Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: recycler/e621ca05.exe auf meiner SD-Karte

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 05.12.2012, 19:19   #1
joepa
 
recycler/e621ca05.exe auf meiner SD-Karte - Standard

recycler/e621ca05.exe auf meiner SD-Karte



Moin Leute,

habe anscheinend irgendwie im Urlaub nen Trojaner auf die Speicherkarte meiner Kamera bekommen und komm nicht mehr an meine Fotos ran (Ordner werden als Verknüpfung angezeigt). Hab in nem anderen Thread gelesen wie man damit umgehen soll, aber da da auch stand dass man am besten nen eigenen Thread aufmachen soll, mach ich das einfach mal.

Hab dummerweise, ohne mich zu informieren, erstmal wie wild drauf losgeklickt. Gehe deswegen davon aus, das sich der Kollege schon auf meinem PC breit gemacht hat.

Werde wie hier beschrieben vorgehen, angefangen mit nem scan von Malwarebytes.

Ich werde regelmäßig meinen Status posten, würde mich über ein bisschen Beratung freuen!

Besten Dank schonmal im Voraus, Gruß
Jörg

hab oldtimer laufen lassen mit dem code der hier gepostet wurde,spuckt folgendes aus:

OTL.txt
Code:
ATTFilter
OTL logfile created on: 12/5/2012 10:48:18 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jörg Panzer\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.97 Gb Total Physical Memory | 2.04 Gb Available Physical Memory | 68.79% Memory free
5.93 Gb Paging File | 4.81 Gb Available in Paging File | 81.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 162.24 Gb Total Space | 124.95 Gb Free Space | 77.02% Space Free | Partition Type: NTFS
Drive D: | 288.42 Gb Total Space | 96.03 Gb Free Space | 33.29% Space Free | Partition Type: NTFS
 
Computer Name: FRIEDENSPANZER | User Name: Jörg Panzer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/12/05 14:15:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jörg Panzer\Downloads\OTL.exe
PRC - [2012/11/19 21:48:16 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012/11/19 21:48:14 | 001,435,568 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2012/08/11 14:55:51 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/08/03 11:37:56 | 002,445,880 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2012/08/03 11:08:00 | 000,073,392 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2012/07/14 14:59:32 | 000,497,320 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
PRC - [2012/07/14 14:59:08 | 000,738,984 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2012/05/09 13:38:07 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/09 13:38:06 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/09 13:38:06 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/01/21 13:25:34 | 000,220,744 | ---- | M] (Geek Software GmbH) -- C:\Program Files\PDF24\pdf24.exe
PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/06/24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/06/08 04:15:42 | 000,618,496 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2010/04/20 13:26:44 | 000,300,912 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
PRC - [2009/09/12 13:26:50 | 000,834,560 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009/09/07 11:42:04 | 000,093,184 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2009/09/02 08:56:00 | 000,360,448 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/09/02 08:55:32 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/08/23 05:47:34 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/08/13 20:58:10 | 000,044,312 | ---- | M] () -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
PRC - [2009/08/06 08:46:06 | 002,242,048 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/03/28 03:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2009/03/05 10:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\System32\Rezip.exe
PRC - [2008/01/16 08:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/12/01 11:31:21 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll
MOD - [2012/12/01 11:31:04 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MOD - [2012/12/01 11:29:23 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012/12/01 10:24:08 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012/12/01 10:23:41 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012/12/01 10:23:36 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012/12/01 10:23:34 | 007,988,736 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012/12/01 10:23:27 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/11/13 01:02:22 | 000,434,176 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010/11/13 01:02:21 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/06/08 04:15:42 | 000,618,496 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
MOD - [2010/04/20 13:26:44 | 000,300,912 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
MOD - [2010/04/16 13:11:02 | 000,155,648 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\HMXML.dll
MOD - [2009/09/16 22:52:48 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3531.38495__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2009/09/16 22:52:47 | 001,691,648 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3531.38598__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll
MOD - [2009/09/16 22:52:47 | 000,491,520 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3531.38570__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2009/09/16 22:52:47 | 000,364,544 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3531.38481__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2009/09/16 22:52:47 | 000,331,776 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3531.38537__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2009/09/16 22:52:47 | 000,204,800 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3531.38501__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2009/09/16 22:52:47 | 000,118,784 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3531.38570__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
MOD - [2009/09/16 22:52:47 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3531.38538__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2009/09/16 22:52:47 | 000,077,824 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3531.38551__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2009/09/16 22:52:47 | 000,073,728 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3531.38490__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2009/09/16 22:52:47 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3531.38533__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2009/09/16 22:52:47 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3531.38537__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2009/09/16 22:52:47 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3531.38571__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2009/09/16 22:52:47 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3531.38569__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2009/09/16 22:52:47 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3531.38524__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2009/09/16 22:52:47 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3531.38490__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2009/09/16 22:52:46 | 001,011,712 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3531.38595__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll
MOD - [2009/09/16 22:52:46 | 000,798,720 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3531.38526__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2009/09/16 22:52:46 | 000,573,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3531.38502__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2009/09/16 22:52:46 | 000,409,600 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3531.38546__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2009/09/16 22:52:46 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3531.38532__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2009/09/16 22:52:46 | 000,307,200 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3531.38506__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2009/09/16 22:52:46 | 000,196,608 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3531.38501__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2009/09/16 22:52:46 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3531.38530__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2009/09/16 22:52:46 | 000,090,112 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3531.38525__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2009/09/16 22:52:46 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3531.38530__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2009/09/16 22:52:46 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3531.38505__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2009/09/16 22:52:45 | 000,393,216 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3531.38525__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2009/09/16 22:52:45 | 000,360,448 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3531.38520__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2009/09/16 22:52:45 | 000,270,336 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2009/09/16 22:52:45 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3531.38524__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2009/09/16 22:52:45 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3531.38525__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2009/09/16 22:52:45 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3531.38531__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2009/09/16 22:52:44 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3498.37534__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2009/09/16 22:52:44 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3498.37533__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2009/09/16 22:52:44 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3498.37558__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2009/09/16 22:52:44 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3498.37615__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2009/09/16 22:52:44 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3498.37612__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2009/09/16 22:52:44 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3498.37554__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2009/09/16 22:52:44 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3498.37610__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2009/09/16 22:52:44 | 000,007,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2009/09/16 22:52:43 | 000,135,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3498.37541__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2009/09/16 22:52:43 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3498.37518__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2009/09/16 22:52:43 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2009/09/16 22:52:43 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3498.37515__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2009/09/16 22:52:43 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3498.37517__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2009/09/16 22:52:43 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3498.37674__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2009/09/16 22:52:43 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3498.37536__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2009/09/16 22:52:43 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3498.37540__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2009/09/16 22:52:43 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3498.37526__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2009/09/16 22:52:43 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3498.37551__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2009/09/16 22:52:43 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2009/09/16 22:52:43 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3498.37571__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2009/09/16 22:52:43 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2009/09/16 22:52:43 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3498.37544__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2009/09/16 22:52:43 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3498.37574__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2009/09/16 22:52:43 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3498.37547__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2009/09/16 22:52:42 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3498.37579__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2009/09/16 22:52:42 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3498.37582__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2009/09/16 22:52:42 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3498.37603__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2009/09/16 22:52:42 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3498.37602__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2009/09/16 22:52:42 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3498.37575__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2009/09/16 22:52:42 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3498.37580__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2009/09/16 22:52:42 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3498.37555__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2009/09/16 22:52:41 | 000,651,264 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3531.38593__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2009/09/16 22:52:41 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3498.37583__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2009/09/16 22:52:41 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3498.37578__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2009/09/16 22:52:41 | 000,049,152 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3498.37577__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2009/09/16 22:52:41 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3531.38575__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2009/09/16 22:52:41 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3498.37582__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2009/09/16 22:52:41 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3498.37557__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2009/09/16 22:52:41 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3498.37572__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2009/09/16 22:52:41 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3498.37552__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2009/09/16 22:52:41 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Foundation\2.0.3498.37553__90ba9c70f846762e\APM.Foundation.dll
MOD - [2009/09/16 22:52:41 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3498.37535__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2009/09/16 22:52:41 | 000,007,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3531.38478__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2009/09/16 22:52:40 | 000,106,496 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3531.38565__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2009/09/16 22:52:40 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3531.38563__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2009/09/16 22:52:40 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3498.37522__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2009/09/16 22:52:40 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3498.37528__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2009/09/16 22:52:40 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3498.37531__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2009/09/16 22:52:40 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3498.37547__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2009/09/16 22:52:39 | 000,552,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3531.38559__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2009/09/16 22:52:39 | 000,405,504 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3531.38495__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2009/09/16 22:52:39 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3531.38480__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2009/09/16 22:52:39 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3531.38479__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2009/09/16 22:52:39 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3498.37546__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2009/09/16 22:52:39 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3498.37548__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2009/09/16 22:52:37 | 001,212,416 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3531.38486__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2009/09/16 22:52:37 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3498.37538__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2009/09/16 22:52:37 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2009/09/16 22:52:37 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3498.37549__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2009/09/16 22:52:37 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3498.37585__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2009/09/16 22:52:37 | 000,019,456 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3531.38565__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2009/09/16 22:52:36 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Server\2.0.3531.38477__90ba9c70f846762e\APM.Server.dll
MOD - [2009/09/16 22:52:36 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server\2.0.3531.38478__90ba9c70f846762e\AEM.Server.dll
MOD - [2009/02/12 06:32:10 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2006/08/12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2012/11/30 19:23:07 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/19 21:48:14 | 001,435,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/08/03 11:37:56 | 002,445,880 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2012/07/29 16:51:52 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/14 14:59:32 | 000,497,320 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2012/05/09 13:38:07 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/09 13:38:06 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/03/09 14:38:58 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/09/02 08:55:32 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/08/13 20:58:10 | 000,044,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/06/15 10:10:00 | 000,282,624 | ---- | M] (Marvell) [Auto | Running] -- C:\Windows\System32\yk62x86.dll -- (yksvc)
SRV - [2009/03/28 03:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/03/05 10:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\System32\Rezip.exe -- (Rezip)
SRV - [2008/01/16 08:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Auto | Stopped] -- C:\windows\system32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - [2012/07/14 14:59:44 | 000,027,056 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2012/05/09 13:38:07 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/09 13:38:07 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/09/15 22:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/05/07 17:51:28 | 000,455,256 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/06/17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/09/11 01:50:12 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2009/09/02 09:31:04 | 005,173,760 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/08/10 19:43:34 | 000,237,696 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMC326.sys -- (VMC326)
DRV - [2009/07/21 23:18:58 | 001,161,760 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/06/23 05:25:32 | 000,538,624 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl819xp.sys -- (rtl819xp)
DRV - [2009/06/15 10:10:00 | 000,313,856 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/03/18 15:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN24049646502415-1001&toolbarId=base&affiliateId=1025&Lan=de&utid=6c6e06ca0000000000000024541dc732
IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No CLSID value found
IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\..\SearchScopes,DefaultScope = {514B861C-E23F-4251-96A8-B55B2A21A35F}
IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\..\SearchScopes\{514B861C-E23F-4251-96A8-B55B2A21A35F}: "URL" = hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN24049646502415-1001&toolbarId=base&affiliateId=1025&Lan=de&utid=6c6e06ca0000000000000024541dc732&q={searchTerms}&r=545
IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm-Sicherheit Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN24049646502415-1001&toolbarId=base&affiliateId=1025&Lan=de&utid=6c6e06ca0000000000000024541dc732"
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126
FF - prefs.js..extensions.enabledAddons: groovesharkUnlocker@overlord1337:1.3
FF - prefs.js..extensions.enabledAddons: adblockpopups@jessehakanen.net:0.5
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.6.3
FF - prefs.js..keyword.URL: "hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN24049646502415-1001&toolbarId=base&affiliateId=1025&Lan=de&utid=6c6e06ca0000000000000024541dc732&q={searchTerms}"
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/10/18 22:01:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/08/27 17:44:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/29 16:51:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/21 16:06:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/29 16:51:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/21 16:06:35 | 000,000,000 | ---D | M]
 
[2011/10/06 12:29:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jörg Panzer\AppData\Roaming\mozilla\Extensions
[2012/12/04 22:50:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jörg Panzer\AppData\Roaming\mozilla\Firefox\Profiles\nbecm84s.default\extensions
[2012/08/10 10:51:01 | 000,000,000 | ---D | M] (FT Evo) -- C:\Users\Jörg Panzer\AppData\Roaming\mozilla\Firefox\Profiles\nbecm84s.default\extensions\{5c8c1470-d247-11e0-9572-0800200c9a66}
[2012/08/25 11:20:30 | 000,000,000 | ---D | M] (FT DeepDark) -- C:\Users\Jörg Panzer\AppData\Roaming\mozilla\Firefox\Profiles\nbecm84s.default\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}
[2012/08/27 17:43:48 | 000,000,000 | ---D | M] (zonealarm.com) -- C:\Users\Jörg Panzer\AppData\Roaming\mozilla\Firefox\Profiles\nbecm84s.default\extensions\ffxtlbr@zonealarm.com
[2012/12/02 21:43:12 | 000,124,993 | ---- | M] () (No name found) -- C:\Users\Jörg Panzer\AppData\Roaming\mozilla\firefox\profiles\nbecm84s.default\extensions\adblockpopups@jessehakanen.net.xpi
[2012/07/05 22:05:48 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\Jörg Panzer\AppData\Roaming\mozilla\firefox\profiles\nbecm84s.default\extensions\elemhidehelper@adblockplus.org.xpi
[2012/11/30 17:59:54 | 000,029,022 | ---- | M] () (No name found) -- C:\Users\Jörg Panzer\AppData\Roaming\mozilla\firefox\profiles\nbecm84s.default\extensions\groovesharkUnlocker@overlord1337.xpi
[2012/12/04 22:50:26 | 000,531,070 | ---- | M] () (No name found) -- C:\Users\Jörg Panzer\AppData\Roaming\mozilla\firefox\profiles\nbecm84s.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/11/30 17:11:53 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Jörg Panzer\AppData\Roaming\mozilla\firefox\profiles\nbecm84s.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/10/02 11:56:44 | 000,000,943 | ---- | M] () -- C:\Users\Jörg Panzer\AppData\Roaming\mozilla\firefox\profiles\nbecm84s.default\searchplugins\conduit.xml
[2012/08/27 17:43:10 | 000,001,497 | ---- | M] () -- C:\Users\Jörg Panzer\AppData\Roaming\mozilla\firefox\profiles\nbecm84s.default\searchplugins\zonealarm.xml
[2012/02/07 21:44:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/02/07 21:44:00 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/10/18 22:01:18 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
File not found (No name found) -- C:\USERS\JöRG PANZER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBECM84S.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
File not found (No name found) -- C:\USERS\JöRG PANZER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBECM84S.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI
File not found (No name found) -- C:\USERS\JöRG PANZER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBECM84S.DEFAULT\EXTENSIONS\GROOVESHARKUNLOCKER@OVERLORD1337.XPI
[2012/07/29 16:51:52 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/11 11:15:05 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/06/11 11:15:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/11 11:15:05 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/06/11 11:15:05 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/11 11:15:05 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/11 11:15:05 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.6.7.4\bh\zonealarm.dll (Montera Technologeis LTD)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1016556084-3091970497-507946437-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6119D552-BD9C-45F9-81F1-6E15A8C76FDA}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3A6A6E7-68F4-45E3-A662-4ACA9DE99FAE}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: mcmscsvc - Service
SafeBootNet: MCODS - Service
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: vsmon - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/12/05 19:22:27 | 000,000,000 | ---D | C] -- C:\Users\Jörg Panzer\AppData\Roaming\Malwarebytes
[2012/12/05 19:22:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/12/05 19:22:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/12/05 19:22:09 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/12/05 19:22:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/12/01 10:23:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012/12/01 10:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
 
========== Files - Modified Within 30 Days ==========
 
[2012/12/05 22:48:18 | 000,015,056 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/05 22:48:18 | 000,015,056 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/05 22:40:54 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/12/05 22:40:45 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/05 22:00:04 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/12/05 18:07:04 | 000,711,304 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/12/05 18:07:04 | 000,662,666 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/12/05 18:07:04 | 000,154,684 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/12/05 18:07:04 | 000,125,116 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/12/05 09:53:43 | 000,012,428 | ---- | M] () -- C:\Users\Jörg Panzer\Desktop\stundenplan master ws1213.pdf
[2012/12/03 09:42:54 | 002,262,071 | ---- | M] () -- C:\Users\Jörg Panzer\Desktop\Pubquiz.JPG
[2012/12/01 10:22:26 | 000,422,040 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012/12/05 09:53:43 | 000,012,428 | ---- | C] () -- C:\Users\Jörg Panzer\Desktop\stundenplan master ws1213.pdf
[2012/12/03 09:42:53 | 002,262,071 | ---- | C] () -- C:\Users\Jörg Panzer\Desktop\Pubquiz.JPG
[2012/03/12 12:46:24 | 000,484,656 | ---- | C] () -- C:\windows\ssndii.exe
[2012/03/12 12:45:47 | 000,026,624 | ---- | C] () -- C:\windows\System32\sst3cl3.dll
[2011/10/12 15:34:46 | 000,116,224 | ---- | C] () -- C:\windows\System32\pdfcmnnt.dll
[2011/10/10 19:28:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/03 11:54:06 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011/12/20 16:06:24 | 000,000,000 | ---D | M] -- C:\Users\Jörg Panzer\AppData\Roaming\Canneverbe Limited
[2012/08/27 18:02:41 | 000,000,000 | ---D | M] -- C:\Users\Jörg Panzer\AppData\Roaming\CheckPoint
[2012/12/02 22:53:05 | 000,000,000 | ---D | M] -- C:\Users\Jörg Panzer\AppData\Roaming\Dropbox
[2012/07/09 16:10:28 | 000,000,000 | ---D | M] -- C:\Users\Jörg Panzer\AppData\Roaming\IrfanView
[2011/10/12 15:34:51 | 000,000,000 | ---D | M] -- C:\Users\Jörg Panzer\AppData\Roaming\pdfforge
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011/10/07 11:05:22 | 000,000,000 | ---D | M] -- C:\Users\Jörg Panzer\AppData\Roaming\Adobe
[2012/02/16 10:52:27 | 000,000,000 | ---D | M] -- C:\Users\Jörg Panzer\AppData\Roaming\Apple Computer
[2010/04/03 12:10:42 | 000,000,000 | ---D | M] -- C:\Users\Jörg Panzer\AppData\Roaming\ATI
[2011/10/13 19:07:26 | 000,000,000 | ---D | M] -- C:\Users\Jörg Panzer\AppData\Roaming\Avira
[2011/12/20 16:06:24 | 000,000,000 | ---D | M] -- C:\Users\Jörg Panzer\AppData\Roaming\Canneverbe Limited
[2012/08/27 18:02:41 | 000,000,000 | ---D | M] -- C:\Users\Jörg Panzer\AppData\Roaming\CheckPoint
[2012/01/19 21:25:59 | 000,000,000 | ---D | M] -- C:\Users\Jörg Panzer\AppData\Roaming\DivX
[2012/12/02 22:53:05 | 000,000,000 | ---D | M] -- C:\Users\Jörg Panzer\AppData\Roaming\Dropbox
[2012/02/06 14:17:13 | 000,000,000 | ---D | M] -- C:\Users\Jörg Panzer\AppData\Roaming\dvdcss
[2011/11/21 15:56:31 | 000,000,000 | ---D | M] -- C:\Users\Jörg Panzer\AppData\Roaming\Google
[2010/04/03 12:10:11 | 000,000,000 | ---D | M] -- C:\Users\Jörg Panzer\AppData\Roaming\Identities
[2012/07/09 16:10:28 | 000,000,000 | ---D | M] -- C:\Users\Jörg Panzer\AppData\Roaming\IrfanView
[2011/10/07 11:05:22 | 000,000,000 | ---D | M] -- C:\Users\Jörg Panzer\AppData\Roaming\Macromedia
[2012/12/05 19:22:27 | 000,000,000 | ---D | M] -- C:\Users\Jörg Panzer\AppData\Roaming\Malwarebytes
[2011/11/03 12:40:19 | 000,000,000 | ---D | M] -- C:\Users\Jörg Panzer\AppData\Roaming\MathWorks
[2009/09/17 15:08:40 | 000,000,000 | ---D | M] -- C:\Users\Jörg Panzer\AppData\Roaming\Media Center Programs
[2012/08/18 19:22:53 | 000,000,000 | --SD | M] -- C:\Users\Jörg Panzer\AppData\Roaming\Microsoft
[2011/10/06 12:29:57 | 000,000,000 | ---D | M] -- C:\Users\Jörg Panzer\AppData\Roaming\Mozilla
[2011/10/12 15:34:51 | 000,000,000 | ---D | M] -- C:\Users\Jörg Panzer\AppData\Roaming\pdfforge
[2012/07/29 20:21:44 | 000,000,000 | ---D | M] -- C:\Users\Jörg Panzer\AppData\Roaming\Skype
[2012/02/07 21:30:02 | 000,000,000 | ---D | M] -- C:\Users\Jörg Panzer\AppData\Roaming\skypePM
[2012/04/13 12:34:10 | 000,000,000 | ---D | M] -- C:\Users\Jörg Panzer\AppData\Roaming\vlc
 
< %APPDATA%\*.exe /s >
[2012/05/24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Jörg Panzer\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012/05/24 19:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\Jörg Panzer\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2012/05/24 19:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\Jörg Panzer\AppData\Roaming\Dropbox\bin\Uninstall.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007/01/23 16:22:16 | 000,032,890 | ---- | M] () MD5=4FA5D1120762802A741F374F8B391E69 -- C:\Program Files\MATLAB\R2009a\sys\perl\win32\lib\auto\Win32\EventLog\EventLog.dll
 
< MD5 for: IASTOR.SYS  >
[2009/06/04 10:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/06/04 10:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/06/04 10:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009/06/04 10:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\drivers\iaStorV.sys
[2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\drivers\nvstor.sys
[2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010/11/20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010/11/20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2008/07/01 14:17:12 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Program Files\CheckPoint\ZAForceField\Heuristics\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009/09/02 08:56:26 | 000,446,464 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\windows\system32\ATIDEMGX.dll

< End of report >
         
wie soll ich jetzt weitermachen?
Gruß, Jörg

EDIT: meine links scheinen nich zu funktionieren, hier die url zu dem thread, an den ich mich bisher gehalten hab:
hxxp://www.trojaner-board.de/111503-ordner-wechseldatentraeger-nur-noch-verknuepfungen.html

Alt 06.12.2012, 14:17   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
recycler/e621ca05.exe auf meiner SD-Karte - Standard

recycler/e621ca05.exe auf meiner SD-Karte



Hallo und

Zitat:
Werde wie hier beschrieben vorgehen, angefangen mit nem scan von Malwarebytes.
Schön und wo sind die Logs dazu?
Oder nocht nicht fertig?

Poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520


Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 07.12.2012, 15:07   #3
joepa
 
recycler/e621ca05.exe auf meiner SD-Karte - Standard

recycler/e621ca05.exe auf meiner SD-Karte



Moin!

hier das log von malwarebytes:


Code:
ATTFilter
 
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.05.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Jörg Panzer :: FRIEDENSPANZER [Administrator]

05.12.2012 19:24:18
mbam-log-2012-12-05 (19-24-18).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 487627
Laufzeit: 2 Stunde(n), 52 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Program Files\MATLAB\R2009a\toolbox\rtw\targets\xpc\target\build\xpcblocks\adbbpci20019.mexw32 (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\MATLAB\R2009a\toolbox\rtw\targets\xpc\target\build\xpcblocks\adbbpci20023.mexw32 (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\MATLAB\R2009a\toolbox\rtw\targets\xpc\target\build\xpcblocks\encadapci1710.mexw32 (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
hab meine sd karte nich mit geprüft, hole das jetzt mal nach.

log vom scan der sd kart:

Code:
ATTFilter
 
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.05.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Jörg Panzer :: FRIEDENSPANZER [Administrator]

07.12.2012 15:17:38
mbam-log-2012-12-07 (15-17-38).txt

Art des Suchlaufs: Vollständiger Suchlauf (H:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 195312
Laufzeit: 4 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
__________________

Alt 07.12.2012, 19:58   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
recycler/e621ca05.exe auf meiner SD-Karte - Standard

recycler/e621ca05.exe auf meiner SD-Karte



Zitat:
C:\Program Files\MATLAB\R2009a\toolbox\rtw\targets\xpc\target\build\xpcblocks\adbbpci20019.mexw32
Hm, aus welcher Quelle stammt dieses MATLAB?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.12.2012, 17:26   #5
joepa
 
recycler/e621ca05.exe auf meiner SD-Karte - Standard

recycler/e621ca05.exe auf meiner SD-Karte



Bin mir nich mehr sicher, entweder freeware aus dem internet oder ne CD von der Uni. Das hab ich aber schon fast seit nem halben Jahr auf dem PC.


Alt 09.12.2012, 16:59   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
recycler/e621ca05.exe auf meiner SD-Karte - Standard

recycler/e621ca05.exe auf meiner SD-Karte



Bitte nun Logs mit GMER (<<< klick für Anleitung) und aswMBR (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur aswMBR aus.

aswMBR-Download => aswMBR.exe - speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
--> recycler/e621ca05.exe auf meiner SD-Karte

Alt 10.12.2012, 13:40   #7
joepa
 
recycler/e621ca05.exe auf meiner SD-Karte - Standard

recycler/e621ca05.exe auf meiner SD-Karte



gmer log:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit quick scan 2012-12-10 11:27:01
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AC1
Running: ng7lm5hl.exe; Driver: C:\Users\JRGPAN~1\AppData\Local\Temp\axddykob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0  Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1  Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
         
aswMBR log:
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-10 11:33:22
-----------------------------
11:33:22.352    OS Version: Windows 6.1.7601 Service Pack 1
11:33:22.352    Number of processors: 2 586 0x170A
11:33:22.352    ComputerName: FRIEDENSPANZER  UserName: Jörg Panzer
11:33:22.976    Initialize success
11:38:06.664    AVAST engine defs: 12121000
11:38:26.507    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:38:26.522    Disk 0 Vendor: SAMSUNG_ 2AC1 Size: 476940MB BusType: 3
11:38:26.538    Disk 0 MBR read successfully
11:38:26.538    Disk 0 MBR scan
11:38:26.569    Disk 0 unknown MBR code
11:38:26.585    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        15360 MB offset 2048
11:38:26.600    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 31459328
11:38:26.616    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       166131 MB offset 31664128
11:38:26.647    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       295347 MB offset 371900416
11:38:26.663    Disk 0 scanning sectors +976771072
11:38:26.741    Disk 0 scanning C:\windows\system32\drivers
11:38:44.119    Service scanning
11:39:17.738    Modules scanning
11:39:26.802    Disk 0 trace - called modules:
11:39:26.833    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll 
11:39:26.849    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86da5030]
11:39:26.849    3 CLASSPNP.SYS[8c26e59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85f54028]
11:39:27.629    AVAST engine scan C:\windows
11:39:31.107    AVAST engine scan C:\windows\system32
11:44:20.628    AVAST engine scan C:\windows\system32\drivers
11:44:40.144    AVAST engine scan C:\Users\Jörg Panzer
11:53:56.898    AVAST engine scan C:\ProgramData
11:54:59.064    Scan finished successfully
12:32:03.456    Disk 0 MBR has been saved successfully to "C:\Users\Jörg Panzer\Desktop\MBR.dat"
12:32:03.472    The log file has been saved successfully to "C:\Users\Jörg Panzer\Desktop\aswMBR log.txt"
         
is es wichtig dass die sd-karte bei allen scans im dabei is, oder is das unwichtig?
vielen Dank für deine Anweisung, besten Gruß
Jörg

Geändert von cosinus (10.12.2012 um 14:18 Uhr) Grund: CODE-Tags...

Alt 10.12.2012, 14:40   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
recycler/e621ca05.exe auf meiner SD-Karte - Standard

recycler/e621ca05.exe auf meiner SD-Karte



Wieso schreibst du die CODE-Tags jetzt auf einmal falsch?! Ich hab es mal korrigiert

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.12.2012, 16:11   #9
joepa
 
recycler/e621ca05.exe auf meiner SD-Karte - Standard

recycler/e621ca05.exe auf meiner SD-Karte



Report vom TDSS-Killer:

Code:
ATTFilter
16:03:33.0703 3404  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:03:34.0750 3404  ============================================================
16:03:34.0750 3404  Current date / time: 2012/12/10 16:03:34.0750
16:03:34.0750 3404  SystemInfo:
16:03:34.0750 3404  
16:03:34.0750 3404  OS Version: 6.1.7601 ServicePack: 1.0
16:03:34.0750 3404  Product type: Workstation
16:03:34.0750 3404  ComputerName: FRIEDENSPANZER
16:03:34.0750 3404  UserName: Jörg Panzer
16:03:34.0750 3404  Windows directory: C:\windows
16:03:34.0750 3404  System windows directory: C:\windows
16:03:34.0750 3404  Processor architecture: Intel x86
16:03:34.0750 3404  Number of processors: 2
16:03:34.0750 3404  Page size: 0x1000
16:03:34.0760 3404  Boot type: Normal boot
16:03:34.0760 3404  ============================================================
16:03:35.0391 3404  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:03:35.0427 3404  Drive \Device\Harddisk1\DR1 - Size: 0x74F300000 (29.24 Gb), SectorSize: 0x200, Cylinders: 0xEE8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:03:35.0428 3404  ============================================================
16:03:35.0428 3404  \Device\Harddisk0\DR0:
16:03:35.0428 3404  MBR partitions:
16:03:35.0428 3404  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
16:03:35.0428 3404  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x14479800
16:03:35.0428 3404  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x162AC000, BlocksNum 0x240D9800
16:03:35.0428 3404  \Device\Harddisk1\DR1:
16:03:35.0429 3404  MBR partitions:
16:03:35.0429 3404  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x2000, BlocksNum 0x3A77800
16:03:35.0429 3404  ============================================================
16:03:35.0450 3404  C: <-> \Device\Harddisk0\DR0\Partition2
16:03:35.0490 3404  D: <-> \Device\Harddisk0\DR0\Partition3
16:03:35.0490 3404  ============================================================
16:03:35.0490 3404  Initialize success
16:03:35.0490 3404  ============================================================
16:05:24.0436 0460  ============================================================
16:05:24.0436 0460  Scan started
16:05:24.0436 0460  Mode: Manual; SigCheck; TDLFS; 
16:05:24.0436 0460  ============================================================
16:05:24.0936 0460  ================ Scan system memory ========================
16:05:24.0936 0460  System memory - ok
16:05:24.0936 0460  ================ Scan services =============================
16:05:25.0138 0460  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
16:05:25.0232 0460  1394ohci - ok
16:05:25.0294 0460  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\windows\system32\drivers\ACPI.sys
16:05:25.0310 0460  ACPI - ok
16:05:25.0341 0460  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
16:05:25.0404 0460  AcpiPmi - ok
16:05:25.0497 0460  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:05:25.0528 0460  AdobeFlashPlayerUpdateSvc - ok
16:05:25.0575 0460  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\windows\system32\DRIVERS\adp94xx.sys
16:05:25.0622 0460  adp94xx - ok
16:05:25.0653 0460  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\windows\system32\DRIVERS\adpahci.sys
16:05:25.0684 0460  adpahci - ok
16:05:25.0716 0460  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\windows\system32\DRIVERS\adpu320.sys
16:05:25.0747 0460  adpu320 - ok
16:05:25.0794 0460  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
16:05:25.0856 0460  AeLookupSvc - ok
16:05:25.0903 0460  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\windows\system32\drivers\afd.sys
16:05:25.0965 0460  AFD - ok
16:05:26.0043 0460  [ 6416F9B6B220F0A890525C38235AFAD7 ] AgereModemAudio C:\Program Files\LSI SoftModem\agrsmsvc.exe
16:05:26.0074 0460  AgereModemAudio - ok
16:05:26.0137 0460  [ 07758C2196A62F207F77556311E7459A ] AgereSoftModem  C:\windows\system32\DRIVERS\AGRSM.sys
16:05:26.0199 0460  AgereSoftModem - ok
16:05:26.0246 0460  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\windows\system32\drivers\agp440.sys
16:05:26.0262 0460  agp440 - ok
16:05:26.0308 0460  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\windows\system32\DRIVERS\djsvs.sys
16:05:26.0340 0460  aic78xx - ok
16:05:26.0386 0460  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\windows\System32\alg.exe
16:05:26.0418 0460  ALG - ok
16:05:26.0449 0460  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\windows\system32\drivers\aliide.sys
16:05:26.0464 0460  aliide - ok
16:05:26.0511 0460  [ 4CD8AA0DC5C3F1E5A8FF67EB7D85ABB4 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
16:05:26.0558 0460  AMD External Events Utility - ok
16:05:26.0589 0460  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\windows\system32\drivers\amdagp.sys
16:05:26.0605 0460  amdagp - ok
16:05:26.0667 0460  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\windows\system32\drivers\amdide.sys
16:05:26.0683 0460  amdide - ok
16:05:26.0730 0460  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\windows\system32\DRIVERS\amdk8.sys
16:05:26.0761 0460  AmdK8 - ok
16:05:26.0761 0460  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
16:05:26.0808 0460  AmdPPM - ok
16:05:26.0870 0460  [ E7F4D42D8076EC60E21715CD11743A0D ] amdsata         C:\windows\system32\drivers\amdsata.sys
16:05:26.0901 0460  amdsata - ok
16:05:26.0917 0460  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\windows\system32\DRIVERS\amdsbs.sys
16:05:26.0948 0460  amdsbs - ok
16:05:26.0964 0460  [ 146459D2B08BFDCBFA856D9947043C81 ] amdxata         C:\windows\system32\drivers\amdxata.sys
16:05:26.0995 0460  amdxata - ok
16:05:27.0088 0460  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
16:05:27.0104 0460  AntiVirSchedulerService - ok
16:05:27.0135 0460  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
16:05:27.0166 0460  AntiVirService - ok
16:05:27.0213 0460  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\windows\system32\drivers\appid.sys
16:05:27.0276 0460  AppID - ok
16:05:27.0307 0460  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\windows\System32\appidsvc.dll
16:05:27.0369 0460  AppIDSvc - ok
16:05:27.0432 0460  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\windows\System32\appinfo.dll
16:05:27.0494 0460  Appinfo - ok
16:05:27.0588 0460  [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:05:27.0603 0460  Apple Mobile Device - ok
16:05:27.0634 0460  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\windows\system32\DRIVERS\arc.sys
16:05:27.0650 0460  arc - ok
16:05:27.0681 0460  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\windows\system32\DRIVERS\arcsas.sys
16:05:27.0697 0460  arcsas - ok
16:05:27.0790 0460  [ 39CDCB109BF200CC8A05B9C7E6272D11 ] aspnet_state    C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:05:27.0806 0460  aspnet_state - ok
16:05:27.0837 0460  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
16:05:27.0900 0460  AsyncMac - ok
16:05:27.0946 0460  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\windows\system32\drivers\atapi.sys
16:05:27.0978 0460  atapi - ok
16:05:28.0134 0460  [ 745C79700646C3F285CD09775618A04B ] atikmdag        C:\windows\system32\DRIVERS\atikmdag.sys
16:05:28.0336 0460  atikmdag - ok
16:05:28.0399 0460  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
16:05:28.0477 0460  AudioEndpointBuilder - ok
16:05:28.0477 0460  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\windows\System32\Audiosrv.dll
16:05:28.0539 0460  Audiosrv - ok
16:05:28.0617 0460  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\windows\system32\DRIVERS\avgntflt.sys
16:05:28.0633 0460  avgntflt - ok
16:05:28.0664 0460  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\windows\system32\DRIVERS\avipbb.sys
16:05:28.0680 0460  avipbb - ok
16:05:28.0711 0460  [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr          C:\windows\system32\DRIVERS\avkmgr.sys
16:05:28.0726 0460  avkmgr - ok
16:05:28.0773 0460  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\windows\System32\AxInstSV.dll
16:05:28.0836 0460  AxInstSV - ok
16:05:28.0867 0460  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\windows\system32\DRIVERS\bxvbdx.sys
16:05:28.0929 0460  b06bdrv - ok
16:05:28.0960 0460  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\windows\system32\DRIVERS\b57nd60x.sys
16:05:29.0007 0460  b57nd60x - ok
16:05:29.0085 0460  [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
16:05:29.0116 0460  BcmSqlStartupSvc - ok
16:05:29.0179 0460  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\windows\System32\bdesvc.dll
16:05:29.0226 0460  BDESVC - ok
16:05:29.0272 0460  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\windows\system32\drivers\Beep.sys
16:05:29.0350 0460  Beep - ok
16:05:29.0413 0460  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\windows\System32\bfe.dll
16:05:29.0491 0460  BFE - ok
16:05:29.0538 0460  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\windows\System32\qmgr.dll
16:05:29.0616 0460  BITS - ok
16:05:29.0631 0460  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
16:05:29.0678 0460  blbdrive - ok
16:05:29.0772 0460  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:05:29.0803 0460  Bonjour Service - ok
16:05:29.0834 0460  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
16:05:29.0865 0460  bowser - ok
16:05:29.0912 0460  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\windows\system32\DRIVERS\BrFiltLo.sys
16:05:29.0959 0460  BrFiltLo - ok
16:05:29.0974 0460  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\windows\system32\DRIVERS\BrFiltUp.sys
16:05:30.0021 0460  BrFiltUp - ok
16:05:30.0068 0460  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\windows\System32\browser.dll
16:05:30.0115 0460  Browser - ok
16:05:30.0130 0460  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\windows\System32\Drivers\Brserid.sys
16:05:30.0177 0460  Brserid - ok
16:05:30.0208 0460  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
16:05:30.0255 0460  BrSerWdm - ok
16:05:30.0255 0460  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
16:05:30.0302 0460  BrUsbMdm - ok
16:05:30.0318 0460  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
16:05:30.0364 0460  BrUsbSer - ok
16:05:30.0427 0460  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum         C:\windows\system32\drivers\BthEnum.sys
16:05:30.0474 0460  BthEnum - ok
16:05:30.0489 0460  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
16:05:30.0520 0460  BTHMODEM - ok
16:05:30.0567 0460  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
16:05:30.0598 0460  BthPan - ok
16:05:30.0630 0460  [ C2FBF6D271D9A94D839C416BF186EAD9 ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys
16:05:30.0676 0460  BTHPORT - ok
16:05:30.0708 0460  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\windows\system32\bthserv.dll
16:05:30.0786 0460  bthserv - ok
16:05:30.0817 0460  [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
16:05:30.0848 0460  BTHUSB - ok
16:05:30.0864 0460  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
16:05:30.0942 0460  cdfs - ok
16:05:31.0004 0460  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\windows\system32\drivers\cdrom.sys
16:05:31.0066 0460  cdrom - ok
16:05:31.0113 0460  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\windows\System32\certprop.dll
16:05:31.0176 0460  CertPropSvc - ok
16:05:31.0207 0460  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\windows\system32\DRIVERS\circlass.sys
16:05:31.0254 0460  circlass - ok
16:05:31.0300 0460  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\windows\system32\CLFS.sys
16:05:31.0316 0460  CLFS - ok
16:05:31.0363 0460  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:05:31.0378 0460  clr_optimization_v2.0.50727_32 - ok
16:05:31.0394 0460  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
16:05:31.0456 0460  CmBatt - ok
16:05:31.0488 0460  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\windows\system32\drivers\cmdide.sys
16:05:31.0503 0460  cmdide - ok
16:05:31.0566 0460  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\windows\system32\Drivers\cng.sys
16:05:31.0612 0460  CNG - ok
16:05:31.0628 0460  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
16:05:31.0644 0460  Compbatt - ok
16:05:31.0706 0460  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
16:05:31.0737 0460  CompositeBus - ok
16:05:31.0753 0460  COMSysApp - ok
16:05:31.0784 0460  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\windows\system32\DRIVERS\crcdisk.sys
16:05:31.0815 0460  crcdisk - ok
16:05:31.0862 0460  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\windows\system32\cryptsvc.dll
16:05:31.0909 0460  CryptSvc - ok
16:05:31.0971 0460  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\windows\system32\rpcss.dll
16:05:32.0034 0460  DcomLaunch - ok
16:05:32.0065 0460  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\windows\System32\defragsvc.dll
16:05:32.0143 0460  defragsvc - ok
16:05:32.0174 0460  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
16:05:32.0236 0460  DfsC - ok
16:05:32.0268 0460  DgiVecp - ok
16:05:32.0314 0460  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\windows\system32\dhcpcore.dll
16:05:32.0377 0460  Dhcp - ok
16:05:32.0408 0460  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\windows\system32\drivers\discache.sys
16:05:32.0470 0460  discache - ok
16:05:32.0517 0460  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\windows\system32\DRIVERS\disk.sys
16:05:32.0533 0460  Disk - ok
16:05:32.0564 0460  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\windows\System32\dnsrslvr.dll
16:05:32.0626 0460  Dnscache - ok
16:05:32.0673 0460  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\windows\System32\dot3svc.dll
16:05:32.0736 0460  dot3svc - ok
16:05:32.0782 0460  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\windows\system32\dps.dll
16:05:32.0845 0460  DPS - ok
16:05:32.0892 0460  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
16:05:32.0938 0460  drmkaud - ok
16:05:33.0001 0460  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
16:05:33.0032 0460  DXGKrnl - ok
16:05:33.0079 0460  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\windows\System32\eapsvc.dll
16:05:33.0141 0460  EapHost - ok
16:05:33.0235 0460  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\windows\system32\DRIVERS\evbdx.sys
16:05:33.0344 0460  ebdrv - ok
16:05:33.0391 0460  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\windows\System32\lsass.exe
16:05:33.0438 0460  EFS - ok
16:05:33.0516 0460  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
16:05:33.0578 0460  ehRecvr - ok
16:05:33.0609 0460  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\windows\ehome\ehsched.exe
16:05:33.0640 0460  ehSched - ok
16:05:33.0703 0460  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\windows\system32\DRIVERS\elxstor.sys
16:05:33.0734 0460  elxstor - ok
16:05:33.0750 0460  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\windows\system32\drivers\errdev.sys
16:05:33.0781 0460  ErrDev - ok
16:05:33.0843 0460  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\windows\system32\es.dll
16:05:33.0921 0460  EventSystem - ok
16:05:33.0937 0460  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\windows\system32\drivers\exfat.sys
16:05:34.0015 0460  exfat - ok
16:05:34.0030 0460  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\windows\system32\drivers\fastfat.sys
16:05:34.0093 0460  fastfat - ok
16:05:34.0155 0460  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\windows\system32\fxssvc.exe
16:05:34.0202 0460  Fax - ok
16:05:34.0218 0460  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\windows\system32\DRIVERS\fdc.sys
16:05:34.0249 0460  fdc - ok
16:05:34.0280 0460  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\windows\system32\fdPHost.dll
16:05:34.0358 0460  fdPHost - ok
16:05:34.0374 0460  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\windows\system32\fdrespub.dll
16:05:34.0436 0460  FDResPub - ok
16:05:34.0452 0460  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
16:05:34.0483 0460  FileInfo - ok
16:05:34.0498 0460  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
16:05:34.0561 0460  Filetrace - ok
16:05:34.0576 0460  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
16:05:34.0623 0460  flpydisk - ok
16:05:34.0654 0460  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
16:05:34.0686 0460  FltMgr - ok
16:05:34.0732 0460  [ FA6C66E4364D7DA57AADE5DCC03BB999 ] FontCache       C:\windows\system32\FntCache.dll
16:05:34.0810 0460  FontCache - ok
16:05:34.0873 0460  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:05:34.0888 0460  FontCache3.0.0.0 - ok
16:05:34.0904 0460  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
16:05:34.0935 0460  FsDepends - ok
16:05:34.0966 0460  [ B74B0578FD1D3F897E95F2A2B69EA051 ] fssfltr         C:\windows\system32\DRIVERS\fssfltr.sys
16:05:34.0982 0460  fssfltr - ok
16:05:35.0076 0460  [ 206AD9A89BF05DFA1621F1FC7B82592D ] fsssvc          C:\Program Files\Windows Live\Family Safety\fsssvc.exe
16:05:35.0107 0460  fsssvc - ok
16:05:35.0138 0460  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
16:05:35.0169 0460  Fs_Rec - ok
16:05:35.0216 0460  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
16:05:35.0247 0460  fvevol - ok
16:05:35.0278 0460  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\windows\system32\DRIVERS\gagp30kx.sys
16:05:35.0310 0460  gagp30kx - ok
16:05:35.0356 0460  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\windows\system32\DRIVERS\GEARAspiWDM.sys
16:05:35.0372 0460  GEARAspiWDM - ok
16:05:35.0434 0460  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\windows\System32\gpsvc.dll
16:05:35.0497 0460  gpsvc - ok
16:05:35.0528 0460  [ 833051C6C6C42117191935F734CFBD97 ] hamachi         C:\windows\system32\DRIVERS\hamachi.sys
16:05:35.0559 0460  hamachi - ok
16:05:35.0684 0460  [ A7EBBF64C7610B7C67D46AE620AADBA3 ] Hamachi2Svc     C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
16:05:35.0746 0460  Hamachi2Svc - ok
16:05:35.0778 0460  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
16:05:35.0809 0460  hcw85cir - ok
16:05:35.0887 0460  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
16:05:35.0934 0460  HdAudAddService - ok
16:05:35.0965 0460  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
16:05:35.0996 0460  HDAudBus - ok
16:05:36.0012 0460  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\windows\system32\DRIVERS\HidBatt.sys
16:05:36.0058 0460  HidBatt - ok
16:05:36.0074 0460  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
16:05:36.0121 0460  HidBth - ok
16:05:36.0152 0460  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\windows\system32\DRIVERS\hidir.sys
16:05:36.0199 0460  HidIr - ok
16:05:36.0214 0460  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\windows\system32\hidserv.dll
16:05:36.0292 0460  hidserv - ok
16:05:36.0355 0460  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
16:05:36.0402 0460  HidUsb - ok
16:05:36.0464 0460  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\windows\system32\kmsvc.dll
16:05:36.0526 0460  hkmsvc - ok
16:05:36.0573 0460  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\windows\system32\ListSvc.dll
16:05:36.0620 0460  HomeGroupListener - ok
16:05:36.0667 0460  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\windows\system32\provsvc.dll
16:05:36.0714 0460  HomeGroupProvider - ok
16:05:36.0745 0460  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
16:05:36.0760 0460  HpSAMD - ok
16:05:36.0823 0460  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\windows\system32\drivers\HTTP.sys
16:05:36.0885 0460  HTTP - ok
16:05:36.0916 0460  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
16:05:36.0948 0460  hwpolicy - ok
16:05:36.0994 0460  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\windows\system32\drivers\i8042prt.sys
16:05:37.0041 0460  i8042prt - ok
16:05:37.0088 0460  [ D483687EACE0C065EE772481A96E05F5 ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
16:05:37.0104 0460  iaStor - ok
16:05:37.0150 0460  [ A3CAE5D281DB4CFF7CFF8233507EE5AD ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
16:05:37.0182 0460  iaStorV - ok
16:05:37.0260 0460  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:05:37.0291 0460  idsvc - ok
16:05:37.0431 0460  [ AD626F6964F4D364D226C39E06872DD3 ] igfx            C:\windows\system32\DRIVERS\igdkmd32.sys
16:05:37.0618 0460  igfx - ok
16:05:37.0650 0460  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\windows\system32\DRIVERS\iirsp.sys
16:05:37.0681 0460  iirsp - ok
16:05:37.0743 0460  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\windows\System32\ikeext.dll
16:05:37.0806 0460  IKEEXT - ok
16:05:37.0915 0460  [ 5CEEF2CCCB4FE00D3FFBFEB12BCFA07F ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys
16:05:38.0008 0460  IntcAzAudAddService - ok
16:05:38.0040 0460  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\windows\system32\drivers\intelide.sys
16:05:38.0055 0460  intelide - ok
16:05:38.0102 0460  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
16:05:38.0133 0460  intelppm - ok
16:05:38.0164 0460  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\windows\system32\ipbusenum.dll
16:05:38.0211 0460  IPBusEnum - ok
16:05:38.0242 0460  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
16:05:38.0320 0460  IpFilterDriver - ok
16:05:38.0383 0460  [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
16:05:38.0445 0460  iphlpsvc - ok
16:05:38.0476 0460  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
16:05:38.0523 0460  IPMIDRV - ok
16:05:38.0554 0460  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\windows\system32\drivers\ipnat.sys
16:05:38.0601 0460  IPNAT - ok
16:05:38.0679 0460  [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
16:05:38.0726 0460  iPod Service - ok
16:05:38.0773 0460  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\windows\system32\drivers\irenum.sys
16:05:38.0820 0460  IRENUM - ok
16:05:38.0851 0460  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\windows\system32\drivers\isapnp.sys
16:05:38.0866 0460  isapnp - ok
16:05:38.0898 0460  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
16:05:38.0929 0460  iScsiPrt - ok
16:05:38.0991 0460  [ A195C4FC49492928E8296B8C4AB00517 ] ISWKL           C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
16:05:39.0022 0460  ISWKL - ok
16:05:39.0069 0460  [ E78EACA70B4E0C260E4B32972B7086AC ] IswSvc          C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
16:05:39.0100 0460  IswSvc - ok
16:05:39.0132 0460  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\windows\system32\drivers\kbdclass.sys
16:05:39.0147 0460  kbdclass - ok
16:05:39.0194 0460  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
16:05:39.0225 0460  kbdhid - ok
16:05:39.0256 0460  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\windows\system32\lsass.exe
16:05:39.0272 0460  KeyIso - ok
16:05:39.0319 0460  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
16:05:39.0334 0460  KSecDD - ok
16:05:39.0366 0460  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
16:05:39.0397 0460  KSecPkg - ok
16:05:39.0428 0460  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\windows\system32\msdtckrm.dll
16:05:39.0490 0460  KtmRm - ok
16:05:39.0537 0460  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\windows\system32\srvsvc.dll
16:05:39.0600 0460  LanmanServer - ok
16:05:39.0631 0460  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
16:05:39.0693 0460  LanmanWorkstation - ok
16:05:39.0756 0460  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
16:05:39.0802 0460  lltdio - ok
16:05:39.0834 0460  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\windows\System32\lltdsvc.dll
16:05:39.0912 0460  lltdsvc - ok
16:05:39.0927 0460  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\windows\System32\lmhsvc.dll
16:05:39.0990 0460  lmhosts - ok
16:05:40.0021 0460  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\windows\system32\DRIVERS\lsi_fc.sys
16:05:40.0052 0460  LSI_FC - ok
16:05:40.0068 0460  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\windows\system32\DRIVERS\lsi_sas.sys
16:05:40.0083 0460  LSI_SAS - ok
16:05:40.0114 0460  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\windows\system32\DRIVERS\lsi_sas2.sys
16:05:40.0130 0460  LSI_SAS2 - ok
16:05:40.0146 0460  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\windows\system32\DRIVERS\lsi_scsi.sys
16:05:40.0177 0460  LSI_SCSI - ok
16:05:40.0208 0460  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\windows\system32\drivers\luafv.sys
16:05:40.0270 0460  luafv - ok
16:05:40.0348 0460  McAfee SiteAdvisor Service - ok
16:05:40.0395 0460  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
16:05:40.0426 0460  Mcx2Svc - ok
16:05:40.0442 0460  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\windows\system32\DRIVERS\megasas.sys
16:05:40.0458 0460  megasas - ok
16:05:40.0504 0460  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\windows\system32\DRIVERS\MegaSR.sys
16:05:40.0536 0460  MegaSR - ok
16:05:40.0567 0460  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\windows\system32\mmcss.dll
16:05:40.0629 0460  MMCSS - ok
16:05:40.0645 0460  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\windows\system32\drivers\modem.sys
16:05:40.0692 0460  Modem - ok
16:05:40.0723 0460  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
16:05:40.0770 0460  monitor - ok
16:05:40.0816 0460  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
16:05:40.0848 0460  mouclass - ok
16:05:40.0910 0460  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
16:05:40.0941 0460  mouhid - ok
16:05:40.0988 0460  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
16:05:41.0004 0460  mountmgr - ok
16:05:41.0066 0460  [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:05:41.0082 0460  MozillaMaintenance - ok
16:05:41.0128 0460  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\windows\system32\drivers\mpio.sys
16:05:41.0160 0460  mpio - ok
16:05:41.0175 0460  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
16:05:41.0238 0460  mpsdrv - ok
16:05:41.0284 0460  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\windows\system32\mpssvc.dll
16:05:41.0347 0460  MpsSvc - ok
16:05:41.0378 0460  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
16:05:41.0425 0460  MRxDAV - ok
16:05:41.0456 0460  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
16:05:41.0503 0460  mrxsmb - ok
16:05:41.0534 0460  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
16:05:41.0565 0460  mrxsmb10 - ok
16:05:41.0581 0460  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
16:05:41.0628 0460  mrxsmb20 - ok
16:05:41.0659 0460  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\windows\system32\drivers\msahci.sys
16:05:41.0690 0460  msahci - ok
16:05:41.0706 0460  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\windows\system32\drivers\msdsm.sys
16:05:41.0737 0460  msdsm - ok
16:05:41.0752 0460  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\windows\System32\msdtc.exe
16:05:41.0799 0460  MSDTC - ok
16:05:41.0830 0460  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\windows\system32\drivers\Msfs.sys
16:05:41.0908 0460  Msfs - ok
16:05:41.0924 0460  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
16:05:42.0002 0460  mshidkmdf - ok
16:05:42.0002 0460  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
16:05:42.0033 0460  msisadrv - ok
16:05:42.0064 0460  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
16:05:42.0127 0460  MSiSCSI - ok
16:05:42.0142 0460  msiserver - ok
16:05:42.0174 0460  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
16:05:42.0236 0460  MSKSSRV - ok
16:05:42.0252 0460  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
16:05:42.0314 0460  MSPCLOCK - ok
16:05:42.0330 0460  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
16:05:42.0408 0460  MSPQM - ok
16:05:42.0439 0460  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
16:05:42.0470 0460  MsRPC - ok
16:05:42.0501 0460  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
16:05:42.0532 0460  mssmbios - ok
16:05:42.0579 0460  MSSQL$MSSMLBIZ - ok
16:05:42.0626 0460  [ ADAF062116B4E6D96E44D26486A87AF6 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
16:05:42.0642 0460  MSSQLServerADHelper - ok
16:05:42.0657 0460  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
16:05:42.0720 0460  MSTEE - ok
16:05:42.0735 0460  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\windows\system32\DRIVERS\MTConfig.sys
16:05:42.0766 0460  MTConfig - ok
16:05:42.0782 0460  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\windows\system32\Drivers\mup.sys
16:05:42.0813 0460  Mup - ok
16:05:42.0844 0460  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\windows\system32\qagentRT.dll
16:05:42.0922 0460  napagent - ok
16:05:42.0969 0460  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
16:05:43.0000 0460  NativeWifiP - ok
16:05:43.0078 0460  [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS            C:\windows\system32\drivers\ndis.sys
16:05:43.0125 0460  NDIS - ok
16:05:43.0125 0460  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
16:05:43.0188 0460  NdisCap - ok
16:05:43.0234 0460  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
16:05:43.0298 0460  NdisTapi - ok
16:05:43.0345 0460  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
16:05:43.0407 0460  Ndisuio - ok
16:05:43.0454 0460  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
16:05:43.0501 0460  NdisWan - ok
16:05:43.0547 0460  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
16:05:43.0610 0460  NDProxy - ok
16:05:43.0672 0460  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
16:05:43.0735 0460  NetBIOS - ok
16:05:43.0766 0460  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
16:05:43.0844 0460  NetBT - ok
16:05:43.0859 0460  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\windows\system32\lsass.exe
16:05:43.0891 0460  Netlogon - ok
16:05:43.0937 0460  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\windows\System32\netman.dll
16:05:44.0015 0460  Netman - ok
16:05:44.0031 0460  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\windows\System32\netprofm.dll
16:05:44.0109 0460  netprofm - ok
16:05:44.0125 0460  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:05:44.0140 0460  NetTcpPortSharing - ok
16:05:44.0187 0460  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\windows\system32\DRIVERS\nfrd960.sys
16:05:44.0203 0460  nfrd960 - ok
16:05:44.0249 0460  [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc          C:\windows\System32\nlasvc.dll
16:05:44.0313 0460  NlaSvc - ok
16:05:44.0375 0460  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\windows\system32\drivers\Npfs.sys
16:05:44.0422 0460  Npfs - ok
16:05:44.0453 0460  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\windows\system32\nsisvc.dll
16:05:44.0516 0460  nsi - ok
16:05:44.0531 0460  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
16:05:44.0594 0460  nsiproxy - ok
16:05:44.0672 0460  [ 33C3093D09017CFE2E219F2472BFF6EB ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
16:05:44.0734 0460  Ntfs - ok
16:05:44.0750 0460  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\windows\system32\drivers\Null.sys
16:05:44.0828 0460  Null - ok
16:05:44.0859 0460  [ AF2EEC9580C1D32FB7EAF105D9784061 ] nvraid          C:\windows\system32\drivers\nvraid.sys
16:05:44.0890 0460  nvraid - ok
16:05:44.0906 0460  [ 9283C58EBAA2618F93482EB5DABCEC82 ] nvstor          C:\windows\system32\drivers\nvstor.sys
16:05:44.0937 0460  nvstor - ok
16:05:44.0968 0460  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
16:05:44.0999 0460  nv_agp - ok
16:05:45.0062 0460  [ B5D5DA8230D3D3525839D939A9196C3E ] OberonGameConsoleService C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
16:05:45.0077 0460  OberonGameConsoleService - ok
16:05:45.0186 0460  [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:05:45.0218 0460  odserv - ok
16:05:45.0249 0460  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
16:05:45.0280 0460  ohci1394 - ok
16:05:45.0311 0460  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:05:45.0342 0460  ose - ok
16:05:45.0374 0460  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
16:05:45.0420 0460  p2pimsvc - ok
16:05:45.0436 0460  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\windows\system32\p2psvc.dll
16:05:45.0498 0460  p2psvc - ok
16:05:45.0530 0460  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\windows\system32\DRIVERS\parport.sys
16:05:45.0545 0460  Parport - ok
16:05:45.0592 0460  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\windows\system32\drivers\partmgr.sys
16:05:45.0608 0460  partmgr - ok
16:05:45.0623 0460  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\windows\system32\DRIVERS\parvdm.sys
16:05:45.0670 0460  Parvdm - ok
16:05:45.0701 0460  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\windows\System32\pcasvc.dll
16:05:45.0732 0460  PcaSvc - ok
16:05:45.0764 0460  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\windows\system32\drivers\pci.sys
16:05:45.0795 0460  pci - ok
16:05:45.0810 0460  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\windows\system32\drivers\pciide.sys
16:05:45.0826 0460  pciide - ok
16:05:45.0842 0460  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
16:05:45.0873 0460  pcmcia - ok
16:05:45.0888 0460  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\windows\system32\drivers\pcw.sys
16:05:45.0904 0460  pcw - ok
16:05:45.0951 0460  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\windows\system32\drivers\peauth.sys
16:05:46.0013 0460  PEAUTH - ok
16:05:46.0107 0460  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\windows\system32\pla.dll
16:05:46.0200 0460  pla - ok
16:05:46.0232 0460  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\windows\system32\umpnpmgr.dll
16:05:46.0325 0460  PlugPlay - ok
16:05:46.0356 0460  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
16:05:46.0388 0460  PNRPAutoReg - ok
16:05:46.0419 0460  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
16:05:46.0450 0460  PNRPsvc - ok
16:05:46.0497 0460  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
16:05:46.0559 0460  PolicyAgent - ok
16:05:46.0606 0460  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\windows\system32\umpo.dll
16:05:46.0653 0460  Power - ok
16:05:46.0715 0460  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
16:05:46.0778 0460  PptpMiniport - ok
16:05:46.0793 0460  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\windows\system32\DRIVERS\processr.sys
16:05:46.0824 0460  Processor - ok
16:05:46.0856 0460  [ 43CA4CCC22D52FB58E8988F0198851D0 ] ProfSvc         C:\windows\system32\profsvc.dll
16:05:46.0918 0460  ProfSvc - ok
16:05:46.0934 0460  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\windows\system32\lsass.exe
16:05:46.0949 0460  ProtectedStorage - ok
16:05:46.0996 0460  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\windows\system32\DRIVERS\pacer.sys
16:05:47.0043 0460  Psched - ok
16:05:47.0105 0460  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\windows\system32\DRIVERS\ql2300.sys
16:05:47.0168 0460  ql2300 - ok
16:05:47.0183 0460  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\windows\system32\DRIVERS\ql40xx.sys
16:05:47.0199 0460  ql40xx - ok
16:05:47.0246 0460  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\windows\system32\qwave.dll
16:05:47.0292 0460  QWAVE - ok
16:05:47.0324 0460  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
16:05:47.0355 0460  QWAVEdrv - ok
16:05:47.0370 0460  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
16:05:47.0433 0460  RasAcd - ok
16:05:47.0464 0460  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
16:05:47.0526 0460  RasAgileVpn - ok
16:05:47.0558 0460  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\windows\System32\rasauto.dll
16:05:47.0620 0460  RasAuto - ok
16:05:47.0651 0460  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
16:05:47.0714 0460  Rasl2tp - ok
16:05:47.0760 0460  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\windows\System32\rasmans.dll
16:05:47.0823 0460  RasMan - ok
16:05:47.0854 0460  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
16:05:47.0916 0460  RasPppoe - ok
16:05:47.0963 0460  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
16:05:48.0026 0460  RasSstp - ok
16:05:48.0072 0460  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
16:05:48.0135 0460  rdbss - ok
16:05:48.0150 0460  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
16:05:48.0182 0460  rdpbus - ok
16:05:48.0213 0460  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
16:05:48.0260 0460  RDPCDD - ok
16:05:48.0291 0460  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
16:05:48.0353 0460  RDPENCDD - ok
16:05:48.0369 0460  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
16:05:48.0431 0460  RDPREFMP - ok
16:05:48.0478 0460  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
16:05:48.0509 0460  RDPWD - ok
16:05:48.0587 0460  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
16:05:48.0603 0460  rdyboost - ok
16:05:48.0665 0460  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\windows\System32\mprdim.dll
16:05:48.0728 0460  RemoteAccess - ok
16:05:48.0759 0460  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\windows\system32\regsvc.dll
16:05:48.0821 0460  RemoteRegistry - ok
16:05:48.0868 0460  [ F85AE59A52885F4B09AADAFB23001A3B ] Rezip           C:\windows\SYSTEM32\Rezip.exe
16:05:48.0899 0460  Rezip ( UnsignedFile.Multi.Generic ) - warning
16:05:48.0899 0460  Rezip - detected UnsignedFile.Multi.Generic (1)
16:05:48.0946 0460  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
16:05:48.0993 0460  RFCOMM - ok
16:05:49.0024 0460  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
16:05:49.0102 0460  RpcEptMapper - ok
16:05:49.0133 0460  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\windows\system32\locator.exe
16:05:49.0180 0460  RpcLocator - ok
16:05:49.0211 0460  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\windows\system32\rpcss.dll
16:05:49.0258 0460  RpcSs - ok
16:05:49.0305 0460  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
16:05:49.0367 0460  rspndr - ok
16:05:49.0398 0460  [ 7DFD48E24479B68B258D8770121155A0 ] RTL8167         C:\windows\system32\DRIVERS\Rt86win7.sys
16:05:49.0430 0460  RTL8167 - ok
16:05:49.0492 0460  [ A54DBEDF7CA55245AFD5B358BA5CA1B2 ] rtl819xp        C:\windows\system32\DRIVERS\rtl819xp.sys
16:05:49.0554 0460  rtl819xp - ok
16:05:49.0617 0460  [ 6E5FBB7CBAEC47038B945D5E9B144A64 ] SABI            C:\windows\system32\Drivers\SABI.sys
16:05:49.0648 0460  SABI - ok
16:05:49.0679 0460  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\windows\system32\lsass.exe
16:05:49.0695 0460  SamSs - ok
16:05:49.0742 0460  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
16:05:49.0773 0460  sbp2port - ok
16:05:49.0804 0460  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\windows\System32\SCardSvr.dll
16:05:49.0866 0460  SCardSvr - ok
16:05:49.0882 0460  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
16:05:49.0929 0460  scfilter - ok
16:05:49.0976 0460  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\windows\system32\schedsvc.dll
16:05:50.0054 0460  Schedule - ok
16:05:50.0085 0460  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\windows\System32\certprop.dll
16:05:50.0132 0460  SCPolicySvc - ok
16:05:50.0163 0460  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\windows\System32\SDRSVC.dll
16:05:50.0210 0460  SDRSVC - ok
16:05:50.0256 0460  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\windows\system32\drivers\secdrv.sys
16:05:50.0303 0460  secdrv - ok
16:05:50.0319 0460  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\windows\system32\seclogon.dll
16:05:50.0397 0460  seclogon - ok
16:05:50.0412 0460  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\windows\System32\sens.dll
16:05:50.0459 0460  SENS - ok
16:05:50.0490 0460  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\windows\system32\sensrsvc.dll
16:05:50.0522 0460  SensrSvc - ok
16:05:50.0553 0460  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\windows\system32\DRIVERS\serenum.sys
16:05:50.0600 0460  Serenum - ok
16:05:50.0615 0460  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\windows\system32\DRIVERS\serial.sys
16:05:50.0662 0460  Serial - ok
16:05:50.0678 0460  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
16:05:50.0709 0460  sermouse - ok
16:05:50.0771 0460  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\windows\system32\sessenv.dll
16:05:50.0834 0460  SessionEnv - ok
16:05:50.0880 0460  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
16:05:50.0912 0460  sffdisk - ok
16:05:50.0912 0460  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
16:05:50.0974 0460  sffp_mmc - ok
16:05:50.0990 0460  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
16:05:51.0036 0460  sffp_sd - ok
16:05:51.0068 0460  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\windows\system32\DRIVERS\sfloppy.sys
16:05:51.0114 0460  sfloppy - ok
16:05:51.0161 0460  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\windows\System32\ipnathlp.dll
16:05:51.0224 0460  SharedAccess - ok
16:05:51.0286 0460  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\windows\System32\shsvcs.dll
16:05:51.0348 0460  ShellHWDetection - ok
16:05:51.0364 0460  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\windows\system32\drivers\sisagp.sys
16:05:51.0395 0460  sisagp - ok
16:05:51.0426 0460  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\windows\system32\DRIVERS\SiSRaid2.sys
16:05:51.0442 0460  SiSRaid2 - ok
16:05:51.0473 0460  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\windows\system32\DRIVERS\sisraid4.sys
16:05:51.0489 0460  SiSRaid4 - ok
16:05:51.0504 0460  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\windows\system32\DRIVERS\smb.sys
16:05:51.0551 0460  Smb - ok
16:05:51.0598 0460  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
16:05:51.0645 0460  SNMPTRAP - ok
16:05:51.0660 0460  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\windows\system32\drivers\spldr.sys
16:05:51.0692 0460  spldr - ok
16:05:51.0738 0460  [ 866A43013535DC8587C258E43579C764 ] Spooler         C:\windows\System32\spoolsv.exe
16:05:51.0785 0460  Spooler - ok
16:05:51.0910 0460  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\windows\system32\sppsvc.exe
16:05:52.0019 0460  sppsvc - ok
16:05:52.0066 0460  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\windows\system32\sppuinotify.dll
16:05:52.0128 0460  sppuinotify - ok
16:05:52.0175 0460  [ D2B096CD2F56FAC6EEEED9A77DDF6DC8 ] SQLBrowser      C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
16:05:52.0206 0460  SQLBrowser - ok
16:05:52.0238 0460  [ 54902536AAD0E9B99BC65F89C0CAF93F ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
16:05:52.0269 0460  SQLWriter - ok
16:05:52.0300 0460  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\windows\system32\DRIVERS\srv.sys
16:05:52.0347 0460  srv - ok
16:05:52.0378 0460  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\windows\system32\DRIVERS\srv2.sys
16:05:52.0409 0460  srv2 - ok
16:05:52.0440 0460  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
16:05:52.0487 0460  srvnet - ok
16:05:52.0518 0460  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
16:05:52.0596 0460  SSDPSRV - ok
16:05:52.0628 0460  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\windows\system32\DRIVERS\ssmdrv.sys
16:05:52.0643 0460  ssmdrv - ok
16:05:52.0690 0460  [ EF3458337D7341A05169CEFC73709264 ] SSPORT          C:\windows\system32\Drivers\SSPORT.sys
16:05:52.0706 0460  SSPORT ( UnsignedFile.Multi.Generic ) - warning
16:05:52.0706 0460  SSPORT - detected UnsignedFile.Multi.Generic (1)
16:05:52.0737 0460  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\windows\system32\sstpsvc.dll
16:05:52.0799 0460  SstpSvc - ok
16:05:52.0830 0460  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\windows\system32\DRIVERS\stexstor.sys
16:05:52.0846 0460  stexstor - ok
16:05:52.0908 0460  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\windows\System32\wiaservc.dll
16:05:52.0971 0460  StiSvc - ok
16:05:53.0018 0460  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\windows\system32\drivers\swenum.sys
16:05:53.0033 0460  swenum - ok
16:05:53.0064 0460  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\windows\System32\swprv.dll
16:05:53.0127 0460  swprv - ok
16:05:53.0174 0460  [ 7A9025D8F7852B06D6D08ED536135E7E ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
16:05:53.0189 0460  SynTP - ok
16:05:53.0252 0460  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\windows\system32\sysmain.dll
16:05:53.0314 0460  SysMain - ok
16:05:53.0361 0460  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\windows\System32\TabSvc.dll
16:05:53.0408 0460  TabletInputService - ok
16:05:53.0454 0460  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\windows\System32\tapisrv.dll
16:05:53.0532 0460  TapiSrv - ok
16:05:53.0564 0460  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\windows\System32\tbssvc.dll
16:05:53.0642 0460  TBS - ok
16:05:53.0673 0460  [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip           C:\windows\system32\drivers\tcpip.sys
16:05:53.0735 0460  Tcpip - ok
16:05:53.0782 0460  [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
16:05:53.0829 0460  TCPIP6 - ok
16:05:53.0876 0460  [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
16:05:53.0938 0460  tcpipreg - ok
16:05:53.0985 0460  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
16:05:54.0016 0460  TDPIPE - ok
16:05:54.0063 0460  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
16:05:54.0094 0460  TDTCP - ok
16:05:54.0125 0460  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
16:05:54.0172 0460  tdx - ok
16:05:54.0188 0460  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\windows\system32\drivers\termdd.sys
16:05:54.0203 0460  TermDD - ok
16:05:54.0250 0460  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\windows\System32\termsrv.dll
16:05:54.0344 0460  TermService - ok
16:05:54.0375 0460  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\windows\system32\themeservice.dll
16:05:54.0422 0460  Themes - ok
16:05:54.0437 0460  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\windows\system32\mmcss.dll
16:05:54.0500 0460  THREADORDER - ok
16:05:54.0515 0460  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\windows\System32\trkwks.dll
16:05:54.0593 0460  TrkWks - ok
16:05:54.0640 0460  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
16:05:54.0702 0460  TrustedInstaller - ok
16:05:54.0734 0460  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
16:05:54.0796 0460  tssecsrv - ok
16:05:54.0843 0460  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
16:05:54.0874 0460  TsUsbFlt - ok
16:05:54.0921 0460  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
16:05:54.0983 0460  tunnel - ok
16:05:55.0014 0460  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\windows\system32\DRIVERS\uagp35.sys
16:05:55.0046 0460  uagp35 - ok
16:05:55.0092 0460  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\windows\system32\DRIVERS\udfs.sys
16:05:55.0155 0460  udfs - ok
16:05:55.0186 0460  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\windows\system32\UI0Detect.exe
16:05:55.0233 0460  UI0Detect - ok
16:05:55.0280 0460  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
16:05:55.0311 0460  uliagpkx - ok
16:05:55.0342 0460  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\windows\system32\drivers\umbus.sys
16:05:55.0358 0460  umbus - ok
16:05:55.0373 0460  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
16:05:55.0420 0460  UmPass - ok
16:05:55.0436 0460  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\windows\System32\upnphost.dll
16:05:55.0514 0460  upnphost - ok
16:05:55.0545 0460  [ 7E72E7D7E0757D59481D530FD2B0BFAE ] usbccgp         C:\windows\system32\drivers\usbccgp.sys
16:05:55.0576 0460  usbccgp - ok
16:05:55.0638 0460  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\windows\system32\drivers\usbcir.sys
16:05:55.0670 0460  usbcir - ok
16:05:55.0701 0460  [ CFBCE999C057D78979A181C9C60F208E ] usbehci         C:\windows\system32\drivers\usbehci.sys
16:05:55.0748 0460  usbehci - ok
16:05:55.0763 0460  [ 9D22AAD9AC6A07C691A1113E5F860868 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
16:05:55.0794 0460  usbhub - ok
16:05:55.0826 0460  [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci         C:\windows\system32\drivers\usbohci.sys
16:05:55.0857 0460  usbohci - ok
16:05:55.0904 0460  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
16:05:55.0950 0460  usbprint - ok
16:05:55.0966 0460  [ BF63EBFC6979FEFB2BC03DF7989A0C1A ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
16:05:55.0997 0460  USBSTOR - ok
16:05:56.0028 0460  [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
16:05:56.0060 0460  usbuhci - ok
16:05:56.0106 0460  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
16:05:56.0153 0460  usbvideo - ok
16:05:56.0184 0460  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\windows\System32\uxsms.dll
16:05:56.0231 0460  UxSms - ok
16:05:56.0231 0460  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\windows\system32\lsass.exe
16:05:56.0262 0460  VaultSvc - ok
16:05:56.0294 0460  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
16:05:56.0325 0460  vdrvroot - ok
16:05:56.0372 0460  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\windows\System32\vds.exe
16:05:56.0434 0460  vds - ok
16:05:56.0465 0460  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
16:05:56.0496 0460  vga - ok
16:05:56.0528 0460  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\windows\System32\drivers\vga.sys
16:05:56.0574 0460  VgaSave - ok
16:05:56.0621 0460  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
16:05:56.0652 0460  vhdmp - ok
16:05:56.0684 0460  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\windows\system32\drivers\viaagp.sys
16:05:56.0699 0460  viaagp - ok
16:05:56.0730 0460  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\windows\system32\DRIVERS\viac7.sys
16:05:56.0762 0460  ViaC7 - ok
16:05:56.0808 0460  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\windows\system32\drivers\viaide.sys
16:05:56.0824 0460  viaide - ok
16:05:56.0855 0460  [ 88C52F322117F60B7A0C89D683E30F6A ] VMC326          C:\windows\system32\Drivers\VMC326.sys
16:05:56.0886 0460  VMC326 - ok
16:05:56.0902 0460  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\windows\system32\drivers\volmgr.sys
16:05:56.0918 0460  volmgr - ok
16:05:56.0949 0460  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
16:05:56.0980 0460  volmgrx - ok
16:05:56.0996 0460  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\windows\system32\drivers\volsnap.sys
16:05:57.0027 0460  volsnap - ok
16:05:57.0089 0460  [ 6292C794BA68E0F46A6D45468461AFE1 ] Vsdatant        C:\windows\system32\DRIVERS\vsdatant.sys
16:05:57.0120 0460  Vsdatant - ok
16:05:57.0183 0460  vsmon - ok
16:05:57.0214 0460  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\windows\system32\DRIVERS\vsmraid.sys
16:05:57.0245 0460  vsmraid - ok
16:05:57.0308 0460  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\windows\system32\vssvc.exe
16:05:57.0386 0460  VSS - ok
16:05:57.0417 0460  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
16:05:57.0448 0460  vwifibus - ok
16:05:57.0479 0460  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
16:05:57.0526 0460  vwififlt - ok
16:05:57.0573 0460  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
16:05:57.0620 0460  vwifimp - ok
16:05:57.0651 0460  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\windows\system32\w32time.dll
16:05:57.0713 0460  W32Time - ok
16:05:57.0744 0460  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\windows\system32\DRIVERS\wacompen.sys
16:05:57.0791 0460  WacomPen - ok
16:05:57.0838 0460  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
16:05:57.0885 0460  WANARP - ok
16:05:57.0885 0460  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
16:05:57.0932 0460  Wanarpv6 - ok
16:05:58.0025 0460  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
16:05:58.0088 0460  WatAdminSvc - ok
16:05:58.0166 0460  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\windows\system32\wbengine.exe
16:05:58.0228 0460  wbengine - ok
16:05:58.0259 0460  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
16:05:58.0306 0460  WbioSrvc - ok
16:05:58.0337 0460  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\windows\System32\wcncsvc.dll
16:05:58.0368 0460  wcncsvc - ok
16:05:58.0384 0460  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
16:05:58.0446 0460  WcsPlugInService - ok
16:05:58.0478 0460  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\windows\system32\DRIVERS\wd.sys
16:05:58.0509 0460  Wd - ok
16:05:58.0540 0460  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
16:05:58.0571 0460  Wdf01000 - ok
16:05:58.0587 0460  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\windows\system32\wdi.dll
16:05:58.0618 0460  WdiServiceHost - ok
16:05:58.0618 0460  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\windows\system32\wdi.dll
16:05:58.0649 0460  WdiSystemHost - ok
16:05:58.0696 0460  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\windows\System32\webclnt.dll
16:05:58.0743 0460  WebClient - ok
16:05:58.0774 0460  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\windows\system32\wecsvc.dll
16:05:58.0836 0460  Wecsvc - ok
16:05:58.0836 0460  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\windows\System32\wercplsupport.dll
16:05:58.0914 0460  wercplsupport - ok
16:05:58.0946 0460  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\windows\System32\WerSvc.dll
16:05:59.0008 0460  WerSvc - ok
16:05:59.0039 0460  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
16:05:59.0086 0460  WfpLwf - ok
16:05:59.0102 0460  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\windows\system32\drivers\wimmount.sys
16:05:59.0133 0460  WIMMount - ok
16:05:59.0195 0460  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
16:05:59.0242 0460  WinDefend - ok
16:05:59.0258 0460  WinHttpAutoProxySvc - ok
16:05:59.0336 0460  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
16:05:59.0398 0460  Winmgmt - ok
16:05:59.0460 0460  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\windows\system32\WsmSvc.dll
16:05:59.0538 0460  WinRM - ok
16:05:59.0616 0460  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
16:05:59.0648 0460  WinUsb - ok
16:05:59.0694 0460  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\windows\System32\wlansvc.dll
16:05:59.0757 0460  Wlansvc - ok
16:05:59.0804 0460  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
16:05:59.0850 0460  WmiAcpi - ok
16:05:59.0897 0460  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
16:05:59.0928 0460  wmiApSrv - ok
16:06:00.0022 0460  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
16:06:00.0084 0460  WMPNetworkSvc - ok
16:06:00.0116 0460  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\windows\System32\wpcsvc.dll
16:06:00.0147 0460  WPCSvc - ok
16:06:00.0194 0460  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
16:06:00.0240 0460  WPDBusEnum - ok
16:06:00.0272 0460  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
16:06:00.0334 0460  ws2ifsl - ok
16:06:00.0365 0460  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\windows\System32\wscsvc.dll
16:06:00.0412 0460  wscsvc - ok
16:06:00.0412 0460  WSearch - ok
16:06:00.0490 0460  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\windows\system32\wuaueng.dll
16:06:00.0568 0460  wuauserv - ok
16:06:00.0615 0460  [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
16:06:00.0677 0460  WudfPf - ok
16:06:00.0708 0460  [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
16:06:00.0755 0460  WUDFRd - ok
16:06:00.0771 0460  [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
16:06:00.0849 0460  wudfsvc - ok
16:06:00.0880 0460  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\windows\System32\wwansvc.dll
16:06:00.0911 0460  WwanSvc - ok
16:06:00.0958 0460  [ F0CEEA6CC0E5BFEFC745B66DC5E9816B ] yksvc           C:\windows\System32\yk62x86.dll
16:06:01.0020 0460  yksvc - ok
16:06:01.0052 0460  [ 3EB1576F77B60A6C79DD7742B67219B8 ] yukonw7         C:\windows\system32\DRIVERS\yk62x86.sys
16:06:01.0114 0460  yukonw7 - ok
16:06:01.0161 0460  ================ Scan global ===============================
16:06:01.0208 0460  [ DAB748AE0439955ED2FA22357533DDDB ] C:\windows\system32\basesrv.dll
16:06:01.0239 0460  [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\windows\system32\winsrv.dll
16:06:01.0254 0460  [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\windows\system32\winsrv.dll
16:06:01.0286 0460  [ 364455805E64882844EE9ACB72522830 ] C:\windows\system32\sxssrv.dll
16:06:01.0332 0460  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\windows\system32\services.exe
16:06:01.0332 0460  [Global] - ok
16:06:01.0332 0460  ================ Scan MBR ==================================
16:06:01.0348 0460  [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
16:06:01.0832 0460  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
16:06:01.0832 0460  \Device\Harddisk0\DR0 - detected TDSS File System (1)
16:06:01.0847 0460  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
16:06:01.0972 0460  \Device\Harddisk1\DR1 - ok
16:06:01.0972 0460  ================ Scan VBR ==================================
16:06:01.0988 0460  [ B2AECF08A32B808926E5E4BA05876F6A ] \Device\Harddisk0\DR0\Partition1
16:06:01.0988 0460  \Device\Harddisk0\DR0\Partition1 - ok
16:06:02.0019 0460  [ C7AC0852FC076CADBDCFE7FCF59C70D8 ] \Device\Harddisk0\DR0\Partition2
16:06:02.0034 0460  \Device\Harddisk0\DR0\Partition2 - ok
16:06:02.0066 0460  [ 8518B25833FC024387E2F561918BC87C ] \Device\Harddisk0\DR0\Partition3
16:06:02.0066 0460  \Device\Harddisk0\DR0\Partition3 - ok
16:06:02.0081 0460  [ AC21E0F6BF8F9C2B7A2E93CCA45EF565 ] \Device\Harddisk1\DR1\Partition1
16:06:02.0081 0460  \Device\Harddisk1\DR1\Partition1 - ok
16:06:02.0081 0460  ============================================================
16:06:02.0081 0460  Scan finished
16:06:02.0081 0460  ============================================================
16:06:02.0097 1464  Detected object count: 3
16:06:02.0097 1464  Actual detected object count: 3
16:06:41.0456 1464  Rezip ( UnsignedFile.Multi.Generic ) - skipped by user
16:06:41.0456 1464  Rezip ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:06:41.0456 1464  SSPORT ( UnsignedFile.Multi.Generic ) - skipped by user
16:06:41.0456 1464  SSPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:06:41.0456 1464  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
16:06:41.0456 1464  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
         
Sorry wegen dem falschen code-tag, war vorhin nich ganz auf der Höhe.

Alt 10.12.2012, 16:26   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
recycler/e621ca05.exe auf meiner SD-Karte - Standard

recycler/e621ca05.exe auf meiner SD-Karte



Code:
ATTFilter
\Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
         
Diesen Eintrag bitte mit dem TDSS-Killer fixen. Aber bitte nur diesen Eintrag!

Um das zu tun musst du den TDSS-Killer neu starten und einen neuen Scan machen. Wenn du danach die Ergebnisse siehst, stellst du bitte diesen Eintrag auf CURE bzw. DELETE (je nachdem was dir angeboten wird, alle anderen bitte auf SKIP lassen! ) und klickst dann unten rechts auf continue

Starte Windows danach neu und mach wieder ein komplett neues Log mit dem TDSS-Killer. Wie immer wieder in CODE-Tags posten.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.12.2012, 17:27   #11
joepa
 
recycler/e621ca05.exe auf meiner SD-Karte - Standard

recycler/e621ca05.exe auf meiner SD-Karte



Code:
ATTFilter
17:25:22.0994 4424  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:25:23.0009 4424  ============================================================
17:25:23.0009 4424  Current date / time: 2012/12/10 17:25:23.0009
17:25:23.0009 4424  SystemInfo:
17:25:23.0009 4424  
17:25:23.0009 4424  OS Version: 6.1.7601 ServicePack: 1.0
17:25:23.0009 4424  Product type: Workstation
17:25:23.0009 4424  ComputerName: FRIEDENSPANZER
17:25:23.0009 4424  UserName: Jörg Panzer
17:25:23.0009 4424  Windows directory: C:\windows
17:25:23.0009 4424  System windows directory: C:\windows
17:25:23.0009 4424  Processor architecture: Intel x86
17:25:23.0009 4424  Number of processors: 2
17:25:23.0009 4424  Page size: 0x1000
17:25:23.0009 4424  Boot type: Normal boot
17:25:23.0009 4424  ============================================================
17:25:23.0384 4424  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:25:23.0384 4424  Drive \Device\Harddisk1\DR1 - Size: 0x74F300000 (29.24 Gb), SectorSize: 0x200, Cylinders: 0xEE8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:25:23.0384 4424  ============================================================
17:25:23.0384 4424  \Device\Harddisk0\DR0:
17:25:23.0384 4424  MBR partitions:
17:25:23.0384 4424  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
17:25:23.0384 4424  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x14479800
17:25:23.0384 4424  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x162AC000, BlocksNum 0x240D9800
17:25:23.0384 4424  \Device\Harddisk1\DR1:
17:25:23.0384 4424  MBR partitions:
17:25:23.0384 4424  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x2000, BlocksNum 0x3A77800
17:25:23.0384 4424  ============================================================
17:25:23.0399 4424  C: <-> \Device\Harddisk0\DR0\Partition2
17:25:23.0446 4424  D: <-> \Device\Harddisk0\DR0\Partition3
17:25:23.0446 4424  ============================================================
17:25:23.0446 4424  Initialize success
17:25:23.0446 4424  ============================================================
17:25:39.0623 6140  ============================================================
17:25:39.0623 6140  Scan started
17:25:39.0623 6140  Mode: Manual; SigCheck; TDLFS; 
17:25:39.0623 6140  ============================================================
17:25:39.0857 6140  ================ Scan system memory ========================
17:25:39.0857 6140  System memory - ok
17:25:39.0857 6140  ================ Scan services =============================
17:25:40.0045 6140  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
17:25:40.0185 6140  1394ohci - ok
17:25:40.0247 6140  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\windows\system32\drivers\ACPI.sys
17:25:40.0279 6140  ACPI - ok
17:25:40.0310 6140  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
17:25:40.0341 6140  AcpiPmi - ok
17:25:40.0435 6140  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:25:40.0450 6140  AdobeFlashPlayerUpdateSvc - ok
17:25:40.0513 6140  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\windows\system32\DRIVERS\adp94xx.sys
17:25:40.0544 6140  adp94xx - ok
17:25:40.0591 6140  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\windows\system32\DRIVERS\adpahci.sys
17:25:40.0622 6140  adpahci - ok
17:25:40.0637 6140  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\windows\system32\DRIVERS\adpu320.sys
17:25:40.0669 6140  adpu320 - ok
17:25:40.0715 6140  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
17:25:40.0747 6140  AeLookupSvc - ok
17:25:40.0809 6140  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\windows\system32\drivers\afd.sys
17:25:40.0840 6140  AFD - ok
17:25:40.0903 6140  [ 6416F9B6B220F0A890525C38235AFAD7 ] AgereModemAudio C:\Program Files\LSI SoftModem\agrsmsvc.exe
17:25:40.0934 6140  AgereModemAudio - ok
17:25:40.0981 6140  [ 07758C2196A62F207F77556311E7459A ] AgereSoftModem  C:\windows\system32\DRIVERS\AGRSM.sys
17:25:41.0043 6140  AgereSoftModem - ok
17:25:41.0090 6140  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\windows\system32\drivers\agp440.sys
17:25:41.0105 6140  agp440 - ok
17:25:41.0137 6140  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\windows\system32\DRIVERS\djsvs.sys
17:25:41.0168 6140  aic78xx - ok
17:25:41.0215 6140  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\windows\System32\alg.exe
17:25:41.0261 6140  ALG - ok
17:25:41.0277 6140  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\windows\system32\drivers\aliide.sys
17:25:41.0293 6140  aliide - ok
17:25:41.0339 6140  [ 4CD8AA0DC5C3F1E5A8FF67EB7D85ABB4 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
17:25:41.0417 6140  AMD External Events Utility - ok
17:25:41.0433 6140  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\windows\system32\drivers\amdagp.sys
17:25:41.0464 6140  amdagp - ok
17:25:41.0511 6140  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\windows\system32\drivers\amdide.sys
17:25:41.0527 6140  amdide - ok
17:25:41.0558 6140  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\windows\system32\DRIVERS\amdk8.sys
17:25:41.0620 6140  AmdK8 - ok
17:25:41.0636 6140  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
17:25:41.0667 6140  AmdPPM - ok
17:25:41.0729 6140  [ E7F4D42D8076EC60E21715CD11743A0D ] amdsata         C:\windows\system32\drivers\amdsata.sys
17:25:41.0761 6140  amdsata - ok
17:25:41.0776 6140  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\windows\system32\DRIVERS\amdsbs.sys
17:25:41.0807 6140  amdsbs - ok
17:25:41.0823 6140  [ 146459D2B08BFDCBFA856D9947043C81 ] amdxata         C:\windows\system32\drivers\amdxata.sys
17:25:41.0839 6140  amdxata - ok
17:25:41.0932 6140  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
17:25:41.0948 6140  AntiVirSchedulerService - ok
17:25:41.0979 6140  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
17:25:42.0010 6140  AntiVirService - ok
17:25:42.0057 6140  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\windows\system32\drivers\appid.sys
17:25:42.0119 6140  AppID - ok
17:25:42.0151 6140  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\windows\System32\appidsvc.dll
17:25:42.0213 6140  AppIDSvc - ok
17:25:42.0260 6140  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\windows\System32\appinfo.dll
17:25:42.0354 6140  Appinfo - ok
17:25:42.0432 6140  [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:25:42.0464 6140  Apple Mobile Device - ok
17:25:42.0495 6140  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\windows\system32\DRIVERS\arc.sys
17:25:42.0526 6140  arc - ok
17:25:42.0542 6140  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\windows\system32\DRIVERS\arcsas.sys
17:25:42.0573 6140  arcsas - ok
17:25:42.0651 6140  [ 39CDCB109BF200CC8A05B9C7E6272D11 ] aspnet_state    C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:25:42.0666 6140  aspnet_state - ok
17:25:42.0698 6140  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
17:25:42.0760 6140  AsyncMac - ok
17:25:42.0822 6140  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\windows\system32\drivers\atapi.sys
17:25:42.0838 6140  atapi - ok
17:25:42.0994 6140  [ 745C79700646C3F285CD09775618A04B ] atikmdag        C:\windows\system32\DRIVERS\atikmdag.sys
17:25:43.0181 6140  atikmdag - ok
17:25:43.0244 6140  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
17:25:43.0322 6140  AudioEndpointBuilder - ok
17:25:43.0322 6140  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\windows\System32\Audiosrv.dll
17:25:43.0384 6140  Audiosrv - ok
17:25:43.0446 6140  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\windows\system32\DRIVERS\avgntflt.sys
17:25:43.0478 6140  avgntflt - ok
17:25:43.0493 6140  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\windows\system32\DRIVERS\avipbb.sys
17:25:43.0524 6140  avipbb - ok
17:25:43.0556 6140  [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr          C:\windows\system32\DRIVERS\avkmgr.sys
17:25:43.0571 6140  avkmgr - ok
17:25:43.0618 6140  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\windows\System32\AxInstSV.dll
17:25:43.0665 6140  AxInstSV - ok
17:25:43.0712 6140  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\windows\system32\DRIVERS\bxvbdx.sys
17:25:43.0758 6140  b06bdrv - ok
17:25:43.0805 6140  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\windows\system32\DRIVERS\b57nd60x.sys
17:25:43.0836 6140  b57nd60x - ok
17:25:43.0899 6140  [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
17:25:43.0930 6140  BcmSqlStartupSvc - ok
17:25:43.0977 6140  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\windows\System32\bdesvc.dll
17:25:44.0024 6140  BDESVC - ok
17:25:44.0039 6140  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\windows\system32\drivers\Beep.sys
17:25:44.0102 6140  Beep - ok
17:25:44.0164 6140  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\windows\System32\bfe.dll
17:25:44.0226 6140  BFE - ok
17:25:44.0273 6140  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\windows\System32\qmgr.dll
17:25:44.0351 6140  BITS - ok
17:25:44.0382 6140  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
17:25:44.0414 6140  blbdrive - ok
17:25:44.0523 6140  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:25:44.0538 6140  Bonjour Service - ok
17:25:44.0585 6140  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
17:25:44.0616 6140  bowser - ok
17:25:44.0648 6140  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\windows\system32\DRIVERS\BrFiltLo.sys
17:25:44.0679 6140  BrFiltLo - ok
17:25:44.0694 6140  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\windows\system32\DRIVERS\BrFiltUp.sys
17:25:44.0741 6140  BrFiltUp - ok
17:25:44.0788 6140  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\windows\System32\browser.dll
17:25:44.0819 6140  Browser - ok
17:25:44.0850 6140  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\windows\System32\Drivers\Brserid.sys
17:25:44.0897 6140  Brserid - ok
17:25:44.0913 6140  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
17:25:44.0960 6140  BrSerWdm - ok
17:25:44.0975 6140  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
17:25:45.0006 6140  BrUsbMdm - ok
17:25:45.0022 6140  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
17:25:45.0084 6140  BrUsbSer - ok
17:25:45.0147 6140  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum         C:\windows\system32\drivers\BthEnum.sys
17:25:45.0178 6140  BthEnum - ok
17:25:45.0194 6140  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
17:25:45.0240 6140  BTHMODEM - ok
17:25:45.0287 6140  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
17:25:45.0303 6140  BthPan - ok
17:25:45.0365 6140  [ C2FBF6D271D9A94D839C416BF186EAD9 ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys
17:25:45.0412 6140  BTHPORT - ok
17:25:45.0443 6140  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\windows\system32\bthserv.dll
17:25:45.0506 6140  bthserv - ok
17:25:45.0537 6140  [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
17:25:45.0568 6140  BTHUSB - ok
17:25:45.0584 6140  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
17:25:45.0646 6140  cdfs - ok
17:25:45.0708 6140  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\windows\system32\drivers\cdrom.sys
17:25:45.0740 6140  cdrom - ok
17:25:45.0786 6140  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\windows\System32\certprop.dll
17:25:45.0849 6140  CertPropSvc - ok
17:25:45.0880 6140  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\windows\system32\DRIVERS\circlass.sys
17:25:45.0911 6140  circlass - ok
17:25:45.0942 6140  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\windows\system32\CLFS.sys
17:25:45.0974 6140  CLFS - ok
17:25:46.0005 6140  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:25:46.0036 6140  clr_optimization_v2.0.50727_32 - ok
17:25:46.0052 6140  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
17:25:46.0098 6140  CmBatt - ok
17:25:46.0145 6140  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\windows\system32\drivers\cmdide.sys
17:25:46.0161 6140  cmdide - ok
17:25:46.0208 6140  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\windows\system32\Drivers\cng.sys
17:25:46.0254 6140  CNG - ok
17:25:46.0270 6140  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
17:25:46.0286 6140  Compbatt - ok
17:25:46.0348 6140  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
17:25:46.0395 6140  CompositeBus - ok
17:25:46.0410 6140  COMSysApp - ok
17:25:46.0426 6140  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\windows\system32\DRIVERS\crcdisk.sys
17:25:46.0457 6140  crcdisk - ok
17:25:46.0504 6140  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\windows\system32\cryptsvc.dll
17:25:46.0551 6140  CryptSvc - ok
17:25:46.0598 6140  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\windows\system32\rpcss.dll
17:25:46.0676 6140  DcomLaunch - ok
17:25:46.0707 6140  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\windows\System32\defragsvc.dll
17:25:46.0769 6140  defragsvc - ok
17:25:46.0800 6140  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
17:25:46.0878 6140  DfsC - ok
17:25:46.0894 6140  DgiVecp - ok
17:25:46.0925 6140  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\windows\system32\dhcpcore.dll
17:25:47.0003 6140  Dhcp - ok
17:25:47.0034 6140  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\windows\system32\drivers\discache.sys
17:25:47.0097 6140  discache - ok
17:25:47.0144 6140  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\windows\system32\DRIVERS\disk.sys
17:25:47.0159 6140  Disk - ok
17:25:47.0190 6140  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\windows\System32\dnsrslvr.dll
17:25:47.0253 6140  Dnscache - ok
17:25:47.0284 6140  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\windows\System32\dot3svc.dll
17:25:47.0346 6140  dot3svc - ok
17:25:47.0393 6140  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\windows\system32\dps.dll
17:25:47.0456 6140  DPS - ok
17:25:47.0502 6140  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
17:25:47.0549 6140  drmkaud - ok
17:25:47.0612 6140  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
17:25:47.0643 6140  DXGKrnl - ok
17:25:47.0690 6140  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\windows\System32\eapsvc.dll
17:25:47.0752 6140  EapHost - ok
17:25:47.0846 6140  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\windows\system32\DRIVERS\evbdx.sys
17:25:47.0955 6140  ebdrv - ok
17:25:47.0986 6140  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\windows\System32\lsass.exe
17:25:48.0033 6140  EFS - ok
17:25:48.0111 6140  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
17:25:48.0158 6140  ehRecvr - ok
17:25:48.0204 6140  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\windows\ehome\ehsched.exe
17:25:48.0236 6140  ehSched - ok
17:25:48.0298 6140  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\windows\system32\DRIVERS\elxstor.sys
17:25:48.0329 6140  elxstor - ok
17:25:48.0345 6140  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\windows\system32\drivers\errdev.sys
17:25:48.0392 6140  ErrDev - ok
17:25:48.0438 6140  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\windows\system32\es.dll
17:25:48.0501 6140  EventSystem - ok
17:25:48.0532 6140  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\windows\system32\drivers\exfat.sys
17:25:48.0594 6140  exfat - ok
17:25:48.0626 6140  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\windows\system32\drivers\fastfat.sys
17:25:48.0688 6140  fastfat - ok
17:25:48.0735 6140  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\windows\system32\fxssvc.exe
17:25:48.0782 6140  Fax - ok
17:25:48.0813 6140  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\windows\system32\DRIVERS\fdc.sys
17:25:48.0828 6140  fdc - ok
17:25:48.0860 6140  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\windows\system32\fdPHost.dll
17:25:48.0922 6140  fdPHost - ok
17:25:48.0938 6140  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\windows\system32\fdrespub.dll
17:25:49.0000 6140  FDResPub - ok
17:25:49.0016 6140  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
17:25:49.0047 6140  FileInfo - ok
17:25:49.0062 6140  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
17:25:49.0125 6140  Filetrace - ok
17:25:49.0125 6140  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
17:25:49.0172 6140  flpydisk - ok
17:25:49.0203 6140  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
17:25:49.0218 6140  FltMgr - ok
17:25:49.0281 6140  [ FA6C66E4364D7DA57AADE5DCC03BB999 ] FontCache       C:\windows\system32\FntCache.dll
17:25:49.0359 6140  FontCache - ok
17:25:49.0421 6140  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:25:49.0437 6140  FontCache3.0.0.0 - ok
17:25:49.0452 6140  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
17:25:49.0484 6140  FsDepends - ok
17:25:49.0515 6140  [ B74B0578FD1D3F897E95F2A2B69EA051 ] fssfltr         C:\windows\system32\DRIVERS\fssfltr.sys
17:25:49.0530 6140  fssfltr - ok
17:25:49.0624 6140  [ 206AD9A89BF05DFA1621F1FC7B82592D ] fsssvc          C:\Program Files\Windows Live\Family Safety\fsssvc.exe
17:25:49.0655 6140  fsssvc - ok
17:25:49.0686 6140  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
17:25:49.0718 6140  Fs_Rec - ok
17:25:49.0764 6140  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
17:25:49.0796 6140  fvevol - ok
17:25:49.0827 6140  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\windows\system32\DRIVERS\gagp30kx.sys
17:25:49.0858 6140  gagp30kx - ok
17:25:49.0905 6140  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\windows\system32\DRIVERS\GEARAspiWDM.sys
17:25:49.0920 6140  GEARAspiWDM - ok
17:25:49.0967 6140  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\windows\System32\gpsvc.dll
17:25:50.0030 6140  gpsvc - ok
17:25:50.0076 6140  [ 833051C6C6C42117191935F734CFBD97 ] hamachi         C:\windows\system32\DRIVERS\hamachi.sys
17:25:50.0092 6140  hamachi - ok
17:25:50.0217 6140  [ A7EBBF64C7610B7C67D46AE620AADBA3 ] Hamachi2Svc     C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
17:25:50.0279 6140  Hamachi2Svc - ok
17:25:50.0295 6140  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
17:25:50.0326 6140  hcw85cir - ok
17:25:50.0404 6140  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
17:25:50.0451 6140  HdAudAddService - ok
17:25:50.0482 6140  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
17:25:50.0513 6140  HDAudBus - ok
17:25:50.0544 6140  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\windows\system32\DRIVERS\HidBatt.sys
17:25:50.0576 6140  HidBatt - ok
17:25:50.0591 6140  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
17:25:50.0638 6140  HidBth - ok
17:25:50.0669 6140  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\windows\system32\DRIVERS\hidir.sys
17:25:50.0716 6140  HidIr - ok
17:25:50.0732 6140  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\windows\system32\hidserv.dll
17:25:50.0810 6140  hidserv - ok
17:25:50.0872 6140  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
17:25:50.0903 6140  HidUsb - ok
17:25:50.0950 6140  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\windows\system32\kmsvc.dll
17:25:51.0012 6140  hkmsvc - ok
17:25:51.0059 6140  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\windows\system32\ListSvc.dll
17:25:51.0090 6140  HomeGroupListener - ok
17:25:51.0137 6140  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\windows\system32\provsvc.dll
17:25:51.0184 6140  HomeGroupProvider - ok
17:25:51.0215 6140  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
17:25:51.0246 6140  HpSAMD - ok
17:25:51.0309 6140  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\windows\system32\drivers\HTTP.sys
17:25:51.0356 6140  HTTP - ok
17:25:51.0402 6140  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
17:25:51.0418 6140  hwpolicy - ok
17:25:51.0480 6140  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\windows\system32\drivers\i8042prt.sys
17:25:51.0512 6140  i8042prt - ok
17:25:51.0558 6140  [ D483687EACE0C065EE772481A96E05F5 ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
17:25:51.0590 6140  iaStor - ok
17:25:51.0621 6140  [ A3CAE5D281DB4CFF7CFF8233507EE5AD ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
17:25:51.0652 6140  iaStorV - ok
17:25:51.0730 6140  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:25:51.0777 6140  idsvc - ok
17:25:51.0902 6140  [ AD626F6964F4D364D226C39E06872DD3 ] igfx            C:\windows\system32\DRIVERS\igdkmd32.sys
17:25:52.0073 6140  igfx - ok
17:25:52.0104 6140  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\windows\system32\DRIVERS\iirsp.sys
17:25:52.0136 6140  iirsp - ok
17:25:52.0198 6140  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\windows\System32\ikeext.dll
17:25:52.0260 6140  IKEEXT - ok
17:25:52.0354 6140  [ 5CEEF2CCCB4FE00D3FFBFEB12BCFA07F ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys
17:25:52.0448 6140  IntcAzAudAddService - ok
17:25:52.0463 6140  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\windows\system32\drivers\intelide.sys
17:25:52.0494 6140  intelide - ok
17:25:52.0526 6140  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
17:25:52.0572 6140  intelppm - ok
17:25:52.0619 6140  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\windows\system32\ipbusenum.dll
17:25:52.0666 6140  IPBusEnum - ok
17:25:52.0697 6140  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
17:25:52.0760 6140  IpFilterDriver - ok
17:25:52.0822 6140  [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
17:25:52.0884 6140  iphlpsvc - ok
17:25:52.0931 6140  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
17:25:52.0962 6140  IPMIDRV - ok
17:25:52.0994 6140  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\windows\system32\drivers\ipnat.sys
17:25:53.0040 6140  IPNAT - ok
17:25:53.0134 6140  [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
17:25:53.0165 6140  iPod Service - ok
17:25:53.0212 6140  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\windows\system32\drivers\irenum.sys
17:25:53.0259 6140  IRENUM - ok
17:25:53.0290 6140  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\windows\system32\drivers\isapnp.sys
17:25:53.0321 6140  isapnp - ok
17:25:53.0337 6140  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
17:25:53.0368 6140  iScsiPrt - ok
17:25:53.0446 6140  [ A195C4FC49492928E8296B8C4AB00517 ] ISWKL           C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
17:25:53.0462 6140  ISWKL - ok
17:25:53.0508 6140  [ E78EACA70B4E0C260E4B32972B7086AC ] IswSvc          C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
17:25:53.0540 6140  IswSvc - ok
17:25:53.0571 6140  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\windows\system32\drivers\kbdclass.sys
17:25:53.0586 6140  kbdclass - ok
17:25:53.0633 6140  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
17:25:53.0680 6140  kbdhid - ok
17:25:53.0696 6140  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\windows\system32\lsass.exe
17:25:53.0727 6140  KeyIso - ok
17:25:53.0758 6140  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
17:25:53.0789 6140  KSecDD - ok
17:25:53.0805 6140  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
17:25:53.0836 6140  KSecPkg - ok
17:25:53.0867 6140  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\windows\system32\msdtckrm.dll
17:25:53.0945 6140  KtmRm - ok
17:25:53.0976 6140  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\windows\system32\srvsvc.dll
17:25:54.0039 6140  LanmanServer - ok
17:25:54.0070 6140  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
17:25:54.0132 6140  LanmanWorkstation - ok
17:25:54.0179 6140  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
17:25:54.0242 6140  lltdio - ok
17:25:54.0273 6140  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\windows\System32\lltdsvc.dll
17:25:54.0351 6140  lltdsvc - ok
17:25:54.0382 6140  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\windows\System32\lmhsvc.dll
17:25:54.0429 6140  lmhosts - ok
17:25:54.0460 6140  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\windows\system32\DRIVERS\lsi_fc.sys
17:25:54.0491 6140  LSI_FC - ok
17:25:54.0491 6140  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\windows\system32\DRIVERS\lsi_sas.sys
17:25:54.0522 6140  LSI_SAS - ok
17:25:54.0538 6140  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\windows\system32\DRIVERS\lsi_sas2.sys
17:25:54.0569 6140  LSI_SAS2 - ok
17:25:54.0585 6140  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\windows\system32\DRIVERS\lsi_scsi.sys
17:25:54.0600 6140  LSI_SCSI - ok
17:25:54.0632 6140  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\windows\system32\drivers\luafv.sys
17:25:54.0710 6140  luafv - ok
17:25:54.0788 6140  McAfee SiteAdvisor Service - ok
17:25:54.0819 6140  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
17:25:54.0850 6140  Mcx2Svc - ok
17:25:54.0866 6140  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\windows\system32\DRIVERS\megasas.sys
17:25:54.0897 6140  megasas - ok
17:25:54.0928 6140  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\windows\system32\DRIVERS\MegaSR.sys
17:25:54.0959 6140  MegaSR - ok
17:25:54.0990 6140  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\windows\system32\mmcss.dll
17:25:55.0053 6140  MMCSS - ok
17:25:55.0068 6140  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\windows\system32\drivers\modem.sys
17:25:55.0115 6140  Modem - ok
17:25:55.0131 6140  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
17:25:55.0178 6140  monitor - ok
17:25:55.0224 6140  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
17:25:55.0256 6140  mouclass - ok
17:25:55.0302 6140  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
17:25:55.0334 6140  mouhid - ok
17:25:55.0365 6140  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
17:25:55.0396 6140  mountmgr - ok
17:25:55.0458 6140  [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:25:55.0474 6140  MozillaMaintenance - ok
17:25:55.0521 6140  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\windows\system32\drivers\mpio.sys
17:25:55.0536 6140  mpio - ok
17:25:55.0568 6140  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
17:25:55.0614 6140  mpsdrv - ok
17:25:55.0661 6140  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\windows\system32\mpssvc.dll
17:25:55.0724 6140  MpsSvc - ok
17:25:55.0770 6140  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
17:25:55.0802 6140  MRxDAV - ok
17:25:55.0848 6140  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
17:25:55.0895 6140  mrxsmb - ok
17:25:55.0911 6140  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
17:25:55.0958 6140  mrxsmb10 - ok
17:25:55.0973 6140  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
17:25:56.0020 6140  mrxsmb20 - ok
17:25:56.0051 6140  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\windows\system32\drivers\msahci.sys
17:25:56.0082 6140  msahci - ok
17:25:56.0082 6140  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\windows\system32\drivers\msdsm.sys
17:25:56.0114 6140  msdsm - ok
17:25:56.0129 6140  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\windows\System32\msdtc.exe
17:25:56.0176 6140  MSDTC - ok
17:25:56.0207 6140  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\windows\system32\drivers\Msfs.sys
17:25:56.0285 6140  Msfs - ok
17:25:56.0301 6140  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
17:25:56.0379 6140  mshidkmdf - ok
17:25:56.0394 6140  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
17:25:56.0426 6140  msisadrv - ok
17:25:56.0472 6140  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
17:25:56.0535 6140  MSiSCSI - ok
17:25:56.0535 6140  msiserver - ok
17:25:56.0566 6140  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
17:25:56.0628 6140  MSKSSRV - ok
17:25:56.0660 6140  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
17:25:56.0722 6140  MSPCLOCK - ok
17:25:56.0738 6140  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
17:25:56.0800 6140  MSPQM - ok
17:25:56.0831 6140  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
17:25:56.0862 6140  MsRPC - ok
17:25:56.0909 6140  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
17:25:56.0925 6140  mssmbios - ok
17:25:56.0987 6140  MSSQL$MSSMLBIZ - ok
17:25:57.0018 6140  [ ADAF062116B4E6D96E44D26486A87AF6 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
17:25:57.0034 6140  MSSQLServerADHelper - ok
17:25:57.0065 6140  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
17:25:57.0112 6140  MSTEE - ok
17:25:57.0128 6140  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\windows\system32\DRIVERS\MTConfig.sys
17:25:57.0174 6140  MTConfig - ok
17:25:57.0190 6140  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\windows\system32\Drivers\mup.sys
17:25:57.0206 6140  Mup - ok
17:25:57.0252 6140  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\windows\system32\qagentRT.dll
17:25:57.0330 6140  napagent - ok
17:25:57.0377 6140  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
17:25:57.0408 6140  NativeWifiP - ok
17:25:57.0471 6140  [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS            C:\windows\system32\drivers\ndis.sys
17:25:57.0502 6140  NDIS - ok
17:25:57.0518 6140  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
17:25:57.0580 6140  NdisCap - ok
17:25:57.0611 6140  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
17:25:57.0674 6140  NdisTapi - ok
17:25:57.0736 6140  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
17:25:57.0798 6140  Ndisuio - ok
17:25:57.0830 6140  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
17:25:57.0892 6140  NdisWan - ok
17:25:57.0939 6140  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
17:25:58.0001 6140  NDProxy - ok
17:25:58.0048 6140  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
17:25:58.0110 6140  NetBIOS - ok
17:25:58.0142 6140  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
17:25:58.0220 6140  NetBT - ok
17:25:58.0235 6140  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\windows\system32\lsass.exe
17:25:58.0266 6140  Netlogon - ok
17:25:58.0313 6140  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\windows\System32\netman.dll
17:25:58.0391 6140  Netman - ok
17:25:58.0407 6140  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\windows\System32\netprofm.dll
17:25:58.0485 6140  netprofm - ok
17:25:58.0516 6140  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:25:58.0547 6140  NetTcpPortSharing - ok
17:25:58.0578 6140  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\windows\system32\DRIVERS\nfrd960.sys
17:25:58.0610 6140  nfrd960 - ok
17:25:58.0641 6140  [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc          C:\windows\System32\nlasvc.dll
17:25:58.0703 6140  NlaSvc - ok
17:25:58.0750 6140  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\windows\system32\drivers\Npfs.sys
17:25:58.0797 6140  Npfs - ok
17:25:58.0828 6140  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\windows\system32\nsisvc.dll
17:25:58.0875 6140  nsi - ok
17:25:58.0890 6140  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
17:25:58.0953 6140  nsiproxy - ok
17:25:59.0031 6140  [ 33C3093D09017CFE2E219F2472BFF6EB ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
17:25:59.0078 6140  Ntfs - ok
17:25:59.0109 6140  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\windows\system32\drivers\Null.sys
17:25:59.0187 6140  Null - ok
17:25:59.0218 6140  [ AF2EEC9580C1D32FB7EAF105D9784061 ] nvraid          C:\windows\system32\drivers\nvraid.sys
17:25:59.0249 6140  nvraid - ok
17:25:59.0265 6140  [ 9283C58EBAA2618F93482EB5DABCEC82 ] nvstor          C:\windows\system32\drivers\nvstor.sys
17:25:59.0280 6140  nvstor - ok
17:25:59.0327 6140  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
17:25:59.0358 6140  nv_agp - ok
17:25:59.0421 6140  [ B5D5DA8230D3D3525839D939A9196C3E ] OberonGameConsoleService C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
17:25:59.0436 6140  OberonGameConsoleService - ok
17:25:59.0530 6140  [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:25:59.0561 6140  odserv - ok
17:25:59.0592 6140  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
17:25:59.0624 6140  ohci1394 - ok
17:25:59.0655 6140  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:25:59.0686 6140  ose - ok
17:25:59.0733 6140  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
17:25:59.0780 6140  p2pimsvc - ok
17:25:59.0795 6140  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\windows\system32\p2psvc.dll
17:25:59.0826 6140  p2psvc - ok
17:25:59.0858 6140  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\windows\system32\DRIVERS\parport.sys
17:25:59.0889 6140  Parport - ok
17:25:59.0920 6140  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\windows\system32\drivers\partmgr.sys
17:25:59.0951 6140  partmgr - ok
17:25:59.0951 6140  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\windows\system32\DRIVERS\parvdm.sys
17:25:59.0982 6140  Parvdm - ok
17:25:59.0998 6140  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\windows\System32\pcasvc.dll
17:26:00.0029 6140  PcaSvc - ok
17:26:00.0060 6140  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\windows\system32\drivers\pci.sys
17:26:00.0092 6140  pci - ok
17:26:00.0107 6140  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\windows\system32\drivers\pciide.sys
17:26:00.0123 6140  pciide - ok
17:26:00.0138 6140  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
17:26:00.0170 6140  pcmcia - ok
17:26:00.0185 6140  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\windows\system32\drivers\pcw.sys
17:26:00.0216 6140  pcw - ok
17:26:00.0248 6140  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\windows\system32\drivers\peauth.sys
17:26:00.0326 6140  PEAUTH - ok
17:26:00.0419 6140  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\windows\system32\pla.dll
17:26:00.0513 6140  pla - ok
17:26:00.0544 6140  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\windows\system32\umpnpmgr.dll
17:26:00.0606 6140  PlugPlay - ok
17:26:00.0638 6140  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
17:26:00.0669 6140  PNRPAutoReg - ok
17:26:00.0700 6140  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
17:26:00.0731 6140  PNRPsvc - ok
17:26:00.0778 6140  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
17:26:00.0840 6140  PolicyAgent - ok
17:26:00.0872 6140  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\windows\system32\umpo.dll
17:26:00.0918 6140  Power - ok
17:26:00.0965 6140  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
17:26:01.0012 6140  PptpMiniport - ok
17:26:01.0043 6140  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\windows\system32\DRIVERS\processr.sys
17:26:01.0059 6140  Processor - ok
17:26:01.0106 6140  [ 43CA4CCC22D52FB58E8988F0198851D0 ] ProfSvc         C:\windows\system32\profsvc.dll
17:26:01.0152 6140  ProfSvc - ok
17:26:01.0168 6140  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\windows\system32\lsass.exe
17:26:01.0199 6140  ProtectedStorage - ok
17:26:01.0230 6140  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\windows\system32\DRIVERS\pacer.sys
17:26:01.0293 6140  Psched - ok
17:26:01.0340 6140  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\windows\system32\DRIVERS\ql2300.sys
17:26:01.0402 6140  ql2300 - ok
17:26:01.0418 6140  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\windows\system32\DRIVERS\ql40xx.sys
17:26:01.0449 6140  ql40xx - ok
17:26:01.0480 6140  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\windows\system32\qwave.dll
17:26:01.0542 6140  QWAVE - ok
17:26:01.0542 6140  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
17:26:01.0574 6140  QWAVEdrv - ok
17:26:01.0605 6140  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
17:26:01.0667 6140  RasAcd - ok
17:26:01.0698 6140  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
17:26:01.0761 6140  RasAgileVpn - ok
17:26:01.0792 6140  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\windows\System32\rasauto.dll
17:26:01.0854 6140  RasAuto - ok
17:26:01.0886 6140  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
17:26:01.0948 6140  Rasl2tp - ok
17:26:01.0995 6140  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\windows\System32\rasmans.dll
17:26:02.0073 6140  RasMan - ok
17:26:02.0088 6140  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
17:26:02.0166 6140  RasPppoe - ok
17:26:02.0198 6140  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
17:26:02.0260 6140  RasSstp - ok
17:26:02.0307 6140  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
17:26:02.0369 6140  rdbss - ok
17:26:02.0385 6140  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
17:26:02.0416 6140  rdpbus - ok
17:26:02.0463 6140  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
17:26:02.0510 6140  RDPCDD - ok
17:26:02.0541 6140  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
17:26:02.0603 6140  RDPENCDD - ok
17:26:02.0619 6140  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
17:26:02.0681 6140  RDPREFMP - ok
17:26:02.0712 6140  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
17:26:02.0759 6140  RDPWD - ok
17:26:02.0806 6140  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
17:26:02.0837 6140  rdyboost - ok
17:26:02.0868 6140  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\windows\System32\mprdim.dll
17:26:02.0931 6140  RemoteAccess - ok
17:26:02.0962 6140  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\windows\system32\regsvc.dll
17:26:03.0024 6140  RemoteRegistry - ok
17:26:03.0071 6140  [ F85AE59A52885F4B09AADAFB23001A3B ] Rezip           C:\windows\SYSTEM32\Rezip.exe
17:26:03.0102 6140  Rezip ( UnsignedFile.Multi.Generic ) - warning
17:26:03.0102 6140  Rezip - detected UnsignedFile.Multi.Generic (1)
17:26:03.0149 6140  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
17:26:03.0212 6140  RFCOMM - ok
17:26:03.0243 6140  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
17:26:03.0321 6140  RpcEptMapper - ok
17:26:03.0352 6140  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\windows\system32\locator.exe
17:26:03.0383 6140  RpcLocator - ok
17:26:03.0414 6140  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\windows\system32\rpcss.dll
17:26:03.0477 6140  RpcSs - ok
17:26:03.0508 6140  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
17:26:03.0570 6140  rspndr - ok
17:26:03.0602 6140  [ 7DFD48E24479B68B258D8770121155A0 ] RTL8167         C:\windows\system32\DRIVERS\Rt86win7.sys
17:26:03.0648 6140  RTL8167 - ok
17:26:03.0695 6140  [ A54DBEDF7CA55245AFD5B358BA5CA1B2 ] rtl819xp        C:\windows\system32\DRIVERS\rtl819xp.sys
17:26:03.0758 6140  rtl819xp - ok
17:26:03.0804 6140  [ 6E5FBB7CBAEC47038B945D5E9B144A64 ] SABI            C:\windows\system32\Drivers\SABI.sys
17:26:03.0851 6140  SABI - ok
17:26:03.0867 6140  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\windows\system32\lsass.exe
17:26:03.0898 6140  SamSs - ok
17:26:03.0945 6140  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
17:26:03.0960 6140  sbp2port - ok
17:26:04.0007 6140  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\windows\System32\SCardSvr.dll
17:26:04.0070 6140  SCardSvr - ok
17:26:04.0070 6140  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
17:26:04.0132 6140  scfilter - ok
17:26:04.0179 6140  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\windows\system32\schedsvc.dll
17:26:04.0257 6140  Schedule - ok
17:26:04.0272 6140  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\windows\System32\certprop.dll
17:26:04.0319 6140  SCPolicySvc - ok
17:26:04.0366 6140  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\windows\System32\SDRSVC.dll
17:26:04.0413 6140  SDRSVC - ok
17:26:04.0444 6140  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\windows\system32\drivers\secdrv.sys
17:26:04.0491 6140  secdrv - ok
17:26:04.0522 6140  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\windows\system32\seclogon.dll
17:26:04.0600 6140  seclogon - ok
17:26:04.0616 6140  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\windows\System32\sens.dll
17:26:04.0678 6140  SENS - ok
17:26:04.0709 6140  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\windows\system32\sensrsvc.dll
17:26:04.0740 6140  SensrSvc - ok
17:26:04.0772 6140  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\windows\system32\DRIVERS\serenum.sys
17:26:04.0803 6140  Serenum - ok
17:26:04.0834 6140  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\windows\system32\DRIVERS\serial.sys
17:26:04.0881 6140  Serial - ok
17:26:04.0896 6140  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
17:26:04.0928 6140  sermouse - ok
17:26:04.0974 6140  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\windows\system32\sessenv.dll
17:26:05.0037 6140  SessionEnv - ok
17:26:05.0068 6140  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
17:26:05.0099 6140  sffdisk - ok
17:26:05.0115 6140  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
17:26:05.0162 6140  sffp_mmc - ok
17:26:05.0193 6140  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
17:26:05.0240 6140  sffp_sd - ok
17:26:05.0271 6140  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\windows\system32\DRIVERS\sfloppy.sys
17:26:05.0318 6140  sfloppy - ok
17:26:05.0349 6140  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\windows\System32\ipnathlp.dll
17:26:05.0427 6140  SharedAccess - ok
17:26:05.0474 6140  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\windows\System32\shsvcs.dll
17:26:05.0552 6140  ShellHWDetection - ok
17:26:05.0583 6140  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\windows\system32\drivers\sisagp.sys
17:26:05.0598 6140  sisagp - ok
17:26:05.0630 6140  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\windows\system32\DRIVERS\SiSRaid2.sys
17:26:05.0661 6140  SiSRaid2 - ok
17:26:05.0676 6140  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\windows\system32\DRIVERS\sisraid4.sys
17:26:05.0708 6140  SiSRaid4 - ok
17:26:05.0723 6140  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\windows\system32\DRIVERS\smb.sys
17:26:05.0770 6140  Smb - ok
17:26:05.0817 6140  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
17:26:05.0848 6140  SNMPTRAP - ok
17:26:05.0879 6140  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\windows\system32\drivers\spldr.sys
17:26:05.0895 6140  spldr - ok
17:26:05.0942 6140  [ 866A43013535DC8587C258E43579C764 ] Spooler         C:\windows\System32\spoolsv.exe
17:26:06.0004 6140  Spooler - ok
17:26:06.0113 6140  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\windows\system32\sppsvc.exe
17:26:06.0222 6140  sppsvc - ok
17:26:06.0269 6140  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\windows\system32\sppuinotify.dll
17:26:06.0332 6140  sppuinotify - ok
17:26:06.0378 6140  [ D2B096CD2F56FAC6EEEED9A77DDF6DC8 ] SQLBrowser      C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
17:26:06.0410 6140  SQLBrowser - ok
17:26:06.0441 6140  [ 54902536AAD0E9B99BC65F89C0CAF93F ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
17:26:06.0456 6140  SQLWriter - ok
17:26:06.0503 6140  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\windows\system32\DRIVERS\srv.sys
17:26:06.0550 6140  srv - ok
17:26:06.0566 6140  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\windows\system32\DRIVERS\srv2.sys
17:26:06.0612 6140  srv2 - ok
17:26:06.0645 6140  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
17:26:06.0691 6140  srvnet - ok
17:26:06.0723 6140  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
17:26:06.0801 6140  SSDPSRV - ok
17:26:06.0832 6140  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\windows\system32\DRIVERS\ssmdrv.sys
17:26:06.0847 6140  ssmdrv - ok
17:26:06.0879 6140  [ EF3458337D7341A05169CEFC73709264 ] SSPORT          C:\windows\system32\Drivers\SSPORT.sys
17:26:06.0910 6140  SSPORT ( UnsignedFile.Multi.Generic ) - warning
17:26:06.0910 6140  SSPORT - detected UnsignedFile.Multi.Generic (1)
17:26:06.0925 6140  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\windows\system32\sstpsvc.dll
17:26:07.0003 6140  SstpSvc - ok
17:26:07.0035 6140  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\windows\system32\DRIVERS\stexstor.sys
17:26:07.0050 6140  stexstor - ok
17:26:07.0113 6140  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\windows\System32\wiaservc.dll
17:26:07.0175 6140  StiSvc - ok
17:26:07.0222 6140  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\windows\system32\drivers\swenum.sys
17:26:07.0237 6140  swenum - ok
17:26:07.0269 6140  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\windows\System32\swprv.dll
17:26:07.0331 6140  swprv - ok
17:26:07.0362 6140  [ 7A9025D8F7852B06D6D08ED536135E7E ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
17:26:07.0393 6140  SynTP - ok
17:26:07.0456 6140  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\windows\system32\sysmain.dll
17:26:07.0518 6140  SysMain - ok
17:26:07.0565 6140  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\windows\System32\TabSvc.dll
17:26:07.0612 6140  TabletInputService - ok
17:26:07.0660 6140  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\windows\System32\tapisrv.dll
17:26:07.0722 6140  TapiSrv - ok
17:26:07.0769 6140  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\windows\System32\tbssvc.dll
17:26:07.0831 6140  TBS - ok
17:26:07.0909 6140  [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip           C:\windows\system32\drivers\tcpip.sys
17:26:07.0956 6140  Tcpip - ok
17:26:08.0003 6140  [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
17:26:08.0050 6140  TCPIP6 - ok
17:26:08.0096 6140  [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
17:26:08.0159 6140  tcpipreg - ok
17:26:08.0206 6140  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
17:26:08.0252 6140  TDPIPE - ok
17:26:08.0299 6140  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
17:26:08.0315 6140  TDTCP - ok
17:26:08.0362 6140  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
17:26:08.0408 6140  tdx - ok
17:26:08.0440 6140  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\windows\system32\drivers\termdd.sys
17:26:08.0455 6140  TermDD - ok
17:26:08.0518 6140  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\windows\System32\termsrv.dll
17:26:08.0580 6140  TermService - ok
17:26:08.0627 6140  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\windows\system32\themeservice.dll
17:26:08.0674 6140  Themes - ok
17:26:08.0689 6140  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\windows\system32\mmcss.dll
17:26:08.0736 6140  THREADORDER - ok
17:26:08.0767 6140  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\windows\System32\trkwks.dll
17:26:08.0830 6140  TrkWks - ok
17:26:08.0892 6140  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
17:26:08.0939 6140  TrustedInstaller - ok
17:26:08.0970 6140  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
17:26:09.0032 6140  tssecsrv - ok
17:26:09.0079 6140  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
17:26:09.0126 6140  TsUsbFlt - ok
17:26:09.0173 6140  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
17:26:09.0235 6140  tunnel - ok
17:26:09.0266 6140  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\windows\system32\DRIVERS\uagp35.sys
17:26:09.0282 6140  uagp35 - ok
17:26:09.0329 6140  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\windows\system32\DRIVERS\udfs.sys
17:26:09.0391 6140  udfs - ok
17:26:09.0438 6140  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\windows\system32\UI0Detect.exe
17:26:09.0485 6140  UI0Detect - ok
17:26:09.0532 6140  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
17:26:09.0547 6140  uliagpkx - ok
17:26:09.0578 6140  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\windows\system32\drivers\umbus.sys
17:26:09.0610 6140  umbus - ok
17:26:09.0641 6140  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
17:26:09.0688 6140  UmPass - ok
17:26:09.0703 6140  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\windows\System32\upnphost.dll
17:26:09.0781 6140  upnphost - ok
17:26:09.0797 6140  [ 7E72E7D7E0757D59481D530FD2B0BFAE ] usbccgp         C:\windows\system32\drivers\usbccgp.sys
17:26:09.0844 6140  usbccgp - ok
17:26:09.0890 6140  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\windows\system32\drivers\usbcir.sys
17:26:09.0922 6140  usbcir - ok
17:26:09.0953 6140  [ CFBCE999C057D78979A181C9C60F208E ] usbehci         C:\windows\system32\drivers\usbehci.sys
17:26:10.0000 6140  usbehci - ok
17:26:10.0031 6140  [ 9D22AAD9AC6A07C691A1113E5F860868 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
17:26:10.0062 6140  usbhub - ok
17:26:10.0078 6140  [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci         C:\windows\system32\drivers\usbohci.sys
17:26:10.0109 6140  usbohci - ok
17:26:10.0156 6140  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
17:26:10.0202 6140  usbprint - ok
17:26:10.0218 6140  [ BF63EBFC6979FEFB2BC03DF7989A0C1A ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
17:26:10.0249 6140  USBSTOR - ok
17:26:10.0296 6140  [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
17:26:10.0312 6140  usbuhci - ok
17:26:10.0358 6140  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
17:26:10.0405 6140  usbvideo - ok
17:26:10.0436 6140  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\windows\System32\uxsms.dll
17:26:10.0483 6140  UxSms - ok
17:26:10.0499 6140  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\windows\system32\lsass.exe
17:26:10.0514 6140  VaultSvc - ok
17:26:10.0546 6140  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
17:26:10.0577 6140  vdrvroot - ok
17:26:10.0624 6140  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\windows\System32\vds.exe
17:26:10.0670 6140  vds - ok
17:26:10.0702 6140  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
17:26:10.0748 6140  vga - ok
17:26:10.0764 6140  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\windows\System32\drivers\vga.sys
17:26:10.0826 6140  VgaSave - ok
17:26:10.0873 6140  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
17:26:10.0889 6140  vhdmp - ok
17:26:10.0920 6140  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\windows\system32\drivers\viaagp.sys
17:26:10.0951 6140  viaagp - ok
17:26:10.0967 6140  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\windows\system32\DRIVERS\viac7.sys
17:26:10.0998 6140  ViaC7 - ok
17:26:11.0045 6140  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\windows\system32\drivers\viaide.sys
17:26:11.0060 6140  viaide - ok
17:26:11.0092 6140  [ 88C52F322117F60B7A0C89D683E30F6A ] VMC326          C:\windows\system32\Drivers\VMC326.sys
17:26:11.0123 6140  VMC326 - ok
17:26:11.0138 6140  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\windows\system32\drivers\volmgr.sys
17:26:11.0170 6140  volmgr - ok
17:26:11.0201 6140  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
17:26:11.0232 6140  volmgrx - ok
17:26:11.0248 6140  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\windows\system32\drivers\volsnap.sys
17:26:11.0279 6140  volsnap - ok
17:26:11.0341 6140  [ 6292C794BA68E0F46A6D45468461AFE1 ] Vsdatant        C:\windows\system32\DRIVERS\vsdatant.sys
17:26:11.0372 6140  Vsdatant - ok
17:26:11.0419 6140  vsmon - ok
17:26:11.0450 6140  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\windows\system32\DRIVERS\vsmraid.sys
17:26:11.0466 6140  vsmraid - ok
17:26:11.0544 6140  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\windows\system32\vssvc.exe
17:26:11.0622 6140  VSS - ok
17:26:11.0638 6140  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
17:26:11.0684 6140  vwifibus - ok
17:26:11.0716 6140  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
17:26:11.0762 6140  vwififlt - ok
17:26:11.0794 6140  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
17:26:11.0856 6140  vwifimp - ok
17:26:11.0887 6140  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\windows\system32\w32time.dll
17:26:11.0965 6140  W32Time - ok
17:26:11.0996 6140  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\windows\system32\DRIVERS\wacompen.sys
17:26:12.0028 6140  WacomPen - ok
17:26:12.0074 6140  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
17:26:12.0121 6140  WANARP - ok
17:26:12.0137 6140  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
17:26:12.0184 6140  Wanarpv6 - ok
17:26:12.0277 6140  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
17:26:12.0340 6140  WatAdminSvc - ok
17:26:12.0402 6140  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\windows\system32\wbengine.exe
17:26:12.0449 6140  wbengine - ok
17:26:12.0480 6140  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
17:26:12.0527 6140  WbioSrvc - ok
17:26:12.0574 6140  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\windows\System32\wcncsvc.dll
17:26:12.0605 6140  wcncsvc - ok
17:26:12.0620 6140  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
17:26:12.0683 6140  WcsPlugInService - ok
17:26:12.0714 6140  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\windows\system32\DRIVERS\wd.sys
17:26:12.0745 6140  Wd - ok
17:26:12.0761 6140  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
17:26:12.0792 6140  Wdf01000 - ok
17:26:12.0808 6140  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\windows\system32\wdi.dll
17:26:12.0854 6140  WdiServiceHost - ok
17:26:12.0854 6140  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\windows\system32\wdi.dll
17:26:12.0886 6140  WdiSystemHost - ok
17:26:12.0917 6140  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\windows\System32\webclnt.dll
17:26:12.0964 6140  WebClient - ok
17:26:12.0995 6140  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\windows\system32\wecsvc.dll
17:26:13.0057 6140  Wecsvc - ok
17:26:13.0073 6140  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\windows\System32\wercplsupport.dll
17:26:13.0151 6140  wercplsupport - ok
17:26:13.0182 6140  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\windows\System32\WerSvc.dll
17:26:13.0244 6140  WerSvc - ok
17:26:13.0260 6140  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
17:26:13.0322 6140  WfpLwf - ok
17:26:13.0338 6140  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\windows\system32\drivers\wimmount.sys
17:26:13.0354 6140  WIMMount - ok
17:26:13.0432 6140  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
17:26:13.0478 6140  WinDefend - ok
17:26:13.0494 6140  WinHttpAutoProxySvc - ok
17:26:13.0556 6140  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
17:26:13.0619 6140  Winmgmt - ok
17:26:13.0681 6140  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\windows\system32\WsmSvc.dll
17:26:13.0759 6140  WinRM - ok
17:26:13.0837 6140  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
17:26:13.0868 6140  WinUsb - ok
17:26:13.0915 6140  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\windows\System32\wlansvc.dll
17:26:13.0978 6140  Wlansvc - ok
17:26:14.0024 6140  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
17:26:14.0071 6140  WmiAcpi - ok
17:26:14.0118 6140  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
17:26:14.0165 6140  wmiApSrv - ok
17:26:14.0274 6140  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
17:26:14.0321 6140  WMPNetworkSvc - ok
17:26:14.0336 6140  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\windows\System32\wpcsvc.dll
17:26:14.0383 6140  WPCSvc - ok
17:26:14.0414 6140  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
17:26:14.0461 6140  WPDBusEnum - ok
17:26:14.0508 6140  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
17:26:14.0570 6140  ws2ifsl - ok
17:26:14.0586 6140  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\windows\System32\wscsvc.dll
17:26:14.0617 6140  wscsvc - ok
17:26:14.0617 6140  WSearch - ok
17:26:14.0711 6140  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\windows\system32\wuaueng.dll
17:26:14.0789 6140  wuauserv - ok
17:26:14.0836 6140  [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
17:26:14.0898 6140  WudfPf - ok
17:26:14.0929 6140  [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
17:26:14.0976 6140  WUDFRd - ok
17:26:15.0007 6140  [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
17:26:15.0070 6140  wudfsvc - ok
17:26:15.0101 6140  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\windows\System32\wwansvc.dll
17:26:15.0148 6140  WwanSvc - ok
17:26:15.0194 6140  [ F0CEEA6CC0E5BFEFC745B66DC5E9816B ] yksvc           C:\windows\System32\yk62x86.dll
17:26:15.0241 6140  yksvc - ok
17:26:15.0272 6140  [ 3EB1576F77B60A6C79DD7742B67219B8 ] yukonw7         C:\windows\system32\DRIVERS\yk62x86.sys
17:26:15.0319 6140  yukonw7 - ok
17:26:15.0366 6140  ================ Scan global ===============================
17:26:15.0413 6140  [ DAB748AE0439955ED2FA22357533DDDB ] C:\windows\system32\basesrv.dll
17:26:15.0444 6140  [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\windows\system32\winsrv.dll
17:26:15.0460 6140  [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\windows\system32\winsrv.dll
17:26:15.0491 6140  [ 364455805E64882844EE9ACB72522830 ] C:\windows\system32\sxssrv.dll
17:26:15.0538 6140  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\windows\system32\services.exe
17:26:15.0538 6140  [Global] - ok
17:26:15.0538 6140  ================ Scan MBR ==================================
17:26:15.0569 6140  [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
17:26:15.0990 6140  \Device\Harddisk0\DR0 - ok
17:26:16.0006 6140  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
17:26:16.0115 6140  \Device\Harddisk1\DR1 - ok
17:26:16.0115 6140  ================ Scan VBR ==================================
17:26:16.0130 6140  [ B2AECF08A32B808926E5E4BA05876F6A ] \Device\Harddisk0\DR0\Partition1
17:26:16.0130 6140  \Device\Harddisk0\DR0\Partition1 - ok
17:26:16.0146 6140  [ C7AC0852FC076CADBDCFE7FCF59C70D8 ] \Device\Harddisk0\DR0\Partition2
17:26:16.0146 6140  \Device\Harddisk0\DR0\Partition2 - ok
17:26:16.0177 6140  [ 8518B25833FC024387E2F561918BC87C ] \Device\Harddisk0\DR0\Partition3
17:26:16.0177 6140  \Device\Harddisk0\DR0\Partition3 - ok
17:26:16.0177 6140  [ AC21E0F6BF8F9C2B7A2E93CCA45EF565 ] \Device\Harddisk1\DR1\Partition1
17:26:16.0193 6140  \Device\Harddisk1\DR1\Partition1 - ok
17:26:16.0193 6140  ============================================================
17:26:16.0193 6140  Scan finished
17:26:16.0193 6140  ============================================================
17:26:16.0208 4812  Detected object count: 2
17:26:16.0208 4812  Actual detected object count: 2
17:26:24.0929 4812  Rezip ( UnsignedFile.Multi.Generic ) - skipped by user
17:26:24.0929 4812  Rezip ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:26:24.0929 4812  SSPORT ( UnsignedFile.Multi.Generic ) - skipped by user
17:26:24.0929 4812  SSPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 10.12.2012, 19:53   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
recycler/e621ca05.exe auf meiner SD-Karte - Standard

recycler/e621ca05.exe auf meiner SD-Karte



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 12.12.2012, 13:33   #13
joepa
 
recycler/e621ca05.exe auf meiner SD-Karte - Standard

recycler/e621ca05.exe auf meiner SD-Karte



log von combofix:
Code:
ATTFilter
ComboFix 12-12-10.01 - Jörg Panzer 12.12.2012  13:11:00.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3037.2252 [GMT 1:00]
ausgeführt von:: c:\users\J÷rg Panzer\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-11-12 bis 2012-12-12  ))))))))))))))))))))))))))))))
.
.
2012-12-12 12:22 . 2012-12-12 12:22	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-12-11 12:52 . 2012-11-19 00:04	6812136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{836EB083-6702-4DD5-A31D-815BF7B8F7F6}\mpengine.dll
2012-12-10 16:11 . 2012-12-10 16:11	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-12-05 18:22 . 2012-12-05 18:22	--------	d-----w-	c:\users\Jörg Panzer\AppData\Roaming\Malwarebytes
2012-12-05 18:22 . 2012-12-05 18:22	--------	d-----w-	c:\programdata\Malwarebytes
2012-12-05 18:22 . 2012-12-05 18:22	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-12-05 18:22 . 2012-09-29 18:54	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-12-01 09:23 . 2012-12-01 09:23	--------	d-----w-	c:\program files\LogMeIn Hamachi
2012-11-30 16:15 . 2012-08-24 16:57	172544	----a-w-	c:\windows\system32\wintrust.dll
2012-11-30 16:15 . 2012-06-02 04:36	140288	----a-w-	c:\windows\system32\cryptsvc.dll
2012-11-30 16:15 . 2012-06-02 04:36	1159680	----a-w-	c:\windows\system32\crypt32.dll
2012-11-30 16:15 . 2012-06-02 04:36	103936	----a-w-	c:\windows\system32\cryptnet.dll
2012-11-30 16:15 . 2012-09-14 18:28	2048	----a-w-	c:\windows\system32\tzres.dll
2012-11-30 16:14 . 2012-08-22 17:16	1292144	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-11-30 16:14 . 2012-08-22 17:16	240496	----a-w-	c:\windows\system32\drivers\netio.sys
2012-11-30 16:14 . 2012-08-22 17:16	187760	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-11-30 16:14 . 2012-08-10 23:56	542208	----a-w-	c:\windows\system32\kerberos.dll
2012-11-30 16:14 . 2012-08-30 17:12	3914096	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-11-30 16:14 . 2012-08-30 17:12	3968880	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-11-30 16:14 . 2012-09-25 22:47	78336	----a-w-	c:\windows\system32\synceng.dll
2012-11-30 16:14 . 2012-10-18 17:59	2345984	----a-w-	c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-11 21:33 . 2012-08-18 18:12	697272	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-12-11 21:33 . 2011-10-07 10:05	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-29 15:51 . 2011-10-06 11:29	136672	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\Jörg Panzer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\Jörg Panzer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\Jörg Panzer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-01 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-19 7711264]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-14 1541416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-11 348664]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2012-08-03 73392]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2012-01-21 220744]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2010-06-08 618496]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-11-19 2254768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
R3 rtl819xp;Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\DRIVERS\rtl819xp.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [x]
S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [x]
S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [x]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [x]
S2 Rezip;Rezip;c:\windows\SYSTEM32\Rezip.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [x]
S3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\Drivers\VMC326.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
yksvcs	REG_MULTI_SZ   	yksvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-18 21:33]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN24049646502415-1001&toolbarId=base&affiliateId=1025&Lan=de&utid=6c6e06ca0000000000000024541dc732
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Jörg Panzer\AppData\Roaming\Mozilla\Firefox\Profiles\nbecm84s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN24049646502415-1001&toolbarId=base&affiliateId=1025&Lan=de&utid=6c6e06ca0000000000000024541dc732
FF - prefs.js: keyword.URL - hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN24049646502415-1001&toolbarId=base&affiliateId=1025&Lan=de&utid=6c6e06ca0000000000000024541dc732&q={searchTerms}
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm_i.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN24049646502415-1001&toolbarId=base&affiliateId=1025&Lan=de&utid=6c6e06ca0000000000000024541dc732
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.keyWordUrl - hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN24049646502415-1001&toolbarId=base&affiliateId=1025&Lan=de&utid=6c6e06ca0000000000000024541dc732&q={searchTerms}
FF - user.js: extensions.zonealarm_i.dnsErr - true
FF - user.js: extensions.zonealarm_i.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?Source=Newtab&oemCode=ZLN24049646502415-1001&toolbarId=base&affiliateId=1025&Lan=de&utid=6c6e06ca0000000000000024541dc732
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN24049646502415-1001&toolbarId=base&affiliateId=1025&Lan={dfltLng}&utid=6c6e06ca0000000000000024541dc732&q=
FF - user.js: extensions.zonealarm.id - 6c6e06ca0000000000000024541dc732
FF - user.js: extensions.zonealarm.instlDay - 15579
FF - user.js: extensions.zonealarm.vrsn - 1.6.7.4
FF - user.js: extensions.zonealarm.vrsni - 1.6.7.4
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.6.7.418:43
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1025
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base
FF - user.js: extensions.zonealarm.instlRef - ZLN24049646502415-1001
FF - user.js: extensions.zonealarm.dfltLng - de
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.admin - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - (no file)
HKLM-Run-ISW - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(588)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Zeit der Fertigstellung: 2012-12-12  13:26:10
ComboFix-quarantined-files.txt  2012-12-12 12:26
.
Vor Suchlauf: 8 Verzeichnis(se), 134.250.852.352 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 135.275.180.032 Bytes frei
.
- - End Of File - - 89993E6BDD4684931D3BB0B09145AA65
         

Alt 12.12.2012, 14:33   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
recycler/e621ca05.exe auf meiner SD-Karte - Standard

recycler/e621ca05.exe auf meiner SD-Karte



adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 12.12.2012, 23:35   #15
joepa
 
recycler/e621ca05.exe auf meiner SD-Karte - Standard

recycler/e621ca05.exe auf meiner SD-Karte



Code:
ATTFilter
# AdwCleaner v2.100 - Datei am 12/12/2012 um 23:33:41 erstellt
# Aktualisiert am 09/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Jörg Panzer - FRIEDENSPANZER
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Jörg Panzer\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\user.js
Datei Gefunden : C:\Users\Jörg Panzer\AppData\Roaming\Mozilla\Firefox\Profiles\nbecm84s.default\searchplugins\Conduit.xml
Ordner Gefunden : C:\Program Files\Conduit
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\Jörg Panzer\AppData\Local\Conduit
Ordner Gefunden : C:\Users\Jörg Panzer\AppData\LocalLow\boost_interprocess
Ordner Gefunden : C:\Users\Jörg Panzer\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Jörg Panzer\AppData\Roaming\Mozilla\Firefox\Profiles\nbecm84s.default\ConduitCommon
Ordner Gefunden : C:\Users\Jörg Panzer\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2613550
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gefunden : HKU\S-1-5-21-1016556084-3091970497-507946437-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v14.0.1 (de)

Profilname : default 
Datei : C:\Users\Jörg Panzer\AppData\Roaming\Mozilla\Firefox\Profiles\nbecm84s.default\prefs.js

Gefunden : user_pref("CT2613550..clientLogIsEnabled", false);
Gefunden : user_pref("CT2613550..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gefunden : user_pref("CT2613550..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gefunden : user_pref("CT2613550.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gefunden : user_pref("CT2613550.CTID", "CT2613550");
Gefunden : user_pref("CT2613550.CurrentServerDate", "6-10-2011");
Gefunden : user_pref("CT2613550.DSChangedManually", true);
Gefunden : user_pref("CT2613550.DSInstall", true);
Gefunden : user_pref("CT2613550.DialogsAlignMode", "LTR");
Gefunden : user_pref("CT2613550.DialogsGetterLastCheckTime", "Thu Oct 06 2011 13:46:25 GMT+0200");
Gefunden : user_pref("CT2613550.DownloadReferralCookieData", "");
Gefunden : user_pref("CT2613550.EMailNotifierPollDate", "Thu Oct 06 2011 14:03:59 GMT+0200");
Gefunden : user_pref("CT2613550.FirstServerDate", "6-10-2011");
Gefunden : user_pref("CT2613550.FirstTime", true);
Gefunden : user_pref("CT2613550.FirstTimeFF3", true);
Gefunden : user_pref("CT2613550.FixPageNotFoundErrors", true);
Gefunden : user_pref("CT2613550.GroupingServerCheckInterval", 1440);
Gefunden : user_pref("CT2613550.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gefunden : user_pref("CT2613550.HPInstall", false);
Gefunden : user_pref("CT2613550.HasUserGlobalKeys", true);
Gefunden : user_pref("CT2613550.HomePageProtectorEnabled", false);
Gefunden : user_pref("CT2613550.HomepageBeforeUnload", "chrome://branding/locale/browserconfig.properties");
Gefunden : user_pref("CT2613550.Initialize", true);
Gefunden : user_pref("CT2613550.InitializeCommonPrefs", true);
Gefunden : user_pref("CT2613550.InstallationAndCookieDataSentCount", 1);
Gefunden : user_pref("CT2613550.InstallationType", "UnknownIntegration");
Gefunden : user_pref("CT2613550.InstalledDate", "Thu Oct 06 2011 13:46:26 GMT+0200");
Gefunden : user_pref("CT2613550.IsAlertDBUpdated", true);
Gefunden : user_pref("CT2613550.IsGrouping", false);
Gefunden : user_pref("CT2613550.IsInitSetupIni", true);
Gefunden : user_pref("CT2613550.IsMulticommunity", false);
Gefunden : user_pref("CT2613550.IsOpenThankYouPage", false);
Gefunden : user_pref("CT2613550.IsOpenUninstallPage", true);
Gefunden : user_pref("CT2613550.IsProtectorsInit", true);
Gefunden : user_pref("CT2613550.LanguagePackLastCheckTime", "Thu Oct 06 2011 13:46:26 GMT+0200");
Gefunden : user_pref("CT2613550.LanguagePackReloadIntervalMM", 1440);
Gefunden : user_pref("CT2613550.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gefunden : user_pref("CT2613550.LastLogin_3.7.0.6", "Thu Oct 06 2011 13:46:27 GMT+0200");
Gefunden : user_pref("CT2613550.LatestVersion", "3.7.0.6");
Gefunden : user_pref("CT2613550.Locale", "de-de");
Gefunden : user_pref("CT2613550.MCDetectTooltipHeight", "83");
Gefunden : user_pref("CT2613550.MCDetectTooltipShow", false);
Gefunden : user_pref("CT2613550.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gefunden : user_pref("CT2613550.MCDetectTooltipWidth", "295");
Gefunden : user_pref("CT2613550.MyStuffEnabledAtInstallation", false);
Gefunden : user_pref("CT2613550.OriginalFirstVersion", "3.7.0.6");
Gefunden : user_pref("CT2613550.SearchBoxWidth", 100);
Gefunden : user_pref("CT2613550.SearchCaption", "ZoneAlarm-Sicherheit Customized Web Search");
Gefunden : user_pref("CT2613550.SearchEngineBeforeUnload", "ZoneAlarm-Sicherheit Customized Web Search");
Gefunden : user_pref("CT2613550.SearchFromAddressBarIsInit", true);
Gefunden : user_pref("CT2613550.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT261[...]
Gefunden : user_pref("CT2613550.SearchInNewTabEnabled", true);
Gefunden : user_pref("CT2613550.SearchInNewTabIntervalMM", 1440);
Gefunden : user_pref("CT2613550.SearchInNewTabLastCheckTime", "Thu Oct 06 2011 13:46:27 GMT+0200");
Gefunden : user_pref("CT2613550.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gefunden : user_pref("CT2613550.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Gefunden : user_pref("CT2613550.SearchProtectorEnabled", false);
Gefunden : user_pref("CT2613550.SearchProtectorToolbarDisabled", false);
Gefunden : user_pref("CT2613550.SendProtectorDataViaLogin", true);
Gefunden : user_pref("CT2613550.ServiceMapLastCheckTime", "Thu Oct 06 2011 13:46:24 GMT+0200");
Gefunden : user_pref("CT2613550.SettingsLastCheckTime", "Thu Oct 06 2011 13:46:24 GMT+0200");
Gefunden : user_pref("CT2613550.SettingsLastUpdate", "1317549292");
Gefunden : user_pref("CT2613550.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2613550&SearchSource=13");
Gefunden : user_pref("CT2613550.ThirdPartyComponentsInterval", 504);
Gefunden : user_pref("CT2613550.ThirdPartyComponentsLastCheck", "Thu Oct 06 2011 13:46:24 GMT+0200");
Gefunden : user_pref("CT2613550.ThirdPartyComponentsLastUpdate", "1255344657");
Gefunden : user_pref("CT2613550.ToolbarShrinkedFromSetup", false);
Gefunden : user_pref("CT2613550.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2613550");
Gefunden : user_pref("CT2613550.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gefunden : user_pref("CT2613550.UserID", "UN90027255191702651");
Gefunden : user_pref("CT2613550.ValidationData_Toolbar", 2);
Gefunden : user_pref("CT2613550.alertChannelId", "1006347");
Gefunden : user_pref("CT2613550.approveUntrustedApps", true);
Gefunden : user_pref("CT2613550.components.1000034", false);
Gefunden : user_pref("CT2613550.components.129171076488856945", false);
Gefunden : user_pref("CT2613550.components.129171076489169448", false);
Gefunden : user_pref("CT2613550.components.129539182460150402", false);
Gefunden : user_pref("CT2613550.components.129539182525463225", true);
Gefunden : user_pref("CT2613550.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gefunden : user_pref("CT2613550.globalFirstTimeInfoLastCheckTime", "Thu Oct 06 2011 13:46:26 GMT+0200");
Gefunden : user_pref("CT2613550.homepageProtectorEnableByLogin", true);
Gefunden : user_pref("CT2613550.initDone", true);
Gefunden : user_pref("CT2613550.isAppTrackingManagerOn", true);
Gefunden : user_pref("CT2613550.myStuffEnabled", true);
Gefunden : user_pref("CT2613550.myStuffPublihserMinWidth", 400);
Gefunden : user_pref("CT2613550.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gefunden : user_pref("CT2613550.myStuffServiceIntervalMM", 1440);
Gefunden : user_pref("CT2613550.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gefunden : user_pref("CT2613550.revertSettingsEnabled", true);
Gefunden : user_pref("CT2613550.searchProtectorDialogDelayInSec", 10);
Gefunden : user_pref("CT2613550.searchProtectorEnableByLogin", true);
Gefunden : user_pref("CT2613550.testingCtid", "");
Gefunden : user_pref("CT2613550.toolbarAppMetaDataLastCheckTime", "Thu Oct 06 2011 13:46:25 GMT+0200");
Gefunden : user_pref("CT2613550.toolbarContextMenuLastCheckTime", "Thu Oct 06 2011 13:46:26 GMT+0200");
Gefunden : user_pref("CT2613550.usagesFlag", 2);
Gefunden : user_pref("CommunityToolbar.ConduitSearchList", "ZoneAlarm-Sicherheit Customized Web Search");
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1006347/1002062/DE", "\"0\"[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2613550", [...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2613550",[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2613550&octid=[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/50/261/CT2613550/Images/6340849712463612[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"[...]
Gefunden : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Jörg Panzer\\AppData\\Roaming\\Mozi[...]
Gefunden : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.7.0.6");
Gefunden : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Gefunden : user_pref("CommunityToolbar.ToolbarsList", "CT2613550");
Gefunden : user_pref("CommunityToolbar.ToolbarsList2", "CT2613550");
Gefunden : user_pref("CommunityToolbar.ToolbarsList4", "CT2613550");
Gefunden : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Thu Oct 06 2011 13:46:26 GMT+0200");
Gefunden : user_pref("CommunityToolbar.globalUserId", "398eb237-1743-4092-8807-ac2959201206");
Gefunden : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2613550");
Gefunden : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Oct 06 2011 13:46:2[...]
Gefunden : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Gefunden : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Thu Oct 06 2011 13:46:35 GMT+020[...]
Gefunden : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gefunden : user_pref("CommunityToolbar.notifications.locale", "en");
Gefunden : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Gefunden : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu Oct 06 2011 13:46:26 GMT+0200");
Gefunden : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Gefunden : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Gefunden : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gefunden : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Gefunden : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Gefunden : user_pref("CommunityToolbar.notifications.userId", "9c511ed3-4b7b-4ee3-b0d2-c64901febad0");
Gefunden : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
Gefunden : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
Gefunden : user_pref("browser.search.defaultthis.engineName", "ZoneAlarm-Sicherheit Customized Web Search");
Gefunden : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&Sea[...]

*************************

AdwCleaner[R1].txt - [16152 octets] - [12/12/2012 23:33:41]

########## EOF - C:\AdwCleaner[R1].txt - [16213 octets] ##########
         

Antwort

Themen zu recycler/e621ca05.exe auf meiner SD-Karte
4d36e972-e325-11ce-bfc1-08002be10318, andere, anderen, angezeigt, beratung, beste, besten, branding, einfach, fotos, heuristics, informieren, leute, nicht mehr, ordner, ordner werden zu verknüpfungen, poste, posten, recycler/e621ca05.exe, scan, schei, schonmal, speicherkarte, status, thread, trojaner, umgehen, urlaub, verknüpfung, würde



Ähnliche Themen: recycler/e621ca05.exe auf meiner SD-Karte


  1. recycler/e621ca05.exe auf Laptop/ externer Festplatte, SD-Karte
    Log-Analyse und Auswertung - 09.12.2013 (11)
  2. USB-Stick mit Fehlermeldung "Fehlt recycler datei e621ca05.exe etc." - Log-File von ESET
    Log-Analyse und Auswertung - 25.08.2013 (27)
  3. WIN XP: ext. Festplatte u. SD Karte Ordner sind nur noch Verknüpfungen, Recycler
    Log-Analyse und Auswertung - 21.08.2013 (31)
  4. F:\RECYCLER\e621ca05.exe
    Log-Analyse und Auswertung - 28.03.2013 (21)
  5. "H:\RECYCLER\e621ca05.exe" konnte nicht gefunden werden.
    Plagegeister aller Art und deren Bekämpfung - 06.11.2012 (63)
  6. "F:\RECYCLER\e621ca05.exe" kann nicht gefunden werden.
    Plagegeister aller Art und deren Bekämpfung - 26.10.2012 (22)
  7. ,,Recycler/e621ca05.exe könnte nicht gefunden werden" auf externe Festplatte
    Alles rund um Windows - 19.10.2012 (1)
  8. "H:\RECYCLER\e621ca05.exe" konnte nicht gefunden werden.
    Alles rund um Windows - 15.10.2012 (2)
  9. recycler e621ca05.exe auf Externer Festplatte
    Log-Analyse und Auswertung - 21.05.2012 (11)
  10. recycler/e621ca05.exe
    Plagegeister aller Art und deren Bekämpfung - 15.04.2012 (3)
  11. Fehler bei Speicherkarten durch G:\RECYCLER\e621ca05.exe
    Log-Analyse und Auswertung - 31.03.2012 (29)
  12. recycler, Ordner auf externer Platte als verknüpfung, mit verweiss auf datei in recycler
    Log-Analyse und Auswertung - 21.11.2011 (42)
  13. SD 4 GB Karte in meiner Camera macht Probleme
    Netzwerk und Hardware - 21.10.2011 (5)
  14. Virus auf SD Karte, RECYCLER - autorun.inf
    Plagegeister aller Art und deren Bekämpfung - 15.12.2010 (1)
  15. autorun.inf und RECYCLER Wurm durch USB / SD Karte bekommen.
    Plagegeister aller Art und deren Bekämpfung - 07.06.2010 (2)
  16. Probleme mit meiner PCI W-Lan Karte (netgear wg311v3) unter Windows 7
    Alles rund um Windows - 21.12.2009 (3)
  17. Ich finde den RECYCLER Ordner nicht in meiner Fetsplatte!
    Alles rund um Windows - 22.08.2005 (2)

Zum Thema recycler/e621ca05.exe auf meiner SD-Karte - Moin Leute, habe anscheinend irgendwie im Urlaub nen Trojaner auf die Speicherkarte meiner Kamera bekommen und komm nicht mehr an meine Fotos ran (Ordner werden als Verknüpfung angezeigt). Hab in - recycler/e621ca05.exe auf meiner SD-Karte...
Archiv
Du betrachtest: recycler/e621ca05.exe auf meiner SD-Karte auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.