Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: GVU auf winVista

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 05.12.2012, 02:26   #1
tinusch
 
GVU auf winVista - Standard

GVU auf winVista



Hallo Trojaner-Board,
meine Schwester hat es nun auch mit dem GVU Trojaner erwischt. Sie benutzt windows vista als 32bit system und seit kurzem kommt nun immer der Bildschirm der GVU der sie auffordert 100€ in Vouchern zu zahlen. Ich habe nach einem Neustart F8 und dann dden abgesicherten Modus gestartet. In diesem habe ich mich dann erkundigt und die Scans mit OTL und GMER gemacht.
Vielen Dank schon einmal im Vorraus

Gruß
tinusch

OTL:

OTL logfile created on: 05.12.2012 01:09:28 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\emi\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,99 Gb Total Physical Memory | 2,46 Gb Available Physical Memory | 82,02% Memory free
6,19 Gb Paging File | 5,86 Gb Available in Paging File | 94,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,16 Gb Total Space | 93,36 Gb Free Space | 65,67% Space Free | Partition Type: NTFS
Drive D: | 142,18 Gb Total Space | 126,31 Gb Free Space | 88,84% Space Free | Partition Type: NTFS
Drive F: | 488,01 Mb Total Space | 146,88 Mb Free Space | 30,10% Space Free | Partition Type: FAT32

Computer Name: EMI-PC | User Name: emi | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.12.05 01:04:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\emi\Desktop\OTL.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.21 03:23:32 | 000,319,544 | ---- | M] (Microsoft Corporation) -- c:\Programme\Windows Defender\MpCmdRun.exe


========== Modules (No Company Name) ==========

MOD - [2009.12.12 15:12:03 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - [2012.05.08 22:24:08 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 22:24:07 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Stopped] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2008.11.28 10:56:06 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.10.04 03:09:02 | 000,069,632 | ---- | M] () [Auto | Stopped] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2008.07.29 16:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Stopped] -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () [Auto | Stopped] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007.02.20 15:11:28 | 000,815,104 | ---- | M] (Hauppauge Computer Works) [On_Demand | Stopped] -- C:\Programme\WinTV\HCWTVServer.exe -- (HauppaugeTVServer)
SRV - [2006.10.26 23:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006.10.26 18:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.05.08 22:24:08 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 22:24:08 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.12.15 15:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.12.11 03:30:58 | 004,172,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.10.17 13:49:50 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/08/16 06:44:19] [Kernel | Auto | Stopped] -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008.10.08 09:43:08 | 000,005,632 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidshim.sys -- (hidshim)
DRV - [2008.10.08 09:43:06 | 000,022,528 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nuvotonhidgeneric.sys -- (nuvotonhidgeneric)
DRV - [2008.10.01 10:04:16 | 000,012,832 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008.08.26 20:25:28 | 000,150,560 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2008.05.21 13:36:12 | 003,663,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008.01.09 11:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2007.11.02 14:22:38 | 000,103,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217mgmt.sys -- (s217mgmt)
DRV - [2007.11.02 13:22:38 | 000,105,896 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217unic.sys -- (s217unic)
DRV - [2007.11.02 13:22:38 | 000,100,008 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217obex.sys -- (s217obex)
DRV - [2007.11.02 13:22:38 | 000,024,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217nd5.sys -- (s217nd5)
DRV - [2007.11.02 13:22:36 | 000,109,992 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217mdm.sys -- (s217mdm)
DRV - [2007.11.02 13:22:36 | 000,083,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217bus.sys -- (s217bus)
DRV - [2007.11.02 13:22:36 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217mdfl.sys -- (s217mdfl)
DRV - [2007.06.04 18:02:34 | 000,015,488 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw95rc.sys -- (hcw95rc)
DRV - [2007.06.04 18:00:06 | 000,467,456 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw95bda.sys -- (hcw95bda)
DRV - [2006.11.29 01:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0809&m=aspire_8730
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0809&m=aspire_8730
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0809&m=aspire_8730
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0809&m=aspire_8730
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE352DE352
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=9Oh725mCXT6xII8jORLUzMFCNzU?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "igoogle.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: toolbar@gmx.net:1.7.5


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.21 00:33:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.21 00:33:41 | 000,000,000 | ---D | M]

[2010.02.11 22:54:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\emi\AppData\Roaming\mozilla\Extensions
[2012.12.05 00:56:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\emi\AppData\Roaming\mozilla\Firefox\Profiles\0xz71nle.default\extensions
[2010.02.11 22:55:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\emi\AppData\Roaming\mozilla\Firefox\Profiles\0xz71nle.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.02.11 23:10:21 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\emi\AppData\Roaming\mozilla\Firefox\Profiles\0xz71nle.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012.05.05 15:08:04 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Users\emi\AppData\Roaming\mozilla\Firefox\Profiles\0xz71nle.default\extensions\toolbar@gmx.net
[2012.12.05 00:56:02 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.12.18 21:04:16 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.12.18 21:04:16 | 000,000,000 | ---D | M] (Skype extension) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1}
[2011.03.05 15:00:16 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.03.05 15:00:16 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.03.05 15:00:16 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.03.05 15:00:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.03.05 15:00:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EPGServiceTool] C:\Programme\WinTV\EPG Services\System\EPGClient.exe (Hauppauge Inc.)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{F9B99432-4FE6-7F65-022E-13C1B823E209}] C:\Users\emi\AppData\Roaming\Haodeq\hagoar.exe File not found
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_TATIHTU.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10l_Plugin.exe (Adobe Systems, Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3944893E-B4CC-4E20-878D-D8ED8E789562}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7D678203-2C02-414F-96DB-C6EFF72E0132}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\emi\Desktop\fotos\Portugal Feb 12\Foto0198.jpg
O24 - Desktop BackupWallPaper: C:\Users\emi\Desktop\fotos\Portugal Feb 12\Foto0198.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{c0137485-3c26-11df-ad03-001f16be9af3}\Shell\AutoRun\command - "" = F:\installer.exe
O33 - MountPoints2\{dd3bdede-b045-11df-b767-001f16be9af3}\Shell\Auto\command - "" = F:\AdobeR.exe e
O33 - MountPoints2\{dd3bdede-b045-11df-b767-001f16be9af3}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\AdobeR.exe e
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.12.05 01:05:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\emi\Desktop\OTL.exe
[2012.11.30 23:28:34 | 000,000,000 | -HSD | C] -- C:\found.000
[2010.07.04 21:31:30 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeD1FD.dll

========== Files - Modified Within 30 Days ==========

[2012.12.05 01:06:06 | 000,302,592 | ---- | M] () -- C:\Users\emi\Desktop\3ivibyd1.exe
[2012.12.05 01:04:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\emi\Desktop\OTL.exe
[2012.12.05 01:04:21 | 000,000,020 | ---- | M] () -- C:\Users\emi\defogger_reenable
[2012.12.05 01:00:30 | 000,001,356 | ---- | M] () -- C:\Users\emi\AppData\Local\d3d9caps.dat
[2012.12.05 00:57:50 | 000,627,900 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.05 00:57:50 | 000,595,530 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.05 00:57:50 | 000,126,014 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.05 00:57:50 | 000,103,604 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.05 00:44:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.05 00:43:09 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.05 00:43:09 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.05 00:23:09 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2012.12.05 00:22:54 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.04 23:30:24 | 095,023,320 | ---- | M] () -- C:\ProgramData\0tbpw.pad
[2012.12.04 23:21:06 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.28 22:02:51 | 000,000,906 | ---- | M] () -- C:\Users\emi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2012.11.28 11:47:24 | 000,019,968 | ---- | M] () -- C:\Users\emi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.26 09:17:15 | 280,858,728 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.11.21 22:30:31 | 000,002,631 | ---- | M] () -- C:\Users\emi\Desktop\Microsoft Office Word 2007.lnk
[2012.11.17 11:45:07 | 000,399,960 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.12 08:00:40 | 000,007,842 | ---- | M] () -- C:\Users\emi\Desktop\halloballobrumm_2012_11_12_N5LgxMHgYvtKAL98ddToBw.zip

========== Files Created - No Company Name ==========

[2012.12.05 01:06:45 | 000,302,592 | ---- | C] () -- C:\Users\emi\Desktop\3ivibyd1.exe
[2012.12.05 01:04:06 | 000,000,020 | ---- | C] () -- C:\Users\emi\defogger_reenable
[2012.11.30 23:22:32 | 000,333,257 | RHS- | C] () -- C:\bootmgr
[2012.11.28 22:02:51 | 000,000,906 | ---- | C] () -- C:\Users\emi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2012.11.28 22:02:49 | 095,023,320 | ---- | C] () -- C:\ProgramData\0tbpw.pad
[2012.11.12 08:00:40 | 000,007,842 | ---- | C] () -- C:\Users\emi\Desktop\halloballobrumm_2012_11_12_N5LgxMHgYvtKAL98ddToBw.zip
[2012.10.25 17:01:19 | 000,000,552 | ---- | C] () -- C:\Users\emi\AppData\Local\d3d8caps.dat
[2011.08.08 19:46:34 | 000,001,356 | ---- | C] () -- C:\Users\emi\AppData\Local\d3d9caps.dat
[2010.02.11 23:57:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.11.17 23:46:13 | 000,019,968 | ---- | C] () -- C:\Users\emi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009.01.22 18:59:31 | 000,000,000 | ---D | M] -- C:\Users\emi\AppData\Roaming\Acer GameZone Console
[2012.03.17 00:37:57 | 000,000,000 | ---D | M] -- C:\Users\emi\AppData\Roaming\Acnienl
[2010.07.05 00:29:11 | 000,000,000 | ---D | M] -- C:\Users\emi\AppData\Roaming\DAEMON Tools Lite
[2009.11.08 11:24:07 | 000,000,000 | ---D | M] -- C:\Users\emi\AppData\Roaming\eSobi
[2012.03.17 09:25:46 | 000,000,000 | ---D | M] -- C:\Users\emi\AppData\Roaming\Haodeq
[2012.02.01 23:41:30 | 000,000,000 | ---D | M] -- C:\Users\emi\AppData\Roaming\Ikyw
[2009.11.10 22:01:46 | 000,000,000 | ---D | M] -- C:\Users\emi\AppData\Roaming\OpenOffice.org
[2009.12.01 09:57:33 | 000,000,000 | ---D | M] -- C:\Users\emi\AppData\Roaming\PowerCinema
[2009.11.30 11:08:00 | 000,000,000 | ---D | M] -- C:\Users\emi\AppData\Roaming\SoftDMA
[2012.02.01 23:28:49 | 000,000,000 | ---D | M] -- C:\Users\emi\AppData\Roaming\Udemnei

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:F3176E45

< End of report >







Extras:

OTL Extras logfile created on: 05.12.2012 01:09:28 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\emi\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,99 Gb Total Physical Memory | 2,46 Gb Available Physical Memory | 82,02% Memory free
6,19 Gb Paging File | 5,86 Gb Available in Paging File | 94,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,16 Gb Total Space | 93,36 Gb Free Space | 65,67% Space Free | Partition Type: NTFS
Drive D: | 142,18 Gb Total Space | 126,31 Gb Free Space | 88,84% Space Free | Partition Type: NTFS
Drive F: | 488,01 Mb Total Space | 146,88 Mb Free Space | 30,10% Space Free | Partition Type: FAT32

Computer Name: EMI-PC | User Name: emi | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02310D32-CDD0-42EC-BF6C-3277FB4394E5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{30C85D19-42F1-4678-B6C9-0C64AAD6D47E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3FEB35C9-39B2-4DF5-A4DE-6A24F56B715E}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00007600-C351-4D0D-887F-438367E21DD4}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{0A6D7344-CBC6-475A-B122-34BD90B19049}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{191874F7-7B02-40C8-B114-0E75255B4C7E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{1A2792E7-BF7C-477B-AD5F-60F9CC7AE695}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{42FC34A1-5051-465F-A937-7359311584DE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{5DB012BB-DF24-4364-8955-39DC01884B89}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{6272C2FD-8887-4476-BE24-2DD4062582E7}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{64755B72-E7A8-45C8-B80F-8F8D431A8AE7}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{721D69FD-8D47-4E02-9795-358159BD8C7C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{727DC909-3A31-4704-9E16-A4466D594F7A}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{7494DCAD-E537-42D3-B0DE-E94820A1E397}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{7EDA4E37-47CE-474A-AABE-70E15EF081D3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{872D9259-BBF9-4197-AE85-4F78236D0E82}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{AE63E44C-E0D7-489E-96C7-5E8A294D6731}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{BC329D73-E8D3-4B0B-81C5-C8CB438B22B7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E9131088-D67C-4FD0-B6BC-07CD8088D9E4}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{E9C2B4A3-4CB1-4EC8-BE52-9D8652148EE2}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{EA35326E-3E14-489D-9BC3-40DA24F4438D}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{F11AFCBE-EC56-4978-9C73-39553942E437}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"TCP Query User{1096C4A3-8C6F-4A52-AFCD-4DF37F98B2A7}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{1AF99745-A891-41BA-A0DF-34E1DCF39C75}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{D3B61B53-DD53-4220-A872-D5C5F295614B}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{0A80B0F3-94C3-406B-80F9-C99B959B2CB2}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{A5A8CFBD-2B62-4B32-BD54-43999F2AA5AA}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{E96D7E38-12E3-4429-8037-454F6A426FEF}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{060AAE5B-9455-4D30-E03C-41442C580A47}" = Catalyst Control Center Localization Polish
"{0E44E447-6ED1-B31B-E0C6-E0A8533762C9}" = CCC Help German
"{0E592AF6-6381-0BD5-1990-44366C40282A}" = CCC Help Danish
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{222E0321-4496-CD3B-71BE-BBFCB4A09A3A}" = Catalyst Control Center Localization Chinese Standard
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{29D1E00F-2447-6D6A-C552-1E7F5A6449EA}" = Catalyst Control Center Graphics Full New
"{2A66D903-1ED8-D5CF-6A13-4ADF3D7ECD05}" = Catalyst Control Center Localization Norwegian
"{2C26B97F-698E-4E04-B398-8203B147859B}_is1" = TOPP Vorlagen-Druckstudio (5156)
"{2E41963B-151C-4D8B-BE5D-15A4F161719F}" = GoGear Spark Device Manager
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{302E9B7B-2B6A-4C29-9A02-9F2110649779}" = Nuvoton EC Generic HID Driver
"{31C09120-6DDC-787F-7255-967B81777C7E}" = CCC Help Polish
"{32FC88B4-52B5-86FA-3E61-5E3AD43855D2}" = CCC Help Chinese Traditional
"{3329E4B5-8A30-1A98-5E87-1811857AD34A}" = Catalyst Control Center Localization Chinese Traditional
"{3BDC4390-55D4-CC3E-7D4F-399F7D3D64F3}" = CCC Help Chinese Standard
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{425640DF-10DB-F749-5ACE-41F5E00D3155}" = CCC Help Portuguese
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4E646581-8E6D-B265-8894-E4E569572655}" = CCC Help Czech
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{51B4EC5E-25AD-077B-CEAE-B882F23FB605}" = Catalyst Control Center Graphics Previews Vista
"{56EEFA3A-9E17-9922-68C8-FD1BD151AE65}" = ccc-utility
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5D37080C-C718-87B4-2BCE-E04D23402BF0}" = CCC Help Norwegian
"{5DE17717-8B56-25F2-FB34-9AF121FA8167}" = Catalyst Control Center Core Implementation
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DF23EB-65DC-6933-C0DE-87D7F305A933}" = CCC Help Russian
"{61BF161D-B3CF-B966-DFE2-D36A74FE2FD3}" = CCC Help Thai
"{6A85F81E-9285-0964-BC23-714FC45263D0}" = CCC Help Greek
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B58131B-E1C3-9FC8-160C-C1E01B200C94}" = ATI Catalyst Install Manager
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6BD84F7F-660E-02B0-D324-A15456320EDA}" = Catalyst Control Center InstallProxy
"{6C309974-85FF-6875-0DA8-FD3C2B399DC4}" = Catalyst Control Center Localization Spanish
"{6E3970FD-8A5E-A3A1-4E7E-71F8C49DFF63}" = Catalyst Control Center Localization Portuguese
"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole
"{72291519-2DCA-BA30-798F-48C4E64E2313}" = Catalyst Control Center Localization Czech
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72BFF3AC-28AC-27EA-6FBD-5B2D14FEFCC7}" = Catalyst Control Center Localization French
"{734DCD79-13DA-855A-0EFB-83CE364C3452}" = CCC Help Dutch
"{751AB006-C405-3CB4-7827-86882BF1BA51}" = Catalyst Control Center Localization Korean
"{75CFDE75-80CA-E0AF-7A29-98E57C0C81EF}" = Skins
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{79BFBCBB-2085-5908-FF53-7BB34CE952B7}" = CCC Help Swedish
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B260281-BD06-400C-F51A-3FEB65108CB8}" = CCC Help Hungarian
"{7B268071-3D05-DBBF-3B44-59B7857D408F}" = Catalyst Control Center Localization Turkish
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110052107}" = Beetle Junior
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110082360}" = Alien Shooter
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110422467}" = Tiks Texas Hold em
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11219217}" = Cradle of Rome
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112548397}" = The Rise of Atlantis
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113848220}" = Agatha Christie Peril at End House
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113919217}" = Mythic Mahjong
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}" = Go-Go Gourmet
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11408540}" = Magic Match Adventures
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114717227}" = Magic Farm
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83D87171-666D-3D0C-8346-6D7AE6EACDF8}" = Catalyst Control Center Localization Hungarian
"{85EB55AA-7CB2-5BF1-14E3-07CA055D2020}" = CCC Help Italian
"{8875D8E2-F967-AD9C-5738-7BBC8EF482D7}" = Catalyst Control Center Localization Thai
"{89E26372-ED92-510E-7911-161F8F55E677}" = CCC Help English
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{94EED5A2-2464-3468-1674-DE5948D933B4}" = Catalyst Control Center Localization Danish
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95156C6A-B0D1-4AA7-0513-D733BEEBBC18}" = CCC Help Japanese
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A511966D-B370-4AD8-597A-9CF792F943C9}" = CCC Help Finnish
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.9.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AE9EF716-D8C6-3854-9221-546B03005611}" = ccc-core-static
"{B00A7D65-6C5C-7A14-A22F-D52DD7798AB3}" = Catalyst Control Center Localization Japanese
"{B1541910-5E93-0610-A8E5-FC9170D1A4F8}" = CCC Help Spanish
"{B1CE6512-B757-0283-6C06-5A58B295A0E7}" = CCC Help Turkish
"{B24C006F-470C-91A5-1AFA-F16EEFE0CD7A}" = Catalyst Control Center Localization Italian
"{B5BCBD49-202F-4238-8398-D83D423A48B4}" = Windows Live Anmelde-Assistent
"{BC1280C0-7FA5-2434-5820-26352484E790}" = Catalyst Control Center Graphics Light
"{C05EEF5D-DBA7-46E3-546F-4DEB8C26B261}" = CCC Help Korean
"{C7D35D4A-18A4-1853-2E43-6AC00FCDEE3A}" = Catalyst Control Center Localization Russian
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CCF22908-ECD2-4068-84F1-BA02DA1EC72D}" = GoGear Spark Device Manager
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D704735D-9558-C09C-07BC-DD6259D3ED83}" = Catalyst Control Center Localization Dutch
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DCA87C0C-DC10-C275-384E-B7C85A0145AC}" = CCC Help French
"{DE12C2CE-11A1-789A-9BF6-8A7212FBA668}" = Catalyst Control Center Localization Greek
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E08F6426-8A5F-115D-744F-E38B9426E3EE}" = Catalyst Control Center Localization Swedish
"{E4C774A3-D902-4A42-D5A8-09B07D5568C1}" = Catalyst Control Center Graphics Full Existing
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F65931E9-22ED-98E3-D540-C78FBC36144F}" = Catalyst Control Center Localization Finnish
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FD2F10F2-BC65-0CAB-A26A-51AFFED6012A}" = Catalyst Control Center Localization German
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Setup.divx.com" = DivX-Setup
"dm-Fotowelt" = dm-Fotowelt
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON BX535WD Series" = EPSON BX535WD Series Printer Uninstall
"Google Desktop" = Google Desktop
"GridVista" = Acer GridVista
"Hauppauge German Help Files and Resources" = Hauppauge German Help Files and Resources
"Hauppauge WinTV" = Hauppauge WinTV
"Hauppauge WinTV DVB-T EPG Service" = Hauppauge WinTV DVB-T EPG Service
"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote
"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
"Hauppauge WinTV TV Services" = Hauppauge WinTV TV Services
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"JDownloader" = JDownloader
"LManager" = Launch Manager
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.0.5
"VTPlus32 für WinTV (German)" = VTPlus32 für WinTV (German)
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 27.03.2012 18:32:09 | Computer Name = emi-PC | Source = EventSystem | ID = 4621
Description =

Error - 28.03.2012 06:44:19 | Computer Name = emi-PC | Source = EventSystem | ID = 4621
Description =

Error - 29.03.2012 18:47:00 | Computer Name = emi-PC | Source = EventSystem | ID = 4621
Description =

Error - 30.03.2012 05:03:38 | Computer Name = emi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 30.03.2012 05:03:42 | Computer Name = emi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 30.03.2012 05:03:42 | Computer Name = emi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 30.03.2012 08:50:29 | Computer Name = emi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 30.03.2012 08:50:32 | Computer Name = emi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 30.03.2012 08:50:33 | Computer Name = emi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 30.03.2012 08:50:47 | Computer Name = emi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ System Events ]
Error - 30.11.2012 18:32:34 | Computer Name = emi-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 04.12.2012 18:33:14 | Computer Name = emi-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 001E65805064 zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%1223. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.

Error - 04.12.2012 19:24:22 | Computer Name = emi-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 04.12.2012 19:24:22 | Computer Name = emi-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 04.12.2012 19:44:27 | Computer Name = emi-PC | Source = DCOM | ID = 10005
Description =

Error - 04.12.2012 19:44:34 | Computer Name = emi-PC | Source = DCOM | ID = 10005
Description =

Error - 04.12.2012 19:44:52 | Computer Name = emi-PC | Source = DCOM | ID = 10005
Description =

Error - 04.12.2012 19:45:46 | Computer Name = emi-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 04.12.2012 19:45:46 | Computer Name = emi-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 04.12.2012 20:05:12 | Computer Name = emi-PC | Source = DCOM | ID = 10005
Description =


< End of report >







Gmer:

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-12-05 02:00:53
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-22ZCT0 rev.11.01A11
Running: 3ivibyd1.exe; Driver: C:\Users\emi\AppData\Local\Temp\kxtdapow.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Windows\Explorer.EXE[1476] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5 7596B37C 4 Bytes [00, 26, 00, 10] {ADD [ESI], AH; ADD [EAX], DL}
.text C:\Windows\Explorer.EXE[1476] SHELL32.dll!ShellExecuteExW + 18B7 7599DA14 4 Bytes [10, 1B, 00, 10] {ADC [EBX], BL; ADD [EAX], DL}

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73DA7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73DEB4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73DABB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73D9F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73DA75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73D9E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73DD73F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73DADA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73D9FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73D9FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73D971CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73E2CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73DCC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73D9D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73D96853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73D9687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1476] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73DA2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1476] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [100027E0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT C:\Windows\Explorer.EXE[1476] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001D90] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT C:\Windows\Explorer.EXE[1476] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10002B30] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT C:\Windows\Explorer.EXE[1476] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100011D0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x81 0x40 0x56 0x88 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x81 0x40 0x56 0x88 ...

---- EOF - GMER 1.0.15 ----

Alt 05.12.2012, 12:58   #2
markusg
/// Malware-holic
 
GVU auf winVista - Standard

GVU auf winVista



hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
[2012.12.04 23:30:24 | 095,023,320 | ---- | M] () -- C:\ProgramData\0tbpw.pad
[2012.11.28 22:02:51 | 000,000,906 | ---- | M] () -- C:\Users\emi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
 :Files
:Commands
[EMPTYFLASH] 
[emptytemp]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden
__________________

__________________

Alt 05.12.2012, 17:14   #3
tinusch
 
GVU auf winVista - Standard

GVU auf winVista



Oh super...es geht wieder..zumindest kommt nach dem normalen start kein GVU!!!


ich hab jetzt leider den inhalt der txt aus dem clipboard gelöscht weil ich nicht dran gedacht hab und schnell was anderes kopieren wollte..jetzt kann ich aber auch die txt nicht mehr finden...zumindest ist sie nicht auf dem desktop..tut mir leid


kann ichn sonst noch was machen um reste zu löschen oder ist alles sauber?

gruß
tinusch
__________________

Alt 06.12.2012, 16:40   #4
markusg
/// Malware-holic
 
GVU auf winVista - Standard

GVU auf winVista



download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 07.12.2012, 20:22   #5
tinusch
 
GVU auf winVista - Standard

GVU auf winVista



den tdsskiller hab ich durchlaufen lassen
folgendes kam dabei raus:

Code:
ATTFilter
20:13:33.0992 6016  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:13:34.0335 6016  ============================================================
20:13:34.0335 6016  Current date / time: 2012/12/07 20:13:34.0335
20:13:34.0335 6016  SystemInfo:
20:13:34.0335 6016  
20:13:34.0335 6016  OS Version: 6.0.6002 ServicePack: 2.0
20:13:34.0335 6016  Product type: Workstation
20:13:34.0335 6016  ComputerName: EMI-PC
20:13:34.0335 6016  UserName: emi
20:13:34.0335 6016  Windows directory: C:\Windows
20:13:34.0335 6016  System windows directory: C:\Windows
20:13:34.0335 6016  Processor architecture: Intel x86
20:13:34.0335 6016  Number of processors: 2
20:13:34.0335 6016  Page size: 0x1000
20:13:34.0335 6016  Boot type: Normal boot
20:13:34.0335 6016  ============================================================
20:13:35.0427 6016  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:13:35.0427 6016  ============================================================
20:13:35.0427 6016  \Device\Harddisk0\DR0:
20:13:35.0427 6016  MBR partitions:
20:13:35.0427 6016  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x157C800, BlocksNum 0x11C53000
20:13:35.0427 6016  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x131CF800, BlocksNum 0x11C5E800
20:13:35.0427 6016  ============================================================
20:13:35.0458 6016  C: <-> \Device\Harddisk0\DR0\Partition1
20:13:35.0505 6016  D: <-> \Device\Harddisk0\DR0\Partition2
20:13:35.0505 6016  ============================================================
20:13:35.0505 6016  Initialize success
20:13:35.0505 6016  ============================================================
20:13:41.0511 5048  ============================================================
20:13:41.0511 5048  Scan started
20:13:41.0511 5048  Mode: Manual; SigCheck; TDLFS; 
20:13:41.0511 5048  ============================================================
20:13:41.0979 5048  ================ Scan system memory ========================
20:13:41.0979 5048  System memory - ok
20:13:41.0979 5048  ================ Scan services =============================
20:13:42.0166 5048  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
20:13:42.0322 5048  ACPI - ok
20:13:42.0353 5048  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
20:13:42.0385 5048  adp94xx - ok
20:13:42.0416 5048  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
20:13:42.0447 5048  adpahci - ok
20:13:42.0463 5048  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
20:13:42.0478 5048  adpu160m - ok
20:13:42.0494 5048  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
20:13:42.0525 5048  adpu320 - ok
20:13:42.0556 5048  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:13:42.0587 5048  AeLookupSvc - ok
20:13:42.0634 5048  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
20:13:42.0650 5048  AFD - ok
20:13:42.0681 5048  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
20:13:42.0697 5048  agp440 - ok
20:13:42.0728 5048  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
20:13:42.0743 5048  aic78xx - ok
20:13:42.0775 5048  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
20:13:42.0790 5048  ALG - ok
20:13:42.0821 5048  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:13:42.0837 5048  aliide - ok
20:13:42.0853 5048  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
20:13:42.0868 5048  amdagp - ok
20:13:42.0884 5048  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
20:13:42.0899 5048  amdide - ok
20:13:42.0931 5048  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
20:13:42.0946 5048  AmdK7 - ok
20:13:42.0962 5048  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
20:13:42.0993 5048  AmdK8 - ok
20:13:43.0102 5048  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
20:13:43.0118 5048  AntiVirSchedulerService - ok
20:13:43.0149 5048  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
20:13:43.0165 5048  AntiVirService - ok
20:13:43.0211 5048  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
20:13:43.0211 5048  Appinfo - ok
20:13:43.0227 5048  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
20:13:43.0243 5048  arc - ok
20:13:43.0258 5048  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
20:13:43.0274 5048  arcsas - ok
20:13:43.0305 5048  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:13:43.0321 5048  AsyncMac - ok
20:13:43.0352 5048  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
20:13:43.0352 5048  atapi - ok
20:13:43.0414 5048  [ 740B9B4140CACCD0513D999EAB488E48 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
20:13:43.0430 5048  Ati External Event Utility - ok
20:13:43.0570 5048  [ 7526AD10925D1AA9E4E6B0FB393B701F ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
20:13:43.0695 5048  atikmdag - ok
20:13:43.0757 5048  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:13:43.0773 5048  AudioEndpointBuilder - ok
20:13:43.0789 5048  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
20:13:43.0804 5048  Audiosrv - ok
20:13:43.0851 5048  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
20:13:43.0867 5048  avgntflt - ok
20:13:43.0929 5048  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
20:13:43.0945 5048  avipbb - ok
20:13:43.0945 5048  [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
20:13:43.0960 5048  avkmgr - ok
20:13:44.0007 5048  [ 6FB43F0DADB3FDC287D080C19666AF8D ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
20:13:44.0023 5048  b57nd60x - ok
20:13:44.0054 5048  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:13:44.0085 5048  Beep - ok
20:13:44.0116 5048  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
20:13:44.0179 5048  BFE - ok
20:13:44.0272 5048  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
20:13:44.0303 5048  BITS - ok
20:13:44.0319 5048  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
20:13:44.0335 5048  blbdrive - ok
20:13:44.0366 5048  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:13:44.0381 5048  bowser - ok
20:13:44.0413 5048  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
20:13:44.0428 5048  BrFiltLo - ok
20:13:44.0428 5048  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
20:13:44.0444 5048  BrFiltUp - ok
20:13:44.0475 5048  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
20:13:44.0506 5048  Browser - ok
20:13:44.0522 5048  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
20:13:44.0569 5048  Brserid - ok
20:13:44.0584 5048  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
20:13:44.0615 5048  BrSerWdm - ok
20:13:44.0631 5048  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
20:13:44.0678 5048  BrUsbMdm - ok
20:13:44.0693 5048  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
20:13:44.0725 5048  BrUsbSer - ok
20:13:44.0740 5048  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
20:13:44.0771 5048  BTHMODEM - ok
20:13:44.0834 5048  [ 09E6AFFAE6C0E9158BF05C7D08D0107A ] BUNAgentSvc     C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
20:13:44.0834 5048  BUNAgentSvc ( UnsignedFile.Multi.Generic ) - warning
20:13:44.0834 5048  BUNAgentSvc - detected UnsignedFile.Multi.Generic (1)
20:13:44.0849 5048  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:13:44.0881 5048  cdfs - ok
20:13:44.0896 5048  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:13:44.0912 5048  cdrom - ok
20:13:44.0959 5048  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
20:13:44.0974 5048  CertPropSvc - ok
20:13:44.0990 5048  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
20:13:45.0005 5048  circlass - ok
20:13:45.0052 5048  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
20:13:45.0068 5048  CLFS - ok
20:13:45.0146 5048  [ 8B67044AE0621C005245EF62EEF0746F ] CLHNService     C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
20:13:45.0161 5048  CLHNService ( UnsignedFile.Multi.Generic ) - warning
20:13:45.0161 5048  CLHNService - detected UnsignedFile.Multi.Generic (1)
20:13:45.0208 5048  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:13:45.0224 5048  clr_optimization_v2.0.50727_32 - ok
20:13:45.0317 5048  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:13:45.0317 5048  clr_optimization_v4.0.30319_32 - ok
20:13:45.0364 5048  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:13:45.0380 5048  CmBatt - ok
20:13:45.0395 5048  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:13:45.0411 5048  cmdide - ok
20:13:45.0427 5048  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
20:13:45.0442 5048  Compbatt - ok
20:13:45.0442 5048  COMSysApp - ok
20:13:45.0458 5048  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
20:13:45.0473 5048  crcdisk - ok
20:13:45.0473 5048  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
20:13:45.0505 5048  Crusoe - ok
20:13:45.0551 5048  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:13:45.0567 5048  CryptSvc - ok
20:13:45.0614 5048  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:13:45.0645 5048  DcomLaunch - ok
20:13:45.0692 5048  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:13:45.0692 5048  DfsC - ok
20:13:45.0770 5048  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
20:13:45.0832 5048  DFSR - ok
20:13:45.0895 5048  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
20:13:45.0910 5048  Dhcp - ok
20:13:45.0941 5048  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
20:13:45.0957 5048  disk - ok
20:13:46.0004 5048  [ 73BAF270D24FE726B9CD7F80BB17A23D ] DKbFltr         C:\Windows\system32\DRIVERS\DKbFltr.sys
20:13:46.0004 5048  DKbFltr - ok
20:13:46.0051 5048  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:13:46.0051 5048  Dnscache - ok
20:13:46.0082 5048  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:13:46.0097 5048  dot3svc - ok
20:13:46.0207 5048  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
20:13:46.0222 5048  DPS - ok
20:13:46.0253 5048  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:13:46.0269 5048  drmkaud - ok
20:13:46.0347 5048  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:13:46.0394 5048  DXGKrnl - ok
20:13:46.0441 5048  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
20:13:46.0456 5048  E1G60 - ok
20:13:46.0487 5048  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
20:13:46.0503 5048  EapHost - ok
20:13:46.0565 5048  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
20:13:46.0581 5048  Ecache - ok
20:13:46.0659 5048  [ B1F2503E23425B386DF0F3413B2596F3 ] eDataSecurity Service C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
20:13:46.0675 5048  eDataSecurity Service - ok
20:13:46.0721 5048  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:13:46.0737 5048  ehRecvr - ok
20:13:46.0753 5048  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
20:13:46.0768 5048  ehSched - ok
20:13:46.0784 5048  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
20:13:46.0784 5048  ehstart - ok
20:13:46.0815 5048  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
20:13:46.0846 5048  elxstor - ok
20:13:46.0893 5048  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
20:13:46.0924 5048  EMDMgmt - ok
20:13:46.0987 5048  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:13:47.0018 5048  ErrDev - ok
20:13:47.0080 5048  [ F25247D0E011A643EE60052CE23BE05E ] ETService       C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
20:13:47.0080 5048  ETService ( UnsignedFile.Multi.Generic ) - warning
20:13:47.0080 5048  ETService - detected UnsignedFile.Multi.Generic (1)
20:13:47.0111 5048  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
20:13:47.0127 5048  EventSystem - ok
20:13:47.0174 5048  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
20:13:47.0174 5048  exfat - ok
20:13:47.0205 5048  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:13:47.0236 5048  fastfat - ok
20:13:47.0252 5048  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:13:47.0267 5048  fdc - ok
20:13:47.0299 5048  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
20:13:47.0330 5048  fdPHost - ok
20:13:47.0330 5048  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:13:47.0377 5048  FDResPub - ok
20:13:47.0392 5048  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:13:47.0408 5048  FileInfo - ok
20:13:47.0408 5048  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:13:47.0439 5048  Filetrace - ok
20:13:47.0455 5048  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:13:47.0486 5048  flpydisk - ok
20:13:47.0517 5048  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:13:47.0517 5048  FltMgr - ok
20:13:47.0595 5048  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
20:13:47.0626 5048  FontCache - ok
20:13:47.0689 5048  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:13:47.0704 5048  FontCache3.0.0.0 - ok
20:13:47.0720 5048  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:13:47.0735 5048  Fs_Rec - ok
20:13:47.0767 5048  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
20:13:47.0767 5048  gagp30kx - ok
20:13:47.0845 5048  [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
20:13:47.0860 5048  GoogleDesktopManager-051210-111108 - ok
20:13:47.0891 5048  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
20:13:47.0938 5048  gpsvc - ok
20:13:48.0001 5048  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
20:13:48.0016 5048  gupdate - ok
20:13:48.0032 5048  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
20:13:48.0032 5048  gupdatem - ok
20:13:48.0094 5048  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:13:48.0110 5048  gusvc - ok
20:13:48.0172 5048  [ FC282BDB2D558B6C3BC2D848C5CA9F13 ] HauppaugeTVServer C:\PROGRA~1\WinTV\HCWTVS~1.EXE
20:13:48.0188 5048  HauppaugeTVServer ( UnsignedFile.Multi.Generic ) - warning
20:13:48.0188 5048  HauppaugeTVServer - detected UnsignedFile.Multi.Generic (1)
20:13:48.0250 5048  [ 6D1EA2467A49A954C95AA493382B3A6D ] hcw95bda        C:\Windows\system32\Drivers\hcw95bda.sys
20:13:48.0266 5048  hcw95bda - ok
20:13:48.0297 5048  [ 7A1FA260E31C3D3EBD061265251EF0F6 ] hcw95rc         C:\Windows\system32\DRIVERS\hcw95rc.sys
20:13:48.0297 5048  hcw95rc - ok
20:13:48.0344 5048  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:13:48.0375 5048  HdAudAddService - ok
20:13:48.0422 5048  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
20:13:48.0437 5048  HDAudBus - ok
20:13:48.0469 5048  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
20:13:48.0500 5048  HidBth - ok
20:13:48.0515 5048  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
20:13:48.0562 5048  HidIr - ok
20:13:48.0578 5048  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
20:13:48.0593 5048  hidserv - ok
20:13:48.0625 5048  [ 7F7E5E98CEFED8A10F7E56810EA7B6DF ] hidshim         C:\Windows\system32\DRIVERS\hidshim.sys
20:13:48.0640 5048  hidshim - ok
20:13:48.0656 5048  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:13:48.0671 5048  HidUsb - ok
20:13:48.0703 5048  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:13:48.0734 5048  hkmsvc - ok
20:13:48.0749 5048  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
20:13:48.0765 5048  HpCISSs - ok
20:13:48.0796 5048  [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL        C:\Windows\system32\DRIVERS\VSTAZL3.SYS
20:13:48.0827 5048  HSFHWAZL - ok
20:13:48.0874 5048  [ 7BC42C65B5C6281777C1A7605B253BA8 ] HSF_DPV         C:\Windows\system32\DRIVERS\HSX_DPV.sys
20:13:48.0905 5048  HSF_DPV - ok
20:13:48.0937 5048  [ 9EBF2D102CCBB6BCDFBF1B7922F8BA2E ] HSXHWAZL        C:\Windows\system32\DRIVERS\HSXHWAZL.sys
20:13:48.0952 5048  HSXHWAZL - ok
20:13:48.0983 5048  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:13:48.0999 5048  HTTP - ok
20:13:49.0015 5048  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
20:13:49.0030 5048  i2omp - ok
20:13:49.0061 5048  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
20:13:49.0077 5048  i8042prt - ok
20:13:49.0124 5048  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
20:13:49.0139 5048  iaStorV - ok
20:13:49.0186 5048  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:13:49.0249 5048  idsvc - ok
20:13:49.0280 5048  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
20:13:49.0295 5048  iirsp - ok
20:13:49.0327 5048  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
20:13:49.0358 5048  IKEEXT - ok
20:13:49.0389 5048  [ 58FF11C95C3681C9250914521CB9F036 ] int15           C:\Windows\system32\drivers\int15.sys
20:13:49.0405 5048  int15 - ok
20:13:49.0498 5048  [ B8716D9677B04B82FA405C8C54954728 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
20:13:49.0576 5048  IntcAzAudAddService - ok
20:13:49.0607 5048  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
20:13:49.0607 5048  intelide - ok
20:13:49.0623 5048  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:13:49.0654 5048  intelppm - ok
20:13:49.0685 5048  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:13:49.0701 5048  IPBusEnum - ok
20:13:49.0732 5048  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:13:49.0748 5048  IpFilterDriver - ok
20:13:49.0795 5048  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:13:49.0795 5048  iphlpsvc - ok
20:13:49.0810 5048  IpInIp - ok
20:13:49.0841 5048  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
20:13:49.0873 5048  IPMIDRV - ok
20:13:49.0888 5048  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
20:13:49.0919 5048  IPNAT - ok
20:13:49.0935 5048  [ E50A95179211B12946F7E035D60AF560 ] irda            C:\Windows\system32\DRIVERS\irda.sys
20:13:49.0966 5048  irda - ok
20:13:49.0982 5048  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:13:50.0013 5048  IRENUM - ok
20:13:50.0029 5048  [ CBB0D940221A281BCFEAEA695BD1CDA5 ] Irmon           C:\Windows\System32\irmon.dll
20:13:50.0075 5048  Irmon - ok
20:13:50.0075 5048  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:13:50.0091 5048  isapnp - ok
20:13:50.0122 5048  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
20:13:50.0138 5048  iScsiPrt - ok
20:13:50.0153 5048  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
20:13:50.0153 5048  iteatapi - ok
20:13:50.0169 5048  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
20:13:50.0185 5048  iteraid - ok
20:13:50.0200 5048  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:13:50.0216 5048  kbdclass - ok
20:13:50.0231 5048  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:13:50.0247 5048  kbdhid - ok
20:13:50.0278 5048  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
20:13:50.0294 5048  KeyIso - ok
20:13:50.0325 5048  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:13:50.0341 5048  KSecDD - ok
20:13:50.0419 5048  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:13:50.0450 5048  KtmRm - ok
20:13:50.0481 5048  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:13:50.0497 5048  LanmanServer - ok
20:13:50.0528 5048  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:13:50.0543 5048  LanmanWorkstation - ok
20:13:50.0606 5048  [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
20:13:50.0606 5048  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
20:13:50.0606 5048  LightScribeService - detected UnsignedFile.Multi.Generic (1)
20:13:50.0653 5048  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:13:50.0668 5048  lltdio - ok
20:13:50.0699 5048  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:13:50.0731 5048  lltdsvc - ok
20:13:50.0746 5048  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:13:50.0793 5048  lmhosts - ok
20:13:50.0809 5048  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
20:13:50.0824 5048  LSI_FC - ok
20:13:50.0840 5048  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
20:13:50.0855 5048  LSI_SAS - ok
20:13:50.0887 5048  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
20:13:50.0887 5048  LSI_SCSI - ok
20:13:50.0918 5048  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
20:13:50.0933 5048  luafv - ok
20:13:50.0965 5048  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:13:50.0980 5048  Mcx2Svc - ok
20:13:50.0996 5048  [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
20:13:51.0011 5048  mdmxsdk - ok
20:13:51.0027 5048  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
20:13:51.0043 5048  megasas - ok
20:13:51.0058 5048  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
20:13:51.0074 5048  MegaSR - ok
20:13:51.0183 5048  [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
20:13:51.0199 5048  Microsoft Office Groove Audit Service - ok
20:13:51.0214 5048  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
20:13:51.0245 5048  MMCSS - ok
20:13:51.0277 5048  MobilityService - ok
20:13:51.0292 5048  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
20:13:51.0308 5048  Modem - ok
20:13:51.0323 5048  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:13:51.0339 5048  monitor - ok
20:13:51.0370 5048  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:13:51.0370 5048  mouclass - ok
20:13:51.0386 5048  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:13:51.0417 5048  mouhid - ok
20:13:51.0433 5048  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
20:13:51.0448 5048  MountMgr - ok
20:13:51.0464 5048  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:13:51.0479 5048  mpio - ok
20:13:51.0495 5048  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:13:51.0511 5048  mpsdrv - ok
20:13:51.0557 5048  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:13:51.0589 5048  MpsSvc - ok
20:13:51.0604 5048  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
20:13:51.0620 5048  Mraid35x - ok
20:13:51.0651 5048  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:13:51.0667 5048  MRxDAV - ok
20:13:51.0698 5048  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:13:51.0713 5048  mrxsmb - ok
20:13:51.0745 5048  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:13:51.0760 5048  mrxsmb10 - ok
20:13:51.0760 5048  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:13:51.0776 5048  mrxsmb20 - ok
20:13:51.0823 5048  [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:13:51.0823 5048  msahci - ok
20:13:51.0854 5048  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:13:51.0869 5048  msdsm - ok
20:13:51.0885 5048  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
20:13:51.0916 5048  MSDTC - ok
20:13:51.0947 5048  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:13:51.0963 5048  Msfs - ok
20:13:51.0979 5048  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:13:51.0994 5048  msisadrv - ok
20:13:52.0025 5048  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:13:52.0041 5048  MSiSCSI - ok
20:13:52.0057 5048  msiserver - ok
20:13:52.0072 5048  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:13:52.0088 5048  MSKSSRV - ok
20:13:52.0103 5048  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:13:52.0135 5048  MSPCLOCK - ok
20:13:52.0150 5048  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:13:52.0166 5048  MSPQM - ok
20:13:52.0213 5048  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:13:52.0213 5048  MsRPC - ok
20:13:52.0244 5048  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
20:13:52.0244 5048  mssmbios - ok
20:13:52.0275 5048  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:13:52.0306 5048  MSTEE - ok
20:13:52.0322 5048  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
20:13:52.0337 5048  Mup - ok
20:13:52.0369 5048  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
20:13:52.0384 5048  napagent - ok
20:13:52.0415 5048  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:13:52.0431 5048  NativeWifiP - ok
20:13:52.0447 5048  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:13:52.0478 5048  NDIS - ok
20:13:52.0509 5048  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:13:52.0525 5048  NdisTapi - ok
20:13:52.0540 5048  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:13:52.0556 5048  Ndisuio - ok
20:13:52.0587 5048  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:13:52.0618 5048  NdisWan - ok
20:13:52.0618 5048  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:13:52.0634 5048  NDProxy - ok
20:13:52.0649 5048  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:13:52.0665 5048  NetBIOS - ok
20:13:52.0681 5048  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
20:13:52.0696 5048  netbt - ok
20:13:52.0712 5048  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
20:13:52.0727 5048  Netlogon - ok
20:13:52.0743 5048  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
20:13:52.0774 5048  Netman - ok
20:13:52.0790 5048  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
20:13:52.0821 5048  netprofm - ok
20:13:52.0837 5048  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:13:52.0852 5048  NetTcpPortSharing - ok
20:13:52.0961 5048  [ 0B214C6A4728F085FB64A29ED9C4DE94 ] NETw5v32        C:\Windows\system32\DRIVERS\NETw5v32.sys
20:13:53.0071 5048  NETw5v32 - ok
20:13:53.0117 5048  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
20:13:53.0117 5048  nfrd960 - ok
20:13:53.0149 5048  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:13:53.0164 5048  NlaSvc - ok
20:13:53.0211 5048  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:13:53.0227 5048  Npfs - ok
20:13:53.0242 5048  [ 6D8D2E5652FC2442C810C5D8BE784148 ] NSCIRDA         C:\Windows\system32\DRIVERS\nscirda.sys
20:13:53.0258 5048  NSCIRDA - ok
20:13:53.0289 5048  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
20:13:53.0320 5048  nsi - ok
20:13:53.0320 5048  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:13:53.0351 5048  nsiproxy - ok
20:13:53.0414 5048  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:13:53.0461 5048  Ntfs - ok
20:13:53.0507 5048  [ A2B6583A5652A385DFF5E4F49AD48761 ] NTIBackupSvc    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
20:13:53.0507 5048  NTIBackupSvc ( UnsignedFile.Multi.Generic ) - warning
20:13:53.0507 5048  NTIBackupSvc - detected UnsignedFile.Multi.Generic (1)
20:13:53.0539 5048  [ 2757D2BA59AEE155209E24942AB127C9 ] NTIDrvr         C:\Windows\system32\DRIVERS\NTIDrvr.sys
20:13:53.0539 5048  NTIDrvr - ok
20:13:53.0570 5048  [ 40B87FE8A1A9A5AC9E5A91D96F212BCD ] NTISchedulerSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
20:13:53.0585 5048  NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - warning
20:13:53.0585 5048  NTISchedulerSvc - detected UnsignedFile.Multi.Generic (1)
20:13:53.0585 5048  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
20:13:53.0632 5048  ntrigdigi - ok
20:13:53.0648 5048  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
20:13:53.0679 5048  Null - ok
20:13:53.0695 5048  [ 85D8845B7B6A434B7CE35723BF0E5C57 ] nuvotonhidgeneric C:\Windows\system32\DRIVERS\nuvotonhidgeneric.sys
20:13:53.0695 5048  nuvotonhidgeneric - ok
20:13:53.0726 5048  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:13:53.0726 5048  nvraid - ok
20:13:53.0741 5048  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:13:53.0757 5048  nvstor - ok
20:13:53.0773 5048  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:13:53.0788 5048  nv_agp - ok
20:13:53.0804 5048  NwlnkFlt - ok
20:13:53.0804 5048  NwlnkFwd - ok
20:13:53.0882 5048  [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:13:53.0913 5048  odserv - ok
20:13:53.0944 5048  [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
20:13:53.0975 5048  ohci1394 - ok
20:13:54.0022 5048  [ DA345DE3B450E9E1691E7B9956D8FFC3 ] OMSI download service C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
20:13:54.0038 5048  OMSI download service ( UnsignedFile.Multi.Generic ) - warning
20:13:54.0038 5048  OMSI download service - detected UnsignedFile.Multi.Generic (1)
20:13:54.0085 5048  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:13:54.0085 5048  ose - ok
20:13:54.0163 5048  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
20:13:54.0178 5048  p2pimsvc - ok
20:13:54.0225 5048  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
20:13:54.0241 5048  p2psvc - ok
20:13:54.0272 5048  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
20:13:54.0319 5048  Parport - ok
20:13:54.0350 5048  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:13:54.0365 5048  partmgr - ok
20:13:54.0397 5048  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
20:13:54.0443 5048  Parvdm - ok
20:13:54.0459 5048  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:13:54.0475 5048  PcaSvc - ok
20:13:54.0506 5048  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
20:13:54.0521 5048  pci - ok
20:13:54.0537 5048  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
20:13:54.0553 5048  pciide - ok
20:13:54.0599 5048  [ B7C5A8769541900F6DFA6FE0C5E4D513 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
20:13:54.0599 5048  pcmcia - ok
20:13:54.0646 5048  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:13:54.0709 5048  PEAUTH - ok
20:13:54.0771 5048  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
20:13:54.0818 5048  pla - ok
20:13:54.0849 5048  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:13:54.0865 5048  PlugPlay - ok
20:13:54.0896 5048  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
20:13:54.0927 5048  PNRPAutoReg - ok
20:13:54.0974 5048  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
20:13:54.0989 5048  PNRPsvc - ok
20:13:55.0005 5048  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:13:55.0052 5048  PolicyAgent - ok
20:13:55.0114 5048  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:13:55.0130 5048  PptpMiniport - ok
20:13:55.0161 5048  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys
20:13:55.0177 5048  Processor - ok
20:13:55.0192 5048  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:13:55.0223 5048  ProfSvc - ok
20:13:55.0239 5048  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
20:13:55.0239 5048  ProtectedStorage - ok
20:13:55.0286 5048  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
20:13:55.0301 5048  PSched - ok
20:13:55.0317 5048  [ 628321C8DD76AD369B362B202E655A68 ] PSDFilter       C:\Windows\system32\DRIVERS\psdfilter.sys
20:13:55.0333 5048  PSDFilter - ok
20:13:55.0348 5048  [ 79D7117E62709C7690CF3DD55ACEAD37 ] PSDNServ        C:\Windows\system32\DRIVERS\PSDNServ.sys
20:13:55.0364 5048  PSDNServ - ok
20:13:55.0379 5048  [ CAE5E82827990CF4BD4A49576BDE3A43 ] psdvdisk        C:\Windows\system32\DRIVERS\PSDVdisk.sys
20:13:55.0379 5048  psdvdisk - ok
20:13:55.0442 5048  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
20:13:55.0489 5048  ql2300 - ok
20:13:55.0504 5048  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
20:13:55.0504 5048  ql40xx - ok
20:13:55.0535 5048  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
20:13:55.0551 5048  QWAVE - ok
20:13:55.0567 5048  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:13:55.0582 5048  QWAVEdrv - ok
20:13:55.0598 5048  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:13:55.0629 5048  RasAcd - ok
20:13:55.0629 5048  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
20:13:55.0660 5048  RasAuto - ok
20:13:55.0676 5048  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:13:55.0707 5048  Rasl2tp - ok
20:13:55.0738 5048  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
20:13:55.0754 5048  RasMan - ok
20:13:55.0785 5048  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:13:55.0801 5048  RasPppoe - ok
20:13:55.0847 5048  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:13:55.0863 5048  RasSstp - ok
20:13:55.0879 5048  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:13:55.0894 5048  rdbss - ok
20:13:55.0925 5048  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:13:55.0957 5048  RDPCDD - ok
20:13:55.0972 5048  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
20:13:56.0003 5048  rdpdr - ok
20:13:56.0003 5048  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:13:56.0019 5048  RDPENCDD - ok
20:13:56.0066 5048  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:13:56.0081 5048  RDPWD - ok
20:13:56.0128 5048  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:13:56.0144 5048  RemoteAccess - ok
20:13:56.0191 5048  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:13:56.0206 5048  RemoteRegistry - ok
20:13:56.0253 5048  [ 17E0BEF5CA5C9CE52CC8082AC6EBC449 ] RichVideo       c:\Program Files\Cyberlink\Shared files\RichVideo.exe
20:13:56.0269 5048  RichVideo - ok
20:13:56.0300 5048  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
20:13:56.0315 5048  RpcLocator - ok
20:13:56.0347 5048  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
20:13:56.0409 5048  RpcSs - ok
20:13:56.0456 5048  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:13:56.0503 5048  rspndr - ok
20:13:56.0596 5048  [ 065A51298212455584F1811B033B617E ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIV.sys
20:13:56.0612 5048  RTHDMIAzAudService - ok
20:13:56.0627 5048  [ 8DAB5975B5C7923D61506A48E251DBAD ] RTSTOR          C:\Windows\system32\drivers\RTSTOR.SYS
20:13:56.0659 5048  RTSTOR - ok
20:13:56.0690 5048  [ 0266151DE3F36429F6AC3C4B28085061 ] s217bus         C:\Windows\system32\DRIVERS\s217bus.sys
20:13:56.0705 5048  s217bus - ok
20:13:56.0752 5048  [ A43C0AF0E46BE7EF0C7E8CCF0F058600 ] s217mdfl        C:\Windows\system32\DRIVERS\s217mdfl.sys
20:13:56.0768 5048  s217mdfl - ok
20:13:56.0799 5048  [ 005F5DED1ED8F8A9D2399D765EAD20F1 ] s217mdm         C:\Windows\system32\DRIVERS\s217mdm.sys
20:13:56.0815 5048  s217mdm - ok
20:13:56.0846 5048  [ DE9562AD0C91E1857D11F65A91EE1A47 ] s217mgmt        C:\Windows\system32\DRIVERS\s217mgmt.sys
20:13:56.0861 5048  s217mgmt - ok
20:13:56.0908 5048  [ 11CC5D7F992799E7E75D018E9C018563 ] s217nd5         C:\Windows\system32\DRIVERS\s217nd5.sys
20:13:56.0924 5048  s217nd5 - ok
20:13:56.0955 5048  [ 0F9F4045799AFB66B85EEF999D0609EC ] s217obex        C:\Windows\system32\DRIVERS\s217obex.sys
20:13:56.0971 5048  s217obex - ok
20:13:57.0002 5048  [ 1C91E1023F07B6407D84B5A43537D984 ] s217unic        C:\Windows\system32\DRIVERS\s217unic.sys
20:13:57.0017 5048  s217unic - ok
20:13:57.0033 5048  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
20:13:57.0049 5048  SamSs - ok
20:13:57.0080 5048  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:13:57.0080 5048  sbp2port - ok
20:13:57.0111 5048  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:13:57.0127 5048  SCardSvr - ok
20:13:57.0189 5048  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
20:13:57.0220 5048  Schedule - ok
20:13:57.0236 5048  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:13:57.0267 5048  SCPolicySvc - ok
20:13:57.0298 5048  [ 126EA89BCC413EE45E3004FB0764888F ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
20:13:57.0329 5048  sdbus - ok
20:13:57.0345 5048  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:13:57.0376 5048  SDRSVC - ok
20:13:57.0392 5048  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:13:57.0439 5048  secdrv - ok
20:13:57.0454 5048  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
20:13:57.0485 5048  seclogon - ok
20:13:57.0517 5048  [ E5B56569A9F79B70314FEDE6C953641E ] seehcri         C:\Windows\system32\DRIVERS\seehcri.sys
20:13:57.0517 5048  seehcri - ok
20:13:57.0532 5048  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
20:13:57.0563 5048  SENS - ok
20:13:57.0579 5048  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
20:13:57.0610 5048  Serenum - ok
20:13:57.0626 5048  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
20:13:57.0673 5048  Serial - ok
20:13:57.0688 5048  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
20:13:57.0704 5048  sermouse - ok
20:13:57.0735 5048  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:13:57.0766 5048  SessionEnv - ok
20:13:57.0782 5048  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:13:57.0797 5048  sffdisk - ok
20:13:57.0813 5048  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:13:57.0829 5048  sffp_mmc - ok
20:13:57.0844 5048  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:13:57.0875 5048  sffp_sd - ok
20:13:57.0891 5048  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
20:13:57.0938 5048  sfloppy - ok
20:13:57.0953 5048  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:13:57.0985 5048  SharedAccess - ok
20:13:58.0016 5048  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:13:58.0031 5048  ShellHWDetection - ok
20:13:58.0063 5048  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
20:13:58.0063 5048  sisagp - ok
20:13:58.0094 5048  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
20:13:58.0094 5048  SiSRaid2 - ok
20:13:58.0125 5048  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
20:13:58.0125 5048  SiSRaid4 - ok
20:13:58.0234 5048  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
20:13:58.0343 5048  slsvc - ok
20:13:58.0375 5048  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
20:13:58.0390 5048  SLUINotify - ok
20:13:58.0421 5048  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:13:58.0437 5048  Smb - ok
20:13:58.0484 5048  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:13:58.0484 5048  SNMPTRAP - ok
20:13:58.0515 5048  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
20:13:58.0515 5048  spldr - ok
20:13:58.0546 5048  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
20:13:58.0562 5048  Spooler - ok
20:13:58.0562 5048  sptd - ok
20:13:58.0609 5048  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:13:58.0624 5048  srv - ok
20:13:58.0655 5048  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:13:58.0671 5048  srv2 - ok
20:13:58.0702 5048  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:13:58.0718 5048  srvnet - ok
20:13:58.0733 5048  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:13:58.0765 5048  SSDPSRV - ok
20:13:58.0796 5048  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
20:13:58.0796 5048  ssmdrv - ok
20:13:58.0827 5048  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:13:58.0843 5048  SstpSvc - ok
20:13:58.0874 5048  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
20:13:58.0889 5048  stisvc - ok
20:13:58.0921 5048  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
20:13:58.0936 5048  swenum - ok
20:13:58.0967 5048  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
20:13:58.0983 5048  swprv - ok
20:13:59.0014 5048  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
20:13:59.0014 5048  Symc8xx - ok
20:13:59.0045 5048  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
20:13:59.0045 5048  Sym_hi - ok
20:13:59.0077 5048  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
20:13:59.0077 5048  Sym_u3 - ok
20:13:59.0108 5048  [ 4C9BB4B3B9EAC26211484C30B914C6DC ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
20:13:59.0123 5048  SynTP - ok
20:13:59.0155 5048  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
20:13:59.0186 5048  SysMain - ok
20:13:59.0217 5048  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:13:59.0233 5048  TabletInputService - ok
20:13:59.0279 5048  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:13:59.0311 5048  TapiSrv - ok
20:13:59.0326 5048  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
20:13:59.0342 5048  TBS - ok
20:13:59.0389 5048  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:13:59.0435 5048  Tcpip - ok
20:13:59.0467 5048  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
20:13:59.0498 5048  Tcpip6 - ok
20:13:59.0545 5048  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:13:59.0560 5048  tcpipreg - ok
20:13:59.0576 5048  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:13:59.0607 5048  TDPIPE - ok
20:13:59.0623 5048  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:13:59.0654 5048  TDTCP - ok
20:13:59.0685 5048  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:13:59.0701 5048  tdx - ok
20:13:59.0716 5048  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
20:13:59.0716 5048  TermDD - ok
20:13:59.0747 5048  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
20:13:59.0794 5048  TermService - ok
20:13:59.0841 5048  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
20:13:59.0857 5048  Themes - ok
20:13:59.0872 5048  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
20:13:59.0903 5048  THREADORDER - ok
20:13:59.0919 5048  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
20:13:59.0950 5048  TrkWks - ok
20:13:59.0981 5048  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:13:59.0997 5048  TrustedInstaller - ok
20:14:00.0028 5048  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:14:00.0059 5048  tssecsrv - ok
20:14:00.0075 5048  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
20:14:00.0091 5048  tunmp - ok
20:14:00.0106 5048  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:14:00.0122 5048  tunnel - ok
20:14:00.0137 5048  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
20:14:00.0153 5048  uagp35 - ok
20:14:00.0169 5048  [ F763E070843EE2803DE1395002B42938 ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
20:14:00.0169 5048  UBHelper - ok
20:14:00.0200 5048  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:14:00.0215 5048  udfs - ok
20:14:00.0231 5048  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:14:00.0262 5048  UI0Detect - ok
20:14:00.0278 5048  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:14:00.0293 5048  uliagpkx - ok
20:14:00.0325 5048  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
20:14:00.0340 5048  uliahci - ok
20:14:00.0356 5048  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
20:14:00.0371 5048  UlSata - ok
20:14:00.0387 5048  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
20:14:00.0403 5048  ulsata2 - ok
20:14:00.0418 5048  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
20:14:00.0449 5048  umbus - ok
20:14:00.0465 5048  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
20:14:00.0496 5048  upnphost - ok
20:14:00.0512 5048  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:14:00.0527 5048  usbccgp - ok
20:14:00.0559 5048  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:14:00.0590 5048  usbcir - ok
20:14:00.0637 5048  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
20:14:00.0652 5048  usbehci - ok
20:14:00.0683 5048  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:14:00.0699 5048  usbhub - ok
20:14:00.0715 5048  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
20:14:00.0761 5048  usbohci - ok
20:14:00.0793 5048  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:14:00.0824 5048  usbprint - ok
20:14:00.0839 5048  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:14:00.0855 5048  USBSTOR - ok
20:14:00.0871 5048  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
20:14:00.0886 5048  usbuhci - ok
20:14:00.0902 5048  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
20:14:00.0933 5048  usbvideo - ok
20:14:00.0964 5048  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
20:14:00.0980 5048  UxSms - ok
20:14:01.0011 5048  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
20:14:01.0042 5048  vds - ok
20:14:01.0073 5048  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:14:01.0089 5048  vga - ok
20:14:01.0105 5048  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:14:01.0136 5048  VgaSave - ok
20:14:01.0151 5048  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
20:14:01.0167 5048  viaagp - ok
20:14:01.0183 5048  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
20:14:01.0198 5048  ViaC7 - ok
20:14:01.0229 5048  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
20:14:01.0229 5048  viaide - ok
20:14:01.0261 5048  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:14:01.0261 5048  volmgr - ok
20:14:01.0307 5048  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:14:01.0323 5048  volmgrx - ok
20:14:01.0354 5048  [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:14:01.0370 5048  volsnap - ok
20:14:01.0385 5048  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
20:14:01.0401 5048  vsmraid - ok
20:14:01.0448 5048  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
20:14:01.0495 5048  VSS - ok
20:14:01.0526 5048  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
20:14:01.0541 5048  W32Time - ok
20:14:01.0604 5048  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
20:14:01.0635 5048  WacomPen - ok
20:14:01.0651 5048  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
20:14:01.0666 5048  Wanarp - ok
20:14:01.0682 5048  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:14:01.0697 5048  Wanarpv6 - ok
20:14:01.0729 5048  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:14:01.0760 5048  wcncsvc - ok
20:14:01.0807 5048  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:14:01.0838 5048  WcsPlugInService - ok
20:14:01.0869 5048  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
20:14:01.0869 5048  Wd - ok
20:14:01.0900 5048  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:14:01.0916 5048  Wdf01000 - ok
20:14:01.0947 5048  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:14:01.0978 5048  WdiServiceHost - ok
20:14:01.0978 5048  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:14:01.0994 5048  WdiSystemHost - ok
20:14:02.0025 5048  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
20:14:02.0056 5048  WebClient - ok
20:14:02.0072 5048  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:14:02.0087 5048  Wecsvc - ok
20:14:02.0103 5048  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:14:02.0119 5048  wercplsupport - ok
20:14:02.0165 5048  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:14:02.0181 5048  WerSvc - ok
20:14:02.0212 5048  [ 5A77AC34A0FFB70CE8B35B524FEDE9BA ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys
20:14:02.0243 5048  winachsf - ok
20:14:02.0290 5048  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
20:14:02.0306 5048  WinDefend - ok
20:14:02.0306 5048  WinHttpAutoProxySvc - ok
20:14:02.0368 5048  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:14:02.0384 5048  Winmgmt - ok
20:14:02.0446 5048  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
20:14:02.0493 5048  WinRM - ok
20:14:02.0540 5048  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:14:02.0587 5048  Wlansvc - ok
20:14:02.0633 5048  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
20:14:02.0649 5048  WmiAcpi - ok
20:14:02.0696 5048  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:14:02.0727 5048  wmiApSrv - ok
20:14:02.0774 5048  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
20:14:02.0821 5048  WMPNetworkSvc - ok
20:14:02.0836 5048  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:14:02.0852 5048  WPCSvc - ok
20:14:02.0883 5048  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:14:02.0899 5048  WPDBusEnum - ok
20:14:02.0930 5048  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
20:14:02.0945 5048  WpdUsb - ok
20:14:03.0023 5048  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:14:03.0070 5048  WPFFontCache_v0400 - ok
20:14:03.0117 5048  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:14:03.0148 5048  ws2ifsl - ok
20:14:03.0179 5048  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
20:14:03.0195 5048  wscsvc - ok
20:14:03.0195 5048  WSearch - ok
20:14:03.0273 5048  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
20:14:03.0335 5048  wuauserv - ok
20:14:03.0382 5048  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:14:03.0398 5048  WUDFRd - ok
20:14:03.0429 5048  [ 575A4190D989F64732119E4114045A4F ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:14:03.0460 5048  wudfsvc - ok
20:14:03.0476 5048  [ 88AF537264F2B818DA15479CEEAF5D7C ] XAudio          C:\Windows\system32\DRIVERS\xaudio.sys
20:14:03.0491 5048  XAudio - ok
20:14:03.0507 5048  [ 15A317674A08DF26BE65164D959E9203 ] XAudioService   C:\Windows\system32\DRIVERS\xaudio.exe
20:14:03.0523 5048  XAudioService - ok
20:14:03.0601 5048  [ 556B5CFE8D21B256ADD7F87D7F4B4123 ] {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
20:14:03.0616 5048  {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok
20:14:03.0632 5048  ================ Scan global ===============================
20:14:03.0663 5048  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
20:14:03.0694 5048  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
20:14:03.0725 5048  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
20:14:03.0741 5048  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
20:14:03.0757 5048  [Global] - ok
20:14:03.0757 5048  ================ Scan MBR ==================================
20:14:03.0772 5048  [ BB9D3A6A13C5010348DA7C900BB6AF50 ] \Device\Harddisk0\DR0
20:14:04.0459 5048  \Device\Harddisk0\DR0 - ok
20:14:04.0459 5048  ================ Scan VBR ==================================
20:14:04.0459 5048  [ 6F24D73C77BC60BD85B19E9803565021 ] \Device\Harddisk0\DR0\Partition1
20:14:04.0459 5048  \Device\Harddisk0\DR0\Partition1 - ok
20:14:04.0490 5048  [ 5DF03CA1166485DE3396C4771D375981 ] \Device\Harddisk0\DR0\Partition2
20:14:04.0490 5048  \Device\Harddisk0\DR0\Partition2 - ok
20:14:04.0490 5048  ============================================================
20:14:04.0490 5048  Scan finished
20:14:04.0490 5048  ============================================================
20:14:04.0505 5444  Detected object count: 8
20:14:04.0505 5444  Actual detected object count: 8
20:16:11.0649 5444  BUNAgentSvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:16:11.0649 5444  BUNAgentSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:16:11.0649 5444  CLHNService ( UnsignedFile.Multi.Generic ) - skipped by user
20:16:11.0649 5444  CLHNService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:16:11.0649 5444  ETService ( UnsignedFile.Multi.Generic ) - skipped by user
20:16:11.0649 5444  ETService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:16:11.0649 5444  HauppaugeTVServer ( UnsignedFile.Multi.Generic ) - skipped by user
20:16:11.0649 5444  HauppaugeTVServer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:16:11.0649 5444  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
20:16:11.0649 5444  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:16:11.0665 5444  NTIBackupSvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:16:11.0665 5444  NTIBackupSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:16:11.0665 5444  NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:16:11.0665 5444  NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:16:11.0665 5444  OMSI download service ( UnsignedFile.Multi.Generic ) - skipped by user
20:16:11.0665 5444  OMSI download service ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
vielen Dank
gruß
tinusch


Alt 13.12.2012, 15:30   #6
markusg
/// Malware-holic
 
GVU auf winVista - Standard

GVU auf winVista



hi
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
--> GVU auf winVista

Antwort

Themen zu GVU auf winVista
adblock, antivir, autorun, avira, bho, bildschirm, error, fehler, firefox, flash player, format, gmx.net, gvu 2.07 vista, helper, home, install.exe, intranet, jdownloader, launch, logfile, object, popup, realtek, registry, rundll, senden, software, spark, svchost.exe, system, trojaner-board, usb, usb 2.0, vista, windows



Ähnliche Themen: GVU auf winVista


  1. Laptop WinVista sehr langsam
    Alles rund um Windows - 11.11.2014 (13)
  2. WinVista: Trojaner-Alarm und Umleitung auf Werbung
    Log-Analyse und Auswertung - 04.09.2014 (9)
  3. GVU-Virus auf WinVista, weißer Bildschirm nach Neustart
    Log-Analyse und Auswertung - 30.09.2013 (17)
  4. Diverse (Viren-/Malware-)Probleme mit WinVista
    Plagegeister aller Art und deren Bekämpfung - 07.09.2013 (13)
  5. WinVista: 7Hl_orco.ese.part: Verdacht auf Schädlingsbefall
    Plagegeister aller Art und deren Bekämpfung - 05.08.2013 (11)
  6. GVU Trojaner WinVista 32bit
    Log-Analyse und Auswertung - 22.01.2013 (3)
  7. WinVista Bundestrojaner 1.1.3 .- BlueScreen - OTLPE Auswertung
    Log-Analyse und Auswertung - 25.11.2012 (2)
  8. Bundestrojaner (winvista) Hilfe zur Beseitigung mithilfe von OTLPE
    Plagegeister aller Art und deren Bekämpfung - 21.11.2012 (2)
  9. Bundespolizeitrojaner 1.13 WinVista
    Plagegeister aller Art und deren Bekämpfung - 13.09.2012 (3)
  10. GVU 2.07 Trojaner WinVista
    Log-Analyse und Auswertung - 09.09.2012 (12)
  11. WinVista BKA Trojaner 1.13
    Log-Analyse und Auswertung - 24.08.2012 (45)
  12. winVista Suisa/GEMA Trojaner eingefahren...
    Plagegeister aller Art und deren Bekämpfung - 15.07.2012 (7)
  13. WinVista Problem :(
    Plagegeister aller Art und deren Bekämpfung - 27.05.2012 (2)
  14. GEMA Trojaner auf Aspire 8930G mit WinVista
    Plagegeister aller Art und deren Bekämpfung - 07.03.2012 (44)
  15. Seltsame Fehlermeldung WinVista
    Alles rund um Windows - 02.08.2011 (1)
  16. Nach Absturz und Repairvorgang ist WinVista Design weg
    Plagegeister aller Art und deren Bekämpfung - 06.12.2010 (20)
  17. WinVISTA-Ultimate winupdater.exe
    Plagegeister aller Art und deren Bekämpfung - 12.07.2007 (5)

Zum Thema GVU auf winVista - Hallo Trojaner-Board, meine Schwester hat es nun auch mit dem GVU Trojaner erwischt. Sie benutzt windows vista als 32bit system und seit kurzem kommt nun immer der Bildschirm der GVU - GVU auf winVista...
Archiv
Du betrachtest: GVU auf winVista auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.