| |
| |||||||
Log-Analyse und Auswertung: BKA Virus Österreich VersionWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
10.09.2012, 22:18
| #1 |
| |  BKA Virus Österreich Version Hi liebes Forum ! Bitte auf diesem Weg um Hilfe da ich den BKA Virus in der Österreich Version drauf habe und ich nicht weiterkomme. Anbei meine OTL TEXT und Mailwarebyts Text File + Anhang OtL Extras + GMER Log Code:
ATTFilter OTL logfile created on: 10.09.2012 23:02:59 - Run 2 OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\Sandro\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16982) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,40 Gb Available Physical Memory | 69,96% Memory free 4,23 Gb Paging File | 3,86 Gb Available in Paging File | 91,28% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 229,13 Gb Total Space | 153,93 Gb Free Space | 67,18% Space Free | Partition Type: NTFS Drive D: | 228,82 Gb Total Space | 228,71 Gb Free Space | 99,95% Space Free | Partition Type: NTFS Computer Name: SANDRO-PC | User Name: Sandro | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (All) ========== PRC - [2012.09.10 22:44:59 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Sandro\Desktop\OTL.exe PRC - [2010.07.24 19:15:41 | 000,634,632 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe PRC - [2010.07.24 18:30:22 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.07.24 18:27:50 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe PRC - [2006.11.02 14:36:04 | 000,201,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe PRC - [2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe PRC - [2006.11.02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2006.11.02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2006.11.02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2006.11.02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2006.11.02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2006.11.02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2006.11.02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2006.11.02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2006.11.02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2006.11.02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch] PRC - [2006.11.02 11:45:45 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe PRC - [2006.11.02 11:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe PRC - [2006.11.02 11:45:21 | 000,210,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe PRC - [2006.11.02 11:45:00 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe ========== Modules (All) ========== MOD - [2012.09.10 22:44:59 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Sandro\Desktop\OTL.exe MOD - [2012.08.15 21:36:13 | 009,285,832 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\Flash32_11_3_300_271.ocx MOD - [2012.07.03 13:46:42 | 000,079,208 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamext.dll MOD - [2010.08.15 15:28:59 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096\mfc80DEU.dll MOD - [2010.08.15 15:28:56 | 001,093,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\mfc80u.dll MOD - [2010.08.15 15:28:52 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll MOD - [2010.08.15 15:28:52 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcp80.dll MOD - [2010.07.26 20:04:11 | 000,378,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll MOD - [2010.07.26 20:03:15 | 000,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\es.dll MOD - [2010.07.24 19:17:27 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll MOD - [2010.07.24 19:17:27 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll MOD - [2010.07.24 19:15:51 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll MOD - [2010.07.24 19:15:50 | 000,832,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll MOD - [2010.07.24 19:15:50 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll MOD - [2010.07.24 19:15:49 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll MOD - [2010.07.24 19:15:48 | 006,067,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll MOD - [2010.07.24 19:15:48 | 000,180,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll MOD - [2010.07.24 19:15:46 | 000,477,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll MOD - [2010.07.24 19:15:45 | 003,599,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll MOD - [2010.07.24 19:15:41 | 000,634,632 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe MOD - [2010.07.24 19:15:40 | 001,168,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll MOD - [2010.07.24 19:15:39 | 000,268,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll MOD - [2010.07.24 19:15:39 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll MOD - [2010.07.24 19:10:41 | 000,241,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll MOD - [2010.07.24 19:10:40 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll MOD - [2010.07.24 19:08:32 | 000,356,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemcomn.dll MOD - [2010.07.24 19:08:31 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wtsapi32.dll MOD - [2010.07.24 19:06:29 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll MOD - [2010.07.24 19:05:17 | 001,260,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml3.dll MOD - [2010.07.24 19:05:16 | 001,406,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml6.dll MOD - [2010.07.24 18:53:23 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll MOD - [2010.07.24 18:51:31 | 000,297,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll MOD - [2010.07.24 18:42:38 | 000,713,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl MOD - [2010.07.24 18:40:41 | 000,392,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FirewallAPI.dll MOD - [2010.07.24 18:39:46 | 000,425,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll MOD - [2010.07.24 18:37:44 | 001,744,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\GdiPlus.dll MOD - [2010.07.24 18:34:07 | 011,315,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll MOD - [2010.07.24 18:30:22 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe MOD - [2010.07.24 18:27:50 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll MOD - [2010.07.24 18:27:49 | 000,272,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll MOD - [2010.07.24 18:25:37 | 012,240,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll MOD - [2010.07.24 18:25:27 | 002,241,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0007.dll MOD - [2010.07.24 18:25:22 | 000,797,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll MOD - [2010.07.24 18:22:08 | 001,585,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll MOD - [2010.07.24 18:21:42 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll MOD - [2010.07.24 18:21:39 | 000,558,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll MOD - [2010.07.24 18:20:08 | 000,614,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\fastprox.dll MOD - [2010.07.24 18:18:25 | 000,512,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll MOD - [2010.07.24 18:13:44 | 000,875,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll MOD - [2010.07.24 18:12:53 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll MOD - [2010.07.24 18:11:59 | 000,712,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll MOD - [2010.07.24 18:10:33 | 000,204,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc.dll MOD - [2010.07.24 18:10:32 | 001,984,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authui.dll MOD - [2010.07.24 18:10:32 | 000,120,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll MOD - [2010.07.24 18:05:28 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnsapi.dll MOD - [2010.07.24 17:26:10 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msasn1.dll MOD - [2010.07.24 17:25:39 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imagehlp.dll MOD - [2010.07.24 17:25:24 | 000,788,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll MOD - [2010.07.24 17:22:51 | 000,633,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll MOD - [2010.07.22 20:32:17 | 000,063,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90DEU.DLL MOD - [2010.07.22 20:32:15 | 003,780,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7\mfc90u.dll MOD - [2010.07.22 20:32:12 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll MOD - [2010.07.22 20:32:12 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll MOD - [2010.07.22 20:15:22 | 000,171,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wintrust.dll MOD - [2010.04.03 01:27:36 | 000,273,504 | ---- | M] (Nero AG) -- c:\Programme\Nero\Nero 10\Nero BackItUp\NBRes.dll MOD - [2010.04.03 01:27:30 | 000,681,256 | ---- | M] (Nero AG) -- C:\Programme\Nero\Nero 10\Nero BackItUp\NBShell.dll MOD - [2010.03.24 13:03:14 | 000,027,432 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\NeroShellExt\SolutionExplorer.dll MOD - [2010.03.24 13:02:44 | 000,918,824 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\NeroShellExt\NeroShellExt.dll MOD - [2010.02.02 13:53:52 | 000,086,376 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\shlext.dll MOD - [2008.10.25 06:18:56 | 000,061,816 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\MSOHEVI.DLL MOD - [2008.04.18 07:40:35 | 002,252,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msi.dll MOD - [2007.05.07 00:42:21 | 000,974,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\crypt32.dll MOD - [2007.05.07 00:40:02 | 000,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll MOD - [2007.03.02 11:44:34 | 000,073,728 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll MOD - [2007.02.06 23:51:36 | 000,315,392 | ---- | M] (HiTRUST) -- C:\Windows\System32\eDSshellExt.dll MOD - [2006.11.29 21:30:18 | 000,401,408 | ---- | M] (HiTRUST) -- C:\Windows\System32\CryptoAPI.dll MOD - [2006.11.02 14:36:16 | 000,138,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spp.dll MOD - [2006.11.02 14:36:04 | 000,201,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe MOD - [2006.11.02 14:36:04 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnssci.dll MOD - [2006.11.02 14:35:58 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WPDShServiceObj.dll MOD - [2006.11.02 14:35:39 | 000,379,904 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll MOD - [2006.11.02 14:35:38 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnrpnsp.dll MOD - [2006.11.02 14:35:30 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehSSO.dll MOD - [2006.11.02 14:35:09 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll MOD - [2006.11.02 14:34:50 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AltTab.dll MOD - [2006.11.02 14:34:48 | 002,205,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll MOD - [2006.11.02 14:34:48 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\syncui.dll MOD - [2006.11.02 14:34:48 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll MOD - [2006.11.02 14:34:48 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\linkinfo.dll MOD - [2006.11.02 14:34:47 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wscntfy.dll MOD - [2006.11.02 14:34:46 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll MOD - [2006.11.02 14:34:45 | 001,499,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll MOD - [2006.11.02 14:34:35 | 000,382,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WinSATAPI.dll MOD - [2006.11.02 14:34:33 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IconCodecService.dll MOD - [2006.11.02 11:47:26 | 001,162,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll MOD - [2006.11.02 11:47:18 | 000,228,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll MOD - [2006.11.02 11:47:18 | 000,165,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dssenh.dll MOD - [2006.11.02 11:46:16 | 000,126,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xmllite.dll MOD - [2006.11.02 11:46:14 | 000,288,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll MOD - [2006.11.02 11:46:14 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winmm.dll MOD - [2006.11.02 11:46:14 | 000,178,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ws2_32.dll MOD - [2006.11.02 11:46:14 | 000,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winsta.dll MOD - [2006.11.02 11:46:14 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winrnr.dll MOD - [2006.11.02 11:46:14 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winnsi.dll MOD - [2006.11.02 11:46:14 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WSHTCPIP.DLL MOD - [2006.11.02 11:46:14 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wship6.dll MOD - [2006.11.02 11:46:14 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanutil.dll MOD - [2006.11.02 11:46:13 | 001,064,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll MOD - [2006.11.02 11:46:13 | 000,994,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll MOD - [2006.11.02 11:46:13 | 000,869,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winbrand.dll MOD - [2006.11.02 11:46:13 | 000,842,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll MOD - [2006.11.02 11:46:13 | 000,586,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\stobject.dll MOD - [2006.11.02 11:46:13 | 000,502,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll MOD - [2006.11.02 11:46:13 | 000,377,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sxs.dll MOD - [2006.11.02 11:46:13 | 000,339,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll MOD - [2006.11.02 11:46:13 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll MOD - [2006.11.02 11:46:13 | 000,244,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll MOD - [2006.11.02 11:46:13 | 000,240,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll MOD - [2006.11.02 11:46:13 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\webcheck.dll MOD - [2006.11.02 11:46:13 | 000,191,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tapi32.dll MOD - [2006.11.02 11:46:13 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SndVolSSO.dll MOD - [2006.11.02 11:46:13 | 000,107,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\userenv.dll MOD - [2006.11.02 11:46:13 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shacct.dll MOD - [2006.11.02 11:46:13 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll MOD - [2006.11.02 11:46:13 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll MOD - [2006.11.02 11:46:13 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemsvc.dll MOD - [2006.11.02 11:46:13 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc_os.dll MOD - [2006.11.02 11:46:13 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemprox.dll MOD - [2006.11.02 11:46:13 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\version.dll MOD - [2006.11.02 11:46:13 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll MOD - [2006.11.02 11:46:13 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc.dll MOD - [2006.11.02 11:46:12 | 001,822,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll MOD - [2006.11.02 11:46:12 | 001,380,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Query.dll MOD - [2006.11.02 11:46:12 | 001,314,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll MOD - [2006.11.02 11:46:12 | 000,733,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll MOD - [2006.11.02 11:46:12 | 000,688,128 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\System\Ole DB\oledb32.dll MOD - [2006.11.02 11:46:12 | 000,296,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntshrui.dll MOD - [2006.11.02 11:46:12 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasapi32.dll MOD - [2006.11.02 11:46:12 | 000,214,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleacc.dll MOD - [2006.11.02 11:46:12 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\QAGENT.DLL MOD - [2006.11.02 11:46:12 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\onex.dll MOD - [2006.11.02 11:46:12 | 000,120,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll MOD - [2006.11.02 11:46:12 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll MOD - [2006.11.02 11:46:12 | 000,094,208 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\System\Ole DB\oledb32r.dll MOD - [2006.11.02 11:46:12 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll MOD - [2006.11.02 11:46:12 | 000,087,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdsapi.dll MOD - [2006.11.02 11:46:12 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\QUTIL.DLL MOD - [2006.11.02 11:46:12 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasman.dll MOD - [2006.11.02 11:46:12 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll MOD - [2006.11.02 11:46:12 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll MOD - [2006.11.02 11:46:12 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\npmproxy.dll MOD - [2006.11.02 11:46:12 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psapi.dll MOD - [2006.11.02 11:46:12 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasadhlp.dll MOD - [2006.11.02 11:46:12 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nsi.dll MOD - [2006.11.02 11:46:12 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SensApi.dll MOD - [2006.11.02 11:46:11 | 003,174,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netshell.dll MOD - [2006.11.02 11:46:11 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll MOD - [2006.11.02 11:46:11 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NapiNSP.dll MOD - [2006.11.02 11:46:11 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nlaapi.dll MOD - [2006.11.02 11:46:10 | 000,681,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll MOD - [2006.11.02 11:46:10 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mswsock.dll MOD - [2006.11.02 11:46:09 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll MOD - [2006.11.02 11:46:09 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll MOD - [2006.11.02 11:46:07 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msimtf.dll MOD - [2006.11.02 11:46:07 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msiltcfg.dll MOD - [2006.11.02 11:46:07 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msimg32.dll MOD - [2006.11.02 11:46:06 | 000,805,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll MOD - [2006.11.02 11:46:06 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll MOD - [2006.11.02 11:46:06 | 000,126,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdart.dll MOD - [2006.11.02 11:46:05 | 000,543,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL MOD - [2006.11.02 11:46:05 | 000,316,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll MOD - [2006.11.02 11:46:05 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll MOD - [2006.11.02 11:46:05 | 000,187,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mlang.dll MOD - [2006.11.02 11:46:05 | 000,146,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll MOD - [2006.11.02 11:46:05 | 000,115,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll MOD - [2006.11.02 11:46:05 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL MOD - [2006.11.02 11:46:05 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll MOD - [2006.11.02 11:46:05 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpr.dll MOD - [2006.11.02 11:46:05 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll MOD - [2006.11.02 11:46:05 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\idndl.dll MOD - [2006.11.02 11:46:05 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\hid.dll MOD - [2006.11.02 11:46:05 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ksuser.dll MOD - [2006.11.02 11:46:04 | 000,445,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll MOD - [2006.11.02 11:46:04 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll MOD - [2006.11.02 11:46:04 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eappcfg.dll MOD - [2006.11.02 11:46:04 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eappprxy.dll MOD - [2006.11.02 11:46:04 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll MOD - [2006.11.02 11:46:04 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll MOD - [2006.11.02 11:46:04 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll MOD - [2006.11.02 11:46:03 | 000,528,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ddraw.dll MOD - [2006.11.02 11:46:03 | 000,454,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll MOD - [2006.11.02 11:46:03 | 000,093,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptnet.dll MOD - [2006.11.02 11:46:03 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ddrawex.dll MOD - [2006.11.02 11:46:03 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll MOD - [2006.11.02 11:46:03 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll MOD - [2006.11.02 11:46:02 | 001,321,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\browseui.dll MOD - [2006.11.02 11:46:02 | 000,770,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll MOD - [2006.11.02 11:46:02 | 000,737,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\batmeter.dll MOD - [2006.11.02 11:46:02 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clbcatq.dll MOD - [2006.11.02 11:46:02 | 000,327,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll MOD - [2006.11.02 11:46:02 | 000,265,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll MOD - [2006.11.02 11:46:02 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll MOD - [2006.11.02 11:46:02 | 000,126,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aclui.dll MOD - [2006.11.02 11:46:02 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authz.dll MOD - [2006.11.02 11:46:02 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cabinet.dll MOD - [2006.11.02 11:46:02 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avrt.dll MOD - [2006.11.02 11:44:49 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx MOD - [2006.11.02 11:44:42 | 000,989,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl MOD - [2006.11.02 11:44:42 | 000,255,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv MOD - [2006.11.02 11:44:42 | 000,168,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wdmaud.drv MOD - [2006.11.02 11:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll MOD - [2006.11.02 11:38:56 | 000,537,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6000.16386_none_87e0cb09378714f1\comctl32.dll MOD - [2006.11.02 10:33:06 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\normaliz.dll ========== Services (All) ========== SRV - File not found [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService) SRV - [2012.08.23 22:36:21 | 000,194,032 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2012.08.15 22:36:32 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.12.26 19:16:10 | 000,136,176 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdatem) SRV - [2011.12.26 19:16:10 | 000,136,176 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) SRV - [2011.07.02 19:50:19 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.27 16:14:11 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.07.26 20:04:11 | 000,378,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2010.07.26 20:03:15 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\es.dll -- (EventSystem) SRV - [2010.07.24 19:13:52 | 000,361,984 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent) SRV - [2010.07.24 19:12:45 | 000,286,208 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess) SRV - [2010.07.24 19:12:44 | 000,134,656 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\dps.dll -- (DPS) SRV - [2010.07.24 19:08:28 | 000,542,720 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sysmain.dll -- (SysMain) SRV - [2010.07.24 19:07:28 | 000,194,560 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\WebClnt.dll -- (WebClient) SRV - [2010.07.24 19:06:28 | 000,502,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc) SRV - [2010.07.24 18:56:18 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2010.07.24 18:47:30 | 000,156,160 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation) SRV - [2010.07.24 18:40:41 | 000,396,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc) SRV - [2010.07.24 18:27:50 | 000,007,680 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\lsass.exe -- (SamSs) SRV - [2010.07.24 18:27:50 | 000,007,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage) SRV - [2010.07.24 18:27:50 | 000,007,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (Netlogon) SRV - [2010.07.24 18:27:50 | 000,007,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (KeyIso) SRV - [2010.07.24 18:21:40 | 000,221,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay) SRV - [2010.07.24 18:21:37 | 000,595,456 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\schedsvc.dll -- (Schedule) SRV - [2010.07.24 18:21:37 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\servicing\TrustedInstaller.exe -- (TrustedInstaller) SRV - [2010.07.24 18:20:10 | 000,549,888 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs) SRV - [2010.07.24 18:20:10 | 000,549,888 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch) SRV - [2010.07.24 18:17:36 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\iphlpsvc.dll -- (iphlpsvc) SRV - [2010.07.24 18:12:51 | 002,605,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\SLsvc.exe -- (slsvc) SRV - [2010.07.24 18:12:51 | 000,057,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\SLUINotify.dll -- (SLUINotify) SRV - [2010.07.24 18:10:33 | 000,204,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp) SRV - [2010.07.24 18:05:28 | 000,083,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache) SRV - [2010.07.24 17:56:42 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2010.07.24 17:56:40 | 000,881,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc) SRV - [2010.07.24 17:56:35 | 000,046,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0) SRV - [2010.07.24 17:39:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2010.07.24 17:20:34 | 000,750,080 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\qmgr.dll -- (BITS) SRV - [2010.07.22 19:58:25 | 001,929,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\wuaueng.dll -- (wuauserv) SRV - [2010.03.25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Programme\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2008.11.04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008.04.18 04:32:29 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver) SRV - [2007.07.27 23:24:44 | 000,610,304 | ---- | M] (ATI Technologies Inc.) [Auto | Stopped] -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility) SRV - [2007.04.09 18:29:18 | 000,143,360 | ---- | M] () [Auto | Stopped] -- C:\Programme\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) SRV - [2007.04.04 18:54:08 | 000,266,343 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service) SRV - [2007.02.07 00:04:26 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Stopped] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service) SRV - [2007.01.31 18:18:42 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService) SRV - [2007.01.19 23:44:40 | 000,225,280 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Stopped] -- C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08) SRV - [2007.01.19 23:44:40 | 000,131,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Stopped] -- C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc) SRV - [2007.01.17 11:20:10 | 000,061,440 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Programme\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2006.12.29 17:51:56 | 000,028,672 | ---- | M] () [Auto | Stopped] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService) SRV - [2006.11.08 16:35:38 | 000,053,248 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12) SRV - [2006.11.08 16:35:36 | 000,043,520 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12) SRV - [2006.11.02 14:36:25 | 002,089,984 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dfsr.exe -- (DFSR) SRV - [2006.11.02 14:36:16 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC) SRV - [2006.11.02 14:36:04 | 000,895,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2006.11.02 14:35:58 | 000,070,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\wpdbusenum.dll -- (WPDBusEnum) SRV - [2006.11.02 14:35:38 | 000,656,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\p2psvc.dll -- (PNRPsvc) SRV - [2006.11.02 14:35:38 | 000,656,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\p2psvc.dll -- (PNRPAutoReg) SRV - [2006.11.02 14:35:38 | 000,656,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\p2psvc.dll -- (p2psvc) SRV - [2006.11.02 14:35:38 | 000,656,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\p2psvc.dll -- (p2pimsvc) SRV - [2006.11.02 14:35:35 | 000,141,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wpcsvc.dll -- (WPCSvc) SRV - [2006.11.02 14:35:32 | 000,051,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\Mcx2Svc.dll -- (Mcx2Svc) SRV - [2006.11.02 14:35:29 | 000,131,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\ehome\ehsched.exe -- (ehSched) SRV - [2006.11.02 14:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart) SRV - [2006.11.02 14:35:28 | 000,291,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr) SRV - [2006.11.02 14:35:24 | 000,068,096 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\TabSvc.dll -- (TabletInputService) SRV - [2006.11.02 14:35:09 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\wscsvc.dll -- (wscsvc) SRV - [2006.11.02 14:34:46 | 000,287,744 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\SearchIndexer.exe -- (WSearch) SRV - [2006.11.02 14:34:41 | 000,451,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\wiaservc.dll -- (stisvc) SRV - [2006.11.02 14:34:35 | 000,560,640 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt) SRV - [2006.11.02 14:34:35 | 000,249,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wcncsvc.dll -- (wcncsvc) SRV - [2006.11.02 14:34:31 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\qwave.dll -- (QWAVE) SRV - [2006.11.02 14:34:30 | 000,037,888 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\pcasvc.dll -- (PcaSvc) SRV - [2006.11.02 11:46:16 | 000,055,296 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\WUDFSvc.dll -- (wudfsvc) SRV - [2006.11.02 11:46:14 | 000,450,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\WsmSvc.dll -- (WinRM) SRV - [2006.11.02 11:46:14 | 000,161,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt) SRV - [2006.11.02 11:46:13 | 000,989,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (Eventlog) SRV - [2006.11.02 11:46:13 | 000,427,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\termsrv.dll -- (TermService) SRV - [2006.11.02 11:46:13 | 000,292,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv) SRV - [2006.11.02 11:46:13 | 000,270,848 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\w32time.dll -- (W32Time) SRV - [2006.11.02 11:46:13 | 000,259,072 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\upnphost.dll -- (upnphost) SRV - [2006.11.02 11:46:13 | 000,245,248 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\shsvcs.dll -- (Themes) SRV - [2006.11.02 11:46:13 | 000,245,248 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection) SRV - [2006.11.02 11:46:13 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv) SRV - [2006.11.02 11:46:13 | 000,155,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ssdpsrv.dll -- (SSDPSRV) SRV - [2006.11.02 11:46:13 | 000,152,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wecsvc.dll -- (Wecsvc) SRV - [2006.11.02 11:46:13 | 000,127,488 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\wersvc.dll -- (WerSvc) SRV - [2006.11.02 11:46:13 | 000,121,344 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer) SRV - [2006.11.02 11:46:13 | 000,075,264 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\trkwks.dll -- (TrkWks) SRV - [2006.11.02 11:46:13 | 000,074,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wdi.dll -- (WdiSystemHost) SRV - [2006.11.02 11:46:13 | 000,074,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wdi.dll -- (WdiServiceHost) SRV - [2006.11.02 11:46:13 | 000,063,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wercplsupport.dll -- (wercplsupport) SRV - [2006.11.02 11:46:13 | 000,054,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\tbssvc.dll -- (TBS) SRV - [2006.11.02 11:46:13 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\WcsPlugInService.dll -- (WcsPlugInService) SRV - [2006.11.02 11:46:13 | 000,028,672 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\uxsms.dll -- (UxSms) SRV - [2006.11.02 11:46:12 | 001,499,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pla.dll -- (pla) SRV - [2006.11.02 11:46:12 | 000,277,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\QAGENTRT.DLL -- (napagent) SRV - [2006.11.02 11:46:12 | 000,234,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasmans.dll -- (RasMan) SRV - [2006.11.02 11:46:12 | 000,152,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc) SRV - [2006.11.02 11:46:12 | 000,105,984 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\regsvc.dll -- (RemoteRegistry) SRV - [2006.11.02 11:46:12 | 000,095,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr) SRV - [2006.11.02 11:46:12 | 000,092,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\SessEnv.dll -- (SessionEnv) SRV - [2006.11.02 11:46:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto) SRV - [2006.11.02 11:46:12 | 000,047,104 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\Sens.dll -- (SENS) SRV - [2006.11.02 11:46:12 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\seclogon.dll -- (seclogon) SRV - [2006.11.02 11:46:12 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi) SRV - [2006.11.02 11:46:11 | 000,273,920 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman) SRV - [2006.11.02 11:46:11 | 000,235,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm) SRV - [2006.11.02 11:46:11 | 000,171,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc) SRV - [2006.11.02 11:46:06 | 000,284,672 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\msdtckrm.dll -- (KtmRm) SRV - [2006.11.02 11:46:05 | 000,569,344 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\gpsvc.dll -- (gpsvc) SRV - [2006.11.02 11:46:05 | 000,416,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IKEEXT.DLL -- (IKEEXT) SRV - [2006.11.02 11:46:05 | 000,188,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lltdsvc.dll -- (lltdsvc) SRV - [2006.11.02 11:46:05 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\iscsiexe.dll -- (MSiSCSI) SRV - [2006.11.02 11:46:05 | 000,074,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IPBusEnum.dll -- (IPBusEnum) SRV - [2006.11.02 11:46:05 | 000,069,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\KMSVC.DLL -- (hkmsvc) SRV - [2006.11.02 11:46:05 | 000,065,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess) SRV - [2006.11.02 11:46:05 | 000,045,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\mmcss.dll -- (THREADORDER) SRV - [2006.11.02 11:46:05 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\mmcss.dll -- (MMCSS) SRV - [2006.11.02 11:46:05 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\hidserv.dll -- (hidserv) SRV - [2006.11.02 11:46:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lmhsvc.dll -- (lmhosts) SRV - [2006.11.02 11:46:04 | 000,146,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc) SRV - [2006.11.02 11:46:04 | 000,034,816 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\eapsvc.dll -- (EapHost) SRV - [2006.11.02 11:46:04 | 000,027,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\FDResPub.dll -- (FDResPub) SRV - [2006.11.02 11:46:04 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\fdPHost.dll -- (fdPHost) SRV - [2006.11.02 11:46:03 | 000,123,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc) SRV - [2006.11.02 11:46:02 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE) SRV - [2006.11.02 11:46:02 | 000,310,272 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv) SRV - [2006.11.02 11:46:02 | 000,310,272 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder) SRV - [2006.11.02 11:46:02 | 000,081,408 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\browser.dll -- (Browser) SRV - [2006.11.02 11:46:02 | 000,039,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\certprop.dll -- (SCPolicySvc) SRV - [2006.11.02 11:46:02 | 000,039,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\certprop.dll -- (CertPropSvc) SRV - [2006.11.02 11:46:02 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appinfo.dll -- (Appinfo) SRV - [2006.11.02 11:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc) SRV - [2006.11.02 11:45:59 | 000,137,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbem\WmiApSrv.exe -- (wmiApSrv) SRV - [2006.11.02 11:45:51 | 000,924,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS) SRV - [2006.11.02 11:45:50 | 000,392,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\vds.exe -- (vds) SRV - [2006.11.02 11:45:50 | 000,035,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect) SRV - [2006.11.02 11:45:46 | 000,124,928 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\spoolsv.exe -- (Spooler) SRV - [2006.11.02 11:45:46 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP) SRV - [2006.11.02 11:45:26 | 000,106,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msdtc.exe -- (MSDTC) SRV - [2006.11.02 11:45:21 | 000,007,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Locator.exe -- (RpcLocator) SRV - [2006.11.02 11:45:02 | 000,007,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dllhost.exe -- (COMSysApp) SRV - [2006.11.02 11:44:49 | 000,058,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (All) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.09.10 22:22:55 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.07.02 19:50:20 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.07.02 19:50:20 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.07.24 19:12:48 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndistapi.sys -- (NdisTapi) DRV - [2010.07.24 19:12:47 | 000,061,952 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\wanarp.sys -- (Wanarpv6) DRV - [2010.07.24 19:12:47 | 000,061,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wanarp.sys -- (Wanarp) DRV - [2010.07.24 19:12:47 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndproxy.sys -- (NDProxy) DRV - [2010.07.24 19:12:45 | 000,070,144 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\pacer.sys -- (PSched) DRV - [2010.07.24 19:12:44 | 000,619,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl) DRV - [2010.07.24 19:11:43 | 000,306,688 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\srv.sys -- (srv) DRV - [2010.07.24 19:11:43 | 000,084,992 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet) DRV - [2010.07.24 19:08:30 | 000,258,232 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\acpi.sys -- (ACPI) DRV - [2010.07.24 19:07:28 | 000,110,080 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mrxdav.sys -- (MRxDAV) DRV - [2010.07.24 19:03:03 | 000,211,968 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10) DRV - [2010.07.24 19:03:03 | 000,102,400 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mrxsmb.sys -- (mrxsmb) DRV - [2010.07.24 19:03:03 | 000,058,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20) DRV - [2010.07.24 18:52:26 | 000,055,296 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBSTOR.SYS -- (USBSTOR) DRV - [2010.07.24 18:50:35 | 001,060,920 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\ntfs.sys -- (Ntfs) DRV - [2010.07.24 18:50:35 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\monitor.sys -- (monitor) DRV - [2010.07.24 18:40:41 | 000,063,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv) DRV - [2010.07.24 18:31:14 | 000,021,560 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\atapi.sys -- (atapi) DRV - [2010.07.24 18:31:13 | 000,015,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pciide.sys -- (pciide) DRV - [2010.07.24 18:31:12 | 000,211,000 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volsnap.sys -- (volsnap) DRV - [2010.07.24 18:31:12 | 000,154,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP) DRV - [2010.07.24 18:29:31 | 000,192,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbhub.sys -- (usbhub) DRV - [2010.07.24 18:29:31 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbccgp.sys -- (usbccgp) DRV - [2010.07.24 18:29:31 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbehci.sys -- (usbehci) DRV - [2010.07.24 18:29:31 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbohci.sys -- (usbohci) DRV - [2010.07.24 18:27:50 | 000,408,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ksecdd.sys -- (KSecDD) DRV - [2010.07.24 18:21:40 | 000,224,824 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\clfs.sys -- (CLFS) DRV - [2010.07.24 18:21:36 | 000,495,160 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000) DRV - [2010.07.24 18:21:36 | 000,034,360 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\mouclass.sys -- (mouclass) DRV - [2010.07.24 18:21:36 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse) DRV - [2010.07.24 18:21:36 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mouhid.sys -- (mouhid) DRV - [2010.07.24 18:21:35 | 000,054,784 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\i8042prt.sys -- (i8042prt) DRV - [2010.07.24 18:21:35 | 000,035,384 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\kbdclass.sys -- (kbdclass) DRV - [2010.07.24 18:21:35 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid) DRV - [2010.07.24 18:17:36 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel) DRV - [2010.07.24 18:17:36 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp) DRV - [2010.07.24 18:17:35 | 000,815,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tcpip.sys -- (Tcpip6) DRV - [2010.07.24 18:17:35 | 000,815,104 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpip.sys -- (Tcpip) DRV - [2010.07.24 17:25:39 | 000,012,800 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\System32\drivers\fs_rec.sys -- (Fs_Rec) DRV - [2010.07.24 17:24:53 | 000,396,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\http.sys -- (HTTP) DRV - [2010.07.24 17:23:40 | 000,130,048 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\srv2.sys -- (srv2) DRV - [2009.08.09 23:25:56 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VClone.sys -- (VClone) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2007.07.27 23:36:38 | 002,929,664 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2007.05.07 00:55:51 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr) DRV - [2007.05.07 00:42:40 | 000,053,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2007.05.07 00:41:39 | 000,074,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rasl2tp.sys -- (Rasl2tp) DRV - [2007.05.07 00:41:39 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\raspptp.sys -- (PptpMiniport) DRV - [2007.03.26 13:18:18 | 001,761,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) DRV - [2007.03.23 04:12:00 | 000,240,128 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh) DRV - [2007.02.07 00:04:54 | 000,016,680 | ---- | M] (HiTRUST) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PSDNServ.sys -- (PSDNServ) DRV - [2007.02.07 00:04:50 | 000,060,712 | ---- | M] (HiTRUST) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\psdvdisk.sys -- (psdvdisk) DRV - [2007.02.07 00:04:48 | 000,020,264 | ---- | M] (HiTRUST) [File_System | Boot | Running] -- C:\Windows\System32\drivers\psdfilter.sys -- (PSDFilter) DRV - [2006.12.07 18:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15) DRV - [2006.11.02 14:34:35 | 000,132,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ecache.sys -- (Ecache) DRV - [2006.11.02 14:34:31 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv) DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300) DRV - [2006.11.02 11:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ndis.sys -- (NDIS) DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor) DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci) DRV - [2006.11.02 11:51:30 | 000,290,408 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx) DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci) DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV) DRV - [2006.11.02 11:51:14 | 000,183,912 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\fltMgr.sys -- (FltMgr) DRV - [2006.11.02 11:51:12 | 000,168,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt) DRV - [2006.11.02 11:51:12 | 000,167,528 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\pcmcia.sys -- (pcmcia) DRV - [2006.11.02 11:51:09 | 000,160,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC) DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320) DRV - [2006.11.02 11:50:57 | 000,140,392 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pci.sys -- (pci) DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006.11.02 11:50:40 | 000,106,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NV_AGP.SYS -- (nv_agp) DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006.11.02 11:50:28 | 000,050,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\termdd.sys -- (TermDD) DRV - [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid) DRV - [2006.11.02 11:50:24 | 000,050,280 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr) DRV - [2006.11.02 11:50:24 | 000,047,208 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\isapnp.sys -- (isapnp) DRV - [2006.11.02 11:50:24 | 000,046,696 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\mup.sys -- (Mup) DRV - [2006.11.02 11:50:23 | 000,049,256 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\partmgr.sys -- (partmgr) DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 11:50:17 | 000,080,488 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm) DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 11:50:16 | 000,078,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\mpio.sys -- (mpio) DRV - [2006.11.02 11:50:16 | 000,076,392 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port) DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor) DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas) DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs) DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arc.sys -- (arc) DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006.11.02 11:50:04 | 000,058,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GAGP30KX.SYS -- (gagp30kx) DRV - [2006.11.02 11:50:04 | 000,058,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx) DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 11:49:59 | 000,056,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UAGP35.SYS -- (uagp35) DRV - [2006.11.02 11:49:59 | 000,054,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AMDAGP.SYS -- (amdagp) DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 11:49:58 | 000,056,424 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo) DRV - [2006.11.02 11:49:57 | 000,054,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mountmgr.sys -- (MountMgr) DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 11:49:54 | 000,028,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mssmbios.sys -- (mssmbios) DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\megasas.sys -- (megasas) DRV - [2006.11.02 11:49:52 | 000,054,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VIAAGP.SYS -- (viaagp) DRV - [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGP440.sys -- (agp440) DRV - [2006.11.02 11:49:51 | 000,053,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SISAGP.SYS -- (sisagp) DRV - [2006.11.02 11:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\disk.sys -- (disk) DRV - [2006.11.02 11:49:49 | 000,027,752 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\i2omp.sys -- (i2omp) DRV - [2006.11.02 11:49:44 | 000,023,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msahci.sys -- (msahci) DRV - [2006.11.02 11:49:43 | 000,022,632 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk) DRV - [2006.11.02 11:49:38 | 000,019,560 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wd.sys -- (Wd) DRV - [2006.11.02 11:49:35 | 000,018,536 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\spldr.sys -- (spldr) DRV - [2006.11.02 11:49:32 | 000,018,280 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\compbatt.sys -- (Compbatt) DRV - [2006.11.02 11:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viaide.sys -- (viaide) DRV - [2006.11.02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide) DRV - [2006.11.02 11:49:26 | 000,015,464 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdide.sys -- (amdide) DRV - [2006.11.02 11:49:24 | 000,014,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\intelide.sys -- (intelide) DRV - [2006.11.02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\aliide.sys -- (aliide) DRV - [2006.11.02 11:49:20 | 000,013,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv) DRV - [2006.11.02 11:49:20 | 000,012,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\swenum.sys -- (swenum) DRV - [2006.11.02 11:14:58 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbprint.sys -- (usbprint) DRV - [2006.11.02 11:14:17 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbscan.sys -- (usbscan) DRV - [2006.11.02 11:04:35 | 000,878,080 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH) DRV - [2006.11.02 11:04:23 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WpdUsb.sys -- (WpdUsb) DRV - [2006.11.02 11:03:00 | 000,242,688 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\rdpdr.sys -- (rdpdr) DRV - [2006.11.02 11:02:15 | 000,160,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpwd.sys -- (RDPWD) DRV - [2006.11.02 11:02:07 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv) DRV - [2006.11.02 11:02:01 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdtcp.sys -- (TDTCP) DRV - [2006.11.02 11:02:01 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdpipe.sys -- (TDPIPE) DRV - [2006.11.02 11:02:01 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD) DRV - [2006.11.02 11:02:01 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\RDPCDD.sys -- (RDPCDD) DRV - [2006.11.02 10:58:52 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\modem.sys -- (Modem) DRV - [2006.11.02 10:58:43 | 000,270,336 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\afd.sys -- (AFD) DRV - [2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl) DRV - [2006.11.02 10:58:14 | 000,118,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndiswan.sys -- (NdisWan) DRV - [2006.11.02 10:58:13 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\rasacd.sys -- (RasAcd) DRV - [2006.11.02 10:58:12 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\raspppoe.sys -- (RasPppoe) DRV - [2006.11.02 10:58:10 | 000,017,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\asyncmac.sys -- (AsyncMac) DRV - [2006.11.02 10:58:09 | 000,099,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ipnat.sys -- (IPNAT) DRV - [2006.11.02 10:58:04 | 000,047,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ipfltdrv.sys -- (IpFilterDriver) DRV - [2006.11.02 10:57:47 | 000,027,648 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg) DRV - [2006.11.02 10:57:35 | 000,068,096 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tdx.sys -- (tdx) DRV - [2006.11.02 10:57:30 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy) DRV - [2006.11.02 10:57:26 | 000,035,840 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\netbios.sys -- (NetBIOS) DRV - [2006.11.02 10:57:22 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndisuio.sys -- (Ndisuio) DRV - [2006.11.02 10:57:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\netbt.sys -- (netbt) DRV - [2006.11.02 10:57:10 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\smb.sys -- (Smb) DRV - [2006.11.02 10:57:04 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irenum.sys -- (IRENUM) DRV - [2006.11.02 10:56:49 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr) DRV - [2006.11.02 10:56:49 | 000,047,104 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio) DRV - [2006.11.02 10:55:24 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\umbus.sys -- (umbus) DRV - [2006.11.02 10:55:23 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM) DRV - [2006.11.02 10:55:22 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth) DRV - [2006.11.02 10:55:16 | 000,062,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ohci1394.sys -- (ohci1394) DRV - [2006.11.02 10:55:09 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir) DRV - [2006.11.02 10:55:08 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\circlass.sys -- (circlass) DRV - [2006.11.02 10:55:05 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbuhci.sys -- (usbuhci) DRV - [2006.11.02 10:55:01 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidir.sys -- (HidIr) DRV - [2006.11.02 10:55:01 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidusb.sys -- (HidUsb) DRV - [2006.11.02 10:54:59 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\drmkaud.sys -- (drmkaud) DRV - [2006.11.02 10:54:52 | 000,082,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WUDFRd.sys -- (WUDFRd) DRV - [2006.11.02 10:53:56 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vgapnp.sys -- (vga) DRV - [2006.11.02 10:53:56 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vga.sys -- (VgaSave) DRV - [2006.11.02 10:52:52 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen) DRV - [2006.11.02 10:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdrom.sys -- (cdrom) DRV - [2006.11.02 10:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sfloppy.sys -- (sfloppy) DRV - [2006.11.02 10:51:40 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd) DRV - [2006.11.02 10:51:40 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc) DRV - [2006.11.02 10:51:38 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk) DRV - [2006.11.02 10:51:33 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fdc.sys -- (fdc) DRV - [2006.11.02 10:51:32 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\flpydisk.sys -- (flpydisk) DRV - [2006.11.02 10:51:30 | 000,083,456 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial) DRV - [2006.11.02 10:51:30 | 000,079,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\parport.sys -- (Parport) DRV - [2006.11.02 10:51:25 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serenum.sys -- (Serenum) DRV - [2006.11.02 10:51:23 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\parvdm.sys -- (Parvdm) DRV - [2006.11.02 10:51:15 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mskssrv.sys -- (MSKSSRV) DRV - [2006.11.02 10:51:14 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mspqm.sys -- (MSPQM) DRV - [2006.11.02 10:51:13 | 000,006,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mstee.sys -- (MSTEE) DRV - [2006.11.02 10:51:13 | 000,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mspclock.sys -- (MSPCLOCK) DRV - [2006.11.02 10:51:05 | 000,004,608 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\null.sys -- (Null) DRV - [2006.11.02 10:51:04 | 000,131,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Dot4.sys -- (Dot4) DRV - [2006.11.02 10:51:03 | 000,036,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Dot4usb.sys -- (dot4usb) DRV - [2006.11.02 10:51:03 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\beep.sys -- (Beep) DRV - [2006.11.02 10:51:02 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Dot4Prt.sys -- (Dot4Print) DRV - [2006.11.02 10:42:03 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV) DRV - [2006.11.02 10:35:03 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi) DRV - [2006.11.02 10:33:07 | 000,083,456 | ---- | M] (Microsoft Corporation) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\luafv.sys -- (luafv) DRV - [2006.11.02 10:32:55 | 000,027,648 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace) DRV - [2006.11.02 10:31:26 | 000,222,208 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\rdbss.sys -- (rdbss) DRV - [2006.11.02 10:31:12 | 000,069,632 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\bowser.sys -- (bowser) DRV - [2006.11.02 10:31:04 | 000,074,752 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC) DRV - [2006.11.02 10:30:57 | 000,225,280 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs) DRV - [2006.11.02 10:30:57 | 000,034,816 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\npfs.sys -- (Npfs) DRV - [2006.11.02 10:30:56 | 000,022,528 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\msfs.sys -- (Msfs) DRV - [2006.11.02 10:30:50 | 000,070,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\Windows\System32\drivers\cdfs.sys -- (cdfs) DRV - [2006.11.02 10:30:49 | 000,142,336 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fastfat.sys -- (fastfat) DRV - [2006.11.02 10:30:19 | 000,039,424 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7) DRV - [2006.11.02 10:30:18 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8) DRV - [2006.11.02 10:30:18 | 000,039,424 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\intelppm.sys -- (intelppm) DRV - [2006.11.02 10:30:18 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe) DRV - [2006.11.02 10:30:18 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7) DRV - [2006.11.02 10:30:18 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\processr.sys -- (Processor) DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid) DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer) DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrFiltUp.sys -- (BrFiltUp) DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrFiltLo.sys -- (BrFiltLo) DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm) DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm) DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006.11.02 09:36:49 | 000,235,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService) DRV - [2006.11.02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) DRV - [2006.11.02 09:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand | Unknown] -- C:\Windows\System32\WINSOCK.DLL -- (Winsock) DRV - [2006.11.02 08:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv) DRV - [2006.10.30 05:22:26 | 000,008,192 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://www.telekom.at/suche IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deAT464 IE - HKCU\..\SearchScopes\{D8A7E7C7-ECA1-4C15-831E-EE417A95F3A0}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = : ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@adobe.com/Acrobat,version=5.1: C:\Program Files\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010.07.26 20:02:52 | 000,000,000 | ---D | M] O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx () O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.) O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe () O4 - HKLM..\Run: [Acer Tour] File not found O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Programme\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation) O4 - HKLM..\Run: [NWEReboot] File not found O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [hlgpvqx] C:\Users\Sandro\AppData\Roaming\pngjhyndv_S File not found O4 - HKCU..\Run: [MediaGet2] C:\Users\Sandro\AppData\Local\MediaGet2\mediaget.exe (MediaGet LLC) O4 - HKCU..\Run: [OnlineFestplatte] C:\Program Files\aon\Onlinefestplatte\OnlineFestplatte.exe (Telekom Austria TA AG) O4 - HKCU..\Run: [ovmwehx] C:\ProgramData\byshcdzyuhso.exe () O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.218.164.1 83.218.164.2 83.218.191.149 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F364EF28-7D13-4DD0-804A-24597E1C831D}: DhcpNameServer = 83.218.164.1 83.218.164.2 83.218.191.149 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{4b75d6f1-972b-11df-8f4c-001c2531b610}\Shell - "" = AutoRun O33 - MountPoints2\{4b75d6f1-972b-11df-8f4c-001c2531b610}\Shell\AutoRun\command - "" = K:\SETUP.EXE O33 - MountPoints2\{4b75d6f1-972b-11df-8f4c-001c2531b610}\Shell\configure\command - "" = K:\SETUP.EXE O33 - MountPoints2\{4b75d6f1-972b-11df-8f4c-001c2531b610}\Shell\install\command - "" = K:\SETUP.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.09.10 22:44:45 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Sandro\Desktop\OTL.exe [2012.09.10 22:22:55 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.09.10 19:01:28 | 000,000,000 | ---D | C] -- C:\Users\Sandro\AppData\Roaming\Malwarebytes [2012.09.10 19:01:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.09.10 19:01:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.10 19:01:14 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.09.10 19:01:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.08.22 19:47:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask [2012.08.22 19:47:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012.08.22 19:47:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.08.22 19:47:02 | 000,746,984 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2012.08.22 19:47:01 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2012.08.22 19:47:01 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.08.22 19:46:50 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.08.22 19:46:50 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.08.22 19:46:50 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.08.22 19:45:57 | 000,000,000 | ---D | C] -- C:\Program Files\Java ========== Files - Modified Within 30 Days ========== [2012.09.10 23:00:08 | 000,001,356 | ---- | M] () -- C:\Users\Sandro\AppData\Local\d3d9caps.dat [2012.09.10 22:49:03 | 000,643,868 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.09.10 22:49:03 | 000,612,436 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.09.10 22:49:03 | 000,117,132 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.09.10 22:49:03 | 000,104,158 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.09.10 22:44:59 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Sandro\Desktop\OTL.exe [2012.09.10 22:42:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.10 22:26:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.09.10 22:22:55 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.09.10 22:20:04 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.09.10 22:20:00 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.10 22:20:00 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.10 19:01:15 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.08 20:09:24 | 000,095,232 | ---- | M] () -- C:\Users\Sandro\AppData\Roaming\byshcdzyuhso.exe [2012.09.08 20:09:24 | 000,095,232 | ---- | M] () -- C:\Users\Sandro\AppData\Local\byshcdzyuhso.exe [2012.09.08 20:09:24 | 000,095,232 | ---- | M] () -- C:\ProgramData\byshcdzyuhso.exe [2012.09.08 19:36:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.04 14:35:53 | 000,002,631 | ---- | M] () -- C:\Users\Sandro\Desktop\Microsoft Office Word 2007.lnk [2012.09.04 13:58:57 | 000,002,633 | ---- | M] () -- C:\Users\Sandro\Desktop\Microsoft Office Excel 2007.lnk [2012.08.22 19:53:17 | 000,163,349 | ---- | M] () -- C:\Users\Sandro\Documents\PhotoDisc.cdm [2012.08.22 19:46:13 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.08.22 19:46:08 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.08.22 19:46:08 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.08.22 19:46:08 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.08.22 19:46:07 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2012.08.22 19:46:06 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2012.08.21 21:10:49 | 000,017,920 | ---- | M] () -- C:\Users\Sandro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.08.15 22:36:32 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.08.15 22:36:32 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2012.09.10 19:01:15 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.08 20:12:33 | 000,095,232 | ---- | C] () -- C:\Users\Sandro\AppData\Roaming\byshcdzyuhso.exe [2012.09.08 20:09:27 | 000,095,232 | ---- | C] () -- C:\Users\Sandro\AppData\Local\byshcdzyuhso.exe [2012.09.08 20:09:27 | 000,095,232 | ---- | C] () -- C:\ProgramData\byshcdzyuhso.exe [2011.04.26 21:44:09 | 000,000,192 | ---- | C] () -- C:\ProgramData\video[1] [2010.07.27 18:50:57 | 000,017,920 | ---- | C] () -- C:\Users\Sandro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.26 20:20:57 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Digital Light [2010.07.26 20:20:57 | 000,000,268 | RH-- | C] () -- C:\Users\Sandro\AppData\Roaming\Devices [2010.07.26 20:20:57 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT [2010.07.26 20:20:57 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Drums [2010.07.26 20:14:46 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Dictionaries [2010.07.26 20:14:46 | 000,000,268 | RH-- | C] () -- C:\Users\Sandro\AppData\Roaming\Desktop Pictures [2010.07.26 20:14:46 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT [2010.07.26 20:14:46 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Distortion [2010.07.24 16:03:01 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.07.22 19:58:52 | 000,001,356 | ---- | C] () -- C:\Users\Sandro\AppData\Local\d3d9caps.dat < End of report > Code:
ATTFilter Malwarebytes Anti-Malware (PRO) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.09.10.05 Windows Vista x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 7.0.6000.16982 Sandro :: SANDRO-PC [Administrator] Schutz: Deaktiviert 10.09.2012 19:33:09 mbam-log-2012-09-10 (19-33-09).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 338711 Laufzeit: 32 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\ProgramData\pngjhyndv_S.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sandro\AppData\Local\pngjhyndv_S.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sandro\AppData\Local\Temp\4F3D.tmp.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sandro\AppData\Roaming\pngjhyndv_S.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Geändert von renepir (10.09.2012 um 22:53 Uhr) |
|
11.09.2012, 01:35
| #2 |
| /// Helfer-Team  |  BKA Virus Österreich Version Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 4 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern mede dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deAT464
IE - HKCU\..\SearchScopes\{D8A7E7C7-ECA1-4C15-831E-EE417A95F3A0}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acer Tour] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKCU..\Run: [hlgpvqx] C:\Users\Sandro\AppData\Roaming\pngjhyndv_S File not found
O4 - HKCU..\Run: [MediaGet2] C:\Users\Sandro\AppData\Local\MediaGet2\mediaget.exe (MediaGet LLC)
O4 - HKCU..\Run: [ovmwehx] C:\ProgramData\byshcdzyuhso.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4b75d6f1-972b-11df-8f4c-001c2531b610}\Shell - "" = AutoRun
O33 - MountPoints2\{4b75d6f1-972b-11df-8f4c-001c2531b610}\Shell\AutoRun\command - "" = K:\SETUP.EXE
[2012.08.22 19:47:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2012.09.08 20:09:24 | 000,095,232 | ---- | M] () -- C:\Users\Sandro\AppData\Roaming\byshcdzyuhso.exe
[2012.09.08 20:09:24 | 000,095,232 | ---- | M] () -- C:\Users\Sandro\AppData\Local\byshcdzyuhso.exe
[2012.09.08 20:09:24 | 000,095,232 | ---- | M] () -- C:\ProgramData\byshcdzyuhso.exe
[2012.09.10 22:20:00 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.10 22:20:00 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
:Files
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\Sandro\AppData\Local\{*}
C:\Users\Sandro\AppData\Local\Temp\*.exe
C:\Users\Sandro\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
ipconfig /flushdns /c
:Commands
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 3. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
4. Schritt
__________________ |
|
11.09.2012, 12:31
| #3 |
| | BKA Virus Österreich Version Hi t`john Danke erstmals für deine schnelle Hilfe !!!
__________________Otl Fix müsste geklappt haben da jetzt mal kein POPUP mehr erscheint. Logs im Anhang Mfg Rene |
|
12.09.2012, 11:53
| #4 |
| /// Helfer-Team | BKA Virus Österreich Version Sehr gut!  Wie laeuft der Rechner? Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
|
12.09.2012, 12:13
| #5 |
| | BKA Virus Österreich Version Würde mal sagen funktioniert einwandfrei wieder  |
|
12.09.2012, 12:51
| #6 |
| /// Helfer-Team | BKA Virus Österreich Version Schaue bitte in der Anleitung (http://www.trojaner-board.de/103809-...i-malware.html) nach, wo du die Logfiles finden kannst. Poste das Logfile bitte.
__________________ --> BKA Virus Österreich Version |
|
12.09.2012, 19:40
| #7 |
| | BKA Virus Österreich Version Sorry t`john hab nun ein anderes Problem da für Emsisoft das SP2 benötigt wird habe ich mal angefangen Sp1 zu installieren und nun einen Update Fehler komm nicht mehr ins Windows ;( |
|
14.09.2012, 16:25
| #8 |
| /// Helfer-Team | BKA Virus Österreich Version Geht der abgesicherte Modus? Warum waren keine SPs installiert? Dieser Rechner gehoert neuinstalliert. http://www.trojaner-board.de/51262-a...sicherung.html |
|
01.11.2012, 04:33
| #9 |
| /// Helfer-Team | BKA Virus Österreich Version Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
|
| Themen zu BKA Virus Österreich Version |
| adobe, antivir, autorun, avira, bho, corp./icp, defender, dllhost.exe, explorer, firefox, flash player, format, ftp, google, hdaudio.sys, home, lanmanworkstation, logfile, msiexec.exe, plug-in, policyagent, popup, realtek, rundll, scan, secur, software, svchost.exe, symantec, virus, vista, wsearch |
Linear-Darstellung
