| |
| |||||||
Log-Analyse und Auswertung: Rootkit / Echtzeitscanner lässt sich nicht mehr aktivierenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
06.09.2012, 07:29
| #1 |
| |  Rootkit / Echtzeitscanner lässt sich nicht mehr aktivieren Moin zusammen, jetzt bin ich auch bei gelandet und hoffe dass Ihr für mich auch noch etwas Rettungsleine übrig habt. Alles fing damit an dass beim meinem Anti-Virenprogramm der Echtzeitscanner nicht mehr funktionierte. Dieses Problem hab ich schon in ein anderes Forum, in dem ich sehr aktiv bin, gepostet. Leider konnte mir dort, bei meinem ganz speziellen Problem, keiner helfen. Dass hier ist keine 1:1 Kopie meines Post dort. Es wurden folgende Schritte unternommen: Malwarebytes Anti-Malware durch laufen lassen (verdächtige Dateien wurden gelöscht), Avira sauber gelöscht, AVG drauf (gleiches Problem), AVG sauber gelöscht, Windows Vista einmal durch gescannt mit Microsoft Safety Scanner, Vista auf aktuellen Stand gepacht, Avira im abgesicherten Modus wieder drauf, gleiches Problem, Avira ließ sich sogar nicht mehr im Task-Manager beenden, Avira wieder sauber runter gelöscht …. Folgende Fehlermeldungen tauchen bei mir auf: Vista Dienste erscheint Fehlercode 307 bei dem Versuch den Echzeitscanner zu aktivieren. Bei GMER LoadDriver(“C:\Users\***\AppData\Local\Temp\pgrdqpow.sys”) error 0xC0000001: Ein an das System angeschlossenes Gerät funktioniert nicht. Kam der Fehler von GMER vielleicht dadurch dass ich mein Smartphone gerade am Laptop angeschlossen hatte? Das System: Samsung R40 Plus mit Windows Vista 32 Bit. OTL Logfile: Code:
ATTFilter OTL logfile created on: 06.09.2012 01:44:50 - Run 1 OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\Konto\Downloads\Viren Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.17037) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,75 Gb Total Physical Memory | 0,48 Gb Available Physical Memory | 27,36% Memory free 3,71 Gb Paging File | 2,41 Gb Available in Paging File | 65,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 69,05 Gb Total Space | 2,69 Gb Free Space | 3,90% Space Free | Partition Type: NTFS Drive D: | 70,00 Gb Total Space | 14,17 Gb Free Space | 20,25% Space Free | Partition Type: NTFS Computer Name: *** | User Name: Konto | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.05 21:40:41 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Konto\Downloads\Viren\OTL.exe PRC - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012.08.10 18:59:52 | 004,440,896 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Konto\AppData\Local\Akamai\netsession_win.exe PRC - [2012.07.27 22:51:36 | 000,035,768 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Reader 10.0\Reader\reader_sl.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) -- C:\Programme\Skype\Updater\Updater.exe PRC - [2011.08.01 11:11:38 | 001,091,984 | ---- | M] (Western Digital ) -- C:\Programme\Western Digital\WD SmartWare\WDRulesEngine.exe PRC - [2011.08.01 11:11:36 | 001,592,208 | ---- | M] (Western Digital ) -- C:\Programme\Western Digital\WD SmartWare\WDFME.exe PRC - [2011.08.01 11:11:34 | 003,983,760 | ---- | M] (Western Digital Technologies, Inc.) -- C:\Programme\Western Digital\WD SmartWare\WDDMStatus.exe PRC - [2011.08.01 11:11:32 | 000,263,056 | ---- | M] (WDC) -- C:\Programme\Western Digital\WD SmartWare\WDDMService.exe PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2008.11.24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2008.11.24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe PRC - [2008.01.10 06:28:42 | 001,232,896 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2007.06.28 19:54:42 | 000,073,728 | ---- | M] () -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe PRC - [2007.02.07 06:18:02 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe PRC - [2007.02.05 20:48:14 | 000,692,224 | ---- | M] (SAMSUNG Electronics) -- C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2007.01.25 03:01:34 | 001,362,432 | ---- | M] () -- C:\Programme\Samsung\Samsung Recovery Solution II\WCScheduler.exe PRC - [2007.01.24 22:05:20 | 000,565,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2007.01.05 21:31:20 | 000,049,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe PRC - [2006.11.22 00:12:42 | 000,719,664 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2006.11.09 20:57:00 | 003,784,704 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2006.11.03 12:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe PRC - [2006.11.02 14:36:04 | 000,201,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2006.11.02 11:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe PRC - [2006.11.02 11:44:59 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2006.10.05 22:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2001.02.23 10:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe ========== Modules (No Company Name) ========== MOD - [2012.02.17 21:55:35 | 000,166,912 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.08.01 08:34:44 | 000,064,000 | ---- | M] () -- C:\Programme\Western Digital\WD SmartWare\WDCollections.dll MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe MOD - [2009.10.17 10:39:15 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\22e348e7fee20fcb2013d3dfe016ae8e\System.Management.ni.dll MOD - [2009.10.17 10:38:19 | 011,796,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03858406f9a9514402888707e8b93abe\System.Web.ni.dll MOD - [2009.10.17 10:38:10 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\23281812ddf7a1fab881b5322e577ac4\System.Runtime.Remoting.ni.dll MOD - [2009.10.17 10:38:02 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e6001d416f7c468334934a2c6a41c631\System.Configuration.ni.dll MOD - [2009.10.17 10:26:40 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\7208ffa39630e9b923331f9df0947a12\System.Xml.ni.dll MOD - [2009.10.17 10:26:20 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1941d7639299344ae28fb6b23da65247\System.Windows.Forms.ni.dll MOD - [2009.10.17 10:26:08 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6312464f64727a2a50d5ce3fd73ad1bb\System.Drawing.ni.dll MOD - [2009.10.17 10:24:47 | 007,868,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\52e1ea3c7491e05cda766d7b3ce3d559\System.ni.dll MOD - [2009.10.17 10:24:25 | 011,486,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\17f572b09facdc5fda9431558eb7a26e\mscorlib.ni.dll MOD - [2008.07.27 20:00:17 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2008.07.27 20:00:17 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2007.02.28 20:07:36 | 001,671,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2594.41331__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2007.02.28 20:07:36 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2594.41288__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2007.02.28 20:07:36 | 000,184,320 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2594.41343__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2007.02.28 20:07:36 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2594.41322__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2007.02.28 20:07:36 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2594.41342__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll MOD - [2007.02.28 20:07:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2594.41308__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2007.02.28 20:07:35 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2594.41563__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll MOD - [2007.02.28 20:07:35 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2594.41552__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2007.02.28 20:07:35 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2594.41507__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2007.02.28 20:07:35 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2594.41441__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2007.02.28 20:07:33 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2594.41597__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2007.02.28 20:06:38 | 000,335,872 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2594.41518__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2007.02.28 20:06:38 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2594.41604__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2007.02.28 20:06:38 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2594.41524__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2007.02.28 20:06:38 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2594.41302__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2007.02.28 20:06:38 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2594.41516__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2007.02.28 20:06:38 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2594.41590__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2007.02.28 20:06:37 | 000,659,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2594.41453__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2007.02.28 20:06:37 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2594.41355__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2007.02.28 20:06:37 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2594.41310__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2007.02.28 20:06:37 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2594.41537__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2007.02.28 20:06:37 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2594.41349__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2007.02.28 20:06:37 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2594.41475__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2007.02.28 20:06:37 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2594.41450__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2007.02.28 20:06:37 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2594.41360__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2007.02.28 20:06:37 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2594.41474__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2007.02.28 20:06:36 | 000,909,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2594.41558__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll MOD - [2007.02.28 20:06:36 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2594.41444__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2007.02.28 20:06:36 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2594.41494__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2007.02.28 20:06:36 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2594.41361__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2007.02.28 20:06:36 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2594.41441__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2007.02.28 20:06:36 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2594.41449__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2007.02.28 20:06:36 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2594.41493__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2007.02.28 20:06:35 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2007.02.28 20:06:34 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2536.35576__90ba9c70f846762e\LOG.Foundation.dll MOD - [2007.02.28 20:06:34 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2536.35581__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2007.02.28 20:06:34 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2536.35589__90ba9c70f846762e\MOM.Foundation.dll MOD - [2007.02.28 20:06:33 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2536.35577__90ba9c70f846762e\CLI.Foundation.dll MOD - [2007.02.28 20:06:33 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2536.35587__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2007.02.28 20:06:33 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2537.29860__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2007.02.28 20:06:33 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2536.35642__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2007.02.28 20:06:33 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2536.35590__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2007.02.28 20:06:33 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2536.35586__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2007.02.28 20:06:33 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2536.35580__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2007.02.28 20:06:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2536.35599__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2007.02.28 20:06:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2536.35599__90ba9c70f846762e\DEM.OS.dll MOD - [2007.02.28 20:06:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2536.35598__90ba9c70f846762e\DEM.Graphics.dll MOD - [2007.02.28 20:06:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2531.19989__90ba9c70f846762e\DEM.Foundation.dll MOD - [2007.02.28 20:06:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2536.35593__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2007.02.28 20:06:32 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2561.34688__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2007.02.28 20:06:32 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2536.35593__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll MOD - [2007.02.28 20:06:32 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2536.35597__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2007.02.28 20:06:32 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2536.35615__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2007.02.28 20:06:32 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2536.35606__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2007.02.28 20:06:32 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2536.35594__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2007.02.28 20:06:32 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2536.35615__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2007.02.28 20:06:32 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2536.35596__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2007.02.28 20:06:32 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2536.35593__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2007.02.28 20:06:32 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2536.35592__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2007.02.28 20:06:32 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2536.35595__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2007.02.28 20:06:31 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2536.35595__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2007.02.28 20:06:31 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2536.35595__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2007.02.28 20:06:31 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2536.35597__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2007.02.28 20:06:31 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2536.35592__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2007.02.28 20:06:31 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2536.35592__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2007.02.28 20:06:31 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2536.35605__90ba9c70f846762e\APM.Foundation.dll MOD - [2007.02.28 20:06:31 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2536.35576__90ba9c70f846762e\AEM.Foundation.dll MOD - [2007.02.28 20:06:31 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2531.19989__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2007.02.28 20:06:31 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2536.35589__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2007.02.28 20:06:16 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2594.41570_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll MOD - [2007.02.28 20:06:14 | 000,466,944 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2594.41317__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2007.02.28 20:06:14 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2594.41577__90ba9c70f846762e\MOM.Implementation.dll MOD - [2007.02.28 20:06:14 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2594.41576__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2007.02.28 20:06:14 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2536.35581__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2007.02.28 20:06:14 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2536.35606__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2007.02.28 20:06:14 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2536.35591__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2007.02.28 20:06:14 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2536.35583__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2007.02.28 20:06:13 | 001,404,928 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2594.41296__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2007.02.28 20:06:13 | 000,278,528 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2594.41570__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2007.02.28 20:06:13 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2594.41286__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2007.02.28 20:06:13 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2536.35586__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2007.02.28 20:06:13 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2536.35590__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2007.02.28 20:06:13 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2594.41577__90ba9c70f846762e\CCC.Implementation.dll MOD - [2007.02.28 20:06:13 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2536.35591__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2007.02.28 20:06:13 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2536.35600__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2007.02.28 20:06:12 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2594.41286__90ba9c70f846762e\ATIDEMOS.dll MOD - [2007.02.28 20:06:12 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2594.41285__90ba9c70f846762e\AEM.Server.dll MOD - [2007.02.28 20:06:12 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2007.02.08 10:13:40 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2007.01.25 03:01:34 | 001,362,432 | ---- | M] () -- C:\Programme\Samsung\Samsung Recovery Solution II\WCScheduler.exe MOD - [2006.11.22 00:03:50 | 000,126,976 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll MOD - [2006.11.21 23:43:46 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll MOD - [2006.11.09 02:18:46 | 000,065,536 | ---- | M] () -- C:\Programme\Samsung\EBM\ChkSec.dll MOD - [2006.09.19 19:52:46 | 000,028,672 | ---- | M] () -- C:\Programme\Samsung\Easy Display Manager\WinMove.dll MOD - [2006.08.12 22:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Samsung Magic Doctor\HookDllPS2.dll MOD - [2006.08.12 22:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\EasySpeedUpManager\HookDllPS2.dll MOD - [2006.08.12 22:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll ========== Services (SafeList) ========== SRV - [2012.09.05 15:37:02 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.02 14:52:58 | 000,070,400 | ---- | M] () [Unknown (-1) | Unknown] -- C:\Windows\System32\drivers\d5ef27d2304ff7ae.sys -- (d5ef27d2304ff7ae) SRV - [2012.08.30 13:33:28 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.08.01 11:11:38 | 001,091,984 | ---- | M] (Western Digital ) [Auto | Running] -- C:\Programme\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService) SRV - [2011.08.01 11:11:36 | 001,592,208 | ---- | M] (Western Digital ) [Auto | Running] -- C:\Programme\Western Digital\WD SmartWare\WDFME.exe -- (WDFMEService) SRV - [2011.08.01 11:11:32 | 000,263,056 | ---- | M] (WDC) [Auto | Running] -- C:\Programme\Western Digital\WD SmartWare\WDDMService.exe -- (WDDMService) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2009.05.27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SRV - [2008.11.24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2008.11.24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2008.11.24 23:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper) SRV - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2007.06.28 19:54:42 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus) SRV - [2006.11.02 14:36:04 | 000,895,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2006.11.02 11:46:13 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2006.11.02 11:46:12 | 000,167,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2006.10.27 00:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.10.05 22:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2001.02.23 10:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | Unavailable | Unknown] -- system32\DRIVERS\msfwhlpr.sys -- (MSFWHLPR) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.09.02 14:52:58 | 000,070,400 | ---- | M] () [Unknown (-1) | Unknown (-1) | Unknown] -- C:\Windows\System32\drivers\d5ef27d2304ff7ae.sys -- (d5ef27d2304ff7ae) DRV - [2012.07.21 17:38:36 | 000,233,024 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2011.02.16 18:52:46 | 000,011,520 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\wdcsam.sys -- (WDC_SAM) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.02.23 15:14:51 | 000,211,968 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\DRIVERS\mrxsmb10.sys -- (mrxsmb10) DRV - [2010.02.23 15:14:42 | 000,058,368 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\DRIVERS\mrxsmb20.sys -- (mrxsmb20) DRV - [2010.02.23 15:14:41 | 000,102,400 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\DRIVERS\mrxsmb.sys -- (mrxsmb) DRV - [2010.02.20 23:30:16 | 000,396,800 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HTTP.sys -- (HTTP) DRV - [2010.02.18 14:05:37 | 000,815,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\tcpip.sys -- (Tcpip6) DRV - [2010.02.18 14:05:37 | 000,815,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpip.sys -- (Tcpip) DRV - [2010.02.18 14:04:38 | 000,025,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\tunnel.sys -- (tunnel) DRV - [2010.02.18 14:04:30 | 000,015,360 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\tunmp.sys -- (tunmp) DRV - [2010.02.11 09:48:24 | 000,023,312 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Users\Konto\AppData\Local\Temp\atidcmxx.sys -- (AtiDCM) DRV - [2009.12.11 14:15:49 | 000,306,688 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\DRIVERS\srv.sys -- (srv) DRV - [2009.12.11 14:15:30 | 000,084,992 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\DRIVERS\srvnet.sys -- (srvnet) DRV - [2009.09.14 11:50:54 | 000,130,048 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\DRIVERS\srv2.sys -- (srv2) DRV - [2009.09.05 14:25:36 | 001,183,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\athr.sys -- (athr) DRV - [2009.06.15 20:12:26 | 000,408,136 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecdd.sys -- (KSecDD) DRV - [2008.02.17 00:29:33 | 000,110,080 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mrxdav.sys -- (MRxDAV) DRV - [2008.02.17 00:28:03 | 000,224,824 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\CLFS.sys -- (CLFS) DRV - [2008.02.17 00:28:00 | 000,495,160 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000) DRV - [2008.02.17 00:27:59 | 000,054,784 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\i8042prt.sys -- (i8042prt) DRV - [2008.02.17 00:27:59 | 000,035,384 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\kbdclass.sys -- (kbdclass) DRV - [2008.02.17 00:27:59 | 000,034,360 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\mouclass.sys -- (mouclass) DRV - [2008.02.17 00:27:59 | 000,019,968 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse) DRV - [2008.02.17 00:27:59 | 000,015,872 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\mouhid.sys -- (mouhid) DRV - [2008.02.17 00:25:12 | 000,154,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\nwifi.sys -- (NativeWifiP) DRV - [2008.02.17 00:25:12 | 000,021,560 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\atapi.sys -- (atapi) DRV - [2008.02.17 00:25:12 | 000,015,928 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pciide.sys -- (pciide) DRV - [2008.01.10 06:29:08 | 000,211,000 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volsnap.sys -- (volsnap) DRV - [2008.01.01 21:57:08 | 000,021,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ndndisprot.sys -- (NDNdisprot) DRV - [2007.12.17 00:50:41 | 001,060,920 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\ntfs.sys -- (Ntfs) DRV - [2007.12.16 11:56:45 | 000,041,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\monitor.sys -- (monitor) DRV - [2007.11.13 22:07:03 | 000,020,920 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\compbatt.sys -- (Compbatt) DRV - [2007.11.13 22:07:02 | 000,258,232 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\acpi.sys -- (ACPI) DRV - [2007.11.13 22:07:02 | 000,014,208 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\CmBatt.sys -- (CmBatt) DRV - [2007.11.13 22:05:56 | 000,192,000 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\usbhub.sys -- (usbhub) DRV - [2007.11.13 22:05:56 | 000,038,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\usbehci.sys -- (usbehci) DRV - [2007.11.13 22:05:56 | 000,019,456 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\usbohci.sys -- (usbohci) DRV - [2007.11.13 22:05:55 | 000,073,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\usbccgp.sys -- (usbccgp) DRV - [2007.10.20 15:17:52 | 000,048,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndproxy.sys -- (NDProxy) DRV - [2007.10.20 15:17:52 | 000,020,480 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\ndistapi.sys -- (NdisTapi) DRV - [2007.10.20 15:17:51 | 000,061,952 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\wanarp.sys -- (Wanarpv6) DRV - [2007.10.20 15:17:51 | 000,061,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\wanarp.sys -- (Wanarp) DRV - [2007.10.20 15:17:48 | 000,070,144 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\pacer.sys -- (PSched) DRV - [2007.10.20 15:17:47 | 000,619,008 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl) DRV - [2007.09.02 16:39:39 | 000,055,296 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\USBSTOR.SYS -- (USBSTOR) DRV - [2007.09.02 16:37:47 | 000,063,488 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv) DRV - [2007.09.02 16:28:02 | 000,013,312 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\sffdisk.sys -- (sffdisk) DRV - [2007.09.02 16:28:02 | 000,012,800 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\sffp_sd.sys -- (sffp_sd) DRV - [2007.09.02 16:28:01 | 000,082,432 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\sdbus.sys -- (sdbus) DRV - [2007.09.02 16:23:17 | 000,012,800 | ---- | M] () [Recognizer | System | Unknown] -- C:\Windows\System32\drivers\fs_rec.sys -- (Fs_Rec) DRV - [2007.06.18 16:18:26 | 000,023,680 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\motmodem.sys -- (motmodem) DRV - [2007.02.28 20:46:39 | 000,140,392 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pci.sys -- (pci) DRV - [2007.02.28 20:46:39 | 000,050,792 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\termdd.sys -- (TermDD) DRV - [2007.02.28 20:46:39 | 000,050,280 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr) DRV - [2007.02.28 20:46:39 | 000,028,776 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\mssmbios.sys -- (mssmbios) DRV - [2007.02.28 20:46:39 | 000,013,928 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv) DRV - [2007.02.28 20:46:39 | 000,012,776 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\swenum.sys -- (swenum) DRV - [2007.02.28 20:44:48 | 000,220,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BTHport.sys -- (BTHPORT) DRV - [2007.02.28 20:44:48 | 000,029,184 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BTHUSB.sys -- (BTHUSB) DRV - [2007.02.28 20:44:48 | 000,019,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\BthEnum.sys -- (BthEnum) DRV - [2007.02.28 20:17:05 | 000,013,312 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\DRIVERS\kmdfmemio.sys -- (KMDFMEMIO) DRV - [2007.02.08 10:22:28 | 002,315,776 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\atikmdag.sys -- (R300) DRV - [2007.01.24 05:18:32 | 000,039,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\DRIVERS\rimmptsk.sys -- (rimmptsk) DRV - [2007.01.24 03:03:28 | 000,037,376 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\DRIVERS\rixdptsk.sys -- (rismxdp) DRV - [2007.01.24 02:40:20 | 000,042,496 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\DRIVERS\rimsptsk.sys -- (rimsptsk) DRV - [2006.12.20 03:01:00 | 000,050,688 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\Rtnicxp.sys -- (RTL8023xp) DRV - [2006.12.05 12:34:42 | 000,507,136 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\PFC027.SYS -- (PAC207) DRV - [2006.11.09 02:29:44 | 001,161,888 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\AGRSM.sys -- (AgereSoftModem) DRV - [2006.11.02 14:34:35 | 000,132,200 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ecache.sys -- (Ecache) DRV - [2006.11.02 14:34:31 | 000,031,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv) DRV - [2006.11.02 11:51:42 | 000,500,840 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ndis.sys -- (NDIS) DRV - [2006.11.02 11:51:30 | 000,290,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx) DRV - [2006.11.02 11:51:14 | 000,183,912 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\System32\drivers\fltmgr.sys -- (FltMgr) DRV - [2006.11.02 11:51:12 | 000,168,552 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\msiscsi.sys -- (iScsiPrt) DRV - [2006.11.02 11:51:12 | 000,167,528 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\pcmcia.sys -- (pcmcia) DRV - [2006.11.02 11:51:09 | 000,160,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC) DRV - [2006.11.02 11:50:40 | 000,106,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nv_agp.sys -- (nv_agp) DRV - [2006.11.02 11:50:24 | 000,047,208 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\isapnp.sys -- (isapnp) DRV - [2006.11.02 11:50:24 | 000,046,696 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\System32\Drivers\mup.sys -- (Mup) DRV - [2006.11.02 11:50:23 | 000,049,256 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\partmgr.sys -- (partmgr) DRV - [2006.11.02 11:50:17 | 000,080,488 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm) DRV - [2006.11.02 11:50:16 | 000,078,952 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\mpio.sys -- (mpio) DRV - [2006.11.02 11:50:16 | 000,076,392 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port) DRV - [2006.11.02 11:50:04 | 000,058,984 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gagp30kx.sys -- (gagp30kx) DRV - [2006.11.02 11:50:04 | 000,058,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\uliagpkx.sys -- (uliagpkx) DRV - [2006.11.02 11:49:59 | 000,056,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\uagp35.sys -- (uagp35) DRV - [2006.11.02 11:49:58 | 000,056,424 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo) DRV - [2006.11.02 11:49:57 | 000,054,888 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mountmgr.sys -- (MountMgr) DRV - [2006.11.02 11:49:52 | 000,054,376 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\viaagp.sys -- (viaagp) DRV - [2006.11.02 11:49:52 | 000,053,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\agp440.sys -- (agp440) DRV - [2006.11.02 11:49:51 | 000,052,840 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\disk.sys -- (disk) DRV - [2006.11.02 11:49:49 | 000,027,752 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\i2omp.sys -- (i2omp) DRV - [2006.11.02 11:49:44 | 000,023,144 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msahci.sys -- (msahci) DRV - [2006.11.02 11:49:43 | 000,022,632 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk) DRV - [2006.11.02 11:49:38 | 000,019,560 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wd.sys -- (Wd) DRV - [2006.11.02 11:49:35 | 000,018,536 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\spldr.sys -- (spldr) DRV - [2006.11.02 11:49:26 | 000,015,464 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdide.sys -- (amdide) DRV - [2006.11.02 11:49:24 | 000,014,952 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\intelide.sys -- (intelide) DRV - [2006.11.02 11:14:58 | 000,018,944 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbprint.sys -- (usbprint) DRV - [2006.11.02 11:14:19 | 000,009,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\serscan.sys -- (StillCam) DRV - [2006.11.02 11:04:35 | 000,878,080 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\peauth.sys -- (PEAUTH) DRV - [2006.11.02 11:04:23 | 000,039,936 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\wpdusb.sys -- (WpdUsb) DRV - [2006.11.02 11:03:00 | 000,242,688 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\rdpdr.sys -- (rdpdr) DRV - [2006.11.02 11:02:15 | 000,160,256 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpwd.sys -- (RDPWD) DRV - [2006.11.02 11:02:07 | 000,023,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\tssecsrv.sys -- (tssecsrv) DRV - [2006.11.02 11:02:01 | 000,028,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdtcp.sys -- (TDTCP) DRV - [2006.11.02 11:02:01 | 000,017,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdpipe.sys -- (TDPIPE) DRV - [2006.11.02 11:02:01 | 000,006,144 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\rdpencdd.sys -- (RDPENCDD) DRV - [2006.11.02 11:02:01 | 000,006,144 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\RDPCDD.sys -- (RDPCDD) DRV - [2006.11.02 10:58:52 | 000,031,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\modem.sys -- (Modem) DRV - [2006.11.02 10:58:43 | 000,270,336 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\afd.sys -- (AFD) DRV - [2006.11.02 10:58:26 | 000,015,872 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl) DRV - [2006.11.02 10:58:14 | 000,118,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\ndiswan.sys -- (NdisWan) DRV - [2006.11.02 10:58:14 | 000,061,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\raspptp.sys -- (PptpMiniport) DRV - [2006.11.02 10:58:13 | 000,075,776 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\rasl2tp.sys -- (Rasl2tp) DRV - [2006.11.02 10:58:13 | 000,011,776 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\rasacd.sys -- (RasAcd) DRV - [2006.11.02 10:58:12 | 000,041,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\raspppoe.sys -- (RasPppoe) DRV - [2006.11.02 10:58:10 | 000,017,408 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\asyncmac.sys -- (AsyncMac) DRV - [2006.11.02 10:58:09 | 000,099,840 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipnat.sys -- (IPNAT) DRV - [2006.11.02 10:58:04 | 000,047,104 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\DRIVERS\ipfltdrv.sys -- (IpFilterDriver) DRV - [2006.11.02 10:57:47 | 000,027,648 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg) DRV - [2006.11.02 10:57:35 | 000,068,096 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\tdx.sys -- (tdx) DRV - [2006.11.02 10:57:30 | 000,016,384 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy) DRV - [2006.11.02 10:57:26 | 000,035,840 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\DRIVERS\netbios.sys -- (NetBIOS) DRV - [2006.11.02 10:57:22 | 000,016,896 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\ndisuio.sys -- (Ndisuio) DRV - [2006.11.02 10:57:20 | 000,184,320 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\netbt.sys -- (netbt) DRV - [2006.11.02 10:57:10 | 000,066,048 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\smb.sys -- (Smb) DRV - [2006.11.02 10:57:04 | 000,013,312 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irenum.sys -- (IRENUM) DRV - [2006.11.02 10:56:49 | 000,060,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\DRIVERS\rspndr.sys -- (rspndr) DRV - [2006.11.02 10:56:49 | 000,047,104 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\DRIVERS\lltdio.sys -- (lltdio) DRV - [2006.11.02 10:55:27 | 000,092,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\bthpan.sys -- (BthPan) DRV - [2006.11.02 10:55:24 | 000,034,816 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\umbus.sys -- (umbus) DRV - [2006.11.02 10:55:23 | 000,049,664 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\rfcomm.sys -- (RFCOMM) DRV - [2006.11.02 10:55:23 | 000,039,936 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM) DRV - [2006.11.02 10:55:22 | 000,029,184 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth) DRV - [2006.11.02 10:55:16 | 000,062,080 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ohci1394.sys -- (ohci1394) DRV - [2006.11.02 10:55:09 | 000,068,608 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir) DRV - [2006.11.02 10:55:08 | 000,035,328 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\circlass.sys -- (circlass) DRV - [2006.11.02 10:55:05 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\winusb.sys -- (winusb) DRV - [2006.11.02 10:55:05 | 000,022,528 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\DRIVERS\usbuhci.sys -- (usbuhci) DRV - [2006.11.02 10:55:01 | 000,021,504 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidir.sys -- (HidIr) DRV - [2006.11.02 10:55:01 | 000,012,288 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\hidusb.sys -- (HidUsb) DRV - [2006.11.02 10:54:59 | 000,005,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\drmkaud.sys -- (drmkaud) DRV - [2006.11.02 10:54:52 | 000,082,560 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\WUDFRd.sys -- (WUDFRd) DRV - [2006.11.02 10:53:56 | 000,026,112 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\vgapnp.sys -- (vga) DRV - [2006.11.02 10:53:56 | 000,025,088 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\vga.sys -- (VgaSave) DRV - [2006.11.02 10:52:52 | 000,020,608 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen) DRV - [2006.11.02 10:51:44 | 000,067,072 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\cdrom.sys -- (cdrom) DRV - [2006.11.02 10:51:40 | 000,013,312 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sfloppy.sys -- (sfloppy) DRV - [2006.11.02 10:51:40 | 000,012,800 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc) DRV - [2006.11.02 10:51:33 | 000,025,088 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\DRIVERS\fdc.sys -- (fdc) DRV - [2006.11.02 10:51:32 | 000,020,480 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\DRIVERS\flpydisk.sys -- (flpydisk) DRV - [2006.11.02 10:51:30 | 000,083,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial) DRV - [2006.11.02 10:51:30 | 000,079,360 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\parport.sys -- (Parport) DRV - [2006.11.02 10:51:25 | 000,017,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\serenum.sys -- (Serenum) DRV - [2006.11.02 10:51:23 | 000,008,704 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\parvdm.sys -- (Parvdm) DRV - [2006.11.02 10:51:15 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MSKSSRV.sys -- (MSKSSRV) DRV - [2006.11.02 10:51:14 | 000,005,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MSPQM.sys -- (MSPQM) DRV - [2006.11.02 10:51:13 | 000,006,016 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MSTEE.sys -- (MSTEE) DRV - [2006.11.02 10:51:13 | 000,005,888 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MSPCLOCK.sys -- (MSPCLOCK) DRV - [2006.11.02 10:51:12 | 000,015,872 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid) DRV - [2006.11.02 10:51:05 | 000,004,608 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\null.sys -- (Null) DRV - [2006.11.02 10:51:03 | 000,006,144 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\beep.sys -- (Beep) DRV - [2006.11.02 10:42:03 | 000,065,536 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ipmidrv.sys -- (IPMIDRV) DRV - [2006.11.02 10:35:03 | 000,011,264 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi) DRV - [2006.11.02 10:33:07 | 000,083,456 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\System32\drivers\luafv.sys -- (luafv) DRV - [2006.11.02 10:32:55 | 000,027,648 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace) DRV - [2006.11.02 10:31:26 | 000,222,208 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\DRIVERS\rdbss.sys -- (rdbss) DRV - [2006.11.02 10:31:12 | 000,069,632 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\DRIVERS\bowser.sys -- (bowser) DRV - [2006.11.02 10:31:04 | 000,074,752 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\Drivers\dfsc.sys -- (DfsC) DRV - [2006.11.02 10:30:57 | 000,225,280 | ---- | M] () [File_System | Disabled | Stopped] -- C:\Windows\System32\DRIVERS\udfs.sys -- (udfs) DRV - [2006.11.02 10:30:57 | 000,034,816 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\npfs.sys -- (Npfs) DRV - [2006.11.02 10:30:56 | 000,022,528 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\msfs.sys -- (Msfs) DRV - [2006.11.02 10:30:50 | 000,070,144 | ---- | M] () [File_System | Disabled | Running] -- C:\Windows\System32\DRIVERS\cdfs.sys -- (cdfs) DRV - [2006.11.02 10:30:49 | 000,142,336 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fastfat.sys -- (fastfat) DRV - [2006.11.02 10:30:19 | 000,039,424 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7) DRV - [2006.11.02 10:30:18 | 000,040,960 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8) DRV - [2006.11.02 10:30:18 | 000,039,424 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\intelppm.sys -- (intelppm) DRV - [2006.11.02 10:30:18 | 000,038,912 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe) DRV - [2006.11.02 10:30:18 | 000,038,912 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7) DRV - [2006.11.02 10:30:18 | 000,038,400 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\processr.sys -- (Processor) DRV - [2006.11.02 10:27:22 | 001,083,520 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\Ph3xIB32.sys -- (Ph3xIB32) DRV - [2006.11.02 09:36:49 | 000,235,520 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService) DRV - [2006.11.02 09:30:56 | 002,589,184 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\NETw2v32.sys -- (NETw2v32) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1315399434-4012707586-2408701596-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com IE - HKU\S-1-5-21-1315399434-4012707586-2408701596-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http:\\www.samsungcomputer.com IE - HKU\S-1-5-21-1315399434-4012707586-2408701596-1006\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-1315399434-4012707586-2408701596-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-1315399434-4012707586-2408701596-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz= IE - HKU\S-1-5-21-1315399434-4012707586-2408701596-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1315399434-4012707586-2408701596-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: formhistory@yahoo.com:1.3.0.2 FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9 FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10 FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.2.0.10687 FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145 FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.14 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.07.18 11:22:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.07.21 14:00:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.30 13:33:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.16 19:55:35 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.07.18 11:22:15 | 000,000,000 | ---D | M] [2012.05.31 21:14:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Konto\AppData\Roaming\mozilla\Extensions [2012.09.02 20:02:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Konto\AppData\Roaming\mozilla\Firefox\Profiles\3bktmake.default\extensions [2012.06.16 15:23:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Konto\AppData\Roaming\mozilla\Firefox\Profiles\3bktmake.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.07.20 09:56:39 | 000,000,000 | ---D | M] (Form History Control) -- C:\Users\Konto\AppData\Roaming\mozilla\Firefox\Profiles\3bktmake.default\extensions\formhistory@yahoo.com [2012.08.16 19:53:32 | 002,282,511 | ---- | M] () (No name found) -- C:\Users\Konto\AppData\Roaming\mozilla\firefox\profiles\3bktmake.default\extensions\nasanightlaunch@example.com.xpi [2012.07.25 12:40:13 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Konto\AppData\Roaming\mozilla\firefox\profiles\3bktmake.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.06.16 15:23:53 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Konto\AppData\Roaming\mozilla\firefox\profiles\3bktmake.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2012.09.02 20:02:29 | 000,699,353 | ---- | M] () (No name found) -- C:\Users\Konto\AppData\Roaming\mozilla\firefox\profiles\3bktmake.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2012.07.27 21:06:42 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2007.09.02 15:51:06 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2012.08.26 20:52:57 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.07.21 14:00:12 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012.08.26 20:52:57 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.08.30 13:33:30 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.07.18 09:45:40 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.30 13:33:26 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.07.18 09:45:40 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.07.18 09:45:40 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.18 09:45:40 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.18 09:45:40 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.07.21 18:47:34 | 000,000,785 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll File not found O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [Play AVStation TV Scheduler] C:\Programme\Samsung\Play AVStation\TvScheduler.exe (SAMSUNG ELECTRONICS CO., LTD.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1315399434-4012707586-2408701596-1006..\Run: [] File not found O4 - HKU\S-1-5-21-1315399434-4012707586-2408701596-1006..\Run: [Akamai NetSession Interface] C:\Users\Konto\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKU\S-1-5-21-1315399434-4012707586-2408701596-1006..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKU\S-1-5-21-1315399434-4012707586-2408701596-1006..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoHotStart = 0 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll () O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 10.4.1) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 10.4.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.50.140.118 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{082264E5-35B3-4F48-B8BF-CEB85C74F920}: DhcpNameServer = 195.50.140.118 192.168.0.1 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{ae2f3dde-6ad1-11e1-995d-0013773a05c6}\Shell - "" = AutoRun O33 - MountPoints2\{ae2f3dde-6ad1-11e1-995d-0013773a05c6}\Shell\AutoRun\command - "" = F:\unlock.exe autoplay=true O33 - MountPoints2\{facac4be-d349-11e1-a8a2-0013773a05c6}\Shell - "" = AutoRun O33 - MountPoints2\{facac4be-d349-11e1-a8a2-0013773a05c6}\Shell\AutoRun\command - "" = G:\setup_legend_of_grimrock_1.0.0.6.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.09.06 00:45:53 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.09.05 23:30:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders [2012.09.05 21:28:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012.09.05 20:11:59 | 000,000,000 | -H-D | C] -- C:\$AVG [2012.09.05 20:11:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG [2012.09.05 20:06:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.09.05 15:43:27 | 000,000,000 | ---D | C] -- C:\Users\Konto\AppData\Roaming\Malwarebytes [2012.09.02 20:16:03 | 000,000,000 | ---D | C] -- C:\Program Files\ATI(21) [2012.09.02 20:07:50 | 000,000,000 | ---D | C] -- C:\ATI(20) [2012.09.02 17:16:00 | 000,000,000 | ---D | C] -- C:\Program Files\Driver Cleaner Pro [2012.09.02 16:41:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx [2012.09.02 16:37:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com [2012.08.22 14:17:11 | 000,000,000 | ---D | C] -- C:\Users\Konto\AppData\Local\Western_Digital [2012.08.16 20:19:55 | 000,000,000 | ---D | C] -- C:\Users\Konto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft [2012.08.16 20:19:51 | 000,000,000 | ---D | C] -- C:\Users\Konto\AppData\Roaming\.minecraft ========== Files - Modified Within 30 Days ========== [2012.09.06 01:50:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4C34C866-F54C-4588-9C75-63AD9B10E143}.job [2012.09.06 01:47:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.06 01:43:26 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.09.06 01:43:25 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.06 01:43:25 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.06 01:43:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.06 01:41:25 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.09.06 01:30:24 | 000,000,166 | ---- | M] () -- C:\Users\Konto\defogger_reenable [2012.09.06 00:54:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.09.06 00:53:47 | 000,755,100 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.09.06 00:53:47 | 000,704,984 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.09.06 00:53:47 | 000,163,254 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.09.06 00:53:47 | 000,140,074 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.09.05 15:29:27 | 000,006,246 | ---- | M] () -- C:\Users\Konto\Documents\Dokument.rtf [2012.09.05 11:55:01 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012.09.05 00:17:41 | 000,025,088 | ---- | M] () -- C:\Users\Konto\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.02 19:58:25 | 000,001,356 | ---- | M] () -- C:\Users\Konto\AppData\Local\d3d9caps.dat [2012.09.02 16:37:34 | 000,000,618 | ---- | M] () -- C:\Users\Public\Desktop\Legend of Grimrock.lnk [2012.09.02 14:52:58 | 000,070,400 | ---- | M] () -- C:\Windows\System32\drivers\d5ef27d2304ff7ae.sys [2012.08.26 22:19:22 | 001,031,681 | ---- | M] () -- C:\Users\Konto\Documents\Anl1_zu_FB1_ab2011.pdf [2012.08.11 19:29:08 | 000,011,287 | ---- | M] () -- C:\Users\Konto\Desktop\***.jpg [2012.08.11 19:28:46 | 000,190,142 | ---- | M] () -- C:\Users\Konto\Desktop\Foto.JPG ========== Files Created - No Company Name ========== [2012.09.06 01:30:22 | 000,000,166 | ---- | C] () -- C:\Users\Konto\defogger_reenable [2012.09.05 15:29:26 | 000,006,246 | ---- | C] () -- C:\Users\Konto\Documents\Dokument.rtf [2012.09.02 19:49:58 | 000,001,356 | ---- | C] () -- C:\Users\Konto\AppData\Local\d3d9caps.dat [2012.09.02 16:37:34 | 000,000,618 | ---- | C] () -- C:\Users\Public\Desktop\Legend of Grimrock.lnk [2012.09.02 14:52:58 | 000,070,400 | ---- | C] () -- C:\Windows\System32\drivers\d5ef27d2304ff7ae.sys [2012.08.26 21:22:10 | 001,031,681 | ---- | C] () -- C:\Users\Konto\Documents\Anl1_zu_FB1_ab2011.pdf [2012.08.11 19:29:07 | 000,011,287 | ---- | C] () -- C:\Users\Konto\Desktop\***.jpg [2012.08.11 19:28:41 | 000,190,142 | ---- | C] () -- C:\Users\Konto\Desktop\Foto.JPG [2012.07.21 17:38:36 | 000,233,024 | ---- | C] () -- C:\Windows\System32\drivers\dtsoftbus01.sys [2012.07.18 11:05:29 | 000,219,018 | ---- | C] () -- C:\Windows\hpoins47.dat [2012.07.18 11:05:29 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl47.dat [2012.06.17 16:35:45 | 000,000,600 | ---- | C] () -- C:\Users\Konto\AppData\Local\PUTTY.RND [2012.06.16 20:04:09 | 000,025,088 | ---- | C] () -- C:\Users\Konto\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.06.16 15:31:08 | 000,000,488 | ---- | C] () -- C:\Users\Konto\.swfinfo [2012.06.08 11:35:23 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2012.03.21 22:32:06 | 000,021,504 | ---- | C] () -- C:\Windows\System32\drivers\NDNdisprot.sys [2012.02.15 12:01:50 | 000,043,520 | ---- | C] () -- C:\Windows\System32\drivers\usbaapl.sys [2012.02.12 23:01:47 | 000,026,600 | ---- | C] () -- C:\Windows\System32\drivers\GEARAspiWDM.sys [2012.01.04 20:22:37 | 000,137,928 | ---- | C] () -- C:\Windows\System32\drivers\avipbb.sys [2012.01.04 20:22:37 | 000,036,000 | ---- | C] () -- C:\Windows\System32\drivers\avkmgr.sys [2011.08.02 18:38:44 | 000,018,432 | ---- | C] () -- C:\Windows\System32\drivers\netaapl.sys [2011.02.16 18:52:46 | 000,011,520 | ---- | C] () -- C:\Windows\System32\drivers\wdcsam.sys [2008.03.23 12:58:02 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat [2007.09.02 14:52:29 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html ========== LOP Check ========== [2010.12.27 18:01:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Software4u [2012.08.16 20:21:24 | 000,000,000 | ---D | M] -- C:\Users\Konto\AppData\Roaming\.minecraft [2012.06.18 13:00:11 | 000,000,000 | ---D | M] -- C:\Users\Konto\AppData\Roaming\avidemux [2012.07.21 17:30:36 | 000,000,000 | ---D | M] -- C:\Users\Konto\AppData\Roaming\DAEMON Tools Pro [2012.06.18 00:34:38 | 000,000,000 | ---D | M] -- C:\Users\Konto\AppData\Roaming\DiskAid [2012.07.21 14:14:06 | 000,000,000 | ---D | M] -- C:\Users\Konto\AppData\Roaming\GHISLER [2012.08.05 16:59:58 | 000,000,000 | ---D | M] -- C:\Users\Konto\AppData\Roaming\iFunbox_UserCache [2012.06.17 18:37:12 | 000,000,000 | ---D | M] -- C:\Users\Konto\AppData\Roaming\IrfanView [2012.07.21 14:15:31 | 000,000,000 | ---D | M] -- C:\Users\Konto\AppData\Roaming\JAM Software [2012.06.17 14:47:00 | 000,000,000 | ---D | M] -- C:\Users\Konto\AppData\Roaming\Macroplant LLC [2012.06.16 16:28:45 | 000,000,000 | ---D | M] -- C:\Users\Konto\AppData\Roaming\mp3DirectCut [2012.06.17 17:22:51 | 000,000,000 | ---D | M] -- C:\Users\Konto\AppData\Roaming\redsn0w [2012.06.16 16:09:50 | 000,000,000 | ---D | M] -- C:\Users\Konto\AppData\Roaming\streamripper [2012.09.01 16:23:25 | 000,000,000 | ---D | M] -- C:\Users\Konto\AppData\Roaming\WindSolutions [2012.06.16 19:30:15 | 000,000,000 | ---D | M] -- C:\Users\Konto\AppData\Roaming\xrecode2 [2009.09.16 21:07:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo [2011.11.29 09:08:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Kartina.TV [2012.06.02 19:13:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PDF reDirect [2012.06.02 18:03:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\xrecode2 [2012.09.06 01:41:25 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.09.06 01:50:00 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4C34C866-F54C-4588-9C75-63AD9B10E143}.job ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 06.09.2012 01:44:50 - Run 1
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\Konto\Downloads\Viren
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,75 Gb Total Physical Memory | 0,48 Gb Available Physical Memory | 27,36% Memory free
3,71 Gb Paging File | 2,41 Gb Available in Paging File | 65,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,05 Gb Total Space | 2,69 Gb Free Space | 3,90% Space Free | Partition Type: NTFS
Drive D: | 70,00 Gb Total Space | 14,17 Gb Free Space | 20,25% Space Free | Partition Type: NTFS
Computer Name: NATALJA | User Name: Konto | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-1315399434-4012707586-2408701596-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{014E482A-0C27-47E3-BA82-307E9DCA2F47}" = HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
"{0212BFBB-50BA-C4FA-D700-DFBB40A9F1AF}" = Catalyst Control Center Localization Arabic
"{0219FD21-8B2E-240B-3D35-997EE0E3F81B}" = Catalyst Control Center Localization Arabic
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{047ACAF8-7642-4940-8EC6-4694E0E60B40}" = CCC Help French
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05D08C4D-58A2-438B-A419-EE994E64E15D}" = B110
"{06F42C96-A96C-F579-B0FA-F44BBA118C51}" = ccc-core-static
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0BB96994-EA3F-D659-6A3B-D2D73FEBD8E4}" = ccc-utility
"{0C1D06CD-D5D1-A718-5C8F-27D089C5C39C}" = Catalyst Control Center Localization Finnish
"{0DF36AB1-1B4C-CAEC-A23E-EFA25738B60A}" = CCC Help Greek
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{110D7DC8-9237-47D3-AB39-50651A10304C}" = SamsungScreensaver
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{12080F61-1225-BCDE-EFE2-3452E826D9AD}" = Catalyst Control Center Graphics Light
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{143539DF-6F6E-9E25-3EDF-0906C7F533B7}" = CCC Help Korean
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution II
"{148806DB-3E2E-4A2E-D7F8-223EFA43C350}" = Catalyst Control Center Graphics Full New
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{20CD8D4B-74ED-BED9-805C-6F4FBE6B4F01}" = ccc-localization-da
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{31ACBC65-C234-BD71-3FCE-520EC0138635}" = CCC Help Norwegian
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{3AB54293-0366-7D73-D97E-3DB689A72E4A}" = CCC Help Danish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DC4A72C-B683-5733-8A2C-136FBB5619D6}" = Catalyst Control Center Localization German
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{47EDD638-F882-A248-FBA5-B0CCBB9175D8}" = CCC Help Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4D6125BF-2586-9175-24FE-854DD6F6F08F}" = CCC Help Hungarian
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51B055DD-A5F8-4D0C-A09C-66E58AD56F20}" = WD SmartWare
"{52FE8F38-057E-26C5-DF29-935DE6E218E0}" = Catalyst Control Center Localization Japanese
"{5579A7B8-F48A-C2F5-75D0-F67CDFD68461}" = Catalyst Control Center Core Implementation
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A4BB8B6-8BE7-A8AF-528C-55A50DD18497}" = Catalyst Control Center Localization Arabic
"{5AA05616-21D6-63D5-CA68-73200B161599}" = CCC Help Czech
"{5D11659E-A95B-42A5-9585-C2999CF119EF}" = eMedia
"{5E99C53A-D37E-CEA5-0398-329F15494618}" = Catalyst Control Center Graphics Full Existing
"{64536DB8-3247-4489-6BC3-BCD0DCC74810}" = Catalyst Control Center Localization Spanish
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6BD4EDE4-053E-FC85-AFC2-58306952BDBD}" = Catalyst Control Center Localization French
"{6F6D2DE6-44FA-EAF4-0028-7FAE37A76B4C}" = CCC Help Turkish
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78E2F10D-4A74-A354-3D41-CF439A501AE5}" = CCC Help Italian
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iExplorer 2.2.1.3
"{8448A09D-0E2A-4EFA-6A16-AFA374AE088F}" = Catalyst Control Center Graphics Previews Vista
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{87858FF1-3D1C-301A-0C62-62F977659969}" = Catalyst Control Center Localization Italian
"{8799B11A-0E01-1729-B527-802A3513BEE7}" = CCC Help Polish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A51FE4C-7DC6-8C9B-67D7-8536B7413BFE}" = Catalyst Control Center Localization Korean
"{8A92CE03-CEEB-145D-1F8D-FBC0DDE0CDEF}" = CCC Help Finnish
"{8E4B1BE8-DCF3-4B90-A726-B28107442623}" = SolutionCenter
"{8ED71B2B-8228-EFF8-B566-890D771A6A98}" = CCC Help Swedish
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{903194A5-E1E4-E56B-8B3C-C52664CD6A65}" = CCC Help Japanese
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{95CCAA64-028C-FF26-B553-3401EA3B137B}" = CCC Help Chinese Standard
"{98C0E007-7225-550C-BD4D-16A53171FA5B}" = CCC Help Chinese Traditional
"{99825ADC-3BAC-40C6-3FA1-A80496C5FE4D}" = CCC Help German
"{99FBF341-96A4-6E6B-F098-F5318F74FD8B}" = Catalyst Control Center Localization Hungarian
"{9AEE384F-4CEB-9FD4-0ECA-5A2A5FF3FC65}" = Catalyst Control Center Localization Arabic
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0A703E5-975D-8426-B654-A3C86EEA771F}" = Catalyst Control Center Localization Greek
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3400
"{A2E2B102-C07F-2D6A-F826-FBE911583029}" = Catalyst Control Center Localization Arabic
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB8465B2-8971-83AA-72AC-08C870CAB14B}" = CCC Help English
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{AFE83615-88BE-47F6-B3E4-A3FEF8B7B57F}_is1" = xrecode II 1.0.0.190
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B57D54D5-BE8F-152A-3DDA-2CCC34916ABB}" = Catalyst Control Center Localization Czech
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BBFB2E59-B0DB-42C8-8F4D-CF4E85471667}" = Toolbox
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BF6379E6-9936-46B0-B6AC-C56EE3987D2E}" = inSSIDer
"{C2F84222-A797-3ADB-F73F-F9FEA356365E}" = Catalyst Control Center Localization Chinese Standard
"{C5DC24CC-98D8-3714-20DE-F3154692CAC1}" = CCC Help Portuguese
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2BD3C8F-9D7F-472B-BDF9-7309A5CB813A}" = Motorola Driver Installation 3.5.0
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D3D1D696-84A8-465A-BC61-CDAC852B24CD}_is1" = Phone to PC 4.1.6.2
"{D6339BC5-BD2E-580C-0A9E-EF09B768C891}" = CCC Help Thai
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DDFA8768-E4A8-4EFA-637B-DF23DC3EFD04}" = Catalyst Control Center Localization Chinese Traditional
"{DF1F4246-C7DF-7C15-6BBD-211E768EB715}" = Catalyst Control Center Localization Arabic
"{E481BC06-6BBB-093B-728A-C8EEB98E1E47}" = Catalyst Control Center Localization Arabic
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E5BED6AE-BEF7-8504-38DB-F881A526F5C2}" = Skins
"{EC69E8A3-A20F-E735-968A-CE6D4E1FA857}" = CCC Help Russian
"{ED8EACD0-3B35-AA21-DA10-6372AB6D19CA}" = CCC Help Dutch
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6081BF5-B4AB-456A-9694-89F5CB6ED270}" = Motorola Phone Tools
"{F80BD4BC-06B8-488E-A62E-C4755013DD71}" = Network
"{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min
"{F9A63CBA-FB65-44E2-9BFB-927E7208B3D7}" = Motorola Phone Tools
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}" = AVStation Now
"{FF602681-E2E7-9FFF-9752-3B0F8E7D38F1}" = Catalyst Control Center Localization Arabic
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Ashampoo Burning Studio 9_is1" = Ashampoo Burning Studio 9.12
"ATI Uninstaller" = ATI Uninstaller
"AudibleManager" = AudibleManager
"Avidemux 2.5" = Avidemux 2.5 (32-bit)
"AviSynth" = AviSynth 2.5
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CCleaner" = CCleaner
"DAEMON Tools Pro" = DAEMON Tools Pro
"DiskAid_is1" = DiskAid 5.14
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"FLV Player" = FLV Player 2.0 (build 25)
"Google Updater" = Google Updater
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"iFunbox_is1" = iFunbox (v1.96.938.649), iFunbox DevTeam
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"InstallShield_{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}" = AVStation Now
"IrfanView" = IrfanView (remove only)
"Kartina.TV" = Kartina.TV
"Legend of Grimrock_is1" = Legend of Grimrock
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Netdetect_is1" = Netdetect 2.0.0b5
"PDF reDirect" = PDF reDirect (remove only)
"plist Editor for Windows" = plist Editor for Windows 1.0.2
"PROHYBRIDR" = 2007 Microsoft Office system
"ratDVD" = ratDVD 0.78.1444
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TreeSize Free_is1" = TreeSize Free V2.7
"Videora iPad Converter" = Videora iPad Converter 6
"VLC media player" = VLC media player 2.0.1
"WinRAR archiver" = WinRAR 4.11 (32-Bit)
"xp-AntiSpy" = xp-AntiSpy 3.98-2
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1315399434-4012707586-2408701596-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"CopyTrans Suite" = Nur Entfernen der CopyTrans Suite möglich
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 05.09.2012 09:36:45 | Computer Name = *** | Source = Avira Antivirus | ID = 4122
Description =
Error - 05.09.2012 11:02:01 | Computer Name = *** | Source = Avira Antivirus | ID = 4122
Description =
Error - 05.09.2012 13:44:49 | Computer Name = *** | Source = Avira Antivirus | ID = 4122
Description =
Error - 05.09.2012 13:48:04 | Computer Name = *** | Source = Avira Antivirus | ID = 4122
Description =
Error - 05.09.2012 17:55:36 | Computer Name = *** | Source = MsiInstaller | ID = 11316
Description =
Error - 05.09.2012 19:02:11 | Computer Name = *** | Source = EventSystem | ID = 4609
Description =
Error - 05.09.2012 19:10:57 | Computer Name = *** | Source = Avira Antivirus | ID = 4122
Description =
Error - 05.09.2012 19:12:34 | Computer Name = *** | Source = Avira Antivirus | ID = 4122
Description =
Error - 05.09.2012 19:24:37 | Computer Name = *** | Source = Avira Antivirus | ID = 4122
Description =
Error - 05.09.2012 19:25:53 | Computer Name = Natalja | Source = Avira Antivirus | ID = 4122
Description =
[ Media Center Events ]
Error - 14.06.2012 07:12:05 | Computer Name = *** | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
[ OSession Events ]
Error - 11.09.2009 17:34:36 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
Error - 01.10.2009 17:36:35 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 13
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 05.09.2012 19:17:20 | Computer Name = *** | Source = DCOM | ID = 10010
Description =
Error - 05.09.2012 19:19:27 | Computer Name = *** | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 06.09.2012 um 01:17:54 unerwartet heruntergefahren.
Error - 05.09.2012 19:38:42 | Computer Name = *** | Source = Service Control Manager | ID = 7024
Description =
Error - 05.09.2012 19:38:42 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description =
Error - 05.09.2012 19:38:42 | Computer Name = *** | Source = Service Control Manager | ID = 7023
Description =
Error - 05.09.2012 19:38:42 | Computer Name = *** | Source = Service Control Manager | ID = 7003
Description =
Error - 05.09.2012 19:38:42 | Computer Name = *** | Source = Service Control Manager | ID = 7003
Description =
Error - 05.09.2012 19:38:42 | Computer Name = *** | Source = Service Control Manager | ID = 7026
Description =
Error - 05.09.2012 19:38:42 | Computer Name = *** | Source = Service Control Manager | ID = 7001
Description =
Error - 05.09.2012 19:41:22 | Computer Name = *** | Source = DCOM | ID = 10010
Description =
[ Windows OneCare Events ]
Error - 26.03.2008 02:32:42 | Computer Name = *** | Source = WinSS | ID = 1011
Description =
Error - 26.03.2008 02:32:42 | Computer Name = *** | Source = WinSS | ID = 1011
Description =
Error - 26.03.2008 03:55:40 | Computer Name = *** | Source = WinSS | ID = 1011
Description =
Error - 30.03.2008 16:10:50 | Computer Name = *** | Source = WinSS | ID = 1011
Description =
Error - 30.03.2008 16:10:50 | Computer Name = *** | Source = WinSS | ID = 1011
Description =
Error - 10.04.2008 02:55:26 | Computer Name = *** | Source = WinSS | ID = 1011
Description =
Error - 11.04.2008 04:57:07 | Computer Name = *** | Source = WinSS | ID = 1011
Description =
Error - 15.04.2008 05:17:00 | Computer Name = *** | Source = WinSS | ID = 1011
Description =
Error - 15.04.2008 05:17:00 | Computer Name = *** | Source = WinSS | ID = 1011
Description =
Error - 15.04.2008 06:16:17 | Computer Name = *** | Source = WinSS | ID = 1011
Description =
< End of report >
GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-06 02:40:27
Windows 6.0.6000
Running: hbdnsjc6.exe
---- Services - GMER 1.0.15 ----
Service C:\SystemRoot\System32\Drivers\d5ef27d2304ff7ae.sys (*** hidden *** ) [BOOT] d5ef27d2304ff7ae <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00027873b61e
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016cfe759b3
Reg HKLM\SYSTEM\CurrentControlSet\Services\d5ef27d2304ff7ae@ImagePath \SystemRoot\System32\Drivers\d5ef27d2304ff7ae.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\d5ef27d2304ff7ae@Group Boot Bus Extender
Reg HKLM\SYSTEM\CurrentControlSet\Services\d5ef27d2304ff7ae@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\d5ef27d2304ff7ae@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\d5ef27d2304ff7ae@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\d5ef27d2304ff7ae@Tag 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\d5ef27d2304ff7ae@DisplayName syshost.exe
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x64 0xDF 0x5E 0x99 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE4 0x1E 0x2E 0x17 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7E 0x63 0xE9 0x0E ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00027873b61e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0016cfe759b3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\d5ef27d2304ff7ae@ImagePath \SystemRoot\System32\Drivers\d5ef27d2304ff7ae.sys
Reg HKLM\SYSTEM\ControlSet002\Services\d5ef27d2304ff7ae@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet002\Services\d5ef27d2304ff7ae@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\d5ef27d2304ff7ae@Type 1
Reg HKLM\SYSTEM\ControlSet002\Services\d5ef27d2304ff7ae@Start 0
Reg HKLM\SYSTEM\ControlSet002\Services\d5ef27d2304ff7ae@Tag 1
Reg HKLM\SYSTEM\ControlSet002\Services\d5ef27d2304ff7ae@DisplayName syshost.exe
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x64 0xDF 0x5E 0x99 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE4 0x1E 0x2E 0x17 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7E 0x63 0xE9 0x0E ...
---- EOF - GMER 1.0.15 ----
Liege ich mit der Vermutung nahe dass ich mir ein Rootkit eingefangen habe? Ich danke euch jetzt schon für die Hilfe … Lg Andre Geändert von loc-nar (06.09.2012 um 07:39 Uhr) Grund: Nicht ganz perfekt auf eure Vorgaben abgestimmt :) |
|
06.09.2012, 07:59
| #2 |
| /// Malwareteam    | Rootkit / Echtzeitscanner lässt sich nicht mehr aktivieren Mein Name ist Marius und ich werde dir bei deinem Problem helfen. Eines vorneweg: Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist. Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
Vista und Win7 User Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten. Scan mit TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
06.09.2012, 09:35
| #3 |
| | Rootkit / Echtzeitscanner lässt sich nicht mehr aktivieren Moin,
__________________danke dass du dich meiner annimmst: Erstmal beim starten kam der Fehler "Could not load Driver". Scan hat aber trotzdem funktioniert: Code:
ATTFilter 10:27:01.0336 1800 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
10:27:01.0497 1800 ============================================================
10:27:01.0497 1800 Current date / time: 2012/09/06 10:27:01.0497
10:27:01.0497 1800 SystemInfo:
10:27:01.0497 1800
10:27:01.0497 1800 OS Version: 6.0.6000 ServicePack: 0.0
10:27:01.0497 1800 Product type: Workstation
10:27:01.0498 1800 ComputerName: ***
10:27:01.0498 1800 UserName: Konto
10:27:01.0498 1800 Windows directory: C:\Windows
10:27:01.0498 1800 System windows directory: C:\Windows
10:27:01.0498 1800 Processor architecture: Intel x86
10:27:01.0498 1800 Number of processors: 2
10:27:01.0498 1800 Page size: 0x1000
10:27:01.0498 1800 Boot type: Normal boot
10:27:01.0498 1800 ============================================================
10:27:08.0958 1800 !crdlk
10:27:09.0245 1800 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
10:27:09.0274 1800 ============================================================
10:27:09.0274 1800 \Device\Harddisk0\DR0:
10:27:09.0288 1800 MBR partitions:
10:27:09.0288 1800 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x8A19000
10:27:09.0288 1800 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9E19800, BlocksNum 0x8BFF800
10:27:09.0288 1800 ============================================================
10:27:09.0332 1800 C: <-> \Device\Harddisk0\DR0\Partition1
10:27:09.0382 1800 D: <-> \Device\Harddisk0\DR0\Partition2
10:27:09.0383 1800 ============================================================
10:27:09.0383 1800 Initialize success
10:27:09.0383 1800 ============================================================
10:27:41.0416 2736 ============================================================
10:27:41.0416 2736 Scan started
10:27:41.0416 2736 Mode: Manual; TDLFS;
10:27:41.0416 2736 ============================================================
10:27:41.0833 2736 ================ Scan system memory ========================
10:27:41.0833 2736 System memory - ok
10:27:41.0834 2736 ================ Scan services =============================
10:27:42.0095 2736 [ 84FC6DF81212D16BE5C4F441682FECCC ] ACPI C:\Windows\system32\drivers\acpi.sys
10:27:42.0101 2736 ACPI - ok
10:27:42.0268 2736 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
10:27:42.0270 2736 AdobeARMservice - ok
10:27:42.0364 2736 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:27:42.0370 2736 AdobeFlashPlayerUpdateSvc - ok
10:27:42.0438 2736 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
10:27:42.0447 2736 adp94xx - ok
10:27:42.0483 2736 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
10:27:42.0492 2736 adpahci - ok
10:27:42.0523 2736 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
10:27:42.0526 2736 adpu160m - ok
10:27:42.0560 2736 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
10:27:42.0564 2736 adpu320 - ok
10:27:42.0655 2736 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:27:42.0656 2736 AeLookupSvc - ok
10:27:42.0716 2736 [ 5D24CAF8EFD924A875698FF28384DB8B ] AFD C:\Windows\system32\drivers\afd.sys
10:27:42.0723 2736 AFD - ok
10:27:42.0757 2736 [ 39E435C90C9C4F780FA0ED05CA3C3A1B ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
10:27:42.0758 2736 AgereModemAudio - ok
10:27:42.0850 2736 [ A19871AE65A769C65034B4DC44C29023 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
10:27:42.0895 2736 AgereSoftModem - ok
10:27:42.0943 2736 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:27:42.0945 2736 agp440 - ok
10:27:43.0018 2736 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
10:27:43.0020 2736 aic78xx - ok
10:27:43.0074 2736 [ E69FB0E3112C40FDC0EF7D21A52DC951 ] ALG C:\Windows\System32\alg.exe
10:27:43.0076 2736 ALG - ok
10:27:43.0109 2736 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
10:27:43.0111 2736 aliide - ok
10:27:43.0149 2736 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
10:27:43.0151 2736 amdagp - ok
10:27:43.0188 2736 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
10:27:43.0189 2736 amdide - ok
10:27:43.0237 2736 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
10:27:43.0239 2736 AmdK7 - ok
10:27:43.0284 2736 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
10:27:43.0286 2736 AmdK8 - ok
10:27:43.0359 2736 [ CFA455816879F06F1C4E5BBF9E8AEF7D ] Appinfo C:\Windows\System32\appinfo.dll
10:27:43.0360 2736 Appinfo - ok
10:27:43.0473 2736 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:27:43.0476 2736 Apple Mobile Device - ok
10:27:43.0523 2736 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
10:27:43.0525 2736 arc - ok
10:27:43.0583 2736 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
10:27:43.0585 2736 arcsas - ok
10:27:43.0753 2736 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
10:27:43.0755 2736 aspnet_state - ok
10:27:43.0809 2736 [ E86CF7CE67D5DE898F27EF884DC357D8 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:27:43.0810 2736 AsyncMac - ok
10:27:43.0869 2736 [ B35CFCEF838382AB6490B321C87EDF17 ] atapi C:\Windows\system32\drivers\atapi.sys
10:27:43.0870 2736 atapi - ok
10:27:43.0964 2736 [ 2846F5EE802889D500FCF5CC48B28381 ] athr C:\Windows\system32\DRIVERS\athr.sys
10:27:44.0010 2736 athr - ok
10:27:44.0110 2736 [ D1F2726E89D4BD96F8314B9E303E633D ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
10:27:44.0134 2736 Ati External Event Utility - ok
10:27:44.0402 2736 [ 908600384E8CC829081E468C65850FFD ] AtiDCM C:\Users\Konto\AppData\Local\Temp\atidcmxx.sys
10:27:44.0404 2736 AtiDCM - ok
10:27:44.0501 2736 [ E760FC1BD68F7F6F1B17EB4E8D9480B0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:27:44.0506 2736 AudioEndpointBuilder - ok
10:27:44.0545 2736 [ E760FC1BD68F7F6F1B17EB4E8D9480B0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
10:27:44.0548 2736 Audiosrv - ok
10:27:44.0634 2736 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
10:27:44.0635 2736 BcmSqlStartupSvc - ok
10:27:44.0692 2736 [ AC3DD1708B22761EBD7CBE14DCC3B5D7 ] Beep C:\Windows\system32\drivers\Beep.sys
10:27:44.0693 2736 Beep - ok
10:27:44.0780 2736 [ DA551697E34D2B9943C8B1C8EAFFE89A ] BITS C:\Windows\System32\qmgr.dll
10:27:44.0814 2736 BITS - ok
10:27:44.0833 2736 blbdrive - ok
10:27:44.0924 2736 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:27:44.0933 2736 Bonjour Service - ok
10:27:44.0978 2736 [ 913CD06FBE9105CE6077E90FD4418561 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:27:44.0981 2736 bowser - ok
10:27:45.0022 2736 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
10:27:45.0023 2736 BrFiltLo - ok
10:27:45.0051 2736 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
10:27:45.0052 2736 BrFiltUp - ok
10:27:45.0107 2736 [ BEB6470532B7461D7BB426E3FACB424F ] Browser C:\Windows\System32\browser.dll
10:27:45.0110 2736 Browser - ok
10:27:45.0200 2736 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
10:27:45.0202 2736 Brserid - ok
10:27:45.0241 2736 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
10:27:45.0243 2736 BrSerWdm - ok
10:27:45.0283 2736 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
10:27:45.0285 2736 BrUsbMdm - ok
10:27:45.0318 2736 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
10:27:45.0319 2736 BrUsbSer - ok
10:27:45.0383 2736 [ 064FBC56921051DE1075495D628B815F ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
10:27:45.0385 2736 BthEnum - ok
10:27:45.0410 2736 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
10:27:45.0413 2736 BTHMODEM - ok
10:27:45.0482 2736 [ B8C3D9DDF85FD197C3E5F849FEF71144 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
10:27:45.0485 2736 BthPan - ok
10:27:45.0542 2736 [ B24757D9154CCA035E1BBD3DB92966D7 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
10:27:45.0547 2736 BTHPORT - ok
10:27:45.0615 2736 [ 58EE7F5E68310BC8D4E7CEBD8358C12E ] BthServ C:\Windows\System32\bthserv.dll
10:27:45.0616 2736 BthServ - ok
10:27:45.0656 2736 [ D42CF5F0C7635B3F1578810FE34D9E41 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
10:27:45.0658 2736 BTHUSB - ok
10:27:45.0738 2736 [ 0CF62C498D60253A4FC3B2AFF0E6373E ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
10:27:45.0740 2736 btwaudio - ok
10:27:45.0788 2736 [ D094142ADE0DA18463609AE656B1F3ED ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
10:27:45.0793 2736 btwavdt - ok
10:27:45.0869 2736 [ 840439331FF1A72B3A18ED59D27676D8 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
10:27:45.0878 2736 btwdins - ok
10:27:45.0920 2736 [ 511159FCB07FD7442E7F399C94A3B408 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
10:27:45.0921 2736 btwrchid - ok
10:27:45.0972 2736 [ 6C3A437FC873C6F6A4FC620B6888CB86 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:27:45.0975 2736 cdfs - ok
10:27:46.0022 2736 [ 8D1866E61AF096AE8B582454F5E4D303 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:27:46.0025 2736 cdrom - ok
10:27:46.0095 2736 [ 0600E04315FE543802A379D5D23C8BE0 ] CertPropSvc C:\Windows\System32\certprop.dll
10:27:46.0096 2736 CertPropSvc - ok
10:27:46.0146 2736 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
10:27:46.0147 2736 circlass - ok
10:27:46.0220 2736 [ 1B84FD0937D3B99AF9BA38DDFF3DAF54 ] CLFS C:\Windows\system32\CLFS.sys
10:27:46.0226 2736 CLFS - ok
10:27:46.0310 2736 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:27:46.0312 2736 clr_optimization_v2.0.50727_32 - ok
10:27:46.0391 2736 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:27:46.0394 2736 clr_optimization_v4.0.30319_32 - ok
10:27:46.0459 2736 [ ED97AD3DF1B9005989EAF149BF06C821 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:27:46.0461 2736 CmBatt - ok
10:27:46.0519 2736 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:27:46.0520 2736 cmdide - ok
10:27:46.0551 2736 [ 722936AFB75A7F509662B69B5632F48A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:27:46.0553 2736 Compbatt - ok
10:27:46.0581 2736 COMSysApp - ok
10:27:46.0621 2736 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
10:27:46.0622 2736 crcdisk - ok
10:27:46.0660 2736 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
10:27:46.0662 2736 Crusoe - ok
10:27:46.0724 2736 [ 1C26FB097170A2A91066D1E3A24366E3 ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:27:46.0728 2736 CryptSvc - ok
10:27:46.0752 2736 Suspicious service (NoAccess): d5ef27d2304ff7ae
10:27:46.0802 2736 [ DE72960AEFBA0C8ED5B55720F658FCD8 ] d5ef27d2304ff7ae C:\Windows\System32\Drivers\d5ef27d2304ff7ae.sys
10:27:46.0802 2736 Suspicious file (NoAccess): C:\Windows\System32\Drivers\d5ef27d2304ff7ae.sys. md5: DE72960AEFBA0C8ED5B55720F658FCD8
10:27:46.0943 2736 d5ef27d2304ff7ae ( Rootkit.Win32.Necurs.gen ) - infected
10:27:46.0943 2736 d5ef27d2304ff7ae - detected Rootkit.Win32.Necurs.gen (0)
10:27:47.0016 2736 [ 7B981222A257D076885BFFB66F19B7CE ] DcomLaunch C:\Windows\system32\rpcss.dll
10:27:47.0039 2736 DcomLaunch - ok
10:27:47.0081 2736 [ A7179DE59AE269AB70345527894CCD7C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:27:47.0084 2736 DfsC - ok
10:27:47.0195 2736 [ E0D584AA76C7D845BA9F3A788260528F ] DFSR C:\Windows\system32\DFSR.exe
10:27:47.0261 2736 DFSR - ok
10:27:47.0353 2736 [ DC45739BC22D528D2B3E50D3F6761750 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
10:27:47.0358 2736 Dhcp - ok
10:27:47.0406 2736 [ 841AF4C4D41D3E3B2F244E976B0F7963 ] disk C:\Windows\system32\drivers\disk.sys
10:27:47.0408 2736 disk - ok
10:27:47.0468 2736 [ EECBA1DD142BF8693C476BE8F32FE253 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:27:47.0470 2736 Dnscache - ok
10:27:47.0508 2736 [ 1F795D214820E496BF1124434A6DB546 ] dot3svc C:\Windows\System32\dot3svc.dll
10:27:47.0512 2736 dot3svc - ok
10:27:47.0561 2736 [ 032C90AD677BF7B7A8013D6087C7A921 ] DPS C:\Windows\system32\dps.dll
10:27:47.0564 2736 DPS - ok
10:27:47.0595 2736 [ EE472CD2C01F6F8E8AA1FA06FFEF61B6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:27:47.0597 2736 drmkaud - ok
10:27:47.0711 2736 [ 16C5891C6D1FA0B5D9014F85A482EB20 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
10:27:47.0716 2736 dtsoftbus01 - ok
10:27:47.0788 2736 [ 334988883DE69ADB27E2CF9F9715BBDB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:27:47.0810 2736 DXGKrnl - ok
10:27:47.0878 2736 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
10:27:47.0881 2736 E1G60 - ok
10:27:47.0945 2736 [ 90A0A875642E18618010645311B4E89E ] EapHost C:\Windows\System32\eapsvc.dll
10:27:47.0947 2736 EapHost - ok
10:27:47.0992 2736 [ 0EFC7531B936EE57FDB4E837664C509F ] Ecache C:\Windows\system32\drivers\ecache.sys
10:27:47.0996 2736 Ecache - ok
10:27:48.0055 2736 [ 792F72E8B63DF55CE98445D464874986 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:27:48.0062 2736 ehRecvr - ok
10:27:48.0133 2736 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
10:27:48.0136 2736 ehSched - ok
10:27:48.0170 2736 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
10:27:48.0172 2736 ehstart - ok
10:27:48.0249 2736 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
10:27:48.0256 2736 elxstor - ok
10:27:48.0364 2736 [ 3226FDA08988526E819E364E8CCE4CEE ] EMDMgmt C:\Windows\system32\emdmgmt.dll
10:27:48.0387 2736 EMDMgmt - ok
10:27:48.0517 2736 [ 7B4971C3D43525175A4EA0D143E0412E ] EventSystem C:\Windows\system32\es.dll
10:27:48.0523 2736 EventSystem - ok
10:27:48.0583 2736 [ 84A317CB0B3954D3768CDCD018DBF670 ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:27:48.0587 2736 fastfat - ok
10:27:48.0646 2736 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:27:48.0648 2736 fdc - ok
10:27:48.0696 2736 [ E43BCE1A77D6FD4ED5F8E0482B9E7DF1 ] fdPHost C:\Windows\system32\fdPHost.dll
10:27:48.0698 2736 fdPHost - ok
10:27:48.0728 2736 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
10:27:48.0730 2736 FDResPub - ok
10:27:48.0759 2736 [ 65773D6115C037FFD7EF8280AE85EB9D ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:27:48.0761 2736 FileInfo - ok
10:27:48.0811 2736 [ C226DD0DE060745F3E042F58DCF78402 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:27:48.0813 2736 Filetrace - ok
10:27:48.0844 2736 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:27:48.0846 2736 flpydisk - ok
10:27:48.0901 2736 [ A6A8DA7AE4D53394AB22AC3AB6D3F5D3 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:27:48.0905 2736 FltMgr - ok
10:27:49.0012 2736 [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:27:49.0013 2736 FontCache3.0.0.0 - ok
10:27:49.0059 2736 [ 66A078591208BAA210C7634B11EB392C ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:27:49.0061 2736 Fs_Rec - ok
10:27:49.0112 2736 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
10:27:49.0114 2736 gagp30kx - ok
10:27:49.0184 2736 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:27:49.0185 2736 GEARAspiWDM - ok
10:27:49.0281 2736 [ BCF6589C42D8F6A20F33EF133FFE0524 ] gpsvc C:\Windows\System32\gpsvc.dll
10:27:49.0305 2736 gpsvc - ok
10:27:49.0405 2736 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
10:27:49.0408 2736 gupdate - ok
10:27:49.0440 2736 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
10:27:49.0443 2736 gupdatem - ok
10:27:49.0511 2736 [ 408DDD80EEDE47175F6844817B90213E ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
10:27:49.0515 2736 gusvc - ok
10:27:49.0593 2736 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:27:49.0598 2736 HdAudAddService - ok
10:27:49.0665 2736 [ 0DB613A7E427B5663563677796FD5258 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
10:27:49.0666 2736 HDAudBus - ok
10:27:49.0704 2736 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
10:27:49.0705 2736 HidBth - ok
10:27:49.0746 2736 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
10:27:49.0747 2736 HidIr - ok
10:27:49.0805 2736 [ 8FA640195279ACE21BEA91396A0054FC ] hidserv C:\Windows\system32\hidserv.dll
10:27:49.0807 2736 hidserv - ok
10:27:49.0854 2736 [ 3C64042B95E583B366BA4E5D2450235E ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:27:49.0855 2736 HidUsb - ok
10:27:49.0913 2736 [ D40AA05E29BF6ED29B139F044B461E9B ] hkmsvc C:\Windows\system32\kmsvc.dll
10:27:49.0916 2736 hkmsvc - ok
10:27:49.0964 2736 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
10:27:49.0966 2736 HpCISSs - ok
10:27:50.0130 2736 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
10:27:50.0136 2736 hpqcxs08 - ok
10:27:50.0175 2736 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
10:27:50.0179 2736 hpqddsvc - ok
10:27:50.0252 2736 [ 9D23402D305869844BC6004A05CC74BA ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
10:27:50.0275 2736 HPSLPSVC - ok
10:27:50.0356 2736 [ EA24FE637D974A8A31BC650F478E3533 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:27:50.0364 2736 HTTP - ok
10:27:50.0428 2736 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
10:27:50.0430 2736 i2omp - ok
10:27:50.0495 2736 [ 1C9EE072BAA3ABB460B91D7EE9152660 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
10:27:50.0497 2736 i8042prt - ok
10:27:50.0544 2736 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
10:27:50.0549 2736 iaStorV - ok
10:27:50.0648 2736 [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:27:50.0682 2736 idsvc - ok
10:27:50.0740 2736 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
10:27:50.0742 2736 iirsp - ok
10:27:50.0836 2736 [ 35662FE4D8622F667AA5A5568F7F1B40 ] IKEEXT C:\Windows\System32\ikeext.dll
10:27:50.0859 2736 IKEEXT - ok
10:27:50.0973 2736 [ A47B2875680AD67B35C6150BD0203056 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
10:27:51.0030 2736 IntcAzAudAddService - ok
10:27:51.0089 2736 [ 97469037714070E45194ED318D636401 ] intelide C:\Windows\system32\drivers\intelide.sys
10:27:51.0090 2736 intelide - ok
10:27:51.0149 2736 [ CE44CC04262F28216DD4341E9E36A16F ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:27:51.0151 2736 intelppm - ok
10:27:51.0202 2736 [ 88CF5281ED9880D74DC9011CF8B5262D ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:27:51.0205 2736 IPBusEnum - ok
10:27:51.0230 2736 [ 880C6F86CC3F551B8FEA2C11141268C0 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:27:51.0232 2736 IpFilterDriver - ok
10:27:51.0251 2736 IpInIp - ok
10:27:51.0293 2736 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
10:27:51.0295 2736 IPMIDRV - ok
10:27:51.0352 2736 [ 10077C35845101548037DF04FD1A420B ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
10:27:51.0354 2736 IPNAT - ok
10:27:51.0455 2736 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
10:27:51.0489 2736 iPod Service - ok
10:27:51.0530 2736 [ A82F328F4792304184642D6D397BB1E3 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:27:51.0532 2736 IRENUM - ok
10:27:51.0594 2736 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:27:51.0596 2736 isapnp - ok
10:27:51.0641 2736 [ 4DCA456D4D5723F8FA9C6760D240B0DF ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
10:27:51.0644 2736 iScsiPrt - ok
10:27:51.0714 2736 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
10:27:51.0715 2736 iteatapi - ok
10:27:51.0756 2736 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
10:27:51.0757 2736 iteraid - ok
10:27:51.0851 2736 [ B076B2AB806B3F696DAB21375389101C ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:27:51.0911 2736 kbdclass - ok
10:27:52.0113 2736 [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
10:27:52.0115 2736 kbdhid - ok
10:27:52.0173 2736 [ C731B1FE449D4E9CEA358C9D55B69BE9 ] KeyIso C:\Windows\system32\lsass.exe
10:27:52.0176 2736 KeyIso - ok
10:27:52.0225 2736 [ EBC507F129DF8F0E0CA270DCFC0CF87F ] KMDFMEMIO C:\Windows\system32\DRIVERS\kmdfmemio.sys
10:27:52.0227 2736 KMDFMEMIO - ok
10:27:52.0297 2736 [ 0A829977B078DEA11641FC2AF87CEADE ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:27:52.0305 2736 KSecDD - ok
10:27:52.0412 2736 [ 45C537FE5DDE9A0146AEFF76E615737D ] KtmRm C:\Windows\system32\msdtckrm.dll
10:27:52.0419 2736 KtmRm - ok
10:27:52.0467 2736 [ 53D1482FC1AA36AC015A85E6CF2146BD ] LanmanServer C:\Windows\system32\srvsvc.dll
10:27:52.0472 2736 LanmanServer - ok
10:27:52.0554 2736 [ 435F0F6DC87A4B5DA78F1FA309884189 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:27:52.0559 2736 LanmanWorkstation - ok
10:27:52.0610 2736 [ FD015B4F95DAA2B712F0E372A116FBAD ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:27:52.0611 2736 lltdio - ok
10:27:52.0667 2736 [ 7450DBCF754391DD6363FFFD5EF0E789 ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:27:52.0673 2736 lltdsvc - ok
10:27:52.0718 2736 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:27:52.0720 2736 lmhosts - ok
10:27:52.0786 2736 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
10:27:52.0788 2736 LSI_FC - ok
10:27:52.0846 2736 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
10:27:52.0849 2736 LSI_SAS - ok
10:27:52.0902 2736 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
10:27:52.0904 2736 LSI_SCSI - ok
10:27:52.0970 2736 [ 42885BB44B6E065B8575A8DD6C430C52 ] luafv C:\Windows\system32\drivers\luafv.sys
10:27:52.0972 2736 luafv - ok
10:27:53.0042 2736 [ E93C1AD58E88A0846EAEE10671C2A8F3 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:27:53.0044 2736 Mcx2Svc - ok
10:27:53.0138 2736 [ 80E2AB1ED5880492C676C456E75D0CF4 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
10:27:53.0144 2736 MDM - ok
10:27:53.0213 2736 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
10:27:53.0215 2736 megasas - ok
10:27:53.0255 2736 [ 9DFA3A459AF0954AA85B4F7622AD87BB ] MMCSS C:\Windows\system32\mmcss.dll
10:27:53.0258 2736 MMCSS - ok
10:27:53.0290 2736 [ 21755967298A46FB6ADFEC9DB6012211 ] Modem C:\Windows\system32\drivers\modem.sys
10:27:53.0294 2736 Modem - ok
10:27:53.0363 2736 [ 7446E104A5FE5987CA9E4983FBAC4F97 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:27:53.0364 2736 monitor - ok
10:27:53.0442 2736 [ FE80C18BA448DDD76B7BEAD9EB203D37 ] motmodem C:\Windows\system32\DRIVERS\motmodem.sys
10:27:53.0444 2736 motmodem - ok
10:27:53.0493 2736 [ 5FBA13C1A1841B0885D316ED3589489D ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:27:53.0495 2736 mouclass - ok
10:27:53.0546 2736 [ B569B5C5D3BDE545DF3A6AF512CCCDBA ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:27:53.0547 2736 mouhid - ok
10:27:53.0595 2736 [ 01F1E5A3E4877C931CBB31613FEC16A6 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
10:27:53.0598 2736 MountMgr - ok
10:27:53.0660 2736 [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:27:53.0663 2736 MozillaMaintenance - ok
10:27:53.0733 2736 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
10:27:53.0736 2736 mpio - ok
10:27:53.0792 2736 [ 6E7A7F0C1193EE5648443FE2D4B789EC ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:27:53.0794 2736 mpsdrv - ok
10:27:53.0856 2736 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
10:27:53.0857 2736 Mraid35x - ok
10:27:53.0916 2736 [ 1D8828B98EE309D65E006F0829E280E5 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:27:53.0919 2736 MRxDAV - ok
10:27:53.0974 2736 [ 8AF705CE1BB907932157FAB821170F27 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:27:53.0977 2736 mrxsmb - ok
10:27:54.0030 2736 [ 47E13AB23371BE3279EEF22BBFA2C1BE ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:27:54.0035 2736 mrxsmb10 - ok
10:27:54.0079 2736 [ 90B3FC7BD6B3D7EE7635DEBBA2187F66 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:27:54.0082 2736 mrxsmb20 - ok
10:27:54.0122 2736 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys
10:27:54.0124 2736 msahci - ok
10:27:54.0174 2736 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:27:54.0177 2736 msdsm - ok
10:27:54.0222 2736 [ BC64A92D821EFEA8BAB8E8CAF1B668BC ] MSDTC C:\Windows\System32\msdtc.exe
10:27:54.0226 2736 MSDTC - ok
10:27:54.0287 2736 [ 729EAFEFD4E7417165F353A18DBE947D ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:27:54.0288 2736 Msfs - ok
10:27:54.0321 2736 MSFWHLPR - ok
10:27:54.0374 2736 [ 207DF26DBB2537C20276DA0E15892274 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:27:54.0377 2736 msisadrv - ok
10:27:54.0485 2736 [ 8ACF956D9154E893E789881430C12632 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:27:54.0488 2736 MSiSCSI - ok
10:27:54.0512 2736 msiserver - ok
10:27:54.0555 2736 [ 892CEDEFA7E0FFE7BE8DA651B651D047 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:27:54.0556 2736 MSKSSRV - ok
10:27:54.0603 2736 [ AE2CB1DA69B2676B4CEE2A501AF5871C ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:27:54.0604 2736 MSPCLOCK - ok
10:27:54.0627 2736 [ F910DA84FA90C44A3ADDB7CD874463FD ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:27:54.0629 2736 MSPQM - ok
10:27:54.0665 2736 [ 84571C0AE07647BA38D493F5F0015DF7 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:27:54.0669 2736 MsRPC - ok
10:27:54.0720 2736 [ 7DBAA028F625AA46B95DDA4FBE4B602B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
10:27:54.0721 2736 mssmbios - ok
10:27:54.0786 2736 MSSQL$MSSMLBIZ - ok
10:27:54.0853 2736 [ C06EA83F6FC2959E897C117255B6B1D5 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
10:27:54.0854 2736 MSSQLServerADHelper - ok
10:27:54.0914 2736 [ C826DD1373F38AFD9CA46EC3C436A14E ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:27:54.0915 2736 MSTEE - ok
10:27:54.0963 2736 [ FA7AA70050CF5E2D15DE00941E5665E5 ] Mup C:\Windows\system32\Drivers\mup.sys
10:27:54.0965 2736 Mup - ok
10:27:55.0035 2736 [ 1CDBB5D002FE2BC5300AA20550D8A52E ] napagent C:\Windows\system32\qagentRT.dll
10:27:55.0042 2736 napagent - ok
10:27:55.0099 2736 [ 6DA4A0FC7C0E83DF0CB3CFD0A514C3BC ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:27:55.0103 2736 NativeWifiP - ok
10:27:55.0169 2736 [ 227C11E1E7CF6EF8AFB2A238D209760C ] NDIS C:\Windows\system32\drivers\ndis.sys
10:27:55.0193 2736 NDIS - ok
10:27:55.0260 2736 [ 81659CDCBD0F9A9E07E6878AD8C78D3F ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:27:55.0261 2736 NdisTapi - ok
10:27:55.0306 2736 [ 5DE5EE546BF40838EBE0E01CB629DF64 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:27:55.0307 2736 Ndisuio - ok
10:27:55.0340 2736 [ 397402ADCBB8946223A1950101F6CD94 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:27:55.0344 2736 NdisWan - ok
10:27:55.0404 2736 [ 8F619CC242442DFA6D42A8227866FD57 ] NDNdisprot C:\Windows\system32\DRIVERS\ndndisprot.sys
10:27:55.0405 2736 NDNdisprot - ok
10:27:55.0462 2736 [ 1B24FA907AF283199A81B3BB37E5E526 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:27:55.0463 2736 NDProxy - ok
10:27:55.0537 2736 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
10:27:55.0540 2736 Net Driver HPZ12 - ok
10:27:55.0612 2736 [ 356DBB9F98E8DC1028DD3092FCEEB877 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:27:55.0614 2736 NetBIOS - ok
10:27:55.0656 2736 [ E3A168912E7EEFC3BD3B814720D68B41 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
10:27:55.0660 2736 netbt - ok
10:27:55.0696 2736 [ C731B1FE449D4E9CEA358C9D55B69BE9 ] Netlogon C:\Windows\system32\lsass.exe
10:27:55.0698 2736 Netlogon - ok
10:27:55.0762 2736 [ 90A4DAE28B94497F83BEA0F2A3B77092 ] Netman C:\Windows\System32\netman.dll
10:27:55.0769 2736 Netman - ok
10:27:55.0832 2736 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:27:55.0835 2736 NetMsmqActivator - ok
10:27:55.0876 2736 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:27:55.0879 2736 NetPipeActivator - ok
10:27:55.0923 2736 [ 7C5C3D9CEEE838856B828AB6F98A2857 ] netprofm C:\Windows\System32\netprofm.dll
10:27:55.0930 2736 netprofm - ok
10:27:55.0956 2736 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:27:55.0958 2736 NetTcpActivator - ok
10:27:55.0982 2736 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:27:55.0985 2736 NetTcpPortSharing - ok
10:27:56.0116 2736 [ 6E9EDC1020B319E7676387B8CDF2398C ] NETw2v32 C:\Windows\system32\DRIVERS\NETw2v32.sys
10:27:56.0194 2736 NETw2v32 - ok
10:27:56.0259 2736 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
10:27:56.0261 2736 nfrd960 - ok
10:27:56.0327 2736 [ C424117A562F2DE37A42266894C79AEB ] NlaSvc C:\Windows\System32\nlasvc.dll
10:27:56.0332 2736 NlaSvc - ok
10:27:56.0371 2736 [ 4F9832BEB9FAFD8CEB0E541F1323B26E ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:27:56.0373 2736 Npfs - ok
10:27:56.0443 2736 [ 23B8201A363DE0E649FC75EE9874DEE2 ] nsi C:\Windows\system32\nsisvc.dll
10:27:56.0446 2736 nsi - ok
10:27:56.0471 2736 [ B488DFEC274DE1FC9D653870EF2587BE ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:27:56.0473 2736 nsiproxy - ok
10:27:56.0571 2736 [ 37430AA7A66D7A63407ADC2C0D05E9F6 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:27:56.0605 2736 Ntfs - ok
10:27:56.0659 2736 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
10:27:56.0661 2736 ntrigdigi - ok
10:27:56.0713 2736 [ EC5EFB3C60F1B624648344A328BCE596 ] Null C:\Windows\system32\drivers\Null.sys
10:27:56.0714 2736 Null - ok
10:27:56.0775 2736 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:27:56.0778 2736 nvraid - ok
10:27:56.0815 2736 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:27:56.0817 2736 nvstor - ok
10:27:56.0900 2736 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:27:56.0903 2736 nv_agp - ok
10:27:56.0922 2736 NwlnkFlt - ok
10:27:56.0943 2736 NwlnkFwd - ok
10:27:57.0045 2736 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:27:57.0054 2736 odserv - ok
10:27:57.0328 2736 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:27:57.0330 2736 ohci1394 - ok
10:27:57.0380 2736 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:27:57.0383 2736 ose - ok
10:27:57.0457 2736 [ 016D01D3B8FB976A193C7434BED8DCCF ] p2pimsvc C:\Windows\system32\p2psvc.dll
10:27:57.0491 2736 p2pimsvc - ok
10:27:57.0567 2736 [ 016D01D3B8FB976A193C7434BED8DCCF ] p2psvc C:\Windows\system32\p2psvc.dll
10:27:57.0575 2736 p2psvc - ok
10:27:57.0636 2736 [ DCA942C0A19A0AD2ABCD9ACF94EB4B10 ] PAC207 C:\Windows\system32\DRIVERS\PFC027.SYS
10:27:57.0659 2736 PAC207 - ok
10:27:57.0718 2736 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
10:27:57.0721 2736 Parport - ok
10:27:57.0770 2736 [ 555A5B2C8022983BC7467BC925B222EE ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:27:57.0772 2736 partmgr - ok
10:27:57.0807 2736 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
10:27:57.0809 2736 Parvdm - ok
10:27:57.0857 2736 [ D8C5C215C932233A4F1D7F368F4E4E65 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:27:57.0860 2736 PcaSvc - ok
10:27:57.0914 2736 [ BDD96F9CF34D58958AFF1BE6EF4C8020 ] pci C:\Windows\system32\drivers\pci.sys
10:27:57.0917 2736 pci - ok
10:27:57.0975 2736 [ CABA65E9C41CD2900D4C92D4F825C5F8 ] pciide C:\Windows\system32\drivers\pciide.sys
10:27:57.0977 2736 pciide - ok
10:27:58.0038 2736 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
10:27:58.0043 2736 pcmcia - ok
10:27:58.0099 2736 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:27:58.0133 2736 PEAUTH - ok
10:27:58.0263 2736 [ 514FADD940A5EE06D6CAA5CD0F6725D6 ] Ph3xIB32 C:\Windows\system32\DRIVERS\Ph3xIB32.sys
10:27:58.0297 2736 Ph3xIB32 - ok
10:27:58.0398 2736 [ CD05A38D166BEADE18030BAFC0C0A939 ] pla C:\Windows\system32\pla.dll
10:27:58.0490 2736 pla - ok
10:27:58.0554 2736 [ 747BB4C31F3B6E8D1B5ED0AD61518CB5 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:27:58.0561 2736 PlugPlay - ok
10:27:58.0633 2736 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
10:27:58.0635 2736 Pml Driver HPZ12 - ok
10:27:58.0701 2736 [ 016D01D3B8FB976A193C7434BED8DCCF ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
10:27:58.0708 2736 PNRPAutoReg - ok
10:27:58.0756 2736 [ 016D01D3B8FB976A193C7434BED8DCCF ] PNRPsvc C:\Windows\system32\p2psvc.dll
10:27:58.0764 2736 PNRPsvc - ok
10:27:58.0830 2736 [ 5EBDEC613BD377CE9A85382BE5C6B83B ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:27:58.0838 2736 PolicyAgent - ok
10:27:58.0908 2736 [ 6C359AC71D7B550A0D41F9DB4563CE05 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:27:58.0910 2736 PptpMiniport - ok
10:27:58.0954 2736 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
10:27:58.0956 2736 Processor - ok
10:27:59.0025 2736 [ 213112E152E68F0E4705E36F052A2880 ] ProfSvc C:\Windows\system32\profsvc.dll
10:27:59.0030 2736 ProfSvc - ok
10:27:59.0074 2736 [ C731B1FE449D4E9CEA358C9D55B69BE9 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:27:59.0075 2736 ProtectedStorage - ok
10:27:59.0150 2736 [ 2C8BAE55247C4E09352E870292E4D1AB ] PSched C:\Windows\system32\DRIVERS\pacer.sys
10:27:59.0152 2736 PSched - ok
10:27:59.0227 2736 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
10:27:59.0261 2736 ql2300 - ok
10:27:59.0363 2736 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
10:27:59.0366 2736 ql40xx - ok
10:27:59.0441 2736 [ CA61BDFD3713A7CE75F2812AFC431594 ] QWAVE C:\Windows\system32\qwave.dll
10:27:59.0448 2736 QWAVE - ok
10:27:59.0495 2736 [ D2B3E2B7426DC23E185FBC73C8936C12 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:27:59.0496 2736 QWAVEdrv - ok
10:27:59.0613 2736 [ 1FD94B167A03C4E9909F6E28A6320019 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
10:27:59.0728 2736 R300 - ok
10:27:59.0840 2736 [ FBE824717B9537383730C634D06CCFB0 ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
10:27:59.0844 2736 RapiMgr - ok
10:27:59.0878 2736 [ BD7B30F55B3649506DD8B3D38F571D2A ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:27:59.0879 2736 RasAcd - ok
10:27:59.0934 2736 [ F14F4AAB9F54D099FE99192BDB100AC9 ] RasAuto C:\Windows\System32\rasauto.dll
10:27:59.0938 2736 RasAuto - ok
10:27:59.0965 2736 [ 88587DD843E2059848995B407B67F6CF ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:27:59.0968 2736 Rasl2tp - ok
10:28:00.0023 2736 [ 11D65E29BC9D1E4114D18FE68194394C ] RasMan C:\Windows\System32\rasmans.dll
10:28:00.0030 2736 RasMan - ok
10:28:00.0061 2736 [ CCF4E9C6CBBAC81437F88CB2AE0B6C96 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:28:00.0062 2736 RasPppoe - ok
10:28:00.0112 2736 [ 54129C5D9581BBEC8BD1EBD3BA813F47 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:28:00.0117 2736 rdbss - ok
10:28:00.0227 2736 [ 794585276B5D7FCA9F3FC15543F9F0B9 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:28:00.0229 2736 RDPCDD - ok
10:28:00.0282 2736 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
10:28:00.0288 2736 rdpdr - ok
10:28:00.0323 2736 [ 980B56E2E273E19D3A9D72D5C420F008 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:28:00.0324 2736 RDPENCDD - ok
10:28:00.0384 2736 [ 8830E790A74A96605FABA74F9665BB3C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:28:00.0388 2736 RDPWD - ok
10:28:00.0464 2736 [ 6C1A43C589EE8011A1EBFD51C01B77CE ] RemoteAccess C:\Windows\System32\mprdim.dll
10:28:00.0467 2736 RemoteAccess - ok
10:28:00.0526 2736 [ 9A043808667C8C1893DA7275AF373F0E ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:28:00.0531 2736 RemoteRegistry - ok
10:28:00.0599 2736 [ 7EC90C316177BA3F1BCE92005264B447 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
10:28:00.0601 2736 RFCOMM - ok
10:28:00.0676 2736 [ BD517C7FB119997EFFBE39D5E4B37B05 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
10:28:00.0680 2736 RichVideo - ok
10:28:00.0738 2736 [ B39F1BD472E4992382875BAF0B645C6D ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
10:28:00.0740 2736 rimmptsk - ok
10:28:00.0775 2736 [ A4216C71DD4F60B26418CCFD99CD0815 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
10:28:00.0778 2736 rimsptsk - ok
10:28:00.0801 2736 [ C663AF77E2F4EABF8EB08B388D2F1F36 ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
10:28:00.0803 2736 rismxdp - ok
10:28:00.0844 2736 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
10:28:00.0846 2736 RpcLocator - ok
10:28:00.0917 2736 [ 7B981222A257D076885BFFB66F19B7CE ] RpcSs C:\Windows\system32\rpcss.dll
10:28:00.0924 2736 RpcSs - ok
10:28:00.0997 2736 [ 97E939D2128FEC5D5A3E6E79B290A2F4 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:28:00.0999 2736 rspndr - ok
10:28:01.0035 2736 [ F7A8C9024E82534CEC50613D87E88645 ] RTL8023xp C:\Windows\system32\DRIVERS\Rtnicxp.sys
10:28:01.0037 2736 RTL8023xp - ok
10:28:01.0085 2736 [ C731B1FE449D4E9CEA358C9D55B69BE9 ] SamSs C:\Windows\system32\lsass.exe
10:28:01.0087 2736 SamSs - ok
10:28:01.0155 2736 [ 4BFB51CDB25D4D4B9E8FCCAB635F262E ] Samsung Update Plus C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
10:28:01.0157 2736 Samsung Update Plus - ok
10:28:01.0224 2736 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:28:01.0227 2736 sbp2port - ok
10:28:01.0292 2736 [ 565B4B9E5AD2F2F18A4F8AAFA6C06BBB ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:28:01.0296 2736 SCardSvr - ok
10:28:01.0381 2736 [ 886CEC884B5BE29AB9828B8AB46B11F7 ] Schedule C:\Windows\system32\schedsvc.dll
10:28:01.0404 2736 Schedule - ok
10:28:01.0451 2736 [ 0600E04315FE543802A379D5D23C8BE0 ] SCPolicySvc C:\Windows\System32\certprop.dll
10:28:01.0453 2736 SCPolicySvc - ok
10:28:01.0507 2736 [ 7B3973CC28B8AA3E9E2E5D53E720E2C9 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
10:28:01.0510 2736 sdbus - ok
10:28:01.0551 2736 [ F7B6BF02240D0A764ADF8C8966735552 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:28:01.0556 2736 SDRSVC - ok
10:28:01.0613 2736 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:28:01.0615 2736 secdrv - ok
10:28:01.0645 2736 [ 8388C4133DDBE62AD7BC3EC9F14271ED ] seclogon C:\Windows\system32\seclogon.dll
10:28:01.0648 2736 seclogon - ok
10:28:01.0700 2736 [ 34350AE2C1D33D21C7305F861BD8DAD8 ] SENS C:\Windows\System32\sens.dll
10:28:01.0703 2736 SENS - ok
10:28:01.0765 2736 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:28:01.0767 2736 Serenum - ok
10:28:01.0799 2736 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
10:28:01.0802 2736 Serial - ok
10:28:01.0862 2736 [ 450ACCD77EC5CEA720C1CDB9E26B953B ] sermouse C:\Windows\system32\drivers\sermouse.sys
10:28:01.0863 2736 sermouse - ok
10:28:01.0947 2736 [ 78878235DA4DF0D116E86837A0A21DF8 ] SessionEnv C:\Windows\system32\sessenv.dll
10:28:01.0952 2736 SessionEnv - ok
10:28:01.0995 2736 [ 51CF56AA8BCC241F134B420B8F850406 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
10:28:01.0996 2736 sffdisk - ok
10:28:02.0028 2736 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:28:02.0030 2736 sffp_mmc - ok
10:28:02.0064 2736 [ 8B08CAB1267B2C377883FC9E56981F90 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
10:28:02.0065 2736 sffp_sd - ok
10:28:02.0122 2736 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
10:28:02.0124 2736 sfloppy - ok
10:28:02.0198 2736 [ B264DFA21677728613267FE63802B332 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:28:02.0206 2736 ShellHWDetection - ok
10:28:02.0258 2736 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
10:28:02.0260 2736 sisagp - ok
10:28:02.0354 2736 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
10:28:02.0356 2736 SiSRaid2 - ok
10:28:02.0415 2736 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
10:28:02.0417 2736 SiSRaid4 - ok
10:28:02.0623 2736 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
10:28:02.0713 2736 Skype C2C Service - ok
10:28:02.0786 2736 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
10:28:02.0790 2736 SkypeUpdate - ok
10:28:02.0932 2736 [ A1DCD30534835CB67733AD00175125A6 ] slsvc C:\Windows\system32\SLsvc.exe
10:28:03.0011 2736 slsvc - ok
10:28:03.0060 2736 [ 56DA296E7B376A727E7BDC5AC7FBEE02 ] SLUINotify C:\Windows\system32\SLUINotify.dll
10:28:03.0064 2736 SLUINotify - ok
10:28:03.0095 2736 [ AC0D90738ADB51A6FD12FF00874A2162 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:28:03.0098 2736 Smb - ok
10:28:03.0193 2736 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:28:03.0196 2736 SNMPTRAP - ok
10:28:03.0244 2736 [ 426F9B029AA9162CECCF65369457D046 ] spldr C:\Windows\system32\drivers\spldr.sys
10:28:03.0245 2736 spldr - ok
10:28:03.0276 2736 [ DA612EF2556776DF2630B68BF2D48935 ] Spooler C:\Windows\System32\spoolsv.exe
10:28:03.0282 2736 Spooler - ok
10:28:03.0332 2736 sptd - ok
10:28:03.0397 2736 [ B2EC3E1DEAC5F0A764BD3486D213A0AF ] SQLBrowser C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
10:28:03.0403 2736 SQLBrowser - ok
10:28:03.0445 2736 [ D2F4F32B59440011174B4F8137AF4E0C ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
10:28:03.0447 2736 SQLWriter - ok
10:28:03.0503 2736 [ 038579C35F7CAD4A4BBF735DBF83277D ] srv C:\Windows\system32\DRIVERS\srv.sys
10:28:03.0509 2736 srv - ok
10:28:03.0583 2736 [ 6971A757AF8CB5E2CBCBB76CC530DB6C ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:28:03.0586 2736 srv2 - ok
10:28:03.0623 2736 [ 9E1A4603B874EEBCE0298113951ABEFB ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:28:03.0626 2736 srvnet - ok
10:28:03.0694 2736 [ 8D3E4BAFF8B3997138C38EB1B600519A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:28:03.0699 2736 SSDPSRV - ok
10:28:03.0768 2736 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
10:28:03.0770 2736 ssmdrv - ok
10:28:03.0823 2736 [ 7A95B5DEB594616F1693486B8161411E ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
10:28:03.0824 2736 StillCam - ok
10:28:03.0883 2736 [ A941E099EF46E3CC12F898CBE1C39910 ] stisvc C:\Windows\System32\wiaservc.dll
10:28:03.0906 2736 stisvc - ok
10:28:03.0964 2736 [ 3B80B4383C9BCE13279C8482734B32B2 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
10:28:03.0966 2736 swenum - ok
10:28:04.0023 2736 [ 749ADA8D6C18A08ADFEDE69CBF5DB2E0 ] swprv C:\Windows\System32\swprv.dll
10:28:04.0031 2736 swprv - ok
10:28:04.0100 2736 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
10:28:04.0102 2736 Symc8xx - ok
10:28:04.0131 2736 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
10:28:04.0133 2736 Sym_hi - ok
10:28:04.0171 2736 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
10:28:04.0173 2736 Sym_u3 - ok
10:28:04.0236 2736 [ C7DD991423D364D06FC2DD1B00B53DCE ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
10:28:04.0242 2736 SynTP - ok
10:28:04.0334 2736 [ 8F2B5FEDE18BD3C4C926CBF88E6F1264 ] SysMain C:\Windows\system32\sysmain.dll
10:28:04.0358 2736 SysMain - ok
10:28:04.0422 2736 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:28:04.0426 2736 TabletInputService - ok
10:28:04.0467 2736 [ EF3DD33C740FC2F82E7E4622F1C49289 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:28:04.0475 2736 TapiSrv - ok
10:28:04.0527 2736 [ 68FA52794AE9ACC61BDE16FE0956B414 ] TBS C:\Windows\System32\tbssvc.dll
10:28:04.0530 2736 TBS - ok
10:28:04.0617 2736 [ 4A82FA8F0DF67AA354580C3FAAF8BDE3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:28:04.0652 2736 Tcpip - ok
10:28:04.0717 2736 [ 4A82FA8F0DF67AA354580C3FAAF8BDE3 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
10:28:04.0724 2736 Tcpip6 - ok
10:28:04.0764 2736 [ 5CE0C4A7B12D0067DAD527D72B68C726 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:28:04.0766 2736 tcpipreg - ok
10:28:04.0817 2736 [ 964248AEF49C31FA6A93201A73FFAF50 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:28:04.0819 2736 TDPIPE - ok
10:28:04.0854 2736 [ 7D2C1AE1648A60FCE4AA0F7982E419D3 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:28:04.0856 2736 TDTCP - ok
10:28:04.0892 2736 [ AB4FDE8AF4A0270A46A001C08CBCE1C2 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:28:04.0895 2736 tdx - ok
10:28:04.0940 2736 [ 849ED71967D45F15C3E0ABFC633FDF2A ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
10:28:04.0942 2736 TermDD - ok
10:28:05.0020 2736 [ FAD71C1E8E4047B154E899AE31EB8CAA ] TermService C:\Windows\System32\termsrv.dll
10:28:05.0043 2736 TermService - ok
10:28:05.0099 2736 [ B264DFA21677728613267FE63802B332 ] Themes C:\Windows\system32\shsvcs.dll
10:28:05.0103 2736 Themes - ok
10:28:05.0200 2736 [ 9DFA3A459AF0954AA85B4F7622AD87BB ] THREADORDER C:\Windows\system32\mmcss.dll
10:28:05.0203 2736 THREADORDER - ok
10:28:05.0258 2736 [ 6BBA0582C0025D43729A1112D3B57897 ] TrkWks C:\Windows\System32\trkwks.dll
10:28:05.0262 2736 TrkWks - ok
10:28:05.0339 2736 [ 34E388A395FEDBA1D0511ED39BBF4074 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:28:05.0340 2736 TrustedInstaller - ok
10:28:05.0408 2736 [ 29F0ECA726F0D51F7E048BDB0B372F29 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:28:05.0410 2736 tssecsrv - ok
10:28:05.0469 2736 [ 65E953BC0084D44498B51F59784D2A82 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
10:28:05.0470 2736 tunmp - ok
10:28:05.0549 2736 [ 4A39BDA5E0FD30BDF4884F9D33AE6105 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:28:05.0551 2736 tunnel - ok
10:28:05.0596 2736 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
10:28:05.0598 2736 uagp35 - ok
10:28:05.0661 2736 [ 6348DA98707CEDA8A0DFB05820E17732 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:28:05.0666 2736 udfs - ok
10:28:05.0765 2736 [ 24A333F4F14DCFB6FF6D5A1B9E5D79DD ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:28:05.0768 2736 UI0Detect - ok
10:28:05.0802 2736 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:28:05.0804 2736 uliagpkx - ok
10:28:05.0879 2736 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
10:28:05.0884 2736 uliahci - ok
10:28:05.0923 2736 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
10:28:05.0926 2736 UlSata - ok
10:28:05.0985 2736 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
10:28:05.0988 2736 ulsata2 - ok
10:28:06.0035 2736 [ 3FB78F1D1DD86D87BECECD9DFFA24DD9 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:28:06.0036 2736 umbus - ok
10:28:06.0089 2736 [ 8EB871A3DEB6B3D5A85EB6DDFC390B59 ] upnphost C:\Windows\System32\upnphost.dll
10:28:06.0096 2736 upnphost - ok
10:28:06.0184 2736 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
10:28:06.0186 2736 USBAAPL - ok
10:28:06.0242 2736 [ B0BA9CAFFE9B0555EC0317F30CB79CD2 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:28:06.0244 2736 usbccgp - ok
10:28:06.0301 2736 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:28:06.0304 2736 usbcir - ok
10:28:06.0353 2736 [ C9FCD05B0A80EA08C2768E5A279B14DE ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
10:28:06.0355 2736 usbehci - ok
10:28:06.0410 2736 [ 5E44F7D957F7560DA06BFE6B84B58A35 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:28:06.0415 2736 usbhub - ok
10:28:06.0449 2736 [ 9333E482A173938788CBDE8F81EC52FB ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
10:28:06.0451 2736 usbohci - ok
10:28:06.0483 2736 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
10:28:06.0485 2736 usbprint - ok
10:28:06.0538 2736 [ 7887CE56934E7F104E98C975F47353C5 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:28:06.0540 2736 USBSTOR - ok
10:28:06.0600 2736 [ 325DBBACB8A36AF9988CCF40EAC228CC ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
10:28:06.0601 2736 usbuhci - ok
10:28:06.0648 2736 [ F79D0D7C9004474CB42746D9B2C30A2B ] UxSms C:\Windows\System32\uxsms.dll
10:28:06.0652 2736 UxSms - ok
10:28:06.0693 2736 [ C9D0BAFEE0D0A2681F048CA61BC0DA96 ] vds C:\Windows\System32\vds.exe
10:28:06.0716 2736 vds - ok
10:28:06.0775 2736 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:28:06.0777 2736 vga - ok
10:28:06.0828 2736 [ 17A8F877314E4067F8C8172CC6D9101C ] VgaSave C:\Windows\System32\drivers\vga.sys
10:28:06.0829 2736 VgaSave - ok
10:28:06.0874 2736 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
10:28:06.0876 2736 viaagp - ok
10:28:06.0910 2736 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
10:28:06.0912 2736 ViaC7 - ok
10:28:06.0963 2736 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
10:28:06.0964 2736 viaide - ok
10:28:07.0029 2736 [ FD16FAC15F9F165AC19A618E7B391F5C ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:28:07.0031 2736 volmgr - ok
10:28:07.0072 2736 [ 294DA8D3F965F6A8DB934A83C7B461FF ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:28:07.0078 2736 volmgrx - ok
10:28:07.0122 2736 [ 80DC0C9BCB579ED9815001A4D37CBFD5 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:28:07.0127 2736 volsnap - ok
10:28:07.0190 2736 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
10:28:07.0193 2736 vsmraid - ok
10:28:07.0288 2736 [ E0E29D9EF2524ABD11749C7C2FD7F607 ] VSS C:\Windows\system32\vssvc.exe
10:28:07.0322 2736 VSS - ok
10:28:07.0377 2736 [ 62B0D0F6F5580D9D0DFA5E0B466FF2ED ] W32Time C:\Windows\system32\w32time.dll
10:28:07.0386 2736 W32Time - ok
10:28:07.0445 2736 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
10:28:07.0446 2736 WacomPen - ok
10:28:07.0501 2736 [ 6798C1209A53B5A0DED8D437C45145FF ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
10:28:07.0504 2736 Wanarp - ok
10:28:07.0531 2736 [ 6798C1209A53B5A0DED8D437C45145FF ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:28:07.0532 2736 Wanarpv6 - ok
10:28:07.0598 2736 [ 3350874E51132EA86D153C1B566E261D ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
10:28:07.0606 2736 WcesComm - ok
10:28:07.0672 2736 [ C1B19162E0509CEAB4CDF664E139D956 ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:28:07.0680 2736 wcncsvc - ok
10:28:07.0736 2736 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:28:07.0741 2736 WcsPlugInService - ok
10:28:07.0796 2736 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
10:28:07.0798 2736 Wd - ok
10:28:07.0861 2736 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam.sys
10:28:07.0862 2736 WDC_SAM - ok
10:28:07.0958 2736 [ C1768DAF1C32E91C7F0D87AB06310334 ] WDDMService C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
10:28:07.0964 2736 WDDMService - ok
10:28:08.0040 2736 [ 7B5F66E4A2219C7D9DAF9E738480E534 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:28:08.0064 2736 Wdf01000 - ok
10:28:08.0147 2736 [ ABD9E20F561AAB189FD2D766B1774BEB ] WDFMEService C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
10:28:08.0192 2736 WDFMEService - ok
10:28:08.0241 2736 [ 2A424B89B14EF17A3D06BCB5A8F79601 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:28:08.0246 2736 WdiServiceHost - ok
10:28:08.0275 2736 [ 2A424B89B14EF17A3D06BCB5A8F79601 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:28:08.0279 2736 WdiSystemHost - ok
10:28:08.0349 2736 [ FF7808BD8B3C56CCC5E9369001E294DB ] WDRulesService C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
10:28:08.0383 2736 WDRulesService - ok
10:28:08.0447 2736 [ 01E41C264EEDCB827820A1909162579F ] WebClient C:\Windows\System32\webclnt.dll
10:28:08.0454 2736 WebClient - ok
10:28:08.0508 2736 [ 9CF67FF7F8D34CBF115D0C278B9F74AA ] Wecsvc C:\Windows\system32\wecsvc.dll
10:28:08.0517 2736 Wecsvc - ok
10:28:08.0577 2736 [ B68CAB45DB1DAB59D92ACADFAD6364A8 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:28:08.0582 2736 wercplsupport - ok
10:28:08.0618 2736 [ 36BA0707680EF4236FD752BEE982CC25 ] WerSvc C:\Windows\System32\WerSvc.dll
10:28:08.0623 2736 WerSvc - ok
10:28:08.0702 2736 WinHttpAutoProxySvc - ok
10:28:08.0783 2736 [ 38A7B89DE4E3417C122317949667FDD8 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:28:08.0788 2736 Winmgmt - ok
10:28:08.0853 2736 [ 3F6823040030C3E4DA1CF11CD40B7534 ] WinRM C:\Windows\system32\WsmSvc.dll
10:28:08.0876 2736 WinRM - ok
10:28:08.0981 2736 [ 086D2E78EECD6195667282ADC6CA109F ] winusb C:\Windows\system32\DRIVERS\winusb.sys
10:28:08.0983 2736 winusb - ok
10:28:09.0057 2736 [ 7640ACEA41348BFEF34B76E245501261 ] Wlansvc C:\Windows\System32\wlansvc.dll
10:28:09.0079 2736 Wlansvc - ok
10:28:09.0140 2736 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:28:09.0140 2736 Suspicious file (NoAccess): C:\Windows\system32\drivers\wmiacpi.sys. md5: 701A9F884A294327E9141D73746EE279
10:28:09.0145 2736 WmiAcpi ( LockedFile.Multi.Generic ) - warning
10:28:09.0146 2736 WmiAcpi - detected LockedFile.Multi.Generic (1)
10:28:09.0217 2736 [ A279323BEE5FFFAFDA222910BCE92132 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:28:09.0222 2736 wmiApSrv - ok
10:28:09.0320 2736 [ ACB2E63D50157E3EA7140F29D9E76A48 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
10:28:09.0354 2736 WMPNetworkSvc - ok
10:28:09.0432 2736 [ 3D3B3B80C12ABE506F56930C46422C28 ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:28:09.0438 2736 WPCSvc - ok
10:28:09.0475 2736 [ C24844A1D0D9528B19D5BC266B8CD572 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:28:09.0480 2736 WPDBusEnum - ok
10:28:09.0526 2736 [ 2D27171B16A577EF14C1273668753485 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
10:28:09.0527 2736 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wpdusb.sys. md5: 2D27171B16A577EF14C1273668753485
10:28:09.0548 2736 WpdUsb ( LockedFile.Multi.Generic ) - warning
10:28:09.0548 2736 WpdUsb - detected LockedFile.Multi.Generic (1)
10:28:09.0654 2736 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:28:09.0688 2736 WPFFontCache_v0400 - ok
10:28:09.0736 2736 [ 84620AECDCFD2A7A14E6263927D8C0ED ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:28:09.0737 2736 Suspicious file (NoAccess): C:\Windows\system32\drivers\ws2ifsl.sys. md5: 84620AECDCFD2A7A14E6263927D8C0ED
10:28:09.0745 2736 ws2ifsl ( LockedFile.Multi.Generic ) - warning
10:28:09.0745 2736 ws2ifsl - detected LockedFile.Multi.Generic (1)
10:28:09.0775 2736 WSearch - ok
10:28:09.0930 2736 [ 6298277B73C77FA99106B271A7525163 ] wuauserv C:\Windows\system32\wuaueng.dll
10:28:09.0998 2736 wuauserv - ok
10:28:10.0045 2736 [ A2AAFCC8A204736296D937C7C545B53F ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:28:10.0046 2736 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\WUDFRd.sys. md5: A2AAFCC8A204736296D937C7C545B53F
10:28:10.0070 2736 WUDFRd ( LockedFile.Multi.Generic ) - warning
10:28:10.0070 2736 WUDFRd - detected LockedFile.Multi.Generic (1)
10:28:10.0140 2736 [ DB5BF5AAB72B1B99B5331231D09EBB26 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:28:10.0144 2736 wudfsvc - ok
10:28:10.0226 2736 ================ Scan global ===============================
10:28:10.0269 2736 [ 8CD98A8EC9CADAF4E051CDCAC15C96C4 ] C:\Windows\system32\basesrv.dll
10:28:10.0307 2736 [ E3F137ADC0A9D7F3A2E4F557272FE6B3 ] C:\Windows\system32\winsrv.dll
10:28:10.0327 2736 [ E3F137ADC0A9D7F3A2E4F557272FE6B3 ] C:\Windows\system32\winsrv.dll
10:28:10.0358 2736 [ 329CF3C97CE4C19375C8ABCABAE258B0 ] C:\Windows\system32\services.exe
10:28:10.0366 2736 [Global] - ok
10:28:10.0366 2736 ================ Scan MBR ==================================
10:28:10.0388 2736 [ C31400769DEFC61154F08815BCB5E020 ] \Device\Harddisk0\DR0
10:28:10.0889 2736 \Device\Harddisk0\DR0 - ok
10:28:10.0890 2736 ================ Scan VBR ==================================
10:28:10.0895 2736 [ 2EB1D45246339B1BD492F210E6FC55FD ] \Device\Harddisk0\DR0\Partition1
10:28:10.0897 2736 \Device\Harddisk0\DR0\Partition1 - ok
10:28:10.0922 2736 [ 49BF10EC37326B55FA39BD1E4236C62B ] \Device\Harddisk0\DR0\Partition2
10:28:10.0924 2736 \Device\Harddisk0\DR0\Partition2 - ok
10:28:10.0925 2736 ============================================================
10:28:10.0925 2736 Scan finished
10:28:10.0925 2736 ============================================================
10:28:10.0944 4964 Detected object count: 5
10:28:10.0944 4964 Actual detected object count: 5
10:28:33.0056 4964 d5ef27d2304ff7ae ( Rootkit.Win32.Necurs.gen ) - skipped by user
10:28:33.0057 4964 d5ef27d2304ff7ae ( Rootkit.Win32.Necurs.gen ) - User select action: Skip
10:28:33.0063 4964 WmiAcpi ( LockedFile.Multi.Generic ) - skipped by user
10:28:33.0063 4964 WmiAcpi ( LockedFile.Multi.Generic ) - User select action: Skip
10:28:33.0064 4964 WpdUsb ( LockedFile.Multi.Generic ) - skipped by user
10:28:33.0064 4964 WpdUsb ( LockedFile.Multi.Generic ) - User select action: Skip
10:28:33.0068 4964 ws2ifsl ( LockedFile.Multi.Generic ) - skipped by user
10:28:33.0068 4964 ws2ifsl ( LockedFile.Multi.Generic ) - User select action: Skip
10:28:33.0072 4964 WUDFRd ( LockedFile.Multi.Generic ) - skipped by user
10:28:33.0072 4964 WUDFRd ( LockedFile.Multi.Generic ) - User select action: Skip
10:28:35.0337 5896 Deinitialize success
|
|
06.09.2012, 10:35
| #4 | |
| /// Malwareteam | Rootkit / Echtzeitscanner lässt sich nicht mehr aktivieren Schritt 1: Fix mit TDSS-Killer Starte TDSSkiller.exe mit Doppelklick. Vista und Win7 User mit Rechtsklick "als Administrator starten"
Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt Poste den Inhalt bitte hier in deinen Thread. Schritt 2: Combofix Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ Kein Asylrecht für Trojaner!  Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
06.09.2012, 10:47
| #5 |
| | Rootkit / Echtzeitscanner lässt sich nicht mehr aktivieren Moin, folgendes Problme habe den Scan mit TDSS-Killer durchgeführt, die Datei wurde auch gefunden aber da steht keine Option mit Cure sondern nur Skip, Copy to quarantine oder Delete. Was tun? Lg Andre Nachtrag: Wollte das Programm schließen und dabei hat er die Delete Option übernommen! Jetzt verlangt er nach einem Neustart um die Option auszuführen. Mist ... Geändert von loc-nar (06.09.2012 um 10:50 Uhr) Grund: Nachtrag |
|
06.09.2012, 10:50
| #6 |
| /// Malwareteam | Rootkit / Echtzeitscanner lässt sich nicht mehr aktivieren Oh, dann hat sich da etwas geändert! Wähle bitte Delete.
__________________ --> Rootkit / Echtzeitscanner lässt sich nicht mehr aktivieren |
|
06.09.2012, 11:40
| #7 |
| | Rootkit / Echtzeitscanner lässt sich nicht mehr aktivieren Moin, alles erledigt. Sehe ich dass richtig das es nur an xp-Antispy lag -. - Boar wie doof konnte ich nur sein. Sehe aber auch gerade das mein Windows Update Dienst immer noch weg ist ... Lg Andre |
|
06.09.2012, 12:05
| #8 |
| /// Malwareteam | Rootkit / Echtzeitscanner lässt sich nicht mehr aktivieren Nein, das glaube ich weniger! Schritt 1: CF-Script Hinweis für Mitleser: Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter: BleepingComputer.com - ForoSpyware.comund speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)! Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument. Code:
ATTFilter DIRLOOK::
c:\windows\Installer\{EDAD135D-6569-F97E-C8A9-E9AFA834762A}
c:\users\Konto\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
FILELOOK::
c:\windows\TEMP\sqlite_VAgIPSFSNanb72Y
CLEARJAVACACHE::
Wichtig:
Schritt 2: FSS Downloade dir bitte Farbar's Service Scanner
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
06.09.2012, 12:45
| #9 |
| | Rootkit / Echtzeitscanner lässt sich nicht mehr aktivieren Moin, bitte schön ComboFix Log Code:
ATTFilter ComboFix 12-09-05.02 - Konto 06.09.2012 13:21:28.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.49.1031.18.1790.444 [GMT 2:00]
ausgeführt von:: c:\users\Konto\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Konto\Desktop\CFScript.txt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-06 bis 2012-09-06 ))))))))))))))))))))))))))))))
.
.
2012-09-06 11:33 . 2012-09-06 11:33 -------- d-----w- c:\users\Konto\AppData\Local\temp
2012-09-06 11:33 . 2012-09-06 11:33 -------- d-----w- c:\users\***\AppData\Local\temp
2012-09-06 11:33 . 2012-09-06 11:33 -------- d-----w- c:\users\***\AppData\Local\temp
2012-09-06 11:33 . 2012-09-06 11:33 -------- d-----w- c:\users\Gast\AppData\Local\temp
2012-09-06 11:33 . 2012-09-06 11:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-06 11:14 . 2012-09-06 11:14 -------- d-----w- c:\program files\Microsoft
2012-09-06 10:43 . 2012-08-27 23:50 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D4625D44-2272-4856-B42E-0100076174D6}\mpengine.dll
2012-09-06 10:31 . 2012-09-06 10:31 -------- d-----w- c:\program files\7-Zip
2012-09-06 09:44 . 2012-09-06 09:44 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-05 21:30 . 2012-09-05 21:30 -------- d-----w- c:\windows\system32\EventProviders
2012-09-05 18:11 . 2012-09-05 19:32 -------- d-----w- c:\windows\system32\drivers\AVG
2012-09-05 18:11 . 2012-09-05 18:11 -------- d-----w- C:\$AVG
2012-09-05 18:06 . 2012-09-05 18:06 -------- d--h--w- c:\programdata\Common Files
2012-09-05 13:43 . 2012-09-05 19:29 -------- d-----w- c:\users\Konto\AppData\Roaming\Malwarebytes
2012-09-02 18:16 . 2012-09-02 18:16 -------- d-----w- c:\program files\ATI(21)
2012-09-02 18:07 . 2012-09-02 18:07 -------- d-----w- C:\ATI(20)
2012-09-02 15:16 . 2012-09-02 15:16 -------- d-----w- c:\program files\Driver Cleaner Pro
2012-09-02 14:46 . 2009-03-16 12:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2012-08-30 11:33 . 2012-08-30 11:33 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-08-22 12:17 . 2012-08-22 12:17 -------- d-----w- c:\users\Konto\AppData\Local\Western_Digital
2012-08-16 21:30 . 2012-08-16 21:30 -------- d-----w- c:\users\niko\AppData\Local\Macromedia
2012-08-16 18:19 . 2012-08-16 18:21 -------- d-----w- c:\users\Konto\AppData\Roaming\.minecraft
2012-08-13 11:35 . 2012-08-13 11:35 5115584 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-05 13:37 . 2012-04-04 21:15 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-05 13:37 . 2011-05-14 07:48 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-21 15:38 . 2012-07-21 15:38 233024 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-07-21 12:38 . 2012-07-21 12:38 3584 ----a-r- c:\users\Konto\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2012-06-25 14:30 . 2012-06-25 14:30 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-25 14:30 . 2012-06-25 14:30 102216 ----a-w- c:\windows\system32\msxml4r.dll
2012-08-30 11:33 . 2012-07-18 07:45 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\Konto\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52} ----
.
2012-07-21 12:38 . 2012-07-21 12:38 3584 ----a-r- c:\users\Konto\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
.
---- Directory of c:\windows\Installer\{EDAD135D-6569-F97E-C8A9-E9AFA834762A} ----
.
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-10 1232896]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Akamai NetSession Interface"="c:\users\Konto\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-12-09 815104]
"Play AVStation TV Scheduler"="c:\program files\Samsung\Play AVStation\TvScheduler.exe" [2007-01-09 73728]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-22 719664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
WD Quick View.lnk - c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe [2011-8-1 3983760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"NoHotStart"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPService REG_MULTI_SZ HPSLPSVC
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 13:37]
.
2012-09-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-05 20:24]
.
2012-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 18:20]
.
2012-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 18:20]
.
2012-09-06 c:\windows\Tasks\User_Feed_Synchronization-{4C34C866-F54C-4588-9C75-63AD9B10E143}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp:\\www.samsungcomputer.com
uInternet Settings,ProxyOverride = <local>
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.50.140.118 192.168.0.1
FF - ProfilePath - c:\users\Konto\AppData\Roaming\Mozilla\Firefox\Profiles\3bktmake.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-09-06 13:33
Windows 6.0.6000 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-09-06 13:36:57
ComboFix-quarantined-files.txt 2012-09-06 11:36
.
Vor Suchlauf: 16 Verzeichnis(se), 10.455.736.320 Bytes frei
Nach Suchlauf: 8.968.843.264 Bytes frei
.
- - End Of File - - 719CCBB1F772414440F8B9AA6DBD016B
Code:
ATTFilter Farbar Service Scanner Version: 06-08-2012
Ran by Konto (administrator) on 06-09-2012 at 13:40:19
Running from "C:\Users\Konto\Downloads"
Microsoft® Windows Vista™ Home Premium (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Other Services:
==============
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
**** End of log ****
Lg Update: Der Rechner arbeitet sich jetzt aufeinmal einen Wolf ab nach dem ich mein Antiv Virusprogramm geupdatet habe :/ |
|
07.09.2012, 07:50
| #10 |
| /// Malwareteam | Rootkit / Echtzeitscanner lässt sich nicht mehr aktivieren Sieht ganz gut aus - kontrollieren wir alles nochmal!  Schritt 1: MBAM vollständig Downloade Dir bitte Malwarebytes
Schritt 2: ESET ESET Online Scanner
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
10.09.2012, 10:25
| #11 |
| /// Malwareteam | Rootkit / Echtzeitscanner lässt sich nicht mehr aktivieren Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
11.09.2012, 11:48
| #12 |
| /// Malwareteam | Rootkit / Echtzeitscanner lässt sich nicht mehr aktivieren Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
| Themen zu Rootkit / Echtzeitscanner lässt sich nicht mehr aktivieren |
| 0xc0000001, akamai, avg programm, avira, avira programm, bho, bonjour, desktop, echtzeitscanner, entfernen, error, excel, failed, firefox, flash player, google earth, hdaudio.sys, home, install.exe, launch, logfile, microsoft office 2003, msiinstaller, office 2007, plug-in, problem, programm, realtek, rootkit, scan, security, server, smartphone, software, system, vista, vista 32 bit, windows, yahoo.com |
Linear-Darstellung
