| |
| |||||||
Log-Analyse und Auswertung: Rootkit / Echtzeitscanner lässt sich nicht mehr aktivierenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
06.09.2012, 07:29
| #1 |
| |  Rootkit / Echtzeitscanner lässt sich nicht mehr aktivieren Moin zusammen, jetzt bin ich auch bei gelandet und hoffe dass Ihr für mich auch noch etwas Rettungsleine übrig habt. Alles fing damit an dass beim meinem Anti-Virenprogramm der Echtzeitscanner nicht mehr funktionierte. Dieses Problem hab ich schon in ein anderes Forum, in dem ich sehr aktiv bin, gepostet. Leider konnte mir dort, bei meinem ganz speziellen Problem, keiner helfen. Dass hier ist keine 1:1 Kopie meines Post dort. Es wurden folgende Schritte unternommen: Malwarebytes Anti-Malware durch laufen lassen (verdächtige Dateien wurden gelöscht), Avira sauber gelöscht, AVG drauf (gleiches Problem), AVG sauber gelöscht, Windows Vista einmal durch gescannt mit Microsoft Safety Scanner, Vista auf aktuellen Stand gepacht, Avira im abgesicherten Modus wieder drauf, gleiches Problem, Avira ließ sich sogar nicht mehr im Task-Manager beenden, Avira wieder sauber runter gelöscht …. Folgende Fehlermeldungen tauchen bei mir auf: Vista Dienste erscheint Fehlercode 307 bei dem Versuch den Echzeitscanner zu aktivieren. Bei GMER LoadDriver(“C:\Users\***\AppData\Local\Temp\pgrdqpow.sys”) error 0xC0000001: Ein an das System angeschlossenes Gerät funktioniert nicht. Kam der Fehler von GMER vielleicht dadurch dass ich mein Smartphone gerade am Laptop angeschlossen hatte? Das System: Samsung R40 Plus mit Windows Vista 32 Bit. OTL Logfile: Code:
ATTFilter OTL logfile created on: 06.09.2012 01:44:50 - Run 1 OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\Konto\Downloads\Viren Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.17037) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,75 Gb Total Physical Memory | 0,48 Gb Available Physical Memory | 27,36% Memory free 3,71 Gb Paging File | 2,41 Gb Available in Paging File | 65,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 69,05 Gb Total Space | 2,69 Gb Free Space | 3,90% Space Free | Partition Type: NTFS Drive D: | 70,00 Gb Total Space | 14,17 Gb Free Space | 20,25% Space Free | Partition Type: NTFS Computer Name: *** | User Name: Konto | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.05 21:40:41 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Konto\Downloads\Viren\OTL.exe PRC - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012.08.10 18:59:52 | 004,440,896 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Konto\AppData\Local\Akamai\netsession_win.exe PRC - [2012.07.27 22:51:36 | 000,035,768 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Reader 10.0\Reader\reader_sl.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) -- C:\Programme\Skype\Updater\Updater.exe PRC - [2011.08.01 11:11:38 | 001,091,984 | ---- | M] (Western Digital ) -- C:\Programme\Western Digital\WD SmartWare\WDRulesEngine.exe PRC - [2011.08.01 11:11:36 | 001,592,208 | ---- | M] (Western Digital ) -- C:\Programme\Western Digital\WD SmartWare\WDFME.exe PRC - [2011.08.01 11:11:34 | 003,983,760 | ---- | M] (Western Digital Technologies, Inc.) -- C:\Programme\Western Digital\WD SmartWare\WDDMStatus.exe PRC - [2011.08.01 11:11:32 | 000,263,056 | ---- | M] (WDC) -- C:\Programme\Western Digital\WD SmartWare\WDDMService.exe PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2008.11.24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2008.11.24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe PRC - [2008.01.10 06:28:42 | 001,232,896 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2007.06.28 19:54:42 | 000,073,728 | ---- | M] () -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe PRC - [2007.02.07 06:18:02 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe PRC - [2007.02.05 20:48:14 | 000,692,224 | ---- | M] (SAMSUNG Electronics) -- C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2007.01.25 03:01:34 | 001,362,432 | ---- | M] () -- C:\Programme\Samsung\Samsung Recovery Solution II\WCScheduler.exe PRC - [2007.01.24 22:05:20 | 000,565,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2007.01.05 21:31:20 | 000,049,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe PRC - [2006.11.22 00:12:42 | 000,719,664 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2006.11.09 20:57:00 | 003,784,704 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2006.11.03 12:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe PRC - [2006.11.02 14:36:04 | 000,201,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2006.11.02 11:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe PRC - [2006.11.02 11:44:59 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2006.10.05 22:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2001.02.23 10:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe ========== Modules (No Company Name) ========== MOD - [2012.02.17 21:55:35 | 000,166,912 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.08.01 08:34:44 | 000,064,000 | ---- | M] () -- C:\Programme\Western Digital\WD SmartWare\WDCollections.dll MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe MOD - [2009.10.17 10:39:15 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\22e348e7fee20fcb2013d3dfe016ae8e\System.Management.ni.dll MOD - [2009.10.17 10:38:19 | 011,796,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03858406f9a9514402888707e8b93abe\System.Web.ni.dll MOD - [2009.10.17 10:38:10 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\23281812ddf7a1fab881b5322e577ac4\System.Runtime.Remoting.ni.dll MOD - [2009.10.17 10:38:02 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e6001d416f7c468334934a2c6a41c631\System.Configuration.ni.dll MOD - [2009.10.17 10:26:40 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\7208ffa39630e9b923331f9df0947a12\System.Xml.ni.dll MOD - [2009.10.17 10:26:20 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1941d7639299344ae28fb6b23da65247\System.Windows.Forms.ni.dll MOD - [2009.10.17 10:26:08 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6312464f64727a2a50d5ce3fd73ad1bb\System.Drawing.ni.dll MOD - [2009.10.17 10:24:47 | 007,868,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\52e1ea3c7491e05cda766d7b3ce3d559\System.ni.dll MOD - [2009.10.17 10:24:25 | 011,486,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\17f572b09facdc5fda9431558eb7a26e\mscorlib.ni.dll MOD - [2008.07.27 20:00:17 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2008.07.27 20:00:17 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2007.02.28 20:07:36 | 001,671,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2594.41331__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2007.02.28 20:07:36 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2594.41288__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2007.02.28 20:07:36 | 000,184,320 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2594.41343__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2007.02.28 20:07:36 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2594.41322__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2007.02.28 20:07:36 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2594.41342__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll MOD - [2007.02.28 20:07:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2594.41308__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2007.02.28 20:07:35 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2594.41563__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll MOD - [2007.02.28 20:07:35 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2594.41552__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2007.02.28 20:07:35 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2594.41507__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2007.02.28 20:07:35 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2594.41441__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2007.02.28 20:07:33 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2594.41597__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2007.02.28 20:06:38 | 000,335,872 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2594.41518__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2007.02.28 20:06:38 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2594.41604__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2007.02.28 20:06:38 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2594.41524__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2007.02.28 20:06:38 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2594.41302__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2007.02.28 20:06:38 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2594.41516__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2007.02.28 20:06:38 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2594.41590__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2007.02.28 20:06:37 | 000,659,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2594.41453__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2007.02.28 20:06:37 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2594.41355__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2007.02.28 20:06:37 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2594.41310__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2007.02.28 20:06:37 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2594.41537__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2007.02.28 20:06:37 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2594.41349__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2007.02.28 20:06:37 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2594.41475__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2007.02.28 20:06:37 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2594.41450__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2007.02.28 20:06:37 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2594.41360__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2007.02.28 20:06:37 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2594.41474__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2007.02.28 20:06:36 | 000,909,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2594.41558__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll MOD - [2007.02.28 20:06:36 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2594.41444__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2007.02.28 20:06:36 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2594.41494__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2007.02.28 20:06:36 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2594.41361__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2007.02.28 20:06:36 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2594.41441__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2007.02.28 20:06:36 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2594.41449__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2007.02.28 20:06:36 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2594.41493__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2007.02.28 20:06:35 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2007.02.28 20:06:34 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2536.35576__90ba9c70f846762e\LOG.Foundation.dll MOD - [2007.02.28 20:06:34 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2536.35581__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2007.02.28 20:06:34 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2536.35589__90ba9c70f846762e\MOM.Foundation.dll MOD - [2007.02.28 20:06:33 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2536.35577__90ba9c70f846762e\CLI.Foundation.dll MOD - [2007.02.28 20:06:33 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2536.35587__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2007.02.28 20:06:33 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2537.29860__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2007.02.28 20:06:33 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2536.35642__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2007.02.28 20:06:33 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2536.35590__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2007.02.28 20:06:33 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2536.35586__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2007.02.28 20:06:33 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2536.35580__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2007.02.28 20:06:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2536.35599__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2007.02.28 20:06:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2536.35599__90ba9c70f846762e\DEM.OS.dll MOD - [2007.02.28 20:06:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2536.35598__90ba9c70f846762e\DEM.Graphics.dll MOD - [2007.02.28 20:06:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2531.19989__90ba9c70f846762e\DEM.Foundation.dll MOD - [2007.02.28 20:06:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2536.35593__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2007.02.28 20:06:32 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2561.34688__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2007.02.28 20:06:32 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2536.35593__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll MOD - [2007.02.28 20:06:32 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2536.35597__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2007.02.28 20:06:32 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2536.35615__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2007.02.28 20:06:32 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2536.35606__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2007.02.28 20:06:32 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2536.35594__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2007.02.28 20:06:32 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2536.35615__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2007.02.28 20:06:32 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2536.35596__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2007.02.28 20:06:32 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2536.35593__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2007.02.28 20:06:32 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2536.35592__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2007.02.28 20:06:32 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2536.35595__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2007.02.28 20:06:31 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2536.35595__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2007.02.28 20:06:31 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2536.35595__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2007.02.28 20:06:31 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2536.35597__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2007.02.28 20:06:31 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2536.35592__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2007.02.28 20:06:31 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2536.35592__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2007.02.28 20:06:31 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2536.35605__90ba9c70f846762e\APM.Foundation.dll MOD - [2007.02.28 20:06:31 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2536.35576__90ba9c70f846762e\AEM.Foundation.dll MOD - [2007.02.28 20:06:31 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2531.19989__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2007.02.28 20:06:31 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2536.35589__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2007.02.28 20:06:16 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2594.41570_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll MOD - [2007.02.28 20:06:14 | 000,466,944 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2594.41317__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2007.02.28 20:06:14 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2594.41577__90ba9c70f846762e\MOM.Implementation.dll MOD - [2007.02.28 20:06:14 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2594.41576__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2007.02.28 20:06:14 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2536.35581__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2007.02.28 20:06:14 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2536.35606__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2007.02.28 20:06:14 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2536.35591__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2007.02.28 20:06:14 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2536.35583__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2007.02.28 20:06:13 | 001,404,928 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2594.41296__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2007.02.28 20:06:13 | 000,278,528 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2594.41570__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2007.02.28 20:06:13 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2594.41286__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2007.02.28 20:06:13 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2536.35586__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2007.02.28 20:06:13 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2536.35590__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2007.02.28 20:06:13 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2594.41577__90ba9c70f846762e\CCC.Implementation.dll MOD - [2007.02.28 20:06:13 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2536.35591__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2007.02.28 20:06:13 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2536.35600__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2007.02.28 20:06:12 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2594.41286__90ba9c70f846762e\ATIDEMOS.dll MOD - [2007.02.28 20:06:12 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2594.41285__90ba9c70f846762e\AEM.Server.dll MOD - [2007.02.28 20:06:12 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2007.02.08 10:13:40 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2007.01.25 03:01:34 | 001,362,432 | ---- | M] () -- C:\Programme\Samsung\Samsung Recovery Solution II\WCScheduler.exe MOD - [2006.11.22 00:03:50 | 000,126,976 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll MOD - [2006.11.21 23:43:46 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll MOD - [2006.11.09 02:18:46 | 000,065,536 | ---- | M] () -- C:\Programme\Samsung\EBM\ChkSec.dll MOD - [2006.09.19 19:52:46 | 000,028,672 | ---- | M] () -- C:\Programme\Samsung\Easy Display Manager\WinMove.dll MOD - [2006.08.12 22:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Samsung Magic Doctor\HookDllPS2.dll MOD - [2006.08.12 22:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\EasySpeedUpManager\HookDllPS2.dll MOD - [2006.08.12 22:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll ========== Services (SafeList) ========== SRV - [2012.09.05 15:37:02 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.02 14:52:58 | 000,070,400 | ---- | M] () [Unknown (-1) | Unknown] -- C:\Windows\System32\drivers\d5ef27d2304ff7ae.sys -- (d5ef27d2304ff7ae) SRV - [2012.08.30 13:33:28 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.08.01 11:11:38 | 001,091,984 | ---- | M] (Western Digital ) [Auto | Running] -- C:\Programme\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService) SRV - [2011.08.01 11:11:36 | 001,592,208 | ---- | M] (Western Digital ) [Auto | Running] -- C:\Programme\Western Digital\WD SmartWare\WDFME.exe -- (WDFMEService) SRV - [2011.08.01 11:11:32 | 000,263,056 | ---- | M] (WDC) [Auto | Running] -- C:\Programme\Western Digital\WD SmartWare\WDDMService.exe -- (WDDMService) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2009.05.27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SRV - [2008.11.24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2008.11.24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2008.11.24 23:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper) SRV - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2007.06.28 19:54:42 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus) SRV - [2006.11.02 14:36:04 | 000,895,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2006.11.02 11:46:13 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2006.11.02 11:46:12 | 000,167,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2006.10.27 00:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.10.05 22:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2001.02.23 10:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | Unavailable | Unknown] -- system32\DRIVERS\msfwhlpr.sys -- (MSFWHLPR) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.09.02 14:52:58 | 000,070,400 | ---- | M] () [Unknown (-1) | Unknown (-1) | Unknown] -- C:\Windows\System32\drivers\d5ef27d2304ff7ae.sys -- (d5ef27d2304ff7ae) DRV - [2012.07.21 17:38:36 | 000,233,024 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2011.02.16 18:52:46 | 000,011,520 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\wdcsam.sys -- (WDC_SAM) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.02.23 15:14:51 | 000,211,968 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\DRIVERS\mrxsmb10.sys -- (mrxsmb10) DRV - [2010.02.23 15:14:42 | 000,058,368 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\DRIVERS\mrxsmb20.sys -- (mrxsmb20) DRV - [2010.02.23 15:14:41 | 000,102,400 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\DRIVERS\mrxsmb.sys -- (mrxsmb) DRV - [2010.02.20 23:30:16 | 000,396,800 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HTTP.sys -- (HTTP) DRV - [2010.02.18 14:05:37 | 000,815,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\tcpip.sys -- (Tcpip6) DRV - [2010.02.18 14:05:37 | 000,815,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpip.sys -- (Tcpip) DRV - [2010.02.18 14:04:38 | 000,025,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\tunnel.sys -- (tunnel) DRV - [2010.02.18 14:04:30 | 000,015,360 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\tunmp.sys -- (tunmp) DRV - [2010.02.11 09:48:24 | 000,023,312 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Users\Konto\AppData\Local\Temp\atidcmxx.sys -- (AtiDCM) DRV - [2009.12.11 14:15:49 | 000,306,688 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\DRIVERS\srv.sys -- (srv) DRV - [2009.12.11 14:15:30 | 000,084,992 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\DRIVERS\srvnet.sys -- (srvnet) DRV - [2009.09.14 11:50:54 | 000,130,048 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\DRIVERS\srv2.sys -- (srv2) DRV - [2009.09.05 14:25:36 | 001,183,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\athr.sys -- (athr) DRV - [2009.06.15 20:12:26 | 000,408,136 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecdd.sys -- (KSecDD) DRV - [2008.02.17 00:29:33 | 000,110,080 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mrxdav.sys -- (MRxDAV) DRV - [2008.02.17 00:28:03 | 000,224,824 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\CLFS.sys -- (CLFS) DRV - [2008.02.17 00:28:00 | 000,495,160 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000) DRV - [2008.02.17 00:27:59 | 000,054,784 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\i8042prt.sys -- (i8042prt) DRV - [2008.02.17 00:27:59 | 000,035,384 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\kbdclass.sys -- (kbdclass) DRV - [2008.02.17 00:27:59 | 000,034,360 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\mouclass.sys -- (mouclass) DRV - [2008.02.17 00:27:59 | 000,019,968 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse) DRV - [2008.02.17 00:27:59 | 000,015,872 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\mouhid.sys -- (mouhid) DRV - [2008.02.17 00:25:12 | 000,154,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\nwifi.sys -- (NativeWifiP) DRV - [2008.02.17 00:25:12 | 000,021,560 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\atapi.sys -- (atapi) DRV - [2008.02.17 00:25:12 | 000,015,928 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pciide.sys -- (pciide) DRV - [2008.01.10 06:29:08 | 000,211,000 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volsnap.sys -- (volsnap) DRV - [2008.01.01 21:57:08 | 000,021,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ndndisprot.sys -- (NDNdisprot) DRV - [2007.12.17 00:50:41 | 001,060,920 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\ntfs.sys -- (Ntfs) DRV - [2007.12.16 11:56:45 | 000,041,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\monitor.sys -- (monitor) DRV - [2007.11.13 22:07:03 | 000,020,920 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\compbatt.sys -- (Compbatt) DRV - [2007.11.13 22:07:02 | 000,258,232 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\acpi.sys -- (ACPI) DRV - [2007.11.13 22:07:02 | 000,014,208 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\CmBatt.sys -- (CmBatt) DRV - [2007.11.13 22:05:56 | 000,192,000 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\usbhub.sys -- (usbhub) DRV - [2007.11.13 22:05:56 | 000,038,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\usbehci.sys -- (usbehci) DRV - [2007.11.13 22:05:56 | 000,019,456 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\usbohci.sys -- (usbohci) DRV - [2007.11.13 22:05:55 | 000,073,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\usbccgp.sys -- (usbccgp) DRV - [2007.10.20 15:17:52 | 000,048,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndproxy.sys -- (NDProxy) DRV - [2007.10.20 15:17:52 | 000,020,480 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\ndistapi.sys -- (NdisTapi) DRV - [2007.10.20 15:17:51 | 000,061,952 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\wanarp.sys -- (Wanarpv6) DRV - [2007.10.20 15:17:51 | 000,061,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\wanarp.sys -- (Wanarp) DRV - [2007.10.20 15:17:48 | 000,070,144 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\pacer.sys -- (PSched) DRV - [2007.10.20 15:17:47 | 000,619,008 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl) DRV - [2007.09.02 16:39:39 | 000,055,296 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\USBSTOR.SYS -- (USBSTOR) DRV - [2007.09.02 16:37:47 | 000,063,488 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv) DRV - [2007.09.02 16:28:02 | 000,013,312 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\sffdisk.sys -- (sffdisk) DRV - [2007.09.02 16:28:02 | 000,012,800 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\sffp_sd.sys -- (sffp_sd) DRV - [2007.09.02 16:28:01 | 000,082,432 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\sdbus.sys -- (sdbus) DRV - [2007.09.02 16:23:17 | 000,012,800 | ---- | M] () [Recognizer | System | Unknown] -- C:\Windows\System32\drivers\fs_rec.sys -- (Fs_Rec) DRV - [2007.06.18 16:18:26 | 000,023,680 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\motmodem.sys -- (motmodem) DRV - [2007.02.28 20:46:39 | 000,140,392 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pci.sys -- (pci) DRV - [2007.02.28 20:46:39 | 000,050,792 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\termdd.sys -- (TermDD) DRV - [2007.02.28 20:46:39 | 000,050,280 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr) DRV - [2007.02.28 20:46:39 | 000,028,776 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\mssmbios.sys -- (mssmbios) DRV - [2007.02.28 20:46:39 | 000,013,928 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv) DRV - [2007.02.28 20:46:39 | 000,012,776 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\swenum.sys -- (swenum) DRV - [2007.02.28 20:44:48 | 000,220,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BTHport.sys -- (BTHPORT) DRV - [2007.02.28 20:44:48 | 000,029,184 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BTHUSB.sys -- (BTHUSB) DRV - [2007.02.28 20:44:48 | 000,019,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\BthEnum.sys -- (BthEnum) DRV - [2007.02.28 20:17:05 | 000,013,312 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\DRIVERS\kmdfmemio.sys -- (KMDFMEMIO) DRV - [2007.02.08 10:22:28 | 002,315,776 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\atikmdag.sys -- (R300) DRV - [2007.01.24 05:18:32 | 000,039,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\DRIVERS\rimmptsk.sys -- (rimmptsk) DRV - [2007.01.24 03:03:28 | 000,037,376 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\DRIVERS\rixdptsk.sys -- (rismxdp) DRV - [2007.01.24 02:40:20 | 000,042,496 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\DRIVERS\rimsptsk.sys -- (rimsptsk) DRV - [2006.12.20 03:01:00 | 000,050,688 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\Rtnicxp.sys -- (RTL8023xp) DRV - [2006.12.05 12:34:42 | 000,507,136 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\PFC027.SYS -- (PAC207) DRV - [2006.11.09 02:29:44 | 001,161,888 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\AGRSM.sys -- (AgereSoftModem) DRV - [2006.11.02 14:34:35 | 000,132,200 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ecache.sys -- (Ecache) DRV - [2006.11.02 14:34:31 | 000,031,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv) DRV - [2006.11.02 11:51:42 | 000,500,840 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ndis.sys -- (NDIS) DRV - [2006.11.02 11:51:30 | 000,290,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx) DRV - [2006.11.02 11:51:14 | 000,183,912 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\System32\drivers\fltmgr.sys -- (FltMgr) DRV - [2006.11.02 11:51:12 | 000,168,552 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\msiscsi.sys -- (iScsiPrt) DRV - [2006.11.02 11:51:12 | 000,167,528 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\pcmcia.sys -- (pcmcia) DRV - [2006.11.02 11:51:09 | 000,160,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC) DRV - [2006.11.02 11:50:40 | 000,106,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nv_agp.sys -- (nv_agp) DRV - [2006.11.02 11:50:24 | 000,047,208 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\isapnp.sys -- (isapnp) DRV - [2006.11.02 11:50:24 | 000,046,696 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\System32\Drivers\mup.sys -- (Mup) DRV - [2006.11.02 11:50:23 | 000,049,256 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\partmgr.sys -- (partmgr) DRV - [2006.11.02 11:50:17 | 000,080,488 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm) DRV - [2006.11.02 11:50:16 | 000,078,952 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\mpio.sys -- (mpio) DRV - [2006.11.02 11:50:16 | 000,076,392 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port) DRV - [2006.11.02 11:50:04 | 000,058,984 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gagp30kx.sys -- (gagp30kx) DRV - [2006.11.02 11:50:04 | 000,058,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\uliagpkx.sys -- (uliagpkx) DRV - [2006.11.02 11:49:59 | 000,056,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\uagp35.sys -- (uagp35) DRV - [2006.11.02 11:49:58 | 000,056,424 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo) DRV - [2006.11.02 11:49:57 | 000,054,888 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mountmgr.sys -- (MountMgr) DRV - [2006.11.02 11:49:52 | 000,054,376 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\viaagp.sys -- (viaagp) DRV - [2006.11.02 11:49:52 | 000,053,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\agp440.sys -- (agp440) DRV - [2006.11.02 11:49:51 | 000,052,840 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\disk.sys -- (disk) DRV - [2006.11.02 11:49:49 | 000,027,752 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\i2omp.sys -- (i2omp) DRV - [2006.11.02 11:49:44 | 000,023,144 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msahci.sys -- (msahci) DRV - [2006.11.02 11:49:43 | 000,022,632 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk) DRV - [2006.11.02 11:49:38 | 000,019,560 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wd.sys -- (Wd) DRV - [2006.11.02 11:49:35 | 000,018,536 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\spldr.sys -- (spldr) DRV - [2006.11.02 11:49:26 | 000,015,464 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdide.sys -- (amdide) DRV - [2006.11.02 11:49:24 | 000,014,952 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\intelide.sys -- (intelide) DRV - [2006.11.02 11:14:58 | 000,018,944 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbprint.sys -- (usbprint) DRV - [2006.11.02 11:14:19 | 000,009,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\serscan.sys -- (StillCam) DRV - [2006.11.02 11:04:35 | 000,878,080 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\peauth.sys -- (PEAUTH) DRV - [2006.11.02 11:04:23 | 000,039,936 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\wpdusb.sys -- (WpdUsb) DRV - [2006.11.02 11:03:00 | 000,242,688 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\rdpdr.sys -- (rdpdr) DRV - [2006.11.02 11:02:15 | 000,160,256 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpwd.sys -- (RDPWD) DRV - [2006.11.02 11:02:07 | 000,023,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\tssecsrv.sys -- (tssecsrv) DRV - [2006.11.02 11:02:01 | 000,028,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdtcp.sys -- (TDTCP) DRV - [2006.11.02 11:02:01 | 000,017,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdpipe.sys -- (TDPIPE) DRV - [2006.11.02 11:02:01 | 000,006,144 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\rdpencdd.sys -- (RDPENCDD) DRV - [2006.11.02 11:02:01 | 000,006,144 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\RDPCDD.sys -- (RDPCDD) DRV - [2006.11.02 10:58:52 | 000,031,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\modem.sys -- (Modem) DRV - [2006.11.02 10:58:43 | 000,270,336 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\afd.sys -- (AFD) DRV - [2006.11.02 10:58:26 | 000,015,872 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl) DRV - [2006.11.02 10:58:14 | 000,118,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\ndiswan.sys -- (NdisWan) DRV - [2006.11.02 10:58:14 | 000,061,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\raspptp.sys -- (PptpMiniport) DRV - [2006.11.02 10:58:13 | 000,075,776 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\rasl2tp.sys -- (Rasl2tp) DRV - [2006.11.02 10:58:13 | 000,011,776 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\rasacd.sys -- (RasAcd) DRV - [2006.11.02 10:58:12 | 000,041,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\raspppoe.sys -- (RasPppoe) DRV - [2006.11.02 10:58:10 | 000,017,408 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\asyncmac.sys -- (AsyncMac) DRV - [2006.11.02 10:58:09 | 000,099,840 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipnat.sys -- (IPNAT) DRV - [2006.11.02 10:58:04 | 000,047,104 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\DRIVERS\ipfltdrv.sys -- (IpFilterDriver) DRV - [2006.11.02 10:57:47 | 000,027,648 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg) DRV - [2006.11.02 10:57:35 | 000,068,096 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\tdx.sys -- (tdx) DRV - [2006.11.02 10:57:30 | 000,016,384 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy) DRV - [2006.11.02 10:57:26 | 000,035,840 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\DRIVERS\netbios.sys -- (NetBIOS) DRV - [2006.11.02 10:57:22 | 000,016,896 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\ndisuio.sys -- (Ndisuio) DRV - [2006.11.02 10:57:20 | 000,184,320 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\netbt.sys -- (netbt) DRV - [2006.11.02 10:57:10 | 000,066,048 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\smb.sys -- (Smb) DRV - [2006.11.02 10:57:04 | 000,013,312 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irenum.sys -- (IRENUM) DRV - [2006.11.02 10:56:49 | 000,060,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\DRIVERS\rspndr.sys -- (rspndr) DRV - [2006.11.02 10:56:49 | 000,047,104 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\DRIVERS\lltdio.sys -- (lltdio) DRV - [2006.11.02 10:55:27 | 000,092,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\bthpan.sys -- (BthPan) DRV - [2006.11.02 10:55:24 | 000,034,816 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\umbus.sys -- (umbus) DRV - [2006.11.02 10:55:23 | 000,049,664 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\rfcomm.sys -- (RFCOMM) DRV - [2006.11.02 10:55:23 | 000,039,936 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM) DRV - [2006.11.02 10:55:22 | 000,029,184 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth) DRV - [2006.11.02 10:55:16 | 000,062,080 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ohci1394.sys -- (ohci1394) DRV - [2006.11.02 10:55:09 | 000,068,608 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir) DRV - [2006.11.02 10:55:08 | 000,035,328 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\circlass.sys -- (circlass) DRV - [2006.11.02 10:55:05 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\winusb.sys -- (winusb) DRV - [2006.11.02 10:55:05 | 000,022,528 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\DRIVERS\usbuhci.sys -- (usbuhci) DRV - [2006.11.02 10:55:01 | 000,021,504 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidir.sys -- (HidIr) DRV - [2006.11.02 10:55:01 | 000,012,288 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\hidusb.sys -- (HidUsb) DRV - [2006.11.02 10:54:59 | 000,005,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\drmkaud.sys -- (drmkaud) DRV - [2006.11.02 10:54:52 | 000,082,560 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\WUDFRd.sys -- (WUDFRd) DRV - [2006.11.02 10:53:56 | 000,026,112 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\vgapnp.sys -- (vga) DRV - [2006.11.02 10:53:56 | 000,025,088 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\vga.sys -- (VgaSave) DRV - [2006.11.02 10:52:52 | 000,020,608 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen) DRV - [2006.11.02 10:51:44 | 000,067,072 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\cdrom.sys -- (cdrom) DRV - [2006.11.02 10:51:40 | 000,013,312 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sfloppy.sys -- (sfloppy) DRV - [2006.11.02 10:51:40 | 000,012,800 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc) DRV - [2006.11.02 10:51:33 | 000,025,088 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\DRIVERS\fdc.sys -- (fdc) DRV - [2006.11.02 10:51:32 | 000,020,480 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\DRIVERS\flpydisk.sys -- (flpydisk) DRV - [2006.11.02 10:51:30 | 000,083,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial) DRV - [2006.11.02 10:51:30 | 000,079,360 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\parport.sys -- (Parport) DRV - [2006.11.02 10:51:25 | 000,017,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\serenum.sys -- (Serenum) DRV - [2006.11.02 10:51:23 | 000,008,704 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\parvdm.sys -- (Parvdm) DRV - [2006.11.02 10:51:15 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MSKSSRV.sys -- (MSKSSRV) DRV - [2006.11.02 10:51:14 | 000,005,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MSPQM.sys -- (MSPQM) DRV - [2006.11.02 10:51:13 | 000,006,016 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MSTEE.sys -- (MSTEE) DRV - [2006.11.02 10:51:13 | 000,005,888 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MSPCLOCK.sys -- (MSPCLOCK) DRV - [2006.11.02 10:51:12 | 000,015,872 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid) DRV - [2006.11.02 10:51:05 | 000,004,608 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\null.sys -- (Null) DRV - [2006.11.02 10:51:03 | 000,006,144 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\beep.sys -- (Beep) DRV - [2006.11.02 10:42:03 | 000,065,536 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ipmidrv.sys -- (IPMIDRV) DRV - [2006.11.02 10:35:03 | 000,011,264 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi) DRV - [2006.11.02 10:33:07 | 000,083,456 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\System32\drivers\luafv.sys -- (luafv) DRV - [2006.11.02 10:32:55 | 000,027,648 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace) DRV - [2006.11.02 10:31:26 | 000,222,208 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\DRIVERS\rdbss.sys -- (rdbss) DRV - [2006.11.02 10:31:12 | 000,069,632 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\DRIVERS\bowser.sys -- (bowser) DRV - [2006.11.02 10:31:04 | 000,074,752 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\Drivers\dfsc.sys -- (DfsC) DRV - [2006.11.02 10:30:57 | 000,225,280 | ---- | M] () [File_System | Disabled | Stopped] -- C:\Windows\System32\DRIVERS\udfs.sys -- (udfs) DRV - [2006.11.02 10:30:57 | 000,034,816 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\npfs.sys -- (Npfs) DRV - [2006.11.02 10:30:56 | 000,022,528 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\msfs.sys -- (Msfs) DRV - [2006.11.02 10:30:50 | 000,070,144 | ---- | M] () [File_System | Disabled | Running] -- C:\Windows\System32\DRIVERS\cdfs.sys -- (cdfs) DRV - [2006.11.02 10:30:49 | 000,142,336 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fastfat.sys -- (fastfat) DRV - [2006.11.02 10:30:19 | 000,039,424 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7) DRV - [2006.11.02 10:30:18 | 000,040,960 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8) DRV - [2006.11.02 10:30:18 | 000,039,424 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\intelppm.sys -- (intelppm) DRV - [2006.11.02 10:30:18 | 000,038,912 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe) DRV - [2006.11.02 10:30:18 | 000,038,912 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7) DRV - [2006.11.02 10:30:18 | 000,038,400 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\processr.sys -- (Processor) DRV - [2006.11.02 10:27:22 | 001,083,520 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\Ph3xIB32.sys -- (Ph3xIB32) DRV - [2006.11.02 09:36:49 | 000,235,520 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService) DRV - [2006.11.02 09:30:56 | 002,589,184 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\NETw2v32.sys -- (NETw2v32) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1315399434-4012707586-2408701596-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com IE - HKU\S-1-5-21-1315399434-4012707586-2408701596-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http:\\www.samsungcomputer.com IE - HKU\S-1-5-21-1315399434-4012707586-2408701596-1006\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-1315399434-4012707586-2408701596-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-1315399434-4012707586-2408701596-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz= IE - HKU\S-1-5-21-1315399434-4012707586-2408701596-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1315399434-4012707586-2408701596-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: formhistory@yahoo.com:1.3.0.2 FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9 FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10 FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.2.0.10687 FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145 FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.14 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.07.18 11:22:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.07.21 14:00:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.30 13:33:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.16 19:55:35 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.07.18 11:22:15 | 000,000,000 | ---D | M] [2012.05.31 21:14:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Konto\AppData\Roaming\mozilla\Extensions [2012.09.02 20:02:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Konto\AppData\Roaming\mozilla\Firefox\Profiles\3bktmake.default\extensions [2012.06.16 15:23:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Konto\AppData\Roaming\mozilla\Firefox\Profiles\3bktmake.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.07.20 09:56:39 | 000,000,000 | ---D | M] (Form History Control) -- C:\Users\Konto\AppData\Roaming\mozilla\Firefox\Profiles\3bktmake.default\extensions\formhistory@yahoo.com [2012.08.16 19:53:32 | 002,282,511 | ---- | M] () (No name found) -- C:\Users\Konto\AppData\Roaming\mozilla\firefox\profiles\3bktmake.default\extensions\nasanightlaunch@example.com.xpi [2012.07.25 12:40:13 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Konto\AppData\Roaming\mozilla\firefox\profiles\3bktmake.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.06.16 15:23:53 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Konto\AppData\Roaming\mozilla\firefox\profiles\3bktmake.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2012.09.02 20:02:29 | 000,699,353 | ---- | M] () (No name found) -- C:\Users\Konto\AppData\Roaming\mozilla\firefox\profiles\3bktmake.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2012.07.27 21:06:42 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2007.09.02 15:51:06 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2012.08.26 20:52:57 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.07.21 14:00:12 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012.08.26 20:52:57 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.08.30 13:33:30 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.07.18 09:45:40 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.30 13:33:26 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.07.18 09:45:40 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.07.18 09:45:40 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.18 09:45:40 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.18 09:45:40 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.07.21 18:47:34 | 000,000,785 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll File not found O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [Play AVStation TV Scheduler] C:\Programme\Samsung\Play AVStation\TvScheduler.exe (SAMSUNG ELECTRONICS CO., LTD.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1315399434-4012707586-2408701596-1006..\Run: [] File not found O4 - HKU\S-1-5-21-1315399434-4012707586-2408701596-1006..\Run: [Akamai NetSession Interface] C:\Users\Konto\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKU\S-1-5-21-1315399434-4012707586-2408701596-1006..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKU\S-1-5-21-1315399434-4012707586-2408701596-1006..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoHotStart = 0 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll () O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 10.4.1) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 10.4.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.50.140.118 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{082264E5-35B3-4F48-B8BF-CEB85C74F920}: DhcpNameServer = 195.50.140.118 192.168.0.1 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{ae2f3dde-6ad1-11e1-995d-0013773a05c6}\Shell - "" = AutoRun O33 - MountPoints2\{ae2f3dde-6ad1-11e1-995d-0013773a05c6}\Shell\AutoRun\command - "" = F:\unlock.exe autoplay=true O33 - MountPoints2\{facac4be-d349-11e1-a8a2-0013773a05c6}\Shell - "" = AutoRun O33 - MountPoints2\{facac4be-d349-11e1-a8a2-0013773a05c6}\Shell\AutoRun\command - "" = G:\setup_legend_of_grimrock_1.0.0.6.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.09.06 00:45:53 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.09.05 23:30:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders [2012.09.05 21:28:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012.09.05 20:11:59 | 000,000,000 | -H-D | C] -- C:\$AVG [2012.09.05 20:11:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG [2012.09.05 20:06:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.09.05 15:43:27 | 000,000,000 | ---D | C] -- C:\Users\Konto\AppData\Roaming\Malwarebytes [2012.09.02 20:16:03 | 000,000,000 | ---D | C] -- C:\Program Files\ATI(21) [2012.09.02 20:07:50 | 000,000,000 | ---D | C] -- C:\ATI(20) [2012.09.02 17:16:00 | 000,000,000 | ---D | C] -- C:\Program Files\Driver Cleaner Pro [2012.09.02 16:41:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx [2012.09.02 16:37:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com [2012.08.22 14:17:11 | 000,000,000 | ---D | C] -- C:\Users\Konto\AppData\Local\Western_Digital [2012.08.16 20:19:55 | 000,000,000 | ---D | C] -- C:\Users\Konto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft [2012.08.16 20:19:51 | 000,000,000 | ---D | C] -- C:\Users\Konto\AppData\Roaming\.minecraft ========== Files - Modified Within 30 Days ========== [2012.09.06 01:50:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4C34C866-F54C-4588-9C75-63AD9B10E143}.job [2012.09.06 01:47:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.06 01:43:26 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.09.06 01:43:25 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.06 01:43:25 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.06 01:43:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.06 01:41:25 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.09.06 01:30:24 | 000,000,166 | ---- | M] () -- C:\Users\Konto\defogger_reenable [2012.09.06 00:54:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.09.06 00:53:47 | 000,755,100 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.09.06 00:53:47 | 000,704,984 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.09.06 00:53:47 | 000,163,254 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.09.06 00:53:47 | 000,140,074 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.09.05 15:29:27 | 000,006,246 | ---- | M] () -- C:\Users\Konto\Documents\Dokument.rtf [2012.09.05 11:55:01 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012.09.05 00:17:41 | 000,025,088 | ---- | M] () -- C:\Users\Konto\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.02 19:58:25 | 000,001,356 | ---- | M] () -- C:\Users\Konto\AppData\Local\d3d9caps.dat [2012.09.02 16:37:34 | 000,000,618 | ---- | M] () -- C:\Users\Public\Desktop\Legend of Grimrock.lnk [2012.09.02 14:52:58 | 000,070,400 | ---- | M] () -- C:\Windows\System32\drivers\d5ef27d2304ff7ae.sys [2012.08.26 22:19:22 | 001,031,681 | ---- | M] () -- C:\Users\Konto\Documents\Anl1_zu_FB1_ab2011.pdf [2012.08.11 19:29:08 | 000,011,287 | ---- | M] () -- C:\Users\Konto\Desktop\***.jpg [2012.08.11 19:28:46 | 000,190,142 | ---- | M] () -- C:\Users\Konto\Desktop\Foto.JPG ========== Files Created - No Company Name ========== [2012.09.06 01:30:22 | 000,000,166 | ---- | C] () -- C:\Users\Konto\defogger_reenable [2012.09.05 15:29:26 | 000,006,246 | ---- | C] () -- C:\Users\Konto\Documents\Dokument.rtf [2012.09.02 19:49:58 | 000,001,356 | ---- | C] () -- C:\Users\Konto\AppData\Local\d3d9caps.dat [2012.09.02 16:37:34 | 000,000,618 | ---- | C] () -- C:\Users\Public\Desktop\Legend of Grimrock.lnk [2012.09.02 14:52:58 | 000,070,400 | ---- | C] () -- C:\Windows\System32\drivers\d5ef27d2304ff7ae.sys [2012.08.26 21:22:10 | 001,031,681 | ---- | C] () -- C:\Users\Konto\Documents\Anl1_zu_FB1_ab2011.pdf [2012.08.11 19:29:07 | 000,011,287 | ---- | C] () -- C:\Users\Konto\Desktop\***.jpg [2012.08.11 19:28:41 | 000,190,142 | ---- | C] () -- C:\Users\Konto\Desktop\Foto.JPG [2012.07.21 17:38:36 | 000,233,024 | ---- | C] () -- C:\Windows\System32\drivers\dtsoftbus01.sys [2012.07.18 11:05:29 | 000,219,018 | ---- | C] () -- C:\Windows\hpoins47.dat [2012.07.18 11:05:29 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl47.dat [2012.06.17 16:35:45 | 000,000,600 | ---- | C] () -- C:\Users\Konto\AppData\Local\PUTTY.RND [2012.06.16 20:04:09 | 000,025,088 | ---- | C] () -- C:\Users\Konto\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.06.16 15:31:08 | 000,000,488 | ---- | C] () -- C:\Users\Konto\.swfinfo [2012.06.08 11:35:23 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2012.03.21 22:32:06 | 000,021,504 | ---- | C] () -- C:\Windows\System32\drivers\NDNdisprot.sys [2012.02.15 12:01:50 | 000,043,520 | ---- | C] () -- C:\Windows\System32\drivers\usbaapl.sys [2012.02.12 23:01:47 | 000,026,600 | ---- | C] () -- C:\Windows\System32\drivers\GEARAspiWDM.sys [2012.01.04 20:22:37 | 000,137,928 | ---- | C] () -- C:\Windows\System32\drivers\avipbb.sys [2012.01.04 20:22:37 | 000,036,000 | ---- | C] () -- C:\Windows\System32\drivers\avkmgr.sys [2011.08.02 18:38:44 | 000,018,432 | ---- | C] () -- C:\Windows\System32\drivers\netaapl.sys [2011.02.16 18:52:46 | 000,011,520 | ---- | C] () -- C:\Windows\System32\drivers\wdcsam.sys [2008.03.23 12:58:02 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat [2007.09.02 14:52:29 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html ========== LOP Check ========== [2010.12.27 18:01:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Software4u [2012.08.16 20:21:24 | 000,000,000 | ---D | M] -- C:\Users\Konto\AppData\Roaming\.minecraft [2012.06.18 13:00:11 | 000,000,000 | ---D | M] -- C:\Users\Konto\AppData\Roaming\avidemux [2012.07.21 17:30:36 | 000,000,000 | ---D | M] -- C:\Users\Konto\AppData\Roaming\DAEMON Tools Pro [2012.06.18 00:34:38 | 000,000,000 | ---D | M] -- C:\Users\Konto\AppData\Roaming\DiskAid [2012.07.21 14:14:06 | 000,000,000 | ---D | M] -- C:\Users\Konto\AppData\Roaming\GHISLER [2012.08.05 16:59:58 | 000,000,000 | ---D | M] -- C:\Users\Konto\AppData\Roaming\iFunbox_UserCache [2012.06.17 18:37:12 | 000,000,000 | ---D | M] -- C:\Users\Konto\AppData\Roaming\IrfanView [2012.07.21 14:15:31 | 000,000,000 | ---D | M] -- C:\Users\Konto\AppData\Roaming\JAM Software [2012.06.17 14:47:00 | 000,000,000 | ---D | M] -- C:\Users\Konto\AppData\Roaming\Macroplant LLC [2012.06.16 16:28:45 | 000,000,000 | ---D | M] -- C:\Users\Konto\AppData\Roaming\mp3DirectCut [2012.06.17 17:22:51 | 000,000,000 | ---D | M] -- C:\Users\Konto\AppData\Roaming\redsn0w [2012.06.16 16:09:50 | 000,000,000 | ---D | M] -- C:\Users\Konto\AppData\Roaming\streamripper [2012.09.01 16:23:25 | 000,000,000 | ---D | M] -- C:\Users\Konto\AppData\Roaming\WindSolutions [2012.06.16 19:30:15 | 000,000,000 | ---D | M] -- C:\Users\Konto\AppData\Roaming\xrecode2 [2009.09.16 21:07:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo [2011.11.29 09:08:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Kartina.TV [2012.06.02 19:13:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PDF reDirect [2012.06.02 18:03:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\xrecode2 [2012.09.06 01:41:25 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.09.06 01:50:00 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4C34C866-F54C-4588-9C75-63AD9B10E143}.job ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 06.09.2012 01:44:50 - Run 1
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\Konto\Downloads\Viren
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,75 Gb Total Physical Memory | 0,48 Gb Available Physical Memory | 27,36% Memory free
3,71 Gb Paging File | 2,41 Gb Available in Paging File | 65,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,05 Gb Total Space | 2,69 Gb Free Space | 3,90% Space Free | Partition Type: NTFS
Drive D: | 70,00 Gb Total Space | 14,17 Gb Free Space | 20,25% Space Free | Partition Type: NTFS
Computer Name: NATALJA | User Name: Konto | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-1315399434-4012707586-2408701596-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{014E482A-0C27-47E3-BA82-307E9DCA2F47}" = HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
"{0212BFBB-50BA-C4FA-D700-DFBB40A9F1AF}" = Catalyst Control Center Localization Arabic
"{0219FD21-8B2E-240B-3D35-997EE0E3F81B}" = Catalyst Control Center Localization Arabic
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{047ACAF8-7642-4940-8EC6-4694E0E60B40}" = CCC Help French
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05D08C4D-58A2-438B-A419-EE994E64E15D}" = B110
"{06F42C96-A96C-F579-B0FA-F44BBA118C51}" = ccc-core-static
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0BB96994-EA3F-D659-6A3B-D2D73FEBD8E4}" = ccc-utility
"{0C1D06CD-D5D1-A718-5C8F-27D089C5C39C}" = Catalyst Control Center Localization Finnish
"{0DF36AB1-1B4C-CAEC-A23E-EFA25738B60A}" = CCC Help Greek
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{110D7DC8-9237-47D3-AB39-50651A10304C}" = SamsungScreensaver
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{12080F61-1225-BCDE-EFE2-3452E826D9AD}" = Catalyst Control Center Graphics Light
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{143539DF-6F6E-9E25-3EDF-0906C7F533B7}" = CCC Help Korean
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution II
"{148806DB-3E2E-4A2E-D7F8-223EFA43C350}" = Catalyst Control Center Graphics Full New
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{20CD8D4B-74ED-BED9-805C-6F4FBE6B4F01}" = ccc-localization-da
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{31ACBC65-C234-BD71-3FCE-520EC0138635}" = CCC Help Norwegian
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{3AB54293-0366-7D73-D97E-3DB689A72E4A}" = CCC Help Danish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DC4A72C-B683-5733-8A2C-136FBB5619D6}" = Catalyst Control Center Localization German
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{47EDD638-F882-A248-FBA5-B0CCBB9175D8}" = CCC Help Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4D6125BF-2586-9175-24FE-854DD6F6F08F}" = CCC Help Hungarian
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51B055DD-A5F8-4D0C-A09C-66E58AD56F20}" = WD SmartWare
"{52FE8F38-057E-26C5-DF29-935DE6E218E0}" = Catalyst Control Center Localization Japanese
"{5579A7B8-F48A-C2F5-75D0-F67CDFD68461}" = Catalyst Control Center Core Implementation
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A4BB8B6-8BE7-A8AF-528C-55A50DD18497}" = Catalyst Control Center Localization Arabic
"{5AA05616-21D6-63D5-CA68-73200B161599}" = CCC Help Czech
"{5D11659E-A95B-42A5-9585-C2999CF119EF}" = eMedia
"{5E99C53A-D37E-CEA5-0398-329F15494618}" = Catalyst Control Center Graphics Full Existing
"{64536DB8-3247-4489-6BC3-BCD0DCC74810}" = Catalyst Control Center Localization Spanish
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6BD4EDE4-053E-FC85-AFC2-58306952BDBD}" = Catalyst Control Center Localization French
"{6F6D2DE6-44FA-EAF4-0028-7FAE37A76B4C}" = CCC Help Turkish
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78E2F10D-4A74-A354-3D41-CF439A501AE5}" = CCC Help Italian
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iExplorer 2.2.1.3
"{8448A09D-0E2A-4EFA-6A16-AFA374AE088F}" = Catalyst Control Center Graphics Previews Vista
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{87858FF1-3D1C-301A-0C62-62F977659969}" = Catalyst Control Center Localization Italian
"{8799B11A-0E01-1729-B527-802A3513BEE7}" = CCC Help Polish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A51FE4C-7DC6-8C9B-67D7-8536B7413BFE}" = Catalyst Control Center Localization Korean
"{8A92CE03-CEEB-145D-1F8D-FBC0DDE0CDEF}" = CCC Help Finnish
"{8E4B1BE8-DCF3-4B90-A726-B28107442623}" = SolutionCenter
"{8ED71B2B-8228-EFF8-B566-890D771A6A98}" = CCC Help Swedish
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{903194A5-E1E4-E56B-8B3C-C52664CD6A65}" = CCC Help Japanese
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{95CCAA64-028C-FF26-B553-3401EA3B137B}" = CCC Help Chinese Standard
"{98C0E007-7225-550C-BD4D-16A53171FA5B}" = CCC Help Chinese Traditional
"{99825ADC-3BAC-40C6-3FA1-A80496C5FE4D}" = CCC Help German
"{99FBF341-96A4-6E6B-F098-F5318F74FD8B}" = Catalyst Control Center Localization Hungarian
"{9AEE384F-4CEB-9FD4-0ECA-5A2A5FF3FC65}" = Catalyst Control Center Localization Arabic
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0A703E5-975D-8426-B654-A3C86EEA771F}" = Catalyst Control Center Localization Greek
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3400
"{A2E2B102-C07F-2D6A-F826-FBE911583029}" = Catalyst Control Center Localization Arabic
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB8465B2-8971-83AA-72AC-08C870CAB14B}" = CCC Help English
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{AFE83615-88BE-47F6-B3E4-A3FEF8B7B57F}_is1" = xrecode II 1.0.0.190
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B57D54D5-BE8F-152A-3DDA-2CCC34916ABB}" = Catalyst Control Center Localization Czech
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BBFB2E59-B0DB-42C8-8F4D-CF4E85471667}" = Toolbox
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BF6379E6-9936-46B0-B6AC-C56EE3987D2E}" = inSSIDer
"{C2F84222-A797-3ADB-F73F-F9FEA356365E}" = Catalyst Control Center Localization Chinese Standard
"{C5DC24CC-98D8-3714-20DE-F3154692CAC1}" = CCC Help Portuguese
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2BD3C8F-9D7F-472B-BDF9-7309A5CB813A}" = Motorola Driver Installation 3.5.0
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D3D1D696-84A8-465A-BC61-CDAC852B24CD}_is1" = Phone to PC 4.1.6.2
"{D6339BC5-BD2E-580C-0A9E-EF09B768C891}" = CCC Help Thai
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DDFA8768-E4A8-4EFA-637B-DF23DC3EFD04}" = Catalyst Control Center Localization Chinese Traditional
"{DF1F4246-C7DF-7C15-6BBD-211E768EB715}" = Catalyst Control Center Localization Arabic
"{E481BC06-6BBB-093B-728A-C8EEB98E1E47}" = Catalyst Control Center Localization Arabic
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E5BED6AE-BEF7-8504-38DB-F881A526F5C2}" = Skins
"{EC69E8A3-A20F-E735-968A-CE6D4E1FA857}" = CCC Help Russian
"{ED8EACD0-3B35-AA21-DA10-6372AB6D19CA}" = CCC Help Dutch
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6081BF5-B4AB-456A-9694-89F5CB6ED270}" = Motorola Phone Tools
"{F80BD4BC-06B8-488E-A62E-C4755013DD71}" = Network
"{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min
"{F9A63CBA-FB65-44E2-9BFB-927E7208B3D7}" = Motorola Phone Tools
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}" = AVStation Now
"{FF602681-E2E7-9FFF-9752-3B0F8E7D38F1}" = Catalyst Control Center Localization Arabic
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Ashampoo Burning Studio 9_is1" = Ashampoo Burning Studio 9.12
"ATI Uninstaller" = ATI Uninstaller
"AudibleManager" = AudibleManager
"Avidemux 2.5" = Avidemux 2.5 (32-bit)
"AviSynth" = AviSynth 2.5
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CCleaner" = CCleaner
"DAEMON Tools Pro" = DAEMON Tools Pro
"DiskAid_is1" = DiskAid 5.14
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"FLV Player" = FLV Player 2.0 (build 25)
"Google Updater" = Google Updater
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"iFunbox_is1" = iFunbox (v1.96.938.649), iFunbox DevTeam
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"InstallShield_{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}" = AVStation Now
"IrfanView" = IrfanView (remove only)
"Kartina.TV" = Kartina.TV
"Legend of Grimrock_is1" = Legend of Grimrock
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Netdetect_is1" = Netdetect 2.0.0b5
"PDF reDirect" = PDF reDirect (remove only)
"plist Editor for Windows" = plist Editor for Windows 1.0.2
"PROHYBRIDR" = 2007 Microsoft Office system
"ratDVD" = ratDVD 0.78.1444
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TreeSize Free_is1" = TreeSize Free V2.7
"Videora iPad Converter" = Videora iPad Converter 6
"VLC media player" = VLC media player 2.0.1
"WinRAR archiver" = WinRAR 4.11 (32-Bit)
"xp-AntiSpy" = xp-AntiSpy 3.98-2
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1315399434-4012707586-2408701596-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"CopyTrans Suite" = Nur Entfernen der CopyTrans Suite möglich
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 05.09.2012 09:36:45 | Computer Name = *** | Source = Avira Antivirus | ID = 4122
Description =
Error - 05.09.2012 11:02:01 | Computer Name = *** | Source = Avira Antivirus | ID = 4122
Description =
Error - 05.09.2012 13:44:49 | Computer Name = *** | Source = Avira Antivirus | ID = 4122
Description =
Error - 05.09.2012 13:48:04 | Computer Name = *** | Source = Avira Antivirus | ID = 4122
Description =
Error - 05.09.2012 17:55:36 | Computer Name = *** | Source = MsiInstaller | ID = 11316
Description =
Error - 05.09.2012 19:02:11 | Computer Name = *** | Source = EventSystem | ID = 4609
Description =
Error - 05.09.2012 19:10:57 | Computer Name = *** | Source = Avira Antivirus | ID = 4122
Description =
Error - 05.09.2012 19:12:34 | Computer Name = *** | Source = Avira Antivirus | ID = 4122
Description =
Error - 05.09.2012 19:24:37 | Computer Name = *** | Source = Avira Antivirus | ID = 4122
Description =
Error - 05.09.2012 19:25:53 | Computer Name = Natalja | Source = Avira Antivirus | ID = 4122
Description =
[ Media Center Events ]
Error - 14.06.2012 07:12:05 | Computer Name = *** | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
[ OSession Events ]
Error - 11.09.2009 17:34:36 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
Error - 01.10.2009 17:36:35 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 13
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 05.09.2012 19:17:20 | Computer Name = *** | Source = DCOM | ID = 10010
Description =
Error - 05.09.2012 19:19:27 | Computer Name = *** | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 06.09.2012 um 01:17:54 unerwartet heruntergefahren.
Error - 05.09.2012 19:38:42 | Computer Name = *** | Source = Service Control Manager | ID = 7024
Description =
Error - 05.09.2012 19:38:42 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description =
Error - 05.09.2012 19:38:42 | Computer Name = *** | Source = Service Control Manager | ID = 7023
Description =
Error - 05.09.2012 19:38:42 | Computer Name = *** | Source = Service Control Manager | ID = 7003
Description =
Error - 05.09.2012 19:38:42 | Computer Name = *** | Source = Service Control Manager | ID = 7003
Description =
Error - 05.09.2012 19:38:42 | Computer Name = *** | Source = Service Control Manager | ID = 7026
Description =
Error - 05.09.2012 19:38:42 | Computer Name = *** | Source = Service Control Manager | ID = 7001
Description =
Error - 05.09.2012 19:41:22 | Computer Name = *** | Source = DCOM | ID = 10010
Description =
[ Windows OneCare Events ]
Error - 26.03.2008 02:32:42 | Computer Name = *** | Source = WinSS | ID = 1011
Description =
Error - 26.03.2008 02:32:42 | Computer Name = *** | Source = WinSS | ID = 1011
Description =
Error - 26.03.2008 03:55:40 | Computer Name = *** | Source = WinSS | ID = 1011
Description =
Error - 30.03.2008 16:10:50 | Computer Name = *** | Source = WinSS | ID = 1011
Description =
Error - 30.03.2008 16:10:50 | Computer Name = *** | Source = WinSS | ID = 1011
Description =
Error - 10.04.2008 02:55:26 | Computer Name = *** | Source = WinSS | ID = 1011
Description =
Error - 11.04.2008 04:57:07 | Computer Name = *** | Source = WinSS | ID = 1011
Description =
Error - 15.04.2008 05:17:00 | Computer Name = *** | Source = WinSS | ID = 1011
Description =
Error - 15.04.2008 05:17:00 | Computer Name = *** | Source = WinSS | ID = 1011
Description =
Error - 15.04.2008 06:16:17 | Computer Name = *** | Source = WinSS | ID = 1011
Description =
< End of report >
GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-06 02:40:27
Windows 6.0.6000
Running: hbdnsjc6.exe
---- Services - GMER 1.0.15 ----
Service C:\SystemRoot\System32\Drivers\d5ef27d2304ff7ae.sys (*** hidden *** ) [BOOT] d5ef27d2304ff7ae <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00027873b61e
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016cfe759b3
Reg HKLM\SYSTEM\CurrentControlSet\Services\d5ef27d2304ff7ae@ImagePath \SystemRoot\System32\Drivers\d5ef27d2304ff7ae.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\d5ef27d2304ff7ae@Group Boot Bus Extender
Reg HKLM\SYSTEM\CurrentControlSet\Services\d5ef27d2304ff7ae@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\d5ef27d2304ff7ae@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\d5ef27d2304ff7ae@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\d5ef27d2304ff7ae@Tag 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\d5ef27d2304ff7ae@DisplayName syshost.exe
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x64 0xDF 0x5E 0x99 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE4 0x1E 0x2E 0x17 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7E 0x63 0xE9 0x0E ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00027873b61e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0016cfe759b3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\d5ef27d2304ff7ae@ImagePath \SystemRoot\System32\Drivers\d5ef27d2304ff7ae.sys
Reg HKLM\SYSTEM\ControlSet002\Services\d5ef27d2304ff7ae@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet002\Services\d5ef27d2304ff7ae@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\d5ef27d2304ff7ae@Type 1
Reg HKLM\SYSTEM\ControlSet002\Services\d5ef27d2304ff7ae@Start 0
Reg HKLM\SYSTEM\ControlSet002\Services\d5ef27d2304ff7ae@Tag 1
Reg HKLM\SYSTEM\ControlSet002\Services\d5ef27d2304ff7ae@DisplayName syshost.exe
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x64 0xDF 0x5E 0x99 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE4 0x1E 0x2E 0x17 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7E 0x63 0xE9 0x0E ...
---- EOF - GMER 1.0.15 ----
Liege ich mit der Vermutung nahe dass ich mir ein Rootkit eingefangen habe? Ich danke euch jetzt schon für die Hilfe … Lg Andre Geändert von loc-nar (06.09.2012 um 07:39 Uhr) Grund: Nicht ganz perfekt auf eure Vorgaben abgestimmt :) |
| Themen zu Rootkit / Echtzeitscanner lässt sich nicht mehr aktivieren |
| 0xc0000001, akamai, avg programm, avira, avira programm, bho, bonjour, desktop, echtzeitscanner, entfernen, error, excel, failed, firefox, flash player, google earth, hdaudio.sys, home, install.exe, launch, logfile, microsoft office 2003, msiinstaller, office 2007, plug-in, problem, programm, realtek, rootkit, scan, security, server, smartphone, software, system, vista, vista 32 bit, windows, yahoo.com |
Baum-Darstellung