|
Log-Analyse und Auswertung: Post-Trojaner -> PaketzustellungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
28.12.2012, 14:33 | #1 |
| Post-Trojaner -> Paketzustellung Hallo zusammen, sind leider wohl auf den Posttrojaner reingefallen. Ich weiß, dass man solche Emails und erst recht die Anhänge zu solchen nicht öffnet, ist aber leider passiert und ich fürchte, ich bekomme das selbst nicht in den Griff. Deswegen gleich vorab: Vielen Dank für jede Hilfe! Erstmal zur EMail: Betreff war: Deutsche Post # Holen Sie ihre Postsendung ab. Im Anhang war eine .zip Datei. Allerdings kam nach Doppelklick auf die .zip-Datei eine Fehlermeldung, dass die Datei nicht geöffnet werden konnte. Weiß nun nicht, ob trotzdem etwas auf dem Computer installiert worden sein kann. Da nach erstem lesen hier der versendete Trojaner aber von der übleren Sorte sein soll, würde ich dann doch gerne sicher gehen... Habe erst einmal der Anleitung folgend die Scans durchgeführt. Hier die Ergebnisse: OTL.TXT: OTL logfile created on: 28.12.2012 12:59:17 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\johanna\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,93 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 55,22% Memory free 6,08 Gb Paging File | 4,72 Gb Available in Paging File | 77,53% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 142,09 Gb Total Space | 29,27 Gb Free Space | 20,60% Space Free | Partition Type: NTFS Drive D: | 143,00 Gb Total Space | 127,39 Gb Free Space | 89,08% Space Free | Partition Type: NTFS Computer Name: JOHANNA-PC | User Name: johanna | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.28 12:39:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\johanna\Downloads\OTL.exe PRC - [2012.12.28 12:36:38 | 000,050,477 | ---- | M] () -- C:\Users\johanna\Downloads\Defogger.exe PRC - [2012.12.13 18:23:36 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe PRC - [2012.12.06 21:04:20 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2012.08.08 20:41:14 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.06.13 16:37:04 | 001,088,904 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe PRC - [2012.06.13 16:27:26 | 000,792,512 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe PRC - [2012.05.15 20:38:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.15 20:38:58 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.15 20:38:58 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.01.03 15:31:34 | 001,391,272 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe PRC - [2011.06.17 18:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe PRC - [2011.01.05 20:26:26 | 012,074,672 | ---- | M] (Mozilla Messaging) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe PRC - [2010.04.20 13:26:44 | 000,300,912 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe PRC - [2009.07.17 13:32:12 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe PRC - [2009.06.30 07:12:06 | 000,548,864 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2009.06.24 08:47:58 | 000,700,416 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2009.03.18 18:08:04 | 000,189,696 | ---- | M] (Solid Documents, LLC) -- C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.09.11 16:46:06 | 001,853,992 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe PRC - [2008.09.11 16:46:06 | 000,752,168 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2008.08.26 01:59:54 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe PRC - [2008.01.21 03:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe ========== Modules (No Company Name) ========== MOD - [2012.12.28 12:36:38 | 000,050,477 | ---- | M] () -- C:\Users\johanna\Downloads\Defogger.exe MOD - [2012.12.13 18:23:35 | 014,586,296 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_135.dll MOD - [2012.12.06 21:04:19 | 002,397,152 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.01.05 20:26:14 | 000,161,968 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll MOD - [2011.01.05 20:26:14 | 000,021,680 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll MOD - [2010.04.20 13:26:44 | 000,300,912 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe MOD - [2010.04.16 13:11:02 | 000,155,648 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\HMXML.dll MOD - [2006.08.12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Samsung Magic Doctor\HookDllPS2.dll MOD - [2006.08.12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\SAMSUNG\EasySpeedUpManager\HookDllPS2.dll MOD - [2006.08.12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll ========== Services (SafeList) ========== SRV - [2012.12.13 18:23:36 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.06 21:04:19 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.06.13 16:27:26 | 000,792,512 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2012.05.15 20:38:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.15 20:38:58 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.06.17 18:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService) SRV - [2009.03.18 18:08:04 | 000,189,696 | ---- | M] (Solid Documents, LLC) [Auto | Running] -- C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe -- (SdReadSpool) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\CryptOSD.sys -- (CryptOSD) DRV - [2012.05.15 20:38:59 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.15 20:38:59 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.19 16:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.07.03 10:21:00 | 000,168,448 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2009.04.22 10:27:12 | 001,129,472 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.09.21 21:49:36 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) DRV - [2008.01.21 03:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2006.11.14 01:11:54 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO) DRV - [2006.11.02 08:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.11.02 08:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\5.9\pdfforgeToolbarIE.dll (Spigot, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=3700DF1C-D62A-4672-917A-A8C1A32DE873&apn_sauid=9B041A5F-01D6-4B29-AD37-6982A3DE4064 IE - HKCU\..\SearchScopes\{443540DA-3280-455F-B6DB-505CA9A1C13C}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=971163_yserp&p={searchTerms} IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SMSN_de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=971163_yserp" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..extensions.enabledAddons: pdfforge%40mybrowserbar.com:5.9 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.06 21:04:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 19:38:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.11\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.03.11 22:02:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009.12.21 19:44:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\johanna\AppData\Roaming\mozilla\Extensions [2009.12.21 19:44:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\johanna\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.11.03 10:07:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\johanna\AppData\Roaming\mozilla\Firefox\Profiles\bcq7ttgq.default\extensions [2012.01.03 15:27:44 | 000,002,333 | ---- | M] () -- C:\Users\johanna\AppData\Roaming\mozilla\firefox\profiles\bcq7ttgq.default\searchplugins\askcom.xml [2012.10.27 19:38:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012.10.27 19:38:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.10.27 19:38:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012.12.06 10:09:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\updated\extensions [2012.12.06 10:09:57 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012.12.06 10:09:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\updated\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.12.06 10:09:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\updated\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012.06.20 12:22:17 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF [2012.12.06 21:04:20 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.02.09 09:39:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.15 21:13:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.09 09:39:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.02.09 09:39:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.09 09:39:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.09 09:39:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.78\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.78\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.78\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\5.9\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\5.9\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [fsn] C:\Program Files\Phoenix Technologies Ltd\FailSafe\FailSafeNotifier.exe () O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray File not found O4 - HKLM..\Run: [PDFPrint] C:\Program Files\pdf24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.9.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4DB18BFC-3C0C-4CAD-B99B-4D5E8BCCCFAB}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{e691cc47-cd14-11e1-9106-9018b687d875}\Shell - "" = AutoRun O33 - MountPoints2\{e691cc47-cd14-11e1-9106-9018b687d875}\Shell\AutoRun\command - "" = E:\iStudio.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.30 08:15:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pdf24 [2012.11.30 08:14:28 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch [1 C:\Program Files\Common Files\*.tmp files -> C:\Program Files\Common Files\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.28 12:37:45 | 000,000,000 | ---- | M] () -- C:\Users\johanna\defogger_reenable [2012.12.28 12:34:22 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.28 12:34:11 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.28 12:34:11 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.28 12:33:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.28 12:33:22 | 3150,561,280 | -HS- | M] () -- C:\hiberfil.sys [2012.12.28 12:12:32 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.12.28 11:26:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.28 11:23:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.18 22:48:45 | 000,642,704 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.12.18 22:48:45 | 000,121,592 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.12.18 22:48:44 | 000,685,712 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.12.18 22:48:44 | 000,149,980 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.12.13 19:03:39 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.11.30 08:15:40 | 000,001,653 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2012.11.30 08:15:40 | 000,001,638 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk [1 C:\Program Files\Common Files\*.tmp files -> C:\Program Files\Common Files\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.28 12:37:45 | 000,000,000 | ---- | C] () -- C:\Users\johanna\defogger_reenable [2012.11.30 08:15:40 | 000,001,653 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2012.11.30 08:15:40 | 000,001,638 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk [2012.05.14 11:15:03 | 000,000,746 | ---- | C] () -- C:\Windows\wiso.ini [2010.06.23 17:15:48 | 000,103,992 | ---- | C] () -- C:\Users\johanna\steuererklärung2009.elfo [2010.02.06 21:59:12 | 000,005,120 | ---- | C] () -- C:\Users\johanna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.01.24 15:21:44 | 000,000,680 | ---- | C] () -- C:\Users\johanna\AppData\Local\d3d9caps.dat ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 16:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 05:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.21 03:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2009.12.21 19:48:43 | 000,000,000 | -HSD | M] -- C:\Users\johanna\AppData\Roaming\.# [2012.05.14 11:16:50 | 000,000,000 | ---D | M] -- C:\Users\johanna\AppData\Roaming\Buhl Data Service [2012.08.07 21:17:43 | 000,000,000 | ---D | M] -- C:\Users\johanna\AppData\Roaming\elsterformular [2010.06.06 15:47:12 | 000,000,000 | ---D | M] -- C:\Users\johanna\AppData\Roaming\myphotobook [2010.09.28 17:36:33 | 000,000,000 | ---D | M] -- C:\Users\johanna\AppData\Roaming\Softland [2011.10.17 18:14:08 | 000,000,000 | ---D | M] -- C:\Users\johanna\AppData\Roaming\SolidDocuments [2009.12.21 19:43:58 | 000,000,000 | ---D | M] -- C:\Users\johanna\AppData\Roaming\Thunderbird ========== Purity Check ========== < End of report > EXTRAS.TXT: OTL Extras logfile created on: 28.12.2012 12:59:17 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\johanna\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,93 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 55,22% Memory free 6,08 Gb Paging File | 4,72 Gb Available in Paging File | 77,53% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 142,09 Gb Total Space | 29,27 Gb Free Space | 20,60% Space Free | Partition Type: NTFS Drive D: | 143,00 Gb Total Space | 127,39 Gb Free Space | 89,08% Space Free | Partition Type: NTFS Computer Name: JOHANNA-PC | User Name: johanna | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0A2197AA-8836-46B3-A72A-55A49864C516}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{25881CDD-1030-4E3C-AAA1-7C036676B37B}" = rport=139 | protocol=6 | dir=out | app=system | "{69AC5056-47F1-422B-BD27-40982A45084E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{6B1FFEB0-D179-4E56-8D49-802AA8603DB4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{A2E49C06-C77C-4B4A-BF85-2E2EEA14CFEB}" = lport=139 | protocol=6 | dir=in | app=system | "{A878D896-A4E2-49D8-8D91-29A684CA7EFB}" = lport=138 | protocol=17 | dir=in | app=system | "{AB70B010-E6D4-4754-9C6A-5FBE3288F239}" = lport=2869 | protocol=6 | dir=in | app=system | "{B3E04263-69D5-4AF1-B7CC-7D3CE8D3FAF6}" = rport=137 | protocol=17 | dir=out | app=system | "{B5F4B0B9-0EAB-4E56-A11F-B24E90DF93DE}" = lport=445 | protocol=6 | dir=in | app=system | "{CA8FC4E8-EE3F-41B0-BE51-F04224A3968F}" = rport=138 | protocol=17 | dir=out | app=system | "{D4BFA059-CC8C-4504-888E-688F3B797BC4}" = lport=137 | protocol=17 | dir=in | app=system | "{E7C53162-F602-4409-A116-795FA82284B8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{F440AE83-C206-49E5-B2F5-69C69BE7464C}" = rport=445 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{073B7F6B-1B6A-449C-A028-3E8DCC611139}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{1EF3DCCB-6F9E-48F8-AB97-5BA6D2CA6359}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{25889625-3009-47C0-8F78-33F7961508B0}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{4DA1DED1-2643-456A-BD84-10DC852647EC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{4FFEC943-197E-490D-BCD1-B8A9FC55CA82}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{5412AF79-85EE-4888-87E5-1F25EA57DE2A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{6512D834-F4AA-406A-A230-7A006C31F9E6}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{785BB9A7-EAA2-4F9D-991C-57EE8E106DF1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{857C9631-433B-4484-B961-132DF5327A35}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{8EA3474C-B442-49D0-AF79-D5778A07F9B3}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B82A24FF-B29E-4892-9306-6355E6398585}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{C0381BC0-7745-4654-905F-D6E89575D70A}" = dir=in | app=c:\program files\itunes\itunes.exe | "{CE2D4486-011A-45F8-B717-BC874523236F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{CFA4337B-A86A-4529-B432-6FCE1F96CBD3}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.5200 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) "{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012 "{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 37 "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9 "{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor "{37918F52-75C8-47F8-AEFB-389B8E62B5DA}" = pdfforge Toolbar v5.9 "{3832FA99-2EDD-41E0-94AD-FBF9FABAFEF9}" = Atheros WLAN Client "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2 "{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{54B1E5A3-1B29-4582-A226-172A1FC7BA6C}" = Windows Live Family Safety "{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail "{5C474A83-A45F-470C-9AC8-2BD1C251BF9A}" = Skype™ 4.2 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{68CAE442-579C-4D84-AA5F-253852522ED5}" = PCTroubleshooting "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.1.0 "{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes "{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007 "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components "{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}" = BatteryLifeExtender "{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch "{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D2777D85-7E63-402F-A5E7-2AF436C1C9D4}" = Intel(R) PROSet/Wireless WiFi Software "{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus "{DFE70CCC-0ACB-45B7-94F4-9DC6F01B7928}" = SolidPDFCreator "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync "{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer "{FE6E1AF6-6B88-44FE-8101-84AE6A52B393}" = Windows Live Movie Maker-Betaversion "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Avira AntiVir Desktop" = Avira Free Antivirus "Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2 "doPDF 7 printer_is1" = doPDF 7.1 printer "ElsterFormular für Privatanwender 12.2.1.6570p" = ElsterFormular für Privatanwender "ElsterFormular für Privatanwender 12.3.2.6814p" = ElsterFormular für Privatanwender "Google Chrome" = Google Chrome "HDMI" = Intel(R) Graphics Media Accelerator Driver "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "Intelli-studio" = SAMSUNG Intelli-studio "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de) "Mozilla Thunderbird (3.0.11)" = Mozilla Thunderbird (3.0.11) "MozillaMaintenanceService" = Mozilla Maintenance Service "myphotobook" = myphotobook 3.67 "OpenAL" = OpenAL "PROHYBRIDR" = 2007 Microsoft Office system "ProInst" = Intel PROSet Wireless "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinLiveSuite_Wave3" = Windows Live Essentials "Write-N-Cite" = Write-N-Cite ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 23.10.2012 12:14:09 | Computer Name = johanna-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 1030 Error - 23.10.2012 12:14:10 | Computer Name = johanna-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 23.10.2012 12:14:10 | Computer Name = johanna-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 2200 Error - 23.10.2012 12:14:10 | Computer Name = johanna-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 2200 Error - 24.10.2012 11:20:59 | Computer Name = johanna-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 24.10.2012 11:20:59 | Computer Name = johanna-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 6381 Error - 24.10.2012 11:20:59 | Computer Name = johanna-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 6381 Error - 24.10.2012 11:21:06 | Computer Name = johanna-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 24.10.2012 11:21:06 | Computer Name = johanna-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 13697 Error - 24.10.2012 11:21:06 | Computer Name = johanna-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 13697 [ OSession Events ] Error - 12.02.2010 12:29:54 | Computer Name = johanna-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1200 seconds with 900 seconds of active time. This session ended with a crash. [ System Events ] Error - 27.12.2012 11:43:17 | Computer Name = johanna-PC | Source = Microsoft-Windows-Servicing | ID = 4375 Description = Error - 27.12.2012 11:50:42 | Computer Name = johanna-PC | Source = Service Control Manager | ID = 7043 Description = Error - 27.12.2012 12:42:47 | Computer Name = johanna-PC | Source = HTTP | ID = 15016 Description = Error - 27.12.2012 12:44:00 | Computer Name = johanna-PC | Source = Service Control Manager | ID = 7000 Description = Error - 27.12.2012 12:44:00 | Computer Name = johanna-PC | Source = Service Control Manager | ID = 7026 Description = Error - 27.12.2012 12:47:03 | Computer Name = johanna-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 28.12.2012 07:34:09 | Computer Name = johanna-PC | Source = HTTP | ID = 15016 Description = Error - 28.12.2012 07:34:50 | Computer Name = johanna-PC | Source = Service Control Manager | ID = 7000 Description = Error - 28.12.2012 07:34:50 | Computer Name = johanna-PC | Source = Service Control Manager | ID = 7026 Description = Error - 28.12.2012 07:37:14 | Computer Name = johanna-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = < End of report > GMER: GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-12-28 14:26:43 Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.FB4O Running: vwjwnklx.exe; Driver: C:\Users\johanna\AppData\Local\Temp\axlirfow.sys ---- System - GMER 1.0.15 ---- SSDT 8C714D66 ZwCreateSection SSDT 8C714D70 ZwRequestWaitReplyPort SSDT 8C714D6B ZwSetContextThread SSDT 8C714D75 ZwSetSecurityObject SSDT 8C714D7A ZwSystemDebugControl SSDT 8C714D07 ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!KeInsertQueue + 405 824BE9CC 4 Bytes [66, 4D, 71, 8C] {DEC BP; JNO 0xffffffffffffff90} .text ntoskrnl.exe!KeInsertQueue + 729 824BECF0 4 Bytes [70, 4D, 71, 8C] {JO 0x4f; JNO 0xffffffffffffff90} .text ntoskrnl.exe!KeInsertQueue + 75D 824BED24 4 Bytes [6B, 4D, 71, 8C] {IMUL ECX, [EBP+0x71], 0x8c} .text ntoskrnl.exe!KeInsertQueue + 7C1 824BED88 4 Bytes [75, 4D, 71, 8C] {JNZ 0x4f; JNO 0xffffffffffffff90} .text ntoskrnl.exe!KeInsertQueue + 809 824BEDD0 4 Bytes [7A, 4D, 71, 8C] {JP 0x4f; JNO 0xffffffffffffff90} .text ... ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[1184] ntdll.dll!LdrLoadDll 772679B3 5 Bytes JMP 668F4470 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1184] kernel32.dll!MoveFileExW 761E1128 6 Bytes JMP 6F2112B1 C:\Program Files\Common Files\Spigot\Search Settings\wth.dll (WTH Dynamic Link Library/Spigot, Inc.) .text C:\Program Files\Mozilla Firefox\firefox.exe[1184] kernel32.dll!HeapSetInformation + 26 761E7008 7 Bytes JMP 668FF972 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1184] kernel32.dll!LockResource + C 7620813B 7 Bytes JMP 66B40459 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1184] kernel32.dll!VirtualAllocEx + 54 7620BA7A 7 Bytes JMP 66B4047C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[1184] GDI32.dll!StretchDIBits + 179 75F175BB 7 Bytes JMP 66B403DA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5156] USER32.dll!GetWindowInfo 76130560 5 Bytes JMP 66A5A8A3 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5156] USER32.dll!CheckMenuRadioItem + 12E 76141412 7 Bytes JMP 66A5AED5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtCreateFile + 6 77297C7E 4 Bytes [28, 00, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtCreateFile + B 77297C83 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtCreateKey + 6 77297CBE 4 Bytes [68, 01, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtCreateKey + B 77297CC3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtCreateMutant + 6 77297CEE 4 Bytes [28, 02, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtCreateMutant + B 77297CF3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtCreateSection + 6 77297D6E 4 Bytes [68, 02, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtCreateSection + B 77297D73 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtMapViewOfSection + 6 772983CE 4 Bytes [A8, 04, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtMapViewOfSection + B 772983D3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtOpenFile + 6 7729845E 4 Bytes [68, 00, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtOpenFile + B 77298463 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtOpenKey + 6 7729848E 4 Bytes [A8, 01, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtOpenKey + B 77298493 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtOpenMutant + 6 772984AE 4 Bytes CALL 76299AB4 C:\Windows\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtOpenMutant + B 772984B3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtOpenProcess + 6 772984DE 1 Byte [28] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtOpenProcess + 6 772984DE 4 Bytes [28, 03, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtOpenProcess + B 772984E3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtOpenProcessToken + 6 772984EE 1 Byte [68] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtOpenProcessToken + 6 772984EE 4 Bytes [68, 03, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtOpenProcessToken + B 772984F3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtOpenProcessTokenEx + 6 772984FE 4 Bytes [28, 04, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtOpenProcessTokenEx + B 77298503 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtOpenSection + 6 7729850E 4 Bytes [A8, 02, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtOpenSection + B 77298513 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtOpenThread + 6 7729854E 4 Bytes CALL 76299B55 C:\Windows\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtOpenThread + B 77298553 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtOpenThreadToken + 6 7729855E 1 Byte [E8] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtOpenThreadToken + 6 7729855E 4 Bytes CALL 76299B66 C:\Windows\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtOpenThreadToken + B 77298563 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtOpenThreadTokenEx + 6 7729856E 4 Bytes [68, 04, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtOpenThreadTokenEx + B 77298573 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtQueryAttributesFile + 6 772985FE 4 Bytes [A8, 00, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtQueryAttributesFile + B 77298603 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtQueryFullAttributesFile + 6 772986AE 4 Bytes CALL 76299CB3 C:\Windows\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtQueryFullAttributesFile + B 772986B3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtSetInformationFile + 6 77298B8E 4 Bytes [28, 01, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtSetInformationFile + B 77298B93 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtSetInformationThread + 6 77298BDE 1 Byte [A8] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtSetInformationThread + 6 77298BDE 4 Bytes [A8, 03, 16, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtSetInformationThread + B 77298BE3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtUnmapViewOfSection + 6 77298E7E 4 Bytes CALL 7629A487 C:\Windows\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ntdll.dll!NtUnmapViewOfSection + B 77298E83 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] kernel32.dll!CreateProcessW 761C1C01 5 Bytes JMP 000100B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] kernel32.dll!CreateProcessA 761C1C36 5 Bytes JMP 000100F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] kernel32.dll!OpenEventW 761DC8AD 5 Bytes JMP 00010070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] kernel32.dll!CreateEventW 7620447A 5 Bytes JMP 00010030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!GetDeviceCaps 75F15AF0 5 Bytes JMP 002803B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!DeleteObject 75F15BED 5 Bytes JMP 002801B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!SelectObject 75F16100 5 Bytes JMP 002805F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!SetTextColor 75F16549 5 Bytes JMP 00280A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!SetBkMode 75F165F4 5 Bytes JMP 002808F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!DeleteDC 75F16A44 5 Bytes JMP 00280170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!SetStretchBltMode 75F16D78 5 Bytes JMP 002806B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!GetCurrentObject 75F16F4B 5 Bytes JMP 00280370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!StretchDIBits 75F17442 5 Bytes JMP 00280770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!SaveDC 75F1772D 5 Bytes JMP 00280570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!RestoreDC 75F177C6 5 Bytes JMP 00280530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!ExtSelectClipRgn 75F179DA 5 Bytes JMP 002802F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!SelectClipRgn 75F17AE5 5 Bytes JMP 002805B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!Rectangle 75F17D49 5 Bytes JMP 002809B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!GetTextAlign 75F18178 5 Bytes JMP 00280D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!ExtTextOutW 75F182B1 5 Bytes JMP 00280970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!GetClipBox 75F18629 5 Bytes JMP 00280330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!SetTextAlign 75F186EA 5 Bytes JMP 002809F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!MoveToEx 75F1878E 5 Bytes JMP 00280470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!GetTextMetricsW 75F19434 5 Bytes JMP 00280E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!IntersectClipRect 75F19698 5 Bytes JMP 002803F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!SetICMMode 75F19DAB 5 Bytes JMP 00280DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!GetTextExtentPoint32W 75F1A926 5 Bytes JMP 00280670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!CreateDCA 75F1AC01 5 Bytes JMP 002800B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!CreateDCW 75F1ADA5 5 Bytes JMP 002800F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!CreateICW 75F1ADFD 5 Bytes JMP 00280130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!GetTextFaceW 75F1C1CF 5 Bytes JMP 00280D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!GetFontData 75F1C835 5 Bytes JMP 00280C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!SetWorldTransform 75F1CAB8 5 Bytes JMP 002806F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!GetTextMetricsA 75F1D65F 5 Bytes JMP 00280DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!LineTo 75F1EF82 5 Bytes JMP 00280430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!ExtTextOutA 75F1FE29 5 Bytes JMP 00280930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!GetTextExtentPoint32A 75F20B59 5 Bytes JMP 00280630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!ExtEscape 75F2208D 5 Bytes JMP 002802B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!Escape 75F22A7B 5 Bytes JMP 00280270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!ResetDCW 75F2321A 5 Bytes JMP 00280AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!SetPolyFillMode 75F249EE 5 Bytes JMP 00280B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!SetMiterLimit 75F26298 5 Bytes JMP 00280B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!EndPage 75F2F173 5 Bytes JMP 00280230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!GetTextFaceA 75F2F321 5 Bytes JMP 00280CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!GetGlyphOutlineW 75F3A04F 5 Bytes JMP 00280CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!CreateScalableFontResourceW 75F3C4BB 5 Bytes JMP 00280BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!AddFontResourceW 75F3C8C3 5 Bytes JMP 00280BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!RemoveFontResourceW 75F3CD59 5 Bytes JMP 00280C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!AbortDoc 75F42A4E 5 Bytes JMP 00280030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!EndDoc 75F42E62 5 Bytes JMP 002801F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!StartPage 75F42F4D 5 Bytes JMP 00280730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!StartDocW 75F43A31 5 Bytes JMP 002807F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!BeginPath 75F441ED 5 Bytes JMP 00280830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!SelectClipPath 75F44244 5 Bytes JMP 00280AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!CloseFigure 75F4429F 5 Bytes JMP 00280070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!EndPath 75F442F6 5 Bytes JMP 00280A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!StrokePath 75F44528 5 Bytes JMP 002807B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!FillPath 75F445B4 5 Bytes JMP 00280870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!PolylineTo 75F44A1D 5 Bytes JMP 002804F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!PolyBezierTo 75F44AAD 5 Bytes JMP 002804B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] GDI32.dll!PolyDraw 75F44B5E 5 Bytes JMP 002808B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!SetCursor 7612E563 5 Bytes JMP 00290530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!RegisterClipboardFormatW 7612E869 5 Bytes JMP 002902B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!MonitorFromWindow 761313F6 7 Bytes JMP 00290630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!ActivateKeyboardLayout 76135A50 5 Bytes JMP 002904F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!GetClientRect 761389F9 4 Bytes JMP 002905B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!GetClientRect + 5 761389FE 2 Bytes [CC, CC] {INT 3 ; INT 3 } .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!GetParent 7613918E 7 Bytes JMP 002906F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!RegisterClipboardFormatA 7613974D 5 Bytes JMP 002902F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!GetClipboardFormatNameA 76139AB5 5 Bytes JMP 00290270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!PostMessageW 7613A064 5 Bytes JMP 002905F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!MapWindowPoints 7613A14F 5 Bytes JMP 00290570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!ScreenToClient 76140C02 7 Bytes JMP 00290670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!IsWindowVisible 76140CDC 7 Bytes JMP 002906B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!GetOpenClipboardWindow 761426DC 5 Bytes JMP 002903F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!SetClipboardViewer 7614BE37 5 Bytes JMP 002904B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!IsClipboardFormatAvailable 7614C8D4 5 Bytes JMP 002900F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!CloseClipboard 7614C8E8 5 Bytes JMP 002900B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!OpenClipboard 7614C90E 5 Bytes JMP 00290070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!GetTopWindow 7614D329 7 Bytes JMP 00290730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!GetClipboardSequenceNumber 7614E355 5 Bytes JMP 00290330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!ChangeClipboardChain 7614E52F 5 Bytes JMP 00290430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!GetClipboardOwner 76150A5E 5 Bytes JMP 00290370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!CountClipboardFormats 76150E19 5 Bytes JMP 002901F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!SetClipboardData 761662F8 5 Bytes JMP 00290170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!EnumClipboardFormats 76166C7E 5 Bytes JMP 002901B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!SetCursorPos 76166F1A 5 Bytes JMP 00290770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!GetClipboardData 761670B2 5 Bytes JMP 00290030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!GetClipboardFormatNameW 7616A93C 5 Bytes JMP 00290230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!EmptyClipboard 7618390B 5 Bytes JMP 00290130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!GetClipboardViewer 7618396D 5 Bytes JMP 00290470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] USER32.dll!GetPriorityClipboardFormat 76183A6F 5 Bytes JMP 002903B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] Secur32.dll!FreeContextBuffer 75942825 5 Bytes JMP 002B00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] Secur32.dll!DeleteSecurityContext 75942ABF 5 Bytes JMP 002B0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] Secur32.dll!FreeCredentialsHandle 759431F5 5 Bytes JMP 002B0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] Secur32.dll!EncryptMessage 75944BDE 5 Bytes JMP 002B01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] Secur32.dll!DecryptMessage 75944CAB 5 Bytes JMP 002B0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] Secur32.dll!InitializeSecurityContextA 75948233 5 Bytes JMP 002B0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] Secur32.dll!AcquireCredentialsHandleA 7594833B 5 Bytes JMP 002B0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] Secur32.dll!QueryContextAttributesA 75948747 5 Bytes JMP 002B0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] Secur32.dll!ApplyControlToken 7594DDB2 5 Bytes JMP 002B01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] Secur32.dll!QueryCredentialsAttributesA 7594DFB5 5 Bytes JMP 002B00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ole32.dll!OleGetClipboard 763E2AC1 5 Bytes JMP 002C00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ole32.dll!OleSetClipboard 7640EC7D 5 Bytes JMP 002C0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5496] ole32.dll!OleIsCurrentClipboard 76418B31 5 Bytes JMP 002C0070 ---- Devices - GMER 1.0.15 ---- Device \Driver\BTHUSB \Device\0000009b bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation) Device \Driver\BTHUSB \Device\0000009d bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002556e90e43 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002556e93792 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00265ea3c829 Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002556e90e43 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002556e93792 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00265ea3c829 (not active ControlSet) ---- EOF - GMER 1.0.15 ---- So, dann hoffe ich, jemand kann mir helfen. Vielen Dank schon einmal. |
28.12.2012, 14:42 | #2 |
/// Malware-holic | Post-Trojaner -> Paketzustellung Hi,
__________________wenn du mehr Spams bekommst, bzw Freunde, Familie etc, dann leitet uns das mal an die in meiner Signatur genannten Adresse weiter. download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ |
28.12.2012, 16:25 | #3 |
| Post-Trojaner -> Paketzustellung Danke für die schnelle Antwort.
__________________TDSSKiller ist durch. Hier der Log: 16:19:55.0235 3160 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 16:19:57.0283 3160 ============================================================ 16:19:57.0283 3160 Current date / time: 2012/12/28 16:19:57.0283 16:19:57.0283 3160 SystemInfo: 16:19:57.0283 3160 16:19:57.0283 3160 OS Version: 6.0.6001 ServicePack: 1.0 16:19:57.0283 3160 Product type: Workstation 16:19:57.0283 3160 ComputerName: JOHANNA-PC 16:19:57.0283 3160 UserName: johanna 16:19:57.0283 3160 Windows directory: C:\Windows 16:19:57.0283 3160 System windows directory: C:\Windows 16:19:57.0283 3160 Processor architecture: Intel x86 16:19:57.0283 3160 Number of processors: 2 16:19:57.0283 3160 Page size: 0x1000 16:19:57.0283 3160 Boot type: Normal boot 16:19:57.0283 3160 ============================================================ 16:19:58.0048 3160 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 16:19:58.0251 3160 ============================================================ 16:19:58.0251 3160 \Device\Harddisk0\DR0: 16:19:58.0251 3160 MBR partitions: 16:19:58.0251 3160 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x11C2C800 16:19:58.0251 3160 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1362D000, BlocksNum 0x11E01000 16:19:58.0251 3160 ============================================================ 16:19:58.0281 3160 C: <-> \Device\Harddisk0\DR0\Partition1 16:19:58.0331 3160 D: <-> \Device\Harddisk0\DR0\Partition2 16:19:58.0331 3160 ============================================================ 16:19:58.0331 3160 Initialize success 16:19:58.0331 3160 ============================================================ 16:20:55.0275 1184 ============================================================ 16:20:55.0275 1184 Scan started 16:20:55.0275 1184 Mode: Manual; SigCheck; TDLFS; 16:20:55.0275 1184 ============================================================ 16:20:55.0651 1184 ================ Scan system memory ======================== 16:20:55.0651 1184 System memory - ok 16:20:55.0651 1184 ================ Scan services ============================= 16:20:55.0881 1184 [ FCB8C7210F0135E24C6580F7F649C73C ] ACPI C:\Windows\system32\drivers\acpi.sys 16:20:56.0041 1184 ACPI - ok 16:20:56.0131 1184 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 16:20:56.0171 1184 AdobeFlashPlayerUpdateSvc - ok 16:20:56.0231 1184 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 16:20:56.0291 1184 adp94xx - ok 16:20:56.0311 1184 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys 16:20:56.0361 1184 adpahci - ok 16:20:56.0391 1184 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 16:20:56.0431 1184 adpu160m - ok 16:20:56.0461 1184 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 16:20:56.0491 1184 adpu320 - ok 16:20:56.0521 1184 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 16:20:56.0591 1184 AeLookupSvc - ok 16:20:56.0641 1184 [ 48EB99503533C27AC6135648E5474457 ] AFD C:\Windows\system32\drivers\afd.sys 16:20:56.0731 1184 AFD - ok 16:20:56.0791 1184 [ 5D97943C128ED756D1B0A08302C1B1F8 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys 16:20:57.0041 1184 AgereSoftModem - ok 16:20:57.0081 1184 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys 16:20:57.0121 1184 agp440 - ok 16:20:57.0151 1184 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys 16:20:57.0192 1184 aic78xx - ok 16:20:57.0217 1184 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe 16:20:57.0295 1184 ALG - ok 16:20:57.0311 1184 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys 16:20:57.0343 1184 aliide - ok 16:20:57.0380 1184 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys 16:20:57.0423 1184 amdagp - ok 16:20:57.0441 1184 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys 16:20:57.0476 1184 amdide - ok 16:20:57.0495 1184 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys 16:20:57.0556 1184 AmdK7 - ok 16:20:57.0573 1184 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 16:20:57.0667 1184 AmdK8 - ok 16:20:57.0741 1184 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe 16:20:57.0759 1184 AntiVirSchedulerService - ok 16:20:57.0790 1184 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe 16:20:57.0804 1184 AntiVirService - ok 16:20:57.0852 1184 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll 16:20:57.0916 1184 Appinfo - ok 16:20:58.0022 1184 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 16:20:58.0036 1184 Apple Mobile Device - ok 16:20:58.0104 1184 [ 592F7AE254995274E166EEC95C28F551 ] Application Updater C:\Program Files\Application Updater\ApplicationUpdater.exe 16:20:58.0145 1184 Application Updater - ok 16:20:58.0206 1184 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys 16:20:58.0241 1184 arc - ok 16:20:58.0263 1184 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys 16:20:58.0307 1184 arcsas - ok 16:20:58.0329 1184 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 16:20:58.0414 1184 AsyncMac - ok 16:20:58.0448 1184 [ 0D83C87A801A3DFCD1BF73893FE7518C ] atapi C:\Windows\system32\drivers\atapi.sys 16:20:58.0463 1184 atapi - ok 16:20:58.0544 1184 [ 09A644DA1F4C144DF1C9FE3CD75E22ED ] athr C:\Windows\system32\DRIVERS\athr.sys 16:20:58.0684 1184 athr - ok 16:20:58.0731 1184 [ C49972BB5DC0AD5BF11074CD8F5B3265 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 16:20:58.0794 1184 AudioEndpointBuilder - ok 16:20:58.0809 1184 [ C49972BB5DC0AD5BF11074CD8F5B3265 ] Audiosrv C:\Windows\System32\Audiosrv.dll 16:20:58.0840 1184 Audiosrv - ok 16:20:58.0856 1184 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 16:20:58.0912 1184 avgntflt - ok 16:20:58.0952 1184 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 16:20:58.0982 1184 avipbb - ok 16:20:59.0012 1184 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 16:20:59.0042 1184 avkmgr - ok 16:20:59.0092 1184 [ 08015D34F6FDD0B355805BAD978497C3 ] bcm4sbxp C:\Windows\system32\DRIVERS\bcm4sbxp.sys 16:20:59.0202 1184 bcm4sbxp - ok 16:20:59.0272 1184 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe 16:20:59.0292 1184 BcmSqlStartupSvc - ok 16:20:59.0332 1184 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys 16:20:59.0412 1184 Beep - ok 16:20:59.0462 1184 [ 8582E233C346AEFE759833E8A30DD697 ] BFE C:\Windows\System32\bfe.dll 16:20:59.0512 1184 BFE - ok 16:20:59.0562 1184 [ 02ED7B4DBC2A3232A389106DA7515C3D ] BITS C:\Windows\System32\qmgr.dll 16:20:59.0672 1184 BITS - ok 16:20:59.0702 1184 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 16:20:59.0762 1184 blbdrive - ok 16:20:59.0842 1184 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 16:20:59.0862 1184 Bonjour Service - ok 16:20:59.0902 1184 [ 8153396D5551276227FA146900F734E6 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 16:20:59.0942 1184 bowser - ok 16:20:59.0982 1184 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 16:21:00.0062 1184 BrFiltLo - ok 16:21:00.0082 1184 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 16:21:00.0162 1184 BrFiltUp - ok 16:21:00.0192 1184 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll 16:21:00.0233 1184 Browser - ok 16:21:00.0268 1184 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys 16:21:00.0370 1184 Brserid - ok 16:21:00.0386 1184 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 16:21:00.0488 1184 BrSerWdm - ok 16:21:00.0510 1184 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 16:21:00.0605 1184 BrUsbMdm - ok 16:21:00.0623 1184 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 16:21:00.0722 1184 BrUsbSer - ok 16:21:00.0761 1184 [ C7065FA296C91BF054F421B0EBF93461 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys 16:21:00.0831 1184 BthEnum - ok 16:21:00.0871 1184 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 16:21:00.0979 1184 BTHMODEM - ok 16:21:01.0015 1184 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 16:21:01.0090 1184 BthPan - ok 16:21:01.0133 1184 [ 1712D956E5A96F866D6791869E99B1D6 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys 16:21:01.0197 1184 BTHPORT - ok 16:21:01.0244 1184 [ 58EE7F5E68310BC8D4E7CEBD8358C12E ] BthServ C:\Windows\System32\bthserv.dll 16:21:01.0283 1184 BthServ - ok 16:21:01.0294 1184 [ 66088E161E769D11C3134BC23D0E6144 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys 16:21:01.0363 1184 BTHUSB - ok 16:21:01.0399 1184 [ 80AFCD99F94BB8321F85EBAFA28CF0B5 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys 16:21:01.0440 1184 btwaudio - ok 16:21:01.0470 1184 [ 07BD2BE871455231DE27BB346F6886E7 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys 16:21:01.0503 1184 btwavdt - ok 16:21:01.0577 1184 [ 99B81AD2C17C62341CC6470BE1FC9D5F ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe 16:21:01.0634 1184 btwdins - ok 16:21:01.0669 1184 [ ECB98391C756A7B9CFBAE89D9D1235E1 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys 16:21:01.0702 1184 btwl2cap - ok 16:21:01.0734 1184 [ BC53ACABCCC9946AD508A8737F2A39EA ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys 16:21:01.0773 1184 btwrchid - ok 16:21:01.0798 1184 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 16:21:01.0873 1184 cdfs - ok 16:21:01.0908 1184 [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 16:21:01.0977 1184 cdrom - ok 16:21:02.0017 1184 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc C:\Windows\System32\certprop.dll 16:21:02.0068 1184 CertPropSvc - ok 16:21:02.0087 1184 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys 16:21:02.0142 1184 circlass - ok 16:21:02.0176 1184 [ 465745561C832B29F7C48B488AAB3842 ] CLFS C:\Windows\system32\CLFS.sys 16:21:02.0198 1184 CLFS - ok 16:21:02.0293 1184 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 16:21:02.0340 1184 clr_optimization_v2.0.50727_32 - ok 16:21:02.0387 1184 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 16:21:02.0434 1184 clr_optimization_v4.0.30319_32 - ok 16:21:02.0465 1184 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 16:21:02.0543 1184 CmBatt - ok 16:21:02.0559 1184 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys 16:21:02.0590 1184 cmdide - ok 16:21:02.0605 1184 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 16:21:02.0621 1184 Compbatt - ok 16:21:02.0637 1184 COMSysApp - ok 16:21:02.0637 1184 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 16:21:02.0652 1184 crcdisk - ok 16:21:02.0683 1184 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys 16:21:02.0761 1184 Crusoe - ok 16:21:02.0808 1184 CryptOSD - ok 16:21:02.0839 1184 [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc C:\Windows\system32\cryptsvc.dll 16:21:02.0886 1184 CryptSvc - ok 16:21:02.0949 1184 [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch C:\Windows\system32\rpcss.dll 16:21:03.0027 1184 DcomLaunch - ok 16:21:03.0073 1184 [ A3E9FA213F443AC77C7746119D13FEEC ] DfsC C:\Windows\system32\Drivers\dfsc.sys 16:21:03.0105 1184 DfsC - ok 16:21:03.0203 1184 [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR C:\Windows\system32\DFSR.exe 16:21:03.0323 1184 DFSR - ok 16:21:03.0383 1184 [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp C:\Windows\System32\dhcpcsvc.dll 16:21:03.0443 1184 Dhcp - ok 16:21:03.0483 1184 [ 64109E623ABD6955C8FB110B592E68B7 ] disk C:\Windows\system32\drivers\disk.sys 16:21:03.0503 1184 disk - ok 16:21:03.0533 1184 [ 4805D9A6D281C7A7DEFD9094DEC6AF7D ] Dnscache C:\Windows\System32\dnsrslvr.dll 16:21:03.0583 1184 Dnscache - ok 16:21:03.0623 1184 [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc C:\Windows\System32\dot3svc.dll 16:21:03.0703 1184 dot3svc - ok 16:21:03.0733 1184 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys 16:21:03.0813 1184 Dot4 - ok 16:21:03.0843 1184 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys 16:21:03.0933 1184 Dot4Print - ok 16:21:03.0973 1184 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys 16:21:04.0043 1184 dot4usb - ok 16:21:04.0073 1184 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll 16:21:04.0133 1184 DPS - ok 16:21:04.0163 1184 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 16:21:04.0222 1184 drmkaud - ok 16:21:04.0277 1184 [ 85F33880B8CFB554BD3D9CCDB486845A ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 16:21:04.0417 1184 DXGKrnl - ok 16:21:04.0455 1184 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys 16:21:04.0533 1184 E1G60 - ok 16:21:04.0564 1184 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll 16:21:04.0621 1184 EapHost - ok 16:21:04.0668 1184 [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache C:\Windows\system32\drivers\ecache.sys 16:21:04.0686 1184 Ecache - ok 16:21:04.0739 1184 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 16:21:04.0805 1184 ehRecvr - ok 16:21:04.0824 1184 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe 16:21:04.0899 1184 ehSched - ok 16:21:04.0928 1184 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll 16:21:04.0986 1184 ehstart - ok 16:21:05.0039 1184 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys 16:21:05.0109 1184 elxstor - ok 16:21:05.0163 1184 [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C ] EMDMgmt C:\Windows\system32\emdmgmt.dll 16:21:05.0274 1184 EMDMgmt - ok 16:21:05.0336 1184 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys 16:21:05.0383 1184 ErrDev - ok 16:21:05.0430 1184 [ 3CB3343D720168B575133A0A20DC2465 ] EventSystem C:\Windows\system32\es.dll 16:21:05.0492 1184 EventSystem - ok 16:21:05.0508 1184 [ 0D858EB20589A34EFB25695ACAA6AA2D ] exfat C:\Windows\system32\drivers\exfat.sys 16:21:05.0586 1184 exfat - ok 16:21:05.0602 1184 [ 3C489390C2E2064563727752AF8EAB9E ] fastfat C:\Windows\system32\drivers\fastfat.sys 16:21:05.0664 1184 fastfat - ok 16:21:05.0711 1184 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys 16:21:05.0773 1184 fdc - ok 16:21:05.0789 1184 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll 16:21:05.0851 1184 fdPHost - ok 16:21:05.0867 1184 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll 16:21:05.0945 1184 FDResPub - ok 16:21:05.0992 1184 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 16:21:06.0007 1184 FileInfo - ok 16:21:06.0038 1184 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys 16:21:06.0101 1184 Filetrace - ok 16:21:06.0132 1184 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 16:21:06.0226 1184 flpydisk - ok 16:21:06.0257 1184 [ 05EA53AFE985443011E36DAB07343B46 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 16:21:06.0272 1184 FltMgr - ok 16:21:06.0350 1184 [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 16:21:06.0382 1184 FontCache3.0.0.0 - ok 16:21:06.0397 1184 [ 574CEA4D3510EC905C0163C42D305BA5 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys 16:21:06.0444 1184 fssfltr - ok 16:21:06.0506 1184 [ 9B1622EBEB31B3411B13382FFCB8737D ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe 16:21:06.0600 1184 fsssvc - ok 16:21:06.0631 1184 [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 16:21:06.0694 1184 Fs_Rec - ok 16:21:06.0740 1184 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 16:21:06.0756 1184 gagp30kx - ok 16:21:06.0803 1184 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 16:21:06.0834 1184 GEARAspiWDM - ok 16:21:06.0881 1184 [ D9F1113D9401185245573350712F92FC ] gpsvc C:\Windows\System32\gpsvc.dll 16:21:06.0943 1184 gpsvc - ok 16:21:07.0084 1184 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 16:21:07.0146 1184 gupdate - ok 16:21:07.0146 1184 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 16:21:07.0162 1184 gupdatem - ok 16:21:07.0208 1184 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 16:21:07.0224 1184 gusvc - ok 16:21:07.0271 1184 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 16:21:07.0380 1184 HdAudAddService - ok 16:21:07.0411 1184 [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 16:21:07.0489 1184 HDAudBus - ok 16:21:07.0505 1184 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys 16:21:07.0598 1184 HidBth - ok 16:21:07.0630 1184 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys 16:21:07.0754 1184 HidIr - ok 16:21:07.0786 1184 [ 8FA640195279ACE21BEA91396A0054FC ] hidserv C:\Windows\system32\hidserv.dll 16:21:07.0864 1184 hidserv - ok 16:21:07.0879 1184 [ 854CA287AB7FAF949617A788306D967E ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 16:21:07.0957 1184 HidUsb - ok 16:21:07.0973 1184 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll 16:21:08.0020 1184 hkmsvc - ok 16:21:08.0051 1184 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 16:21:08.0098 1184 HpCISSs - ok 16:21:08.0129 1184 [ 96E241624C71211A79C84F50A8E71CAB ] HTTP C:\Windows\system32\drivers\HTTP.sys 16:21:08.0254 1184 HTTP - ok 16:21:08.0285 1184 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys 16:21:08.0316 1184 i2omp - ok 16:21:08.0347 1184 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 16:21:08.0425 1184 i8042prt - ok 16:21:08.0699 1184 [ 8266AE06DF974E5BA047B3E9E9E70B3F ] ialm C:\Windows\system32\DRIVERS\igdkmd32.sys 16:21:09.0199 1184 ialm - ok 16:21:09.0249 1184 [ 71ECC07BC7C5E24C3DD01D8A29A24054 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 16:21:09.0269 1184 iaStor - ok 16:21:09.0299 1184 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 16:21:09.0339 1184 iaStorV - ok 16:21:09.0399 1184 [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 16:21:09.0539 1184 idsvc - ok 16:21:09.0829 1184 [ 8266AE06DF974E5BA047B3E9E9E70B3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys 16:21:10.0139 1184 igfx - ok 16:21:10.0169 1184 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys 16:21:10.0209 1184 iirsp - ok 16:21:10.0249 1184 [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC ] IKEEXT C:\Windows\System32\ikeext.dll 16:21:10.0318 1184 IKEEXT - ok 16:21:10.0435 1184 [ D991871AA47DA7989540AC2C0F6EC533 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys 16:21:10.0720 1184 IntcAzAudAddService - ok 16:21:10.0752 1184 [ 092A78E9C6F71BF0E22379503B90E800 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys 16:21:10.0798 1184 IntcHdmiAddService - ok 16:21:10.0830 1184 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys 16:21:10.0861 1184 intelide - ok 16:21:10.0908 1184 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 16:21:10.0970 1184 intelppm - ok 16:21:11.0001 1184 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 16:21:11.0079 1184 IPBusEnum - ok 16:21:11.0110 1184 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 16:21:11.0173 1184 IpFilterDriver - ok 16:21:11.0203 1184 [ 6A35D233693EDC29A12742049BC5E37F ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 16:21:11.0263 1184 iphlpsvc - ok 16:21:11.0273 1184 IpInIp - ok 16:21:11.0303 1184 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 16:21:11.0393 1184 IPMIDRV - ok 16:21:11.0413 1184 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 16:21:11.0483 1184 IPNAT - ok 16:21:11.0543 1184 [ CE004777B92DEA56FE14EC900D20BAA4 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 16:21:11.0583 1184 iPod Service - ok 16:21:11.0623 1184 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 16:21:11.0673 1184 IRENUM - ok 16:21:11.0693 1184 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys 16:21:11.0733 1184 isapnp - ok 16:21:11.0753 1184 [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 16:21:11.0803 1184 iScsiPrt - ok 16:21:11.0813 1184 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 16:21:11.0843 1184 iteatapi - ok 16:21:11.0853 1184 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys 16:21:11.0873 1184 iteraid - ok 16:21:11.0893 1184 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 16:21:11.0923 1184 kbdclass - ok 16:21:11.0943 1184 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 16:21:12.0003 1184 kbdhid - ok 16:21:12.0033 1184 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] KeyIso C:\Windows\system32\lsass.exe 16:21:12.0083 1184 KeyIso - ok 16:21:12.0113 1184 [ EBC507F129DF8F0E0CA270DCFC0CF87F ] KMDFMEMIO C:\Windows\system32\DRIVERS\kmdfmemio.sys 16:21:12.0173 1184 KMDFMEMIO - ok 16:21:12.0203 1184 [ 7A0CF7908B6824D6A2A1D313E5AE3DCA ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 16:21:12.0233 1184 KSecDD - ok 16:21:12.0283 1184 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll 16:21:12.0363 1184 KtmRm - ok 16:21:12.0403 1184 [ 1925E63C91CF1610AE41BFD539062079 ] LanmanServer C:\Windows\system32\srvsvc.dll 16:21:12.0453 1184 LanmanServer - ok 16:21:12.0493 1184 [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 16:21:12.0553 1184 LanmanWorkstation - ok 16:21:12.0583 1184 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 16:21:12.0643 1184 lltdio - ok 16:21:12.0693 1184 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll 16:21:12.0753 1184 lltdsvc - ok 16:21:12.0773 1184 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll 16:21:12.0863 1184 lmhosts - ok 16:21:12.0893 1184 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 16:21:12.0933 1184 LSI_FC - ok 16:21:12.0953 1184 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 16:21:13.0003 1184 LSI_SAS - ok 16:21:13.0023 1184 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 16:21:13.0053 1184 LSI_SCSI - ok 16:21:13.0083 1184 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys 16:21:13.0123 1184 luafv - ok 16:21:13.0183 1184 [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe 16:21:13.0203 1184 McComponentHostService - ok 16:21:13.0233 1184 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 16:21:13.0271 1184 Mcx2Svc - ok 16:21:13.0302 1184 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys 16:21:13.0341 1184 megasas - ok 16:21:13.0366 1184 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys 16:21:13.0430 1184 MegaSR - ok 16:21:13.0454 1184 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll 16:21:13.0513 1184 MMCSS - ok 16:21:13.0530 1184 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys 16:21:13.0604 1184 Modem - ok 16:21:13.0637 1184 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 16:21:13.0708 1184 monitor - ok 16:21:13.0733 1184 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 16:21:13.0769 1184 mouclass - ok 16:21:13.0785 1184 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 16:21:13.0850 1184 mouhid - ok 16:21:13.0870 1184 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 16:21:13.0886 1184 MountMgr - ok 16:21:13.0943 1184 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 16:21:13.0982 1184 MozillaMaintenance - ok 16:21:14.0020 1184 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys 16:21:14.0066 1184 mpio - ok 16:21:14.0082 1184 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 16:21:14.0158 1184 mpsdrv - ok 16:21:14.0210 1184 [ D1639BA315B0D79DEC49A4B0E1FB929B ] MpsSvc C:\Windows\system32\mpssvc.dll 16:21:14.0263 1184 MpsSvc - ok 16:21:14.0299 1184 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 16:21:14.0340 1184 Mraid35x - ok 16:21:14.0364 1184 [ AE3DE84536B6799D2267443CEC8EDBB9 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 16:21:14.0414 1184 MRxDAV - ok 16:21:14.0447 1184 [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 16:21:14.0487 1184 mrxsmb - ok 16:21:14.0528 1184 [ 6B5FA5ADFACAC9DBBE0991F4566D7D55 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 16:21:14.0551 1184 mrxsmb10 - ok 16:21:14.0559 1184 [ 5C80D8159181C7ABF1B14BA703B01E0B ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 16:21:14.0600 1184 mrxsmb20 - ok 16:21:14.0637 1184 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys 16:21:14.0652 1184 msahci - ok 16:21:14.0670 1184 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys 16:21:14.0708 1184 msdsm - ok 16:21:14.0732 1184 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe 16:21:14.0810 1184 MSDTC - ok 16:21:14.0842 1184 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys 16:21:14.0902 1184 Msfs - ok 16:21:14.0938 1184 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 16:21:14.0954 1184 msisadrv - ok 16:21:14.0978 1184 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 16:21:15.0052 1184 MSiSCSI - ok 16:21:15.0058 1184 msiserver - ok 16:21:15.0094 1184 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 16:21:15.0161 1184 MSKSSRV - ok 16:21:15.0190 1184 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 16:21:15.0245 1184 MSPCLOCK - ok 16:21:15.0273 1184 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 16:21:15.0344 1184 MSPQM - ok 16:21:15.0359 1184 [ B5614AECB05A9340AA0FB55BF561CC63 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 16:21:15.0375 1184 MsRPC - ok 16:21:15.0390 1184 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 16:21:15.0437 1184 mssmbios - ok 16:21:15.0484 1184 MSSQL$MSSMLBIZ - ok 16:21:15.0531 1184 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe 16:21:15.0578 1184 MSSQLServerADHelper - ok 16:21:15.0609 1184 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 16:21:15.0671 1184 MSTEE - ok 16:21:15.0697 1184 [ 6DFD1D322DE55B0B7DB7D21B90BEC49C ] Mup C:\Windows\system32\Drivers\mup.sys 16:21:15.0707 1184 Mup - ok 16:21:15.0747 1184 [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent C:\Windows\system32\qagentRT.dll 16:21:15.0797 1184 napagent - ok 16:21:15.0847 1184 [ 3C21CE48FF529BB73DADB98770B54025 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 16:21:15.0907 1184 NativeWifiP - ok 16:21:15.0947 1184 [ 9BDC71790FA08F0A0B5F10462B1BD0B1 ] NDIS C:\Windows\system32\drivers\ndis.sys 16:21:15.0977 1184 NDIS - ok 16:21:16.0017 1184 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 16:21:16.0077 1184 NdisTapi - ok 16:21:16.0097 1184 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 16:21:16.0157 1184 Ndisuio - ok 16:21:16.0197 1184 [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 16:21:16.0257 1184 NdisWan - ok 16:21:16.0287 1184 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 16:21:16.0317 1184 NDProxy - ok 16:21:16.0347 1184 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 16:21:16.0407 1184 NetBIOS - ok 16:21:16.0427 1184 [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 16:21:16.0497 1184 netbt - ok 16:21:16.0507 1184 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] Netlogon C:\Windows\system32\lsass.exe 16:21:16.0527 1184 Netlogon - ok 16:21:16.0567 1184 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll 16:21:16.0627 1184 Netman - ok 16:21:16.0657 1184 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll 16:21:16.0707 1184 netprofm - ok 16:21:16.0737 1184 [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 16:21:16.0787 1184 NetTcpPortSharing - ok 16:21:16.0887 1184 [ 35D5458D9A1B26B2005ABFFBF4C1C5E7 ] NETw3v32 C:\Windows\system32\DRIVERS\NETw3v32.sys 16:21:17.0057 1184 NETw3v32 - ok 16:21:17.0087 1184 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 16:21:17.0127 1184 nfrd960 - ok 16:21:17.0157 1184 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll 16:21:17.0217 1184 NlaSvc - ok 16:21:17.0237 1184 [ ECB5003F484F9ED6C608D6D6C7886CBB ] Npfs C:\Windows\system32\drivers\Npfs.sys 16:21:17.0281 1184 Npfs - ok 16:21:17.0305 1184 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll 16:21:17.0346 1184 nsi - ok 16:21:17.0380 1184 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 16:21:17.0457 1184 nsiproxy - ok 16:21:17.0517 1184 [ B4EFFE29EB4F15538FD8A9681108492D ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 16:21:17.0576 1184 Ntfs - ok 16:21:17.0605 1184 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys 16:21:17.0706 1184 ntrigdigi - ok 16:21:17.0744 1184 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys 16:21:17.0822 1184 Null - ok 16:21:17.0838 1184 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys 16:21:17.0869 1184 nvraid - ok 16:21:17.0884 1184 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys 16:21:17.0916 1184 nvstor - ok 16:21:17.0947 1184 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 16:21:17.0962 1184 nv_agp - ok 16:21:17.0978 1184 NwlnkFlt - ok 16:21:17.0978 1184 NwlnkFwd - ok 16:21:18.0072 1184 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 16:21:18.0118 1184 odserv - ok 16:21:18.0150 1184 [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys 16:21:18.0212 1184 ohci1394 - ok 16:21:18.0243 1184 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 16:21:18.0290 1184 ose - ok 16:21:18.0321 1184 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc C:\Windows\system32\p2psvc.dll 16:21:18.0430 1184 p2pimsvc - ok 16:21:18.0446 1184 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc C:\Windows\system32\p2psvc.dll 16:21:18.0508 1184 p2psvc - ok 16:21:18.0571 1184 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys 16:21:18.0664 1184 Parport - ok 16:21:18.0696 1184 [ 3B38467E7C3DAED009DFE359E17F139F ] partmgr C:\Windows\system32\drivers\partmgr.sys 16:21:18.0711 1184 partmgr - ok 16:21:18.0727 1184 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys 16:21:18.0805 1184 Parvdm - ok 16:21:18.0836 1184 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll 16:21:18.0867 1184 PcaSvc - ok 16:21:18.0898 1184 [ 01B94418DEB235DFF777CC80076354B4 ] pci C:\Windows\system32\drivers\pci.sys 16:21:18.0914 1184 pci - ok 16:21:18.0930 1184 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys 16:21:18.0976 1184 pciide - ok 16:21:19.0008 1184 [ B7C5A8769541900F6DFA6FE0C5E4D513 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 16:21:19.0054 1184 pcmcia - ok 16:21:19.0117 1184 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys 16:21:19.0257 1184 PEAUTH - ok 16:21:19.0335 1184 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll 16:21:19.0491 1184 pla - ok 16:21:19.0522 1184 [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay C:\Windows\system32\umpnpmgr.dll 16:21:19.0569 1184 PlugPlay - ok 16:21:19.0616 1184 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 16:21:19.0647 1184 PNRPAutoReg - ok 16:21:19.0663 1184 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc C:\Windows\system32\p2psvc.dll 16:21:19.0710 1184 PNRPsvc - ok 16:21:19.0741 1184 [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 16:21:19.0788 1184 PolicyAgent - ok 16:21:19.0819 1184 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 16:21:19.0881 1184 PptpMiniport - ok 16:21:19.0897 1184 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys 16:21:19.0959 1184 Processor - ok 16:21:19.0990 1184 [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc C:\Windows\system32\profsvc.dll 16:21:20.0053 1184 ProfSvc - ok 16:21:20.0084 1184 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] ProtectedStorage C:\Windows\system32\lsass.exe 16:21:20.0100 1184 ProtectedStorage - ok 16:21:20.0131 1184 [ BFEF604508A0ED1EAE2A73E872555FFB ] PSched C:\Windows\system32\DRIVERS\pacer.sys 16:21:20.0178 1184 PSched - ok 16:21:20.0240 1184 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 16:21:20.0334 1184 ql2300 - ok 16:21:20.0349 1184 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 16:21:20.0396 1184 ql40xx - ok 16:21:20.0427 1184 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll 16:21:20.0505 1184 QWAVE - ok 16:21:20.0521 1184 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 16:21:20.0552 1184 QWAVEdrv - ok 16:21:20.0583 1184 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 16:21:20.0646 1184 RasAcd - ok 16:21:20.0677 1184 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll 16:21:20.0739 1184 RasAuto - ok 16:21:20.0786 1184 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 16:21:20.0848 1184 Rasl2tp - ok 16:21:20.0880 1184 [ 6E7C284FC5C4EC07AD164D93810385A6 ] RasMan C:\Windows\System32\rasmans.dll 16:21:20.0926 1184 RasMan - ok 16:21:20.0942 1184 [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 16:21:21.0020 1184 RasPppoe - ok 16:21:21.0036 1184 [ A7D141684E9500AC928A772ED8E6B671 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 16:21:21.0098 1184 RasSstp - ok 16:21:21.0129 1184 [ 6E1C5D0457622F9EE35F683110E93D14 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 16:21:21.0192 1184 rdbss - ok 16:21:21.0223 1184 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 16:21:21.0254 1184 RDPCDD - ok 16:21:21.0270 1184 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys 16:21:21.0348 1184 rdpdr - ok 16:21:21.0348 1184 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 16:21:21.0426 1184 RDPENCDD - ok 16:21:21.0441 1184 [ E1C18F4097A5ABCEC941DC4B2F99DB7E ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 16:21:21.0519 1184 RDPWD - ok 16:21:21.0550 1184 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll 16:21:21.0628 1184 RemoteAccess - ok 16:21:21.0660 1184 [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry C:\Windows\system32\regsvc.dll 16:21:21.0738 1184 RemoteRegistry - ok 16:21:21.0769 1184 [ 10536B0AD6F416FC7F1149977C28CCDC ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 16:21:21.0831 1184 RFCOMM - ok 16:21:21.0862 1184 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe 16:21:21.0925 1184 RpcLocator - ok 16:21:21.0956 1184 [ 301AE00E12408650BADDC04DBC832830 ] RpcSs C:\Windows\system32\rpcss.dll 16:21:21.0987 1184 RpcSs - ok 16:21:22.0034 1184 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 16:21:22.0081 1184 rspndr - ok 16:21:22.0143 1184 [ EEFF14CD2BAF7B9D176980C855C9B5D1 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys 16:21:22.0237 1184 RTL8169 - ok 16:21:22.0252 1184 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] SamSs C:\Windows\system32\lsass.exe 16:21:22.0268 1184 SamSs - ok 16:21:22.0299 1184 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 16:21:22.0346 1184 sbp2port - ok 16:21:22.0362 1184 [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr C:\Windows\System32\SCardSvr.dll 16:21:22.0424 1184 SCardSvr - ok 16:21:22.0481 1184 [ 7B587B8A6D4A99F79D2902D0385F29BD ] Schedule C:\Windows\system32\schedsvc.dll 16:21:22.0531 1184 Schedule - ok 16:21:22.0561 1184 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc C:\Windows\System32\certprop.dll 16:21:22.0601 1184 SCPolicySvc - ok 16:21:22.0631 1184 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys 16:21:22.0701 1184 sdbus - ok 16:21:22.0771 1184 [ B9443470BAAE569D9A3FABBFEB35C4E7 ] SdReadSpool C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe 16:21:22.0781 1184 SdReadSpool - ok 16:21:22.0821 1184 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll 16:21:22.0871 1184 SDRSVC - ok 16:21:22.0881 1184 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 16:21:22.0981 1184 secdrv - ok 16:21:23.0001 1184 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll 16:21:23.0051 1184 seclogon - ok 16:21:23.0091 1184 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll 16:21:23.0141 1184 SENS - ok 16:21:23.0181 1184 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys 16:21:23.0281 1184 Serenum - ok 16:21:23.0311 1184 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys 16:21:23.0401 1184 Serial - ok 16:21:23.0431 1184 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys 16:21:23.0481 1184 sermouse - ok 16:21:23.0521 1184 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll 16:21:23.0591 1184 SessionEnv - ok 16:21:23.0631 1184 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 16:21:23.0691 1184 sffdisk - ok 16:21:23.0711 1184 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 16:21:23.0791 1184 sffp_mmc - ok 16:21:23.0811 1184 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 16:21:23.0871 1184 sffp_sd - ok 16:21:23.0901 1184 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 16:21:23.0991 1184 sfloppy - ok 16:21:24.0041 1184 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll 16:21:24.0121 1184 SharedAccess - ok 16:21:24.0151 1184 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 16:21:24.0221 1184 ShellHWDetection - ok 16:21:24.0261 1184 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys 16:21:24.0301 1184 sisagp - ok 16:21:24.0322 1184 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 16:21:24.0350 1184 SiSRaid2 - ok 16:21:24.0371 1184 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 16:21:24.0416 1184 SiSRaid4 - ok 16:21:24.0522 1184 [ 0BA91E1358AD25236863039BB2609A2E ] slsvc C:\Windows\system32\SLsvc.exe 16:21:24.0706 1184 slsvc - ok 16:21:24.0745 1184 [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify C:\Windows\system32\SLUINotify.dll 16:21:24.0816 1184 SLUINotify - ok 16:21:24.0842 1184 [ 031E6BCD53C9B2B9ACE111EAFEC347B6 ] Smb C:\Windows\system32\DRIVERS\smb.sys 16:21:24.0901 1184 Smb - ok 16:21:24.0933 1184 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 16:21:24.0953 1184 SNMPTRAP - ok 16:21:24.0982 1184 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys 16:21:24.0996 1184 spldr - ok 16:21:25.0029 1184 [ 3665F79026A3F91FBCA63F2C65A09B19 ] Spooler C:\Windows\System32\spoolsv.exe 16:21:25.0082 1184 Spooler - ok 16:21:25.0117 1184 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe 16:21:25.0171 1184 SQLBrowser - ok 16:21:25.0210 1184 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 16:21:25.0224 1184 SQLWriter - ok 16:21:25.0263 1184 [ 2252AEF839B1093D16761189F45AF885 ] srv C:\Windows\system32\DRIVERS\srv.sys 16:21:25.0317 1184 srv - ok 16:21:25.0352 1184 [ B7FF59408034119476B00A81BB53D5D1 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 16:21:25.0401 1184 srv2 - ok 16:21:25.0421 1184 [ 2ACCC9B12AF02030F531E6CCA6F8B76E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 16:21:25.0462 1184 srvnet - ok 16:21:25.0499 1184 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 16:21:25.0556 1184 SSDPSRV - ok 16:21:25.0581 1184 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys 16:21:25.0617 1184 ssmdrv - ok 16:21:25.0644 1184 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll 16:21:25.0688 1184 SstpSvc - ok 16:21:25.0737 1184 [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc C:\Windows\System32\wiaservc.dll 16:21:25.0797 1184 stisvc - ok 16:21:25.0818 1184 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 16:21:25.0843 1184 swenum - ok 16:21:25.0878 1184 [ B36C7CDB86F7F7A8E884479219766950 ] swprv C:\Windows\System32\swprv.dll 16:21:25.0941 1184 swprv - ok 16:21:25.0957 1184 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 16:21:25.0988 1184 Symc8xx - ok 16:21:26.0009 1184 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 16:21:26.0031 1184 Sym_hi - ok 16:21:26.0049 1184 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 16:21:26.0082 1184 Sym_u3 - ok 16:21:26.0142 1184 [ 71837FBCE3FD8143953444B3FF7938DC ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 16:21:26.0184 1184 SynTP - ok 16:21:26.0231 1184 [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain C:\Windows\system32\sysmain.dll 16:21:26.0320 1184 SysMain - ok 16:21:26.0347 1184 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll 16:21:26.0418 1184 TabletInputService - ok 16:21:26.0449 1184 [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv C:\Windows\System32\tapisrv.dll 16:21:26.0512 1184 TapiSrv - ok 16:21:26.0543 1184 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll 16:21:26.0590 1184 TBS - ok 16:21:26.0637 1184 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 16:21:26.0715 1184 Tcpip - ok 16:21:26.0746 1184 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 16:21:26.0793 1184 Tcpip6 - ok 16:21:26.0824 1184 [ D4A2E4A4B011F3A883AF77315A5AE76B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 16:21:26.0886 1184 tcpipreg - ok 16:21:26.0917 1184 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 16:21:26.0964 1184 TDPIPE - ok 16:21:26.0964 1184 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 16:21:27.0042 1184 TDTCP - ok 16:21:27.0058 1184 [ D09276B1FAB033CE1D40DCBDF303D10F ] tdx C:\Windows\system32\DRIVERS\tdx.sys 16:21:27.0136 1184 tdx - ok 16:21:27.0167 1184 [ A048056F5E1A96A9BF3071B91741A5AA ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 16:21:27.0198 1184 TermDD - ok 16:21:27.0229 1184 [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService C:\Windows\System32\termsrv.dll 16:21:27.0292 1184 TermService - ok 16:21:27.0323 1184 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] Themes C:\Windows\system32\shsvcs.dll 16:21:27.0354 1184 Themes - ok 16:21:27.0370 1184 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll 16:21:27.0401 1184 THREADORDER - ok 16:21:27.0417 1184 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll 16:21:27.0479 1184 TrkWks - ok 16:21:27.0526 1184 [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 16:21:27.0588 1184 TrustedInstaller - ok 16:21:27.0604 1184 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 16:21:27.0666 1184 tssecsrv - ok 16:21:27.0697 1184 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 16:21:27.0744 1184 tunmp - ok 16:21:27.0760 1184 [ 6042505FF6FA9AC1EF7684D0E03B6940 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 16:21:27.0775 1184 tunnel - ok 16:21:27.0807 1184 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys 16:21:27.0838 1184 uagp35 - ok 16:21:27.0869 1184 [ 8B5088058FA1D1CD897A2113CCFF6C58 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 16:21:27.0931 1184 udfs - ok 16:21:27.0978 1184 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 16:21:28.0025 1184 UI0Detect - ok 16:21:28.0056 1184 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 16:21:28.0087 1184 uliagpkx - ok 16:21:28.0134 1184 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys 16:21:28.0165 1184 uliahci - ok 16:21:28.0181 1184 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys 16:21:28.0212 1184 UlSata - ok 16:21:28.0243 1184 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 16:21:28.0290 1184 ulsata2 - ok 16:21:28.0306 1184 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 16:21:28.0368 1184 umbus - ok 16:21:28.0415 1184 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll 16:21:28.0477 1184 upnphost - ok 16:21:28.0509 1184 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys 16:21:28.0587 1184 USBAAPL - ok 16:21:28.0618 1184 [ AFB10A231254A1920C3BB4A0D02E1CA6 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 16:21:28.0668 1184 usbccgp - ok 16:21:28.0708 1184 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys 16:21:28.0818 1184 usbcir - ok 16:21:28.0858 1184 [ 44245742C4ED2EAFD69020583424455B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 16:21:28.0878 1184 usbehci - ok 16:21:28.0928 1184 [ DB39B3F83AF77BCA019D7DF6AADDBDAE ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 16:21:28.0988 1184 usbhub - ok 16:21:29.0018 1184 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys 16:21:29.0108 1184 usbohci - ok 16:21:29.0128 1184 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys 16:21:29.0208 1184 usbprint - ok 16:21:29.0228 1184 [ 87BA6B83C5D19B69160968D07D6E2982 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 16:21:29.0308 1184 USBSTOR - ok 16:21:29.0328 1184 [ 587809974E43CFAD0CA0EF6E1D940CA9 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 16:21:29.0358 1184 usbuhci - ok 16:21:29.0408 1184 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 16:21:29.0488 1184 usbvideo - ok 16:21:29.0518 1184 [ 032A0ACC3909AE7215D524E29D536797 ] UxSms C:\Windows\System32\uxsms.dll 16:21:29.0568 1184 UxSms - ok 16:21:29.0608 1184 [ B13BC395B9D6116628F5AF47E0802AC4 ] vds C:\Windows\System32\vds.exe 16:21:29.0738 1184 vds - ok 16:21:29.0768 1184 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 16:21:29.0828 1184 vga - ok 16:21:29.0848 1184 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys 16:21:29.0898 1184 VgaSave - ok 16:21:29.0918 1184 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys 16:21:29.0948 1184 viaagp - ok 16:21:29.0958 1184 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys 16:21:30.0028 1184 ViaC7 - ok 16:21:30.0048 1184 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys 16:21:30.0068 1184 viaide - ok 16:21:30.0078 1184 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys 16:21:30.0098 1184 volmgr - ok 16:21:30.0118 1184 [ 98F5FFE6316BD74E9E2C97206C190196 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 16:21:30.0148 1184 volmgrx - ok 16:21:30.0168 1184 [ D8B4A53DD2769F226B3EB374374987C9 ] volsnap C:\Windows\system32\drivers\volsnap.sys 16:21:30.0188 1184 volsnap - ok 16:21:30.0228 1184 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 16:21:30.0248 1184 vsmraid - ok 16:21:30.0308 1184 [ D5FB73D19C46ADE183F968E13F186B23 ] VSS C:\Windows\system32\vssvc.exe 16:21:30.0414 1184 VSS - ok 16:21:30.0449 1184 [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time C:\Windows\system32\w32time.dll 16:21:30.0516 1184 W32Time - ok 16:21:30.0536 1184 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 16:21:30.0625 1184 WacomPen - ok 16:21:30.0659 1184 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 16:21:30.0733 1184 Wanarp - ok 16:21:30.0739 1184 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 16:21:30.0779 1184 Wanarpv6 - ok 16:21:30.0823 1184 [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc C:\Windows\System32\wcncsvc.dll 16:21:30.0920 1184 wcncsvc - ok 16:21:30.0944 1184 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 16:21:30.0987 1184 WcsPlugInService - ok 16:21:31.0028 1184 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys 16:21:31.0050 1184 Wd - ok 16:21:31.0077 1184 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 16:21:31.0109 1184 Wdf01000 - ok 16:21:31.0122 1184 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll 16:21:31.0189 1184 WdiServiceHost - ok 16:21:31.0194 1184 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll 16:21:31.0238 1184 WdiSystemHost - ok 16:21:31.0272 1184 [ CF9A5F41789B642DB967021DE06A2713 ] WebClient C:\Windows\System32\webclnt.dll 16:21:31.0314 1184 WebClient - ok 16:21:31.0361 1184 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll 16:21:31.0419 1184 Wecsvc - ok 16:21:31.0440 1184 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll 16:21:31.0484 1184 wercplsupport - ok 16:21:31.0538 1184 [ FD1965AAA112C6818A30AB02742D0461 ] WerSvc C:\Windows\System32\WerSvc.dll 16:21:31.0593 1184 WerSvc - ok 16:21:31.0640 1184 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 16:21:31.0671 1184 WinDefend - ok 16:21:31.0687 1184 WinHttpAutoProxySvc - ok 16:21:31.0749 1184 [ 00B79A7C984678F24CF052E5BEB3A2F5 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 16:21:31.0827 1184 Winmgmt - ok 16:21:31.0889 1184 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll 16:21:32.0108 1184 WinRM - ok 16:21:32.0170 1184 [ 275F4346E569DF56CFB95243BD6F6FF0 ] Wlansvc C:\Windows\System32\wlansvc.dll 16:21:32.0230 1184 Wlansvc - ok 16:21:32.0260 1184 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 16:21:32.0320 1184 WmiAcpi - ok 16:21:32.0360 1184 [ ABA4CF9F856D9A3A25F4DDD7690A6E9D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 16:21:32.0410 1184 wmiApSrv - ok 16:21:32.0500 1184 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 16:21:32.0550 1184 WMPNetworkSvc - ok 16:21:32.0610 1184 [ 5D94CD167751294962BA238D82DD1BB8 ] WPCSvc C:\Windows\System32\wpcsvc.dll 16:21:32.0690 1184 WPCSvc - ok 16:21:32.0720 1184 [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 16:21:32.0770 1184 WPDBusEnum - ok 16:21:32.0810 1184 [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys 16:21:32.0860 1184 WpdUsb - ok 16:21:32.0970 1184 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 16:21:33.0010 1184 WPFFontCache_v0400 - ok 16:21:33.0050 1184 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 16:21:33.0120 1184 ws2ifsl - ok 16:21:33.0150 1184 [ 683DD16B590372F2C9661D277F35E49C ] wscsvc C:\Windows\System32\wscsvc.dll 16:21:33.0180 1184 wscsvc - ok 16:21:33.0190 1184 WSearch - ok 16:21:33.0270 1184 [ 6298277B73C77FA99106B271A7525163 ] wuauserv C:\Windows\system32\wuaueng.dll 16:21:33.0360 1184 wuauserv - ok 16:21:33.0375 1184 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 16:21:33.0446 1184 WUDFRd - ok 16:21:33.0474 1184 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll 16:21:33.0534 1184 wudfsvc - ok 16:21:33.0560 1184 ================ Scan global =============================== 16:21:33.0597 1184 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll 16:21:33.0639 1184 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll 16:21:33.0661 1184 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll 16:21:33.0698 1184 [ 2B336AB6286D6C81FA02CBAB914E3C6C ] C:\Windows\system32\services.exe 16:21:33.0705 1184 [Global] - ok 16:21:33.0705 1184 ================ Scan MBR ================================== 16:21:33.0717 1184 [ 61A349592C4728853F4A90FF78F7628E ] \Device\Harddisk0\DR0 16:21:34.0733 1184 \Device\Harddisk0\DR0 - ok 16:21:34.0733 1184 ================ Scan VBR ================================== 16:21:34.0742 1184 [ 8D29DAFFEC3E5C041878134E563ABC55 ] \Device\Harddisk0\DR0\Partition1 16:21:34.0744 1184 \Device\Harddisk0\DR0\Partition1 - ok 16:21:34.0774 1184 [ 145568E49F8F47A51FD424424A2829E9 ] \Device\Harddisk0\DR0\Partition2 16:21:34.0776 1184 \Device\Harddisk0\DR0\Partition2 - ok 16:21:34.0777 1184 ============================================================ 16:21:34.0777 1184 Scan finished 16:21:34.0777 1184 ============================================================ 16:21:34.0796 4668 Detected object count: 0 16:21:34.0796 4668 Actual detected object count: 0 |
28.12.2012, 16:39 | #4 |
/// Malware-holic | Post-Trojaner -> Paketzustellung Hi, zuerst: Bitte beginne damit, Windows Updates zu instalieren. Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst. Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist: - Updates automatisch Instalieren, - Täglich - Uhrzeit wählen - Bitte den gesammten rest anhaken, außer: - detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist. Klicke jetzt die Schaltfläche "OK" Klicke jetzt "nach Updates suchen". Bitte instaliere zunächst wichtige Updates. Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren. Mache das selbe bitte mit den optionalen Updates. wenn du denkst, fertig zu sein, prüfe: Rechtsklick Computer, Eigenschaften, ist das Servicepack 2 (sp2) instaliert? Melden bitte, wenn fertig.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu Post-Trojaner -> Paketzustellung |
antivir, autorun, avira, bho, bonjour, computer, cursor, desktop, error, firefox, flash player, helper, home, homepage, install.exe, logfile, microsoft office 2003, mozilla, ntdll.dll, office 2007, pdfforge toolbar, plug-in, realtek, registry, rundll, security, software, svchost.exe, trojaner, vista |