | Source = Service Control Manager | ID = 7026 Description = Error - 04.12.2012 19:44:27 | Computer Name = emi-PC | Source = DCOM | ID = 10005 Description = Error - 04.12.2012 19:44:34 | Computer Name = emi-PC | Source = DCOM | ID = 10005 Description = Error - 04.12.2012 19:44:52 | Computer Name = emi-PC | Source = DCOM | ID = 10005 Description = Error - 04.12.2012 19:45:46 | Computer Name = emi-PC | Source = Service Control Manager | ID = 7001 Description = Error - 04.12.2012 19:45:46 | Computer Name = emi-PC | Source = Service Control Manager | ID = 7026 Description = Error - 04.12.2012 20:05:12 | Computer Name = emi-PC | Source = DCOM | ID = 10005 Description = < End of report > Gmer: GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-12-05 02:00:53 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-22ZCT0 rev.11.01A11 Running: 3ivibyd1.exe; Driver: C:\Users\emi\AppData\Local\Temp\kxtdapow.sys ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\Explorer.EXE[1476] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5 7596B37C 4 Bytes [00, 26, 00, 10] {ADD [ESI], AH; ADD [EAX], DL} .text C:\Windows\Explorer.EXE[1476] SHELL32.dll!ShellExecuteExW + 18B7 7599DA14 4 Bytes [10, 1B, 00, 10] {ADC [EBX], BL; ADD [EAX], DL} ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[1476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73DA7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73DEB4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73DABB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73D9F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73DA75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73D9E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73DD73F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73DADA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73D9FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73D9FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73D971CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73E2CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73DCC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73D9D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73D96853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73D9687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73DA2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1476] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [100027E0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.) IAT C:\Windows\Explorer.EXE[1476] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001D90] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.) IAT C:\Windows\Explorer.EXE[1476] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10002B30] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.) IAT C:\Windows\Explorer.EXE[1476] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100011D0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x81 0x40 0x56 0x88 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x81 0x40 0x56 0x88 ... ---- EOF - GMER 1.0.15 ---- |
|
05.12.2012, 12:58
| #2 |
| /// Malware-holic   | GVU auf winVista hi
__________________dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
[2012.12.04 23:30:24 | 095,023,320 | ---- | M] () -- C:\ProgramData\0tbpw.pad
[2012.11.28 22:02:51 | 000,000,906 | ---- | M] () -- C:\Users\emi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
:Files
:Commands
[EMPTYFLASH]
[emptytemp]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden
__________________ |
|
05.12.2012, 17:14
| #3 |
| | GVU auf winVista Oh super...es geht wieder..zumindest kommt nach dem normalen start kein GVU!!!
__________________ich hab jetzt leider den inhalt der txt aus dem clipboard gelöscht weil ich nicht dran gedacht hab und schnell was anderes kopieren wollte..jetzt kann ich aber auch die txt nicht mehr finden...zumindest ist sie nicht auf dem desktop..tut mir leid kann ichn sonst noch was machen um reste zu löschen oder ist alles sauber? gruß tinusch |
|
06.12.2012, 16:40
| #4 |
| /// Malware-holic | GVU auf winVista download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.12.2012, 20:22
| #5 |
| | GVU auf winVista den tdsskiller hab ich durchlaufen lassen folgendes kam dabei raus: Code:
ATTFilter 20:13:33.0992 6016 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:13:34.0335 6016 ============================================================
20:13:34.0335 6016 Current date / time: 2012/12/07 20:13:34.0335
20:13:34.0335 6016 SystemInfo:
20:13:34.0335 6016
20:13:34.0335 6016 OS Version: 6.0.6002 ServicePack: 2.0
20:13:34.0335 6016 Product type: Workstation
20:13:34.0335 6016 ComputerName: EMI-PC
20:13:34.0335 6016 UserName: emi
20:13:34.0335 6016 Windows directory: C:\Windows
20:13:34.0335 6016 System windows directory: C:\Windows
20:13:34.0335 6016 Processor architecture: Intel x86
20:13:34.0335 6016 Number of processors: 2
20:13:34.0335 6016 Page size: 0x1000
20:13:34.0335 6016 Boot type: Normal boot
20:13:34.0335 6016 ============================================================
20:13:35.0427 6016 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:13:35.0427 6016 ============================================================
20:13:35.0427 6016 \Device\Harddisk0\DR0:
20:13:35.0427 6016 MBR partitions:
20:13:35.0427 6016 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x157C800, BlocksNum 0x11C53000
20:13:35.0427 6016 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x131CF800, BlocksNum 0x11C5E800
20:13:35.0427 6016 ============================================================
20:13:35.0458 6016 C: <-> \Device\Harddisk0\DR0\Partition1
20:13:35.0505 6016 D: <-> \Device\Harddisk0\DR0\Partition2
20:13:35.0505 6016 ============================================================
20:13:35.0505 6016 Initialize success
20:13:35.0505 6016 ============================================================
20:13:41.0511 5048 ============================================================
20:13:41.0511 5048 Scan started
20:13:41.0511 5048 Mode: Manual; SigCheck; TDLFS;
20:13:41.0511 5048 ============================================================
20:13:41.0979 5048 ================ Scan system memory ========================
20:13:41.0979 5048 System memory - ok
20:13:41.0979 5048 ================ Scan services =============================
20:13:42.0166 5048 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
20:13:42.0322 5048 ACPI - ok
20:13:42.0353 5048 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
20:13:42.0385 5048 adp94xx - ok
20:13:42.0416 5048 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
20:13:42.0447 5048 adpahci - ok
20:13:42.0463 5048 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
20:13:42.0478 5048 adpu160m - ok
20:13:42.0494 5048 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
20:13:42.0525 5048 adpu320 - ok
20:13:42.0556 5048 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:13:42.0587 5048 AeLookupSvc - ok
20:13:42.0634 5048 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
20:13:42.0650 5048 AFD - ok
20:13:42.0681 5048 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:13:42.0697 5048 agp440 - ok
20:13:42.0728 5048 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
20:13:42.0743 5048 aic78xx - ok
20:13:42.0775 5048 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
20:13:42.0790 5048 ALG - ok
20:13:42.0821 5048 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
20:13:42.0837 5048 aliide - ok
20:13:42.0853 5048 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
20:13:42.0868 5048 amdagp - ok
20:13:42.0884 5048 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
20:13:42.0899 5048 amdide - ok
20:13:42.0931 5048 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
20:13:42.0946 5048 AmdK7 - ok
20:13:42.0962 5048 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
20:13:42.0993 5048 AmdK8 - ok
20:13:43.0102 5048 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
20:13:43.0118 5048 AntiVirSchedulerService - ok
20:13:43.0149 5048 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
20:13:43.0165 5048 AntiVirService - ok
20:13:43.0211 5048 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
20:13:43.0211 5048 Appinfo - ok
20:13:43.0227 5048 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
20:13:43.0243 5048 arc - ok
20:13:43.0258 5048 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
20:13:43.0274 5048 arcsas - ok
20:13:43.0305 5048 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:13:43.0321 5048 AsyncMac - ok
20:13:43.0352 5048 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
20:13:43.0352 5048 atapi - ok
20:13:43.0414 5048 [ 740B9B4140CACCD0513D999EAB488E48 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
20:13:43.0430 5048 Ati External Event Utility - ok
20:13:43.0570 5048 [ 7526AD10925D1AA9E4E6B0FB393B701F ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
20:13:43.0695 5048 atikmdag - ok
20:13:43.0757 5048 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:13:43.0773 5048 AudioEndpointBuilder - ok
20:13:43.0789 5048 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
20:13:43.0804 5048 Audiosrv - ok
20:13:43.0851 5048 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
20:13:43.0867 5048 avgntflt - ok
20:13:43.0929 5048 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
20:13:43.0945 5048 avipbb - ok
20:13:43.0945 5048 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
20:13:43.0960 5048 avkmgr - ok
20:13:44.0007 5048 [ 6FB43F0DADB3FDC287D080C19666AF8D ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
20:13:44.0023 5048 b57nd60x - ok
20:13:44.0054 5048 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
20:13:44.0085 5048 Beep - ok
20:13:44.0116 5048 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
20:13:44.0179 5048 BFE - ok
20:13:44.0272 5048 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
20:13:44.0303 5048 BITS - ok
20:13:44.0319 5048 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
20:13:44.0335 5048 blbdrive - ok
20:13:44.0366 5048 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:13:44.0381 5048 bowser - ok
20:13:44.0413 5048 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
20:13:44.0428 5048 BrFiltLo - ok
20:13:44.0428 5048 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
20:13:44.0444 5048 BrFiltUp - ok
20:13:44.0475 5048 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
20:13:44.0506 5048 Browser - ok
20:13:44.0522 5048 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
20:13:44.0569 5048 Brserid - ok
20:13:44.0584 5048 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
20:13:44.0615 5048 BrSerWdm - ok
20:13:44.0631 5048 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
20:13:44.0678 5048 BrUsbMdm - ok
20:13:44.0693 5048 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
20:13:44.0725 5048 BrUsbSer - ok
20:13:44.0740 5048 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
20:13:44.0771 5048 BTHMODEM - ok
20:13:44.0834 5048 [ 09E6AFFAE6C0E9158BF05C7D08D0107A ] BUNAgentSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
20:13:44.0834 5048 BUNAgentSvc ( UnsignedFile.Multi.Generic ) - warning
20:13:44.0834 5048 BUNAgentSvc - detected UnsignedFile.Multi.Generic (1)
20:13:44.0849 5048 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:13:44.0881 5048 cdfs - ok
20:13:44.0896 5048 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:13:44.0912 5048 cdrom - ok
20:13:44.0959 5048 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
20:13:44.0974 5048 CertPropSvc - ok
20:13:44.0990 5048 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
20:13:45.0005 5048 circlass - ok
20:13:45.0052 5048 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
20:13:45.0068 5048 CLFS - ok
20:13:45.0146 5048 [ 8B67044AE0621C005245EF62EEF0746F ] CLHNService C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
20:13:45.0161 5048 CLHNService ( UnsignedFile.Multi.Generic ) - warning
20:13:45.0161 5048 CLHNService - detected UnsignedFile.Multi.Generic (1)
20:13:45.0208 5048 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:13:45.0224 5048 clr_optimization_v2.0.50727_32 - ok
20:13:45.0317 5048 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:13:45.0317 5048 clr_optimization_v4.0.30319_32 - ok
20:13:45.0364 5048 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:13:45.0380 5048 CmBatt - ok
20:13:45.0395 5048 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:13:45.0411 5048 cmdide - ok
20:13:45.0427 5048 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:13:45.0442 5048 Compbatt - ok
20:13:45.0442 5048 COMSysApp - ok
20:13:45.0458 5048 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
20:13:45.0473 5048 crcdisk - ok
20:13:45.0473 5048 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
20:13:45.0505 5048 Crusoe - ok
20:13:45.0551 5048 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:13:45.0567 5048 CryptSvc - ok
20:13:45.0614 5048 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:13:45.0645 5048 DcomLaunch - ok
20:13:45.0692 5048 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:13:45.0692 5048 DfsC - ok
20:13:45.0770 5048 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
20:13:45.0832 5048 DFSR - ok
20:13:45.0895 5048 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
20:13:45.0910 5048 Dhcp - ok
20:13:45.0941 5048 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
20:13:45.0957 5048 disk - ok
20:13:46.0004 5048 [ 73BAF270D24FE726B9CD7F80BB17A23D ] DKbFltr C:\Windows\system32\DRIVERS\DKbFltr.sys
20:13:46.0004 5048 DKbFltr - ok
20:13:46.0051 5048 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:13:46.0051 5048 Dnscache - ok
20:13:46.0082 5048 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:13:46.0097 5048 dot3svc - ok
20:13:46.0207 5048 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
20:13:46.0222 5048 DPS - ok
20:13:46.0253 5048 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:13:46.0269 5048 drmkaud - ok
20:13:46.0347 5048 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:13:46.0394 5048 DXGKrnl - ok
20:13:46.0441 5048 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
20:13:46.0456 5048 E1G60 - ok
20:13:46.0487 5048 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
20:13:46.0503 5048 EapHost - ok
20:13:46.0565 5048 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
20:13:46.0581 5048 Ecache - ok
20:13:46.0659 5048 [ B1F2503E23425B386DF0F3413B2596F3 ] eDataSecurity Service C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
20:13:46.0675 5048 eDataSecurity Service - ok
20:13:46.0721 5048 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:13:46.0737 5048 ehRecvr - ok
20:13:46.0753 5048 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
20:13:46.0768 5048 ehSched - ok
20:13:46.0784 5048 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
20:13:46.0784 5048 ehstart - ok
20:13:46.0815 5048 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
20:13:46.0846 5048 elxstor - ok
20:13:46.0893 5048 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
20:13:46.0924 5048 EMDMgmt - ok
20:13:46.0987 5048 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:13:47.0018 5048 ErrDev - ok
20:13:47.0080 5048 [ F25247D0E011A643EE60052CE23BE05E ] ETService C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
20:13:47.0080 5048 ETService ( UnsignedFile.Multi.Generic ) - warning
20:13:47.0080 5048 ETService - detected UnsignedFile.Multi.Generic (1)
20:13:47.0111 5048 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
20:13:47.0127 5048 EventSystem - ok
20:13:47.0174 5048 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
20:13:47.0174 5048 exfat - ok
20:13:47.0205 5048 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:13:47.0236 5048 fastfat - ok
20:13:47.0252 5048 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:13:47.0267 5048 fdc - ok
20:13:47.0299 5048 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
20:13:47.0330 5048 fdPHost - ok
20:13:47.0330 5048 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
20:13:47.0377 5048 FDResPub - ok
20:13:47.0392 5048 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:13:47.0408 5048 FileInfo - ok
20:13:47.0408 5048 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:13:47.0439 5048 Filetrace - ok
20:13:47.0455 5048 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:13:47.0486 5048 flpydisk - ok
20:13:47.0517 5048 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:13:47.0517 5048 FltMgr - ok
20:13:47.0595 5048 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
20:13:47.0626 5048 FontCache - ok
20:13:47.0689 5048 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:13:47.0704 5048 FontCache3.0.0.0 - ok
20:13:47.0720 5048 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:13:47.0735 5048 Fs_Rec - ok
20:13:47.0767 5048 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
20:13:47.0767 5048 gagp30kx - ok
20:13:47.0845 5048 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
20:13:47.0860 5048 GoogleDesktopManager-051210-111108 - ok
20:13:47.0891 5048 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
20:13:47.0938 5048 gpsvc - ok
20:13:48.0001 5048 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
20:13:48.0016 5048 gupdate - ok
20:13:48.0032 5048 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
20:13:48.0032 5048 gupdatem - ok
20:13:48.0094 5048 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:13:48.0110 5048 gusvc - ok
20:13:48.0172 5048 [ FC282BDB2D558B6C3BC2D848C5CA9F13 ] HauppaugeTVServer C:\PROGRA~1\WinTV\HCWTVS~1.EXE
20:13:48.0188 5048 HauppaugeTVServer ( UnsignedFile.Multi.Generic ) - warning
20:13:48.0188 5048 HauppaugeTVServer - detected UnsignedFile.Multi.Generic (1)
20:13:48.0250 5048 [ 6D1EA2467A49A954C95AA493382B3A6D ] hcw95bda C:\Windows\system32\Drivers\hcw95bda.sys
20:13:48.0266 5048 hcw95bda - ok
20:13:48.0297 5048 [ 7A1FA260E31C3D3EBD061265251EF0F6 ] hcw95rc C:\Windows\system32\DRIVERS\hcw95rc.sys
20:13:48.0297 5048 hcw95rc - ok
20:13:48.0344 5048 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:13:48.0375 5048 HdAudAddService - ok
20:13:48.0422 5048 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:13:48.0437 5048 HDAudBus - ok
20:13:48.0469 5048 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
20:13:48.0500 5048 HidBth - ok
20:13:48.0515 5048 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
20:13:48.0562 5048 HidIr - ok
20:13:48.0578 5048 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
20:13:48.0593 5048 hidserv - ok
20:13:48.0625 5048 [ 7F7E5E98CEFED8A10F7E56810EA7B6DF ] hidshim C:\Windows\system32\DRIVERS\hidshim.sys
20:13:48.0640 5048 hidshim - ok
20:13:48.0656 5048 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:13:48.0671 5048 HidUsb - ok
20:13:48.0703 5048 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:13:48.0734 5048 hkmsvc - ok
20:13:48.0749 5048 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
20:13:48.0765 5048 HpCISSs - ok
20:13:48.0796 5048 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
20:13:48.0827 5048 HSFHWAZL - ok
20:13:48.0874 5048 [ 7BC42C65B5C6281777C1A7605B253BA8 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
20:13:48.0905 5048 HSF_DPV - ok
20:13:48.0937 5048 [ 9EBF2D102CCBB6BCDFBF1B7922F8BA2E ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
20:13:48.0952 5048 HSXHWAZL - ok
20:13:48.0983 5048 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:13:48.0999 5048 HTTP - ok
20:13:49.0015 5048 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
20:13:49.0030 5048 i2omp - ok
20:13:49.0061 5048 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:13:49.0077 5048 i8042prt - ok
20:13:49.0124 5048 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
20:13:49.0139 5048 iaStorV - ok
20:13:49.0186 5048 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:13:49.0249 5048 idsvc - ok
20:13:49.0280 5048 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
20:13:49.0295 5048 iirsp - ok
20:13:49.0327 5048 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
20:13:49.0358 5048 IKEEXT - ok
20:13:49.0389 5048 [ 58FF11C95C3681C9250914521CB9F036 ] int15 C:\Windows\system32\drivers\int15.sys
20:13:49.0405 5048 int15 - ok
20:13:49.0498 5048 [ B8716D9677B04B82FA405C8C54954728 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
20:13:49.0576 5048 IntcAzAudAddService - ok
20:13:49.0607 5048 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
20:13:49.0607 5048 intelide - ok
20:13:49.0623 5048 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:13:49.0654 5048 intelppm - ok
20:13:49.0685 5048 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:13:49.0701 5048 IPBusEnum - ok
20:13:49.0732 5048 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:13:49.0748 5048 IpFilterDriver - ok
20:13:49.0795 5048 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:13:49.0795 5048 iphlpsvc - ok
20:13:49.0810 5048 IpInIp - ok
20:13:49.0841 5048 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
20:13:49.0873 5048 IPMIDRV - ok
20:13:49.0888 5048 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
20:13:49.0919 5048 IPNAT - ok
20:13:49.0935 5048 [ E50A95179211B12946F7E035D60AF560 ] irda C:\Windows\system32\DRIVERS\irda.sys
20:13:49.0966 5048 irda - ok
20:13:49.0982 5048 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:13:50.0013 5048 IRENUM - ok
20:13:50.0029 5048 [ CBB0D940221A281BCFEAEA695BD1CDA5 ] Irmon C:\Windows\System32\irmon.dll
20:13:50.0075 5048 Irmon - ok
20:13:50.0075 5048 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:13:50.0091 5048 isapnp - ok
20:13:50.0122 5048 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
20:13:50.0138 5048 iScsiPrt - ok
20:13:50.0153 5048 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
20:13:50.0153 5048 iteatapi - ok
20:13:50.0169 5048 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
20:13:50.0185 5048 iteraid - ok
20:13:50.0200 5048 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:13:50.0216 5048 kbdclass - ok
20:13:50.0231 5048 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:13:50.0247 5048 kbdhid - ok
20:13:50.0278 5048 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
20:13:50.0294 5048 KeyIso - ok
20:13:50.0325 5048 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:13:50.0341 5048 KSecDD - ok
20:13:50.0419 5048 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
20:13:50.0450 5048 KtmRm - ok
20:13:50.0481 5048 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
20:13:50.0497 5048 LanmanServer - ok
20:13:50.0528 5048 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:13:50.0543 5048 LanmanWorkstation - ok
20:13:50.0606 5048 [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
20:13:50.0606 5048 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
20:13:50.0606 5048 LightScribeService - detected UnsignedFile.Multi.Generic (1)
20:13:50.0653 5048 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:13:50.0668 5048 lltdio - ok
20:13:50.0699 5048 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:13:50.0731 5048 lltdsvc - ok
20:13:50.0746 5048 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:13:50.0793 5048 lmhosts - ok
20:13:50.0809 5048 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
20:13:50.0824 5048 LSI_FC - ok
20:13:50.0840 5048 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
20:13:50.0855 5048 LSI_SAS - ok
20:13:50.0887 5048 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
20:13:50.0887 5048 LSI_SCSI - ok
20:13:50.0918 5048 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
20:13:50.0933 5048 luafv - ok
20:13:50.0965 5048 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:13:50.0980 5048 Mcx2Svc - ok
20:13:50.0996 5048 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
20:13:51.0011 5048 mdmxsdk - ok
20:13:51.0027 5048 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
20:13:51.0043 5048 megasas - ok
20:13:51.0058 5048 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
20:13:51.0074 5048 MegaSR - ok
20:13:51.0183 5048 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
20:13:51.0199 5048 Microsoft Office Groove Audit Service - ok
20:13:51.0214 5048 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
20:13:51.0245 5048 MMCSS - ok
20:13:51.0277 5048 MobilityService - ok
20:13:51.0292 5048 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
20:13:51.0308 5048 Modem - ok
20:13:51.0323 5048 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:13:51.0339 5048 monitor - ok
20:13:51.0370 5048 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:13:51.0370 5048 mouclass - ok
20:13:51.0386 5048 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:13:51.0417 5048 mouhid - ok
20:13:51.0433 5048 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
20:13:51.0448 5048 MountMgr - ok
20:13:51.0464 5048 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
20:13:51.0479 5048 mpio - ok
20:13:51.0495 5048 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:13:51.0511 5048 mpsdrv - ok
20:13:51.0557 5048 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
20:13:51.0589 5048 MpsSvc - ok
20:13:51.0604 5048 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
20:13:51.0620 5048 Mraid35x - ok
20:13:51.0651 5048 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:13:51.0667 5048 MRxDAV - ok
20:13:51.0698 5048 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:13:51.0713 5048 mrxsmb - ok
20:13:51.0745 5048 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:13:51.0760 5048 mrxsmb10 - ok
20:13:51.0760 5048 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:13:51.0776 5048 mrxsmb20 - ok
20:13:51.0823 5048 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci C:\Windows\system32\drivers\msahci.sys
20:13:51.0823 5048 msahci - ok
20:13:51.0854 5048 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:13:51.0869 5048 msdsm - ok
20:13:51.0885 5048 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
20:13:51.0916 5048 MSDTC - ok
20:13:51.0947 5048 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:13:51.0963 5048 Msfs - ok
20:13:51.0979 5048 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:13:51.0994 5048 msisadrv - ok
20:13:52.0025 5048 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:13:52.0041 5048 MSiSCSI - ok
20:13:52.0057 5048 msiserver - ok
20:13:52.0072 5048 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:13:52.0088 5048 MSKSSRV - ok
20:13:52.0103 5048 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:13:52.0135 5048 MSPCLOCK - ok
20:13:52.0150 5048 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:13:52.0166 5048 MSPQM - ok
20:13:52.0213 5048 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:13:52.0213 5048 MsRPC - ok
20:13:52.0244 5048 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:13:52.0244 5048 mssmbios - ok
20:13:52.0275 5048 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:13:52.0306 5048 MSTEE - ok
20:13:52.0322 5048 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
20:13:52.0337 5048 Mup - ok
20:13:52.0369 5048 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
20:13:52.0384 5048 napagent - ok
20:13:52.0415 5048 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:13:52.0431 5048 NativeWifiP - ok
20:13:52.0447 5048 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:13:52.0478 5048 NDIS - ok
20:13:52.0509 5048 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:13:52.0525 5048 NdisTapi - ok
20:13:52.0540 5048 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:13:52.0556 5048 Ndisuio - ok
20:13:52.0587 5048 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:13:52.0618 5048 NdisWan - ok
20:13:52.0618 5048 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:13:52.0634 5048 NDProxy - ok
20:13:52.0649 5048 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:13:52.0665 5048 NetBIOS - ok
20:13:52.0681 5048 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
20:13:52.0696 5048 netbt - ok
20:13:52.0712 5048 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
20:13:52.0727 5048 Netlogon - ok
20:13:52.0743 5048 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
20:13:52.0774 5048 Netman - ok
20:13:52.0790 5048 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
20:13:52.0821 5048 netprofm - ok
20:13:52.0837 5048 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:13:52.0852 5048 NetTcpPortSharing - ok
20:13:52.0961 5048 [ 0B214C6A4728F085FB64A29ED9C4DE94 ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
20:13:53.0071 5048 NETw5v32 - ok
20:13:53.0117 5048 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
20:13:53.0117 5048 nfrd960 - ok
20:13:53.0149 5048 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:13:53.0164 5048 NlaSvc - ok
20:13:53.0211 5048 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:13:53.0227 5048 Npfs - ok
20:13:53.0242 5048 [ 6D8D2E5652FC2442C810C5D8BE784148 ] NSCIRDA C:\Windows\system32\DRIVERS\nscirda.sys
20:13:53.0258 5048 NSCIRDA - ok
20:13:53.0289 5048 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
20:13:53.0320 5048 nsi - ok
20:13:53.0320 5048 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:13:53.0351 5048 nsiproxy - ok
20:13:53.0414 5048 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:13:53.0461 5048 Ntfs - ok
20:13:53.0507 5048 [ A2B6583A5652A385DFF5E4F49AD48761 ] NTIBackupSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
20:13:53.0507 5048 NTIBackupSvc ( UnsignedFile.Multi.Generic ) - warning
20:13:53.0507 5048 NTIBackupSvc - detected UnsignedFile.Multi.Generic (1)
20:13:53.0539 5048 [ 2757D2BA59AEE155209E24942AB127C9 ] NTIDrvr C:\Windows\system32\DRIVERS\NTIDrvr.sys
20:13:53.0539 5048 NTIDrvr - ok
20:13:53.0570 5048 [ 40B87FE8A1A9A5AC9E5A91D96F212BCD ] NTISchedulerSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
20:13:53.0585 5048 NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - warning
20:13:53.0585 5048 NTISchedulerSvc - detected UnsignedFile.Multi.Generic (1)
20:13:53.0585 5048 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
20:13:53.0632 5048 ntrigdigi - ok
20:13:53.0648 5048 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
20:13:53.0679 5048 Null - ok
20:13:53.0695 5048 [ 85D8845B7B6A434B7CE35723BF0E5C57 ] nuvotonhidgeneric C:\Windows\system32\DRIVERS\nuvotonhidgeneric.sys
20:13:53.0695 5048 nuvotonhidgeneric - ok
20:13:53.0726 5048 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:13:53.0726 5048 nvraid - ok
20:13:53.0741 5048 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:13:53.0757 5048 nvstor - ok
20:13:53.0773 5048 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:13:53.0788 5048 nv_agp - ok
20:13:53.0804 5048 NwlnkFlt - ok
20:13:53.0804 5048 NwlnkFwd - ok
20:13:53.0882 5048 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:13:53.0913 5048 odserv - ok
20:13:53.0944 5048 [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
20:13:53.0975 5048 ohci1394 - ok
20:13:54.0022 5048 [ DA345DE3B450E9E1691E7B9956D8FFC3 ] OMSI download service C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
20:13:54.0038 5048 OMSI download service ( UnsignedFile.Multi.Generic ) - warning
20:13:54.0038 5048 OMSI download service - detected UnsignedFile.Multi.Generic (1)
20:13:54.0085 5048 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:13:54.0085 5048 ose - ok
20:13:54.0163 5048 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
20:13:54.0178 5048 p2pimsvc - ok
20:13:54.0225 5048 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
20:13:54.0241 5048 p2psvc - ok
20:13:54.0272 5048 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
20:13:54.0319 5048 Parport - ok
20:13:54.0350 5048 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:13:54.0365 5048 partmgr - ok
20:13:54.0397 5048 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
20:13:54.0443 5048 Parvdm - ok
20:13:54.0459 5048 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
20:13:54.0475 5048 PcaSvc - ok
20:13:54.0506 5048 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
20:13:54.0521 5048 pci - ok
20:13:54.0537 5048 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
20:13:54.0553 5048 pciide - ok
20:13:54.0599 5048 [ B7C5A8769541900F6DFA6FE0C5E4D513 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:13:54.0599 5048 pcmcia - ok
20:13:54.0646 5048 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:13:54.0709 5048 PEAUTH - ok
20:13:54.0771 5048 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
20:13:54.0818 5048 pla - ok
20:13:54.0849 5048 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:13:54.0865 5048 PlugPlay - ok
20:13:54.0896 5048 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
20:13:54.0927 5048 PNRPAutoReg - ok
20:13:54.0974 5048 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
20:13:54.0989 5048 PNRPsvc - ok
20:13:55.0005 5048 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:13:55.0052 5048 PolicyAgent - ok
20:13:55.0114 5048 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:13:55.0130 5048 PptpMiniport - ok
20:13:55.0161 5048 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
20:13:55.0177 5048 Processor - ok
20:13:55.0192 5048 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
20:13:55.0223 5048 ProfSvc - ok
20:13:55.0239 5048 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
20:13:55.0239 5048 ProtectedStorage - ok
20:13:55.0286 5048 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
20:13:55.0301 5048 PSched - ok
20:13:55.0317 5048 [ 628321C8DD76AD369B362B202E655A68 ] PSDFilter C:\Windows\system32\DRIVERS\psdfilter.sys
20:13:55.0333 5048 PSDFilter - ok
20:13:55.0348 5048 [ 79D7117E62709C7690CF3DD55ACEAD37 ] PSDNServ C:\Windows\system32\DRIVERS\PSDNServ.sys
20:13:55.0364 5048 PSDNServ - ok
20:13:55.0379 5048 [ CAE5E82827990CF4BD4A49576BDE3A43 ] psdvdisk C:\Windows\system32\DRIVERS\PSDVdisk.sys
20:13:55.0379 5048 psdvdisk - ok
20:13:55.0442 5048 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
20:13:55.0489 5048 ql2300 - ok
20:13:55.0504 5048 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
20:13:55.0504 5048 ql40xx - ok
20:13:55.0535 5048 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
20:13:55.0551 5048 QWAVE - ok
20:13:55.0567 5048 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:13:55.0582 5048 QWAVEdrv - ok
20:13:55.0598 5048 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:13:55.0629 5048 RasAcd - ok
20:13:55.0629 5048 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
20:13:55.0660 5048 RasAuto - ok
20:13:55.0676 5048 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:13:55.0707 5048 Rasl2tp - ok
20:13:55.0738 5048 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
20:13:55.0754 5048 RasMan - ok
20:13:55.0785 5048 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:13:55.0801 5048 RasPppoe - ok
20:13:55.0847 5048 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:13:55.0863 5048 RasSstp - ok
20:13:55.0879 5048 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:13:55.0894 5048 rdbss - ok
20:13:55.0925 5048 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:13:55.0957 5048 RDPCDD - ok
20:13:55.0972 5048 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
20:13:56.0003 5048 rdpdr - ok
20:13:56.0003 5048 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:13:56.0019 5048 RDPENCDD - ok
20:13:56.0066 5048 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:13:56.0081 5048 RDPWD - ok
20:13:56.0128 5048 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:13:56.0144 5048 RemoteAccess - ok
20:13:56.0191 5048 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:13:56.0206 5048 RemoteRegistry - ok
20:13:56.0253 5048 [ 17E0BEF5CA5C9CE52CC8082AC6EBC449 ] RichVideo c:\Program Files\Cyberlink\Shared files\RichVideo.exe
20:13:56.0269 5048 RichVideo - ok
20:13:56.0300 5048 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
20:13:56.0315 5048 RpcLocator - ok
20:13:56.0347 5048 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
20:13:56.0409 5048 RpcSs - ok
20:13:56.0456 5048 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:13:56.0503 5048 rspndr - ok
20:13:56.0596 5048 [ 065A51298212455584F1811B033B617E ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIV.sys
20:13:56.0612 5048 RTHDMIAzAudService - ok
20:13:56.0627 5048 [ 8DAB5975B5C7923D61506A48E251DBAD ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
20:13:56.0659 5048 RTSTOR - ok
20:13:56.0690 5048 [ 0266151DE3F36429F6AC3C4B28085061 ] s217bus C:\Windows\system32\DRIVERS\s217bus.sys
20:13:56.0705 5048 s217bus - ok
20:13:56.0752 5048 [ A43C0AF0E46BE7EF0C7E8CCF0F058600 ] s217mdfl C:\Windows\system32\DRIVERS\s217mdfl.sys
20:13:56.0768 5048 s217mdfl - ok
20:13:56.0799 5048 [ 005F5DED1ED8F8A9D2399D765EAD20F1 ] s217mdm C:\Windows\system32\DRIVERS\s217mdm.sys
20:13:56.0815 5048 s217mdm - ok
20:13:56.0846 5048 [ DE9562AD0C91E1857D11F65A91EE1A47 ] s217mgmt C:\Windows\system32\DRIVERS\s217mgmt.sys
20:13:56.0861 5048 s217mgmt - ok
20:13:56.0908 5048 [ 11CC5D7F992799E7E75D018E9C018563 ] s217nd5 C:\Windows\system32\DRIVERS\s217nd5.sys
20:13:56.0924 5048 s217nd5 - ok
20:13:56.0955 5048 [ 0F9F4045799AFB66B85EEF999D0609EC ] s217obex C:\Windows\system32\DRIVERS\s217obex.sys
20:13:56.0971 5048 s217obex - ok
20:13:57.0002 5048 [ 1C91E1023F07B6407D84B5A43537D984 ] s217unic C:\Windows\system32\DRIVERS\s217unic.sys
20:13:57.0017 5048 s217unic - ok
20:13:57.0033 5048 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
20:13:57.0049 5048 SamSs - ok
20:13:57.0080 5048 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:13:57.0080 5048 sbp2port - ok
20:13:57.0111 5048 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:13:57.0127 5048 SCardSvr - ok
20:13:57.0189 5048 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
20:13:57.0220 5048 Schedule - ok
20:13:57.0236 5048 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
20:13:57.0267 5048 SCPolicySvc - ok
20:13:57.0298 5048 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
20:13:57.0329 5048 sdbus - ok
20:13:57.0345 5048 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:13:57.0376 5048 SDRSVC - ok
20:13:57.0392 5048 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:13:57.0439 5048 secdrv - ok
20:13:57.0454 5048 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
20:13:57.0485 5048 seclogon - ok
20:13:57.0517 5048 [ E5B56569A9F79B70314FEDE6C953641E ] seehcri C:\Windows\system32\DRIVERS\seehcri.sys
20:13:57.0517 5048 seehcri - ok
20:13:57.0532 5048 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
20:13:57.0563 5048 SENS - ok
20:13:57.0579 5048 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
20:13:57.0610 5048 Serenum - ok
20:13:57.0626 5048 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
20:13:57.0673 5048 Serial - ok
20:13:57.0688 5048 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
20:13:57.0704 5048 sermouse - ok
20:13:57.0735 5048 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
20:13:57.0766 5048 SessionEnv - ok
20:13:57.0782 5048 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:13:57.0797 5048 sffdisk - ok
20:13:57.0813 5048 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:13:57.0829 5048 sffp_mmc - ok
20:13:57.0844 5048 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:13:57.0875 5048 sffp_sd - ok
20:13:57.0891 5048 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
20:13:57.0938 5048 sfloppy - ok
20:13:57.0953 5048 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:13:57.0985 5048 SharedAccess - ok
20:13:58.0016 5048 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:13:58.0031 5048 ShellHWDetection - ok
20:13:58.0063 5048 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
20:13:58.0063 5048 sisagp - ok
20:13:58.0094 5048 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
20:13:58.0094 5048 SiSRaid2 - ok
20:13:58.0125 5048 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
20:13:58.0125 5048 SiSRaid4 - ok
20:13:58.0234 5048 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
20:13:58.0343 5048 slsvc - ok
20:13:58.0375 5048 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
20:13:58.0390 5048 SLUINotify - ok
20:13:58.0421 5048 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:13:58.0437 5048 Smb - ok
20:13:58.0484 5048 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:13:58.0484 5048 SNMPTRAP - ok
20:13:58.0515 5048 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
20:13:58.0515 5048 spldr - ok
20:13:58.0546 5048 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
20:13:58.0562 5048 Spooler - ok
20:13:58.0562 5048 sptd - ok
20:13:58.0609 5048 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:13:58.0624 5048 srv - ok
20:13:58.0655 5048 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:13:58.0671 5048 srv2 - ok
20:13:58.0702 5048 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:13:58.0718 5048 srvnet - ok
20:13:58.0733 5048 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:13:58.0765 5048 SSDPSRV - ok
20:13:58.0796 5048 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
20:13:58.0796 5048 ssmdrv - ok
20:13:58.0827 5048 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:13:58.0843 5048 SstpSvc - ok
20:13:58.0874 5048 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
20:13:58.0889 5048 stisvc - ok
20:13:58.0921 5048 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:13:58.0936 5048 swenum - ok
20:13:58.0967 5048 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
20:13:58.0983 5048 swprv - ok
20:13:59.0014 5048 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
20:13:59.0014 5048 Symc8xx - ok
20:13:59.0045 5048 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
20:13:59.0045 5048 Sym_hi - ok
20:13:59.0077 5048 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
20:13:59.0077 5048 Sym_u3 - ok
20:13:59.0108 5048 [ 4C9BB4B3B9EAC26211484C30B914C6DC ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
20:13:59.0123 5048 SynTP - ok
20:13:59.0155 5048 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
20:13:59.0186 5048 SysMain - ok
20:13:59.0217 5048 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:13:59.0233 5048 TabletInputService - ok
20:13:59.0279 5048 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:13:59.0311 5048 TapiSrv - ok
20:13:59.0326 5048 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
20:13:59.0342 5048 TBS - ok
20:13:59.0389 5048 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:13:59.0435 5048 Tcpip - ok
20:13:59.0467 5048 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
20:13:59.0498 5048 Tcpip6 - ok
20:13:59.0545 5048 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:13:59.0560 5048 tcpipreg - ok
20:13:59.0576 5048 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:13:59.0607 5048 TDPIPE - ok
20:13:59.0623 5048 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:13:59.0654 5048 TDTCP - ok
20:13:59.0685 5048 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:13:59.0701 5048 tdx - ok
20:13:59.0716 5048 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:13:59.0716 5048 TermDD - ok
20:13:59.0747 5048 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
20:13:59.0794 5048 TermService - ok
20:13:59.0841 5048 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
20:13:59.0857 5048 Themes - ok
20:13:59.0872 5048 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
20:13:59.0903 5048 THREADORDER - ok
20:13:59.0919 5048 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
20:13:59.0950 5048 TrkWks - ok
20:13:59.0981 5048 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:13:59.0997 5048 TrustedInstaller - ok
20:14:00.0028 5048 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:14:00.0059 5048 tssecsrv - ok
20:14:00.0075 5048 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
20:14:00.0091 5048 tunmp - ok
20:14:00.0106 5048 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:14:00.0122 5048 tunnel - ok
20:14:00.0137 5048 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
20:14:00.0153 5048 uagp35 - ok
20:14:00.0169 5048 [ F763E070843EE2803DE1395002B42938 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
20:14:00.0169 5048 UBHelper - ok
20:14:00.0200 5048 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:14:00.0215 5048 udfs - ok
20:14:00.0231 5048 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:14:00.0262 5048 UI0Detect - ok
20:14:00.0278 5048 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:14:00.0293 5048 uliagpkx - ok
20:14:00.0325 5048 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
20:14:00.0340 5048 uliahci - ok
20:14:00.0356 5048 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
20:14:00.0371 5048 UlSata - ok
20:14:00.0387 5048 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
20:14:00.0403 5048 ulsata2 - ok
20:14:00.0418 5048 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:14:00.0449 5048 umbus - ok
20:14:00.0465 5048 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
20:14:00.0496 5048 upnphost - ok
20:14:00.0512 5048 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:14:00.0527 5048 usbccgp - ok
20:14:00.0559 5048 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:14:00.0590 5048 usbcir - ok
20:14:00.0637 5048 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:14:00.0652 5048 usbehci - ok
20:14:00.0683 5048 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:14:00.0699 5048 usbhub - ok
20:14:00.0715 5048 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:14:00.0761 5048 usbohci - ok
20:14:00.0793 5048 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:14:00.0824 5048 usbprint - ok
20:14:00.0839 5048 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:14:00.0855 5048 USBSTOR - ok
20:14:00.0871 5048 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:14:00.0886 5048 usbuhci - ok
20:14:00.0902 5048 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
20:14:00.0933 5048 usbvideo - ok
20:14:00.0964 5048 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
20:14:00.0980 5048 UxSms - ok
20:14:01.0011 5048 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
20:14:01.0042 5048 vds - ok
20:14:01.0073 5048 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:14:01.0089 5048 vga - ok
20:14:01.0105 5048 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
20:14:01.0136 5048 VgaSave - ok
20:14:01.0151 5048 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
20:14:01.0167 5048 viaagp - ok
20:14:01.0183 5048 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
20:14:01.0198 5048 ViaC7 - ok
20:14:01.0229 5048 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
20:14:01.0229 5048 viaide - ok
20:14:01.0261 5048 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:14:01.0261 5048 volmgr - ok
20:14:01.0307 5048 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:14:01.0323 5048 volmgrx - ok
20:14:01.0354 5048 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:14:01.0370 5048 volsnap - ok
20:14:01.0385 5048 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
20:14:01.0401 5048 vsmraid - ok
20:14:01.0448 5048 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
20:14:01.0495 5048 VSS - ok
20:14:01.0526 5048 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
20:14:01.0541 5048 W32Time - ok
20:14:01.0604 5048 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
20:14:01.0635 5048 WacomPen - ok
20:14:01.0651 5048 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
20:14:01.0666 5048 Wanarp - ok
20:14:01.0682 5048 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:14:01.0697 5048 Wanarpv6 - ok
20:14:01.0729 5048 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:14:01.0760 5048 wcncsvc - ok
20:14:01.0807 5048 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:14:01.0838 5048 WcsPlugInService - ok
20:14:01.0869 5048 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
20:14:01.0869 5048 Wd - ok
20:14:01.0900 5048 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:14:01.0916 5048 Wdf01000 - ok
20:14:01.0947 5048 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:14:01.0978 5048 WdiServiceHost - ok
20:14:01.0978 5048 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:14:01.0994 5048 WdiSystemHost - ok
20:14:02.0025 5048 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
20:14:02.0056 5048 WebClient - ok
20:14:02.0072 5048 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:14:02.0087 5048 Wecsvc - ok
20:14:02.0103 5048 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:14:02.0119 5048 wercplsupport - ok
20:14:02.0165 5048 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
20:14:02.0181 5048 WerSvc - ok
20:14:02.0212 5048 [ 5A77AC34A0FFB70CE8B35B524FEDE9BA ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
20:14:02.0243 5048 winachsf - ok
20:14:02.0290 5048 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
20:14:02.0306 5048 WinDefend - ok
20:14:02.0306 5048 WinHttpAutoProxySvc - ok
20:14:02.0368 5048 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:14:02.0384 5048 Winmgmt - ok
20:14:02.0446 5048 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
20:14:02.0493 5048 WinRM - ok
20:14:02.0540 5048 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:14:02.0587 5048 Wlansvc - ok
20:14:02.0633 5048 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
20:14:02.0649 5048 WmiAcpi - ok
20:14:02.0696 5048 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:14:02.0727 5048 wmiApSrv - ok
20:14:02.0774 5048 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
20:14:02.0821 5048 WMPNetworkSvc - ok
20:14:02.0836 5048 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:14:02.0852 5048 WPCSvc - ok
20:14:02.0883 5048 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:14:02.0899 5048 WPDBusEnum - ok
20:14:02.0930 5048 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
20:14:02.0945 5048 WpdUsb - ok
20:14:03.0023 5048 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:14:03.0070 5048 WPFFontCache_v0400 - ok
20:14:03.0117 5048 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:14:03.0148 5048 ws2ifsl - ok
20:14:03.0179 5048 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
20:14:03.0195 5048 wscsvc - ok
20:14:03.0195 5048 WSearch - ok
20:14:03.0273 5048 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
20:14:03.0335 5048 wuauserv - ok
20:14:03.0382 5048 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:14:03.0398 5048 WUDFRd - ok
20:14:03.0429 5048 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:14:03.0460 5048 wudfsvc - ok
20:14:03.0476 5048 [ 88AF537264F2B818DA15479CEEAF5D7C ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
20:14:03.0491 5048 XAudio - ok
20:14:03.0507 5048 [ 15A317674A08DF26BE65164D959E9203 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
20:14:03.0523 5048 XAudioService - ok
20:14:03.0601 5048 [ 556B5CFE8D21B256ADD7F87D7F4B4123 ] {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
20:14:03.0616 5048 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok
20:14:03.0632 5048 ================ Scan global ===============================
20:14:03.0663 5048 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
20:14:03.0694 5048 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
20:14:03.0725 5048 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
20:14:03.0741 5048 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
20:14:03.0757 5048 [Global] - ok
20:14:03.0757 5048 ================ Scan MBR ==================================
20:14:03.0772 5048 [ BB9D3A6A13C5010348DA7C900BB6AF50 ] \Device\Harddisk0\DR0
20:14:04.0459 5048 \Device\Harddisk0\DR0 - ok
20:14:04.0459 5048 ================ Scan VBR ==================================
20:14:04.0459 5048 [ 6F24D73C77BC60BD85B19E9803565021 ] \Device\Harddisk0\DR0\Partition1
20:14:04.0459 5048 \Device\Harddisk0\DR0\Partition1 - ok
20:14:04.0490 5048 [ 5DF03CA1166485DE3396C4771D375981 ] \Device\Harddisk0\DR0\Partition2
20:14:04.0490 5048 \Device\Harddisk0\DR0\Partition2 - ok
20:14:04.0490 5048 ============================================================
20:14:04.0490 5048 Scan finished
20:14:04.0490 5048 ============================================================
20:14:04.0505 5444 Detected object count: 8
20:14:04.0505 5444 Actual detected object count: 8
20:16:11.0649 5444 BUNAgentSvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:16:11.0649 5444 BUNAgentSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:16:11.0649 5444 CLHNService ( UnsignedFile.Multi.Generic ) - skipped by user
20:16:11.0649 5444 CLHNService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:16:11.0649 5444 ETService ( UnsignedFile.Multi.Generic ) - skipped by user
20:16:11.0649 5444 ETService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:16:11.0649 5444 HauppaugeTVServer ( UnsignedFile.Multi.Generic ) - skipped by user
20:16:11.0649 5444 HauppaugeTVServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:16:11.0649 5444 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
20:16:11.0649 5444 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:16:11.0665 5444 NTIBackupSvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:16:11.0665 5444 NTIBackupSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:16:11.0665 5444 NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:16:11.0665 5444 NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:16:11.0665 5444 OMSI download service ( UnsignedFile.Multi.Generic ) - skipped by user
20:16:11.0665 5444 OMSI download service ( UnsignedFile.Multi.Generic ) - User select action: Skip
gruß tinusch |
|
13.12.2012, 15:30
| #6 | |
| /// Malware-holic | GVU auf winVista hi Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> GVU auf winVista |
|
| Themen zu GVU auf winVista |
| adblock, antivir, autorun, avira, bho, bildschirm, error, fehler, firefox, flash player, format, gmx.net, gvu 2.07 vista, helper, home, install.exe, intranet, jdownloader, launch, logfile, object, plug-in, popup, realtek, registry, rundll, senden, software, spark, svchost.exe, system, trojaner-board, usb, usb 2.0, vista, windows |
Linear-Darstellung
