Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Rootkit / Echtzeitscanner lässt sich nicht mehr aktivieren (https://www.trojaner-board.de/123582-rootkit-echtzeitscanner-laesst-mehr-aktivieren.html)

loc-nar 06.09.2012 07:29
Rootkit / Echtzeitscanner lässt sich nicht mehr aktivieren
 
Moin zusammen,

jetzt bin ich auch bei gelandet und hoffe dass Ihr für mich auch noch etwas Rettungsleine übrig habt. Alles fing damit an dass beim meinem Anti-Virenprogramm der Echtzeitscanner nicht mehr funktionierte. Dieses Problem hab ich schon in ein anderes Forum, in dem ich sehr aktiv bin, gepostet. Leider konnte mir dort, bei meinem ganz speziellen Problem, keiner helfen. Dass hier ist keine 1:1 Kopie meines Post dort.

Es wurden folgende Schritte unternommen: Malwarebytes Anti-Malware durch laufen lassen (verdächtige Dateien wurden gelöscht), Avira sauber gelöscht, AVG drauf (gleiches Problem), AVG sauber gelöscht, Windows Vista einmal durch gescannt mit Microsoft Safety Scanner, Vista auf aktuellen Stand gepacht, Avira im abgesicherten Modus wieder drauf, gleiches Problem, Avira ließ sich sogar nicht mehr im Task-Manager beenden, Avira wieder sauber runter gelöscht ….

Folgende Fehlermeldungen tauchen bei mir auf:

Vista Dienste erscheint Fehlercode 307 bei dem Versuch den Echzeitscanner zu aktivieren.

Bei GMER LoadDriver(“C:\Users\***\AppData\Local\Temp\pgrdqpow.sys”) error 0xC0000001: Ein an das System angeschlossenes Gerät funktioniert nicht.

Kam der Fehler von GMER vielleicht dadurch dass ich mein Smartphone gerade am Laptop angeschlossen hatte?

Das System: Samsung R40 Plus mit Windows Vista 32 Bit.

OTL Logfile:
Code:
OTL logfile created on: 06.09.2012 01:44:50 - Run 1
OTL by OldTimer - Version 3.2.61.0    Folder = C:\Users\Konto\Downloads\Viren
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,48 Gb Available Physical Memory | 27,36% Memory free
3,71 Gb Paging File | 2,41 Gb Available in Paging File | 65,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,05 Gb Total Space | 2,69 Gb Free Space | 3,90% Space Free | Partition Type: NTFS
Drive D: | 70,00 Gb Total Space | 14,17 Gb Free Space | 20,25% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: Konto | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.05 21:40:41 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Konto\Downloads\Viren\OTL.exe
PRC - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.08.10 18:59:52 | 004,440,896 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Konto\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.07.27 22:51:36 | 000,035,768 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Reader 10.0\Reader\reader_sl.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) -- C:\Programme\Skype\Updater\Updater.exe
PRC - [2011.08.01 11:11:38 | 001,091,984 | ---- | M] (Western Digital ) -- C:\Programme\Western Digital\WD SmartWare\WDRulesEngine.exe
PRC - [2011.08.01 11:11:36 | 001,592,208 | ---- | M] (Western Digital ) -- C:\Programme\Western Digital\WD SmartWare\WDFME.exe
PRC - [2011.08.01 11:11:34 | 003,983,760 | ---- | M] (Western Digital Technologies, Inc.) -- C:\Programme\Western Digital\WD SmartWare\WDDMStatus.exe
PRC - [2011.08.01 11:11:32 | 000,263,056 | ---- | M] (WDC) -- C:\Programme\Western Digital\WD SmartWare\WDDMService.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2008.11.24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008.11.24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008.01.10 06:28:42 | 001,232,896 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2007.06.28 19:54:42 | 000,073,728 | ---- | M] () -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe
PRC - [2007.02.07 06:18:02 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe
PRC - [2007.02.05 20:48:14 | 000,692,224 | ---- | M] (SAMSUNG Electronics) -- C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2007.01.25 03:01:34 | 001,362,432 | ---- | M] () -- C:\Programme\Samsung\Samsung Recovery Solution II\WCScheduler.exe
PRC - [2007.01.24 22:05:20 | 000,565,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2007.01.05 21:31:20 | 000,049,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
PRC - [2006.11.22 00:12:42 | 000,719,664 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006.11.09 20:57:00 | 003,784,704 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006.11.03 12:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe
PRC - [2006.11.02 14:36:04 | 000,201,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2006.11.02 11:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2006.11.02 11:44:59 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2006.10.05 22:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2001.02.23 10:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.02.17 21:55:35 | 000,166,912 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.08.01 08:34:44 | 000,064,000 | ---- | M] () -- C:\Programme\Western Digital\WD SmartWare\WDCollections.dll
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2009.10.17 10:39:15 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\22e348e7fee20fcb2013d3dfe016ae8e\System.Management.ni.dll
MOD - [2009.10.17 10:38:19 | 011,796,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03858406f9a9514402888707e8b93abe\System.Web.ni.dll
MOD - [2009.10.17 10:38:10 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\23281812ddf7a1fab881b5322e577ac4\System.Runtime.Remoting.ni.dll
MOD - [2009.10.17 10:38:02 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e6001d416f7c468334934a2c6a41c631\System.Configuration.ni.dll
MOD - [2009.10.17 10:26:40 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\7208ffa39630e9b923331f9df0947a12\System.Xml.ni.dll
MOD - [2009.10.17 10:26:20 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1941d7639299344ae28fb6b23da65247\System.Windows.Forms.ni.dll
MOD - [2009.10.17 10:26:08 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6312464f64727a2a50d5ce3fd73ad1bb\System.Drawing.ni.dll
MOD - [2009.10.17 10:24:47 | 007,868,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\52e1ea3c7491e05cda766d7b3ce3d559\System.ni.dll
MOD - [2009.10.17 10:24:25 | 011,486,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\17f572b09facdc5fda9431558eb7a26e\mscorlib.ni.dll
MOD - [2008.07.27 20:00:17 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2008.07.27 20:00:17 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2007.02.28 20:07:36 | 001,671,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2594.41331__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2007.02.28 20:07:36 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2594.41288__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2007.02.28 20:07:36 | 000,184,320 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2594.41343__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2007.02.28 20:07:36 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2594.41322__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2007.02.28 20:07:36 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2594.41342__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll
MOD - [2007.02.28 20:07:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2594.41308__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2007.02.28 20:07:35 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2594.41563__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2007.02.28 20:07:35 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2594.41552__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2007.02.28 20:07:35 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2594.41507__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2007.02.28 20:07:35 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2594.41441__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2007.02.28 20:07:33 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2594.41597__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2007.02.28 20:06:38 | 000,335,872 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2594.41518__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2007.02.28 20:06:38 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2594.41604__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2007.02.28 20:06:38 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2594.41524__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2007.02.28 20:06:38 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2594.41302__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2007.02.28 20:06:38 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2594.41516__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2007.02.28 20:06:38 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2594.41590__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2007.02.28 20:06:37 | 000,659,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2594.41453__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2007.02.28 20:06:37 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2594.41355__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2007.02.28 20:06:37 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2594.41310__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2007.02.28 20:06:37 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2594.41537__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2007.02.28 20:06:37 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2594.41349__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2007.02.28 20:06:37 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2594.41475__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2007.02.28 20:06:37 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2594.41450__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2007.02.28 20:06:37 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2594.41360__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2007.02.28 20:06:37 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2594.41474__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2007.02.28 20:06:36 | 000,909,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2594.41558__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2007.02.28 20:06:36 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2594.41444__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2007.02.28 20:06:36 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2594.41494__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2007.02.28 20:06:36 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2594.41361__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2007.02.28 20:06:36 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2594.41441__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2007.02.28 20:06:36 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2594.41449__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2007.02.28 20:06:36 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2594.41493__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2007.02.28 20:06:35 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2007.02.28 20:06:34 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2536.35576__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2007.02.28 20:06:34 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2536.35581__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2007.02.28 20:06:34 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2536.35589__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2007.02.28 20:06:33 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2536.35577__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2007.02.28 20:06:33 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2536.35587__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2007.02.28 20:06:33 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2537.29860__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2007.02.28 20:06:33 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2536.35642__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2007.02.28 20:06:33 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2536.35590__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2007.02.28 20:06:33 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2536.35586__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2007.02.28 20:06:33 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2536.35580__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2007.02.28 20:06:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2536.35599__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2007.02.28 20:06:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2536.35599__90ba9c70f846762e\DEM.OS.dll
MOD - [2007.02.28 20:06:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2536.35598__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2007.02.28 20:06:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2531.19989__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2007.02.28 20:06:33 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2536.35593__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2007.02.28 20:06:32 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2561.34688__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2007.02.28 20:06:32 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2536.35593__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll
MOD - [2007.02.28 20:06:32 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2536.35597__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2007.02.28 20:06:32 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2536.35615__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2007.02.28 20:06:32 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2536.35606__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2007.02.28 20:06:32 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2536.35594__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2007.02.28 20:06:32 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2536.35615__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2007.02.28 20:06:32 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2536.35596__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2007.02.28 20:06:32 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2536.35593__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2007.02.28 20:06:32 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2536.35592__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2007.02.28 20:06:32 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2536.35595__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2007.02.28 20:06:31 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2536.35595__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2007.02.28 20:06:31 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2536.35595__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2007.02.28 20:06:31 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2536.35597__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2007.02.28 20:06:31 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2536.35592__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2007.02.28 20:06:31 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2536.35592__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2007.02.28 20:06:31 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2536.35605__90ba9c70f846762e\APM.Foundation.dll
MOD - [2007.02.28 20:06:31 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2536.35576__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2007.02.28 20:06:31 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2531.19989__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2007.02.28 20:06:31 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2536.35589__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2007.02.28 20:06:16 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2594.41570_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll
MOD - [2007.02.28 20:06:14 | 000,466,944 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2594.41317__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2007.02.28 20:06:14 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2594.41577__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2007.02.28 20:06:14 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2594.41576__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2007.02.28 20:06:14 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2536.35581__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2007.02.28 20:06:14 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2536.35606__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2007.02.28 20:06:14 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2536.35591__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2007.02.28 20:06:14 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2536.35583__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2007.02.28 20:06:13 | 001,404,928 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2594.41296__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2007.02.28 20:06:13 | 000,278,528 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2594.41570__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2007.02.28 20:06:13 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2594.41286__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2007.02.28 20:06:13 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2536.35586__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2007.02.28 20:06:13 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2536.35590__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2007.02.28 20:06:13 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2594.41577__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2007.02.28 20:06:13 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2536.35591__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2007.02.28 20:06:13 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2536.35600__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2007.02.28 20:06:12 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2594.41286__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2007.02.28 20:06:12 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2594.41285__90ba9c70f846762e\AEM.Server.dll
MOD - [2007.02.28 20:06:12 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2007.02.08 10:13:40 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2007.01.25 03:01:34 | 001,362,432 | ---- | M] () -- C:\Programme\Samsung\Samsung Recovery Solution II\WCScheduler.exe
MOD - [2006.11.22 00:03:50 | 000,126,976 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2006.11.21 23:43:46 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll
MOD - [2006.11.09 02:18:46 | 000,065,536 | ---- | M] () -- C:\Programme\Samsung\EBM\ChkSec.dll
MOD - [2006.09.19 19:52:46 | 000,028,672 | ---- | M] () -- C:\Programme\Samsung\Easy Display Manager\WinMove.dll
MOD - [2006.08.12 22:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Samsung Magic Doctor\HookDllPS2.dll
MOD - [2006.08.12 22:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\EasySpeedUpManager\HookDllPS2.dll
MOD - [2006.08.12 22:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.05 15:37:02 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.02 14:52:58 | 000,070,400 | ---- | M] () [Unknown (-1) | Unknown] -- C:\Windows\System32\drivers\d5ef27d2304ff7ae.sys -- (d5ef27d2304ff7ae)
SRV - [2012.08.30 13:33:28 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.08.01 11:11:38 | 001,091,984 | ---- | M] (Western Digital ) [Auto | Running] -- C:\Programme\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
SRV - [2011.08.01 11:11:36 | 001,592,208 | ---- | M] (Western Digital ) [Auto | Running] -- C:\Programme\Western Digital\WD SmartWare\WDFME.exe -- (WDFMEService)
SRV - [2011.08.01 11:11:32 | 000,263,056 | ---- | M] (WDC) [Auto | Running] -- C:\Programme\Western Digital\WD SmartWare\WDDMService.exe -- (WDDMService)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2009.05.27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ)
SRV - [2008.11.24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008.11.24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008.11.24 23:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007.06.28 19:54:42 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus)
SRV - [2006.11.02 14:36:04 | 000,895,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2006.11.02 11:46:13 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2006.11.02 11:46:12 | 000,167,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006.10.27 00:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.10.05 22:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2001.02.23 10:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | Unavailable | Unknown] -- system32\DRIVERS\msfwhlpr.sys -- (MSFWHLPR)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.09.02 14:52:58 | 000,070,400 | ---- | M] () [Unknown (-1) | Unknown (-1) | Unknown] -- C:\Windows\System32\drivers\d5ef27d2304ff7ae.sys -- (d5ef27d2304ff7ae)
DRV - [2012.07.21 17:38:36 | 000,233,024 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.02.16 18:52:46 | 000,011,520 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\wdcsam.sys -- (WDC_SAM)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.02.23 15:14:51 | 000,211,968 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\DRIVERS\mrxsmb10.sys -- (mrxsmb10)
DRV - [2010.02.23 15:14:42 | 000,058,368 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\DRIVERS\mrxsmb20.sys -- (mrxsmb20)
DRV - [2010.02.23 15:14:41 | 000,102,400 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\DRIVERS\mrxsmb.sys -- (mrxsmb)
DRV - [2010.02.20 23:30:16 | 000,396,800 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HTTP.sys -- (HTTP)
DRV - [2010.02.18 14:05:37 | 000,815,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\tcpip.sys -- (Tcpip6)
DRV - [2010.02.18 14:05:37 | 000,815,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpip.sys -- (Tcpip)
DRV - [2010.02.18 14:04:38 | 000,025,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\tunnel.sys -- (tunnel)
DRV - [2010.02.18 14:04:30 | 000,015,360 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\tunmp.sys -- (tunmp)
DRV - [2010.02.11 09:48:24 | 000,023,312 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Users\Konto\AppData\Local\Temp\atidcmxx.sys -- (AtiDCM)
DRV - [2009.12.11 14:15:49 | 000,306,688 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\DRIVERS\srv.sys -- (srv)
DRV - [2009.12.11 14:15:30 | 000,084,992 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\DRIVERS\srvnet.sys -- (srvnet)
DRV - [2009.09.14 11:50:54 | 000,130,048 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\DRIVERS\srv2.sys -- (srv2)
DRV - [2009.09.05 14:25:36 | 001,183,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\athr.sys -- (athr)
DRV - [2009.06.15 20:12:26 | 000,408,136 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecdd.sys -- (KSecDD)
DRV - [2008.02.17 00:29:33 | 000,110,080 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2008.02.17 00:28:03 | 000,224,824 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\CLFS.sys -- (CLFS)
DRV - [2008.02.17 00:28:00 | 000,495,160 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000)
DRV - [2008.02.17 00:27:59 | 000,054,784 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\i8042prt.sys -- (i8042prt)
DRV - [2008.02.17 00:27:59 | 000,035,384 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\kbdclass.sys -- (kbdclass)
DRV - [2008.02.17 00:27:59 | 000,034,360 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\mouclass.sys -- (mouclass)
DRV - [2008.02.17 00:27:59 | 000,019,968 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse)
DRV - [2008.02.17 00:27:59 | 000,015,872 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\mouhid.sys -- (mouhid)
DRV - [2008.02.17 00:25:12 | 000,154,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\nwifi.sys -- (NativeWifiP)
DRV - [2008.02.17 00:25:12 | 000,021,560 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\atapi.sys -- (atapi)
DRV - [2008.02.17 00:25:12 | 000,015,928 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pciide.sys -- (pciide)
DRV - [2008.01.10 06:29:08 | 000,211,000 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volsnap.sys -- (volsnap)
DRV - [2008.01.01 21:57:08 | 000,021,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ndndisprot.sys -- (NDNdisprot)
DRV - [2007.12.17 00:50:41 | 001,060,920 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2007.12.16 11:56:45 | 000,041,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\monitor.sys -- (monitor)
DRV - [2007.11.13 22:07:03 | 000,020,920 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\compbatt.sys -- (Compbatt)
DRV - [2007.11.13 22:07:02 | 000,258,232 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\acpi.sys -- (ACPI)
DRV - [2007.11.13 22:07:02 | 000,014,208 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\CmBatt.sys -- (CmBatt)
DRV - [2007.11.13 22:05:56 | 000,192,000 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\usbhub.sys -- (usbhub)
DRV - [2007.11.13 22:05:56 | 000,038,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\usbehci.sys -- (usbehci)
DRV - [2007.11.13 22:05:56 | 000,019,456 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\usbohci.sys -- (usbohci)
DRV - [2007.11.13 22:05:55 | 000,073,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\usbccgp.sys -- (usbccgp)
DRV - [2007.10.20 15:17:52 | 000,048,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2007.10.20 15:17:52 | 000,020,480 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\ndistapi.sys -- (NdisTapi)
DRV - [2007.10.20 15:17:51 | 000,061,952 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\wanarp.sys -- (Wanarpv6)
DRV - [2007.10.20 15:17:51 | 000,061,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\wanarp.sys -- (Wanarp)
DRV - [2007.10.20 15:17:48 | 000,070,144 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\pacer.sys -- (PSched)
DRV - [2007.10.20 15:17:47 | 000,619,008 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl)
DRV - [2007.09.02 16:39:39 | 000,055,296 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\USBSTOR.SYS -- (USBSTOR)
DRV - [2007.09.02 16:37:47 | 000,063,488 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv)
DRV - [2007.09.02 16:28:02 | 000,013,312 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\sffdisk.sys -- (sffdisk)
DRV - [2007.09.02 16:28:02 | 000,012,800 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\sffp_sd.sys -- (sffp_sd)
DRV - [2007.09.02 16:28:01 | 000,082,432 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\sdbus.sys -- (sdbus)
DRV - [2007.09.02 16:23:17 | 000,012,800 | ---- | M] () [Recognizer | System | Unknown] -- C:\Windows\System32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2007.06.18 16:18:26 | 000,023,680 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\motmodem.sys -- (motmodem)
DRV - [2007.02.28 20:46:39 | 000,140,392 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pci.sys -- (pci)
DRV - [2007.02.28 20:46:39 | 000,050,792 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\termdd.sys -- (TermDD)
DRV - [2007.02.28 20:46:39 | 000,050,280 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr)
DRV - [2007.02.28 20:46:39 | 000,028,776 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\mssmbios.sys -- (mssmbios)
DRV - [2007.02.28 20:46:39 | 000,013,928 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv)
DRV - [2007.02.28 20:46:39 | 000,012,776 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\swenum.sys -- (swenum)
DRV - [2007.02.28 20:44:48 | 000,220,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BTHport.sys -- (BTHPORT)
DRV - [2007.02.28 20:44:48 | 000,029,184 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BTHUSB.sys -- (BTHUSB)
DRV - [2007.02.28 20:44:48 | 000,019,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\BthEnum.sys -- (BthEnum)
DRV - [2007.02.28 20:17:05 | 000,013,312 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\DRIVERS\kmdfmemio.sys -- (KMDFMEMIO)
DRV - [2007.02.08 10:22:28 | 002,315,776 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\atikmdag.sys -- (R300)
DRV - [2007.01.24 05:18:32 | 000,039,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\DRIVERS\rimmptsk.sys -- (rimmptsk)
DRV - [2007.01.24 03:03:28 | 000,037,376 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\DRIVERS\rixdptsk.sys -- (rismxdp)
DRV - [2007.01.24 02:40:20 | 000,042,496 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\DRIVERS\rimsptsk.sys -- (rimsptsk)
DRV - [2006.12.20 03:01:00 | 000,050,688 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006.12.05 12:34:42 | 000,507,136 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\PFC027.SYS -- (PAC207)
DRV - [2006.11.09 02:29:44 | 001,161,888 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.02 14:34:35 | 000,132,200 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ecache.sys -- (Ecache)
DRV - [2006.11.02 14:34:31 | 000,031,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv)
DRV - [2006.11.02 11:51:42 | 000,500,840 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ndis.sys -- (NDIS)
DRV - [2006.11.02 11:51:30 | 000,290,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx)
DRV - [2006.11.02 11:51:14 | 000,183,912 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\System32\drivers\fltmgr.sys -- (FltMgr)
DRV - [2006.11.02 11:51:12 | 000,168,552 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\msiscsi.sys -- (iScsiPrt)
DRV - [2006.11.02 11:51:12 | 000,167,528 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\pcmcia.sys -- (pcmcia)
DRV - [2006.11.02 11:51:09 | 000,160,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC)
DRV - [2006.11.02 11:50:40 | 000,106,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nv_agp.sys -- (nv_agp)
DRV - [2006.11.02 11:50:24 | 000,047,208 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\isapnp.sys -- (isapnp)
DRV - [2006.11.02 11:50:24 | 000,046,696 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\System32\Drivers\mup.sys -- (Mup)
DRV - [2006.11.02 11:50:23 | 000,049,256 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\partmgr.sys -- (partmgr)
DRV - [2006.11.02 11:50:17 | 000,080,488 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm)
DRV - [2006.11.02 11:50:16 | 000,078,952 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\mpio.sys -- (mpio)
DRV - [2006.11.02 11:50:16 | 000,076,392 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port)
DRV - [2006.11.02 11:50:04 | 000,058,984 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gagp30kx.sys -- (gagp30kx)
DRV - [2006.11.02 11:50:04 | 000,058,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\uliagpkx.sys -- (uliagpkx)
DRV - [2006.11.02 11:49:59 | 000,056,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\uagp35.sys -- (uagp35)
DRV - [2006.11.02 11:49:58 | 000,056,424 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo)
DRV - [2006.11.02 11:49:57 | 000,054,888 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2006.11.02 11:49:52 | 000,054,376 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\viaagp.sys -- (viaagp)
DRV - [2006.11.02 11:49:52 | 000,053,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\agp440.sys -- (agp440)
DRV - [2006.11.02 11:49:51 | 000,052,840 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\disk.sys -- (disk)
DRV - [2006.11.02 11:49:49 | 000,027,752 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\i2omp.sys -- (i2omp)
DRV - [2006.11.02 11:49:44 | 000,023,144 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msahci.sys -- (msahci)
DRV - [2006.11.02 11:49:43 | 000,022,632 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk)
DRV - [2006.11.02 11:49:38 | 000,019,560 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wd.sys -- (Wd)
DRV - [2006.11.02 11:49:35 | 000,018,536 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\spldr.sys -- (spldr)
DRV - [2006.11.02 11:49:26 | 000,015,464 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdide.sys -- (amdide)
DRV - [2006.11.02 11:49:24 | 000,014,952 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\intelide.sys -- (intelide)
DRV - [2006.11.02 11:14:58 | 000,018,944 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbprint.sys -- (usbprint)
DRV - [2006.11.02 11:14:19 | 000,009,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\serscan.sys -- (StillCam)
DRV - [2006.11.02 11:04:35 | 000,878,080 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\peauth.sys -- (PEAUTH)
DRV - [2006.11.02 11:04:23 | 000,039,936 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV - [2006.11.02 11:03:00 | 000,242,688 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2006.11.02 11:02:15 | 000,160,256 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2006.11.02 11:02:07 | 000,023,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\tssecsrv.sys -- (tssecsrv)
DRV - [2006.11.02 11:02:01 | 000,028,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2006.11.02 11:02:01 | 000,017,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2006.11.02 11:02:01 | 000,006,144 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\rdpencdd.sys -- (RDPENCDD)
DRV - [2006.11.02 11:02:01 | 000,006,144 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\RDPCDD.sys -- (RDPCDD)
DRV - [2006.11.02 10:58:52 | 000,031,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\modem.sys -- (Modem)
DRV - [2006.11.02 10:58:43 | 000,270,336 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\afd.sys -- (AFD)
DRV - [2006.11.02 10:58:26 | 000,015,872 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV - [2006.11.02 10:58:14 | 000,118,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\ndiswan.sys -- (NdisWan)
DRV - [2006.11.02 10:58:14 | 000,061,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\raspptp.sys -- (PptpMiniport)
DRV - [2006.11.02 10:58:13 | 000,075,776 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\rasl2tp.sys -- (Rasl2tp)
DRV - [2006.11.02 10:58:13 | 000,011,776 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\rasacd.sys -- (RasAcd)
DRV - [2006.11.02 10:58:12 | 000,041,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\raspppoe.sys -- (RasPppoe)
DRV - [2006.11.02 10:58:10 | 000,017,408 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\asyncmac.sys -- (AsyncMac)
DRV - [2006.11.02 10:58:09 | 000,099,840 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipnat.sys -- (IPNAT)
DRV - [2006.11.02 10:58:04 | 000,047,104 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\DRIVERS\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2006.11.02 10:57:47 | 000,027,648 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg)
DRV - [2006.11.02 10:57:35 | 000,068,096 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\tdx.sys -- (tdx)
DRV - [2006.11.02 10:57:30 | 000,016,384 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy)
DRV - [2006.11.02 10:57:26 | 000,035,840 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\DRIVERS\netbios.sys -- (NetBIOS)
DRV - [2006.11.02 10:57:22 | 000,016,896 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\ndisuio.sys -- (Ndisuio)
DRV - [2006.11.02 10:57:20 | 000,184,320 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\netbt.sys -- (netbt)
DRV - [2006.11.02 10:57:10 | 000,066,048 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\smb.sys -- (Smb)
DRV - [2006.11.02 10:57:04 | 000,013,312 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irenum.sys -- (IRENUM)
DRV - [2006.11.02 10:56:49 | 000,060,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\DRIVERS\rspndr.sys -- (rspndr)
DRV - [2006.11.02 10:56:49 | 000,047,104 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\DRIVERS\lltdio.sys -- (lltdio)
DRV - [2006.11.02 10:55:27 | 000,092,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\bthpan.sys -- (BthPan)
DRV - [2006.11.02 10:55:24 | 000,034,816 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\umbus.sys -- (umbus)
DRV - [2006.11.02 10:55:23 | 000,049,664 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\rfcomm.sys -- (RFCOMM)
DRV - [2006.11.02 10:55:23 | 000,039,936 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM)
DRV - [2006.11.02 10:55:22 | 000,029,184 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth)
DRV - [2006.11.02 10:55:16 | 000,062,080 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ohci1394.sys -- (ohci1394)
DRV - [2006.11.02 10:55:09 | 000,068,608 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir)
DRV - [2006.11.02 10:55:08 | 000,035,328 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\circlass.sys -- (circlass)
DRV - [2006.11.02 10:55:05 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\winusb.sys -- (winusb)
DRV - [2006.11.02 10:55:05 | 000,022,528 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\DRIVERS\usbuhci.sys -- (usbuhci)
DRV - [2006.11.02 10:55:01 | 000,021,504 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidir.sys -- (HidIr)
DRV - [2006.11.02 10:55:01 | 000,012,288 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\hidusb.sys -- (HidUsb)
DRV - [2006.11.02 10:54:59 | 000,005,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2006.11.02 10:54:52 | 000,082,560 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\WUDFRd.sys -- (WUDFRd)
DRV - [2006.11.02 10:53:56 | 000,026,112 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\vgapnp.sys -- (vga)
DRV - [2006.11.02 10:53:56 | 000,025,088 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\vga.sys -- (VgaSave)
DRV - [2006.11.02 10:52:52 | 000,020,608 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen)
DRV - [2006.11.02 10:51:44 | 000,067,072 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\DRIVERS\cdrom.sys -- (cdrom)
DRV - [2006.11.02 10:51:40 | 000,013,312 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sfloppy.sys -- (sfloppy)
DRV - [2006.11.02 10:51:40 | 000,012,800 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc)
DRV - [2006.11.02 10:51:33 | 000,025,088 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\DRIVERS\fdc.sys -- (fdc)
DRV - [2006.11.02 10:51:32 | 000,020,480 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\DRIVERS\flpydisk.sys -- (flpydisk)
DRV - [2006.11.02 10:51:30 | 000,083,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2006.11.02 10:51:30 | 000,079,360 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\parport.sys -- (Parport)
DRV - [2006.11.02 10:51:25 | 000,017,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\serenum.sys -- (Serenum)
DRV - [2006.11.02 10:51:23 | 000,008,704 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\parvdm.sys -- (Parvdm)
DRV - [2006.11.02 10:51:15 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MSKSSRV.sys -- (MSKSSRV)
DRV - [2006.11.02 10:51:14 | 000,005,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MSPQM.sys -- (MSPQM)
DRV - [2006.11.02 10:51:13 | 000,006,016 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MSTEE.sys -- (MSTEE)
DRV - [2006.11.02 10:51:13 | 000,005,888 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MSPCLOCK.sys -- (MSPCLOCK)
DRV - [2006.11.02 10:51:12 | 000,015,872 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid)
DRV - [2006.11.02 10:51:05 | 000,004,608 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\null.sys -- (Null)
DRV - [2006.11.02 10:51:03 | 000,006,144 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\beep.sys -- (Beep)
DRV - [2006.11.02 10:42:03 | 000,065,536 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ipmidrv.sys -- (IPMIDRV)
DRV - [2006.11.02 10:35:03 | 000,011,264 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV - [2006.11.02 10:33:07 | 000,083,456 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\System32\drivers\luafv.sys -- (luafv)
DRV - [2006.11.02 10:32:55 | 000,027,648 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace)
DRV - [2006.11.02 10:31:26 | 000,222,208 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\DRIVERS\rdbss.sys -- (rdbss)
DRV - [2006.11.02 10:31:12 | 000,069,632 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\System32\DRIVERS\bowser.sys -- (bowser)
DRV - [2006.11.02 10:31:04 | 000,074,752 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\Drivers\dfsc.sys -- (DfsC)
DRV - [2006.11.02 10:30:57 | 000,225,280 | ---- | M] () [File_System | Disabled | Stopped] -- C:\Windows\System32\DRIVERS\udfs.sys -- (udfs)
DRV - [2006.11.02 10:30:57 | 000,034,816 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\npfs.sys -- (Npfs)
DRV - [2006.11.02 10:30:56 | 000,022,528 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\msfs.sys -- (Msfs)
DRV - [2006.11.02 10:30:50 | 000,070,144 | ---- | M] () [File_System | Disabled | Running] -- C:\Windows\System32\DRIVERS\cdfs.sys -- (cdfs)
DRV - [2006.11.02 10:30:49 | 000,142,336 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fastfat.sys -- (fastfat)
DRV - [2006.11.02 10:30:19 | 000,039,424 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7)
DRV - [2006.11.02 10:30:18 | 000,040,960 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8)
DRV - [2006.11.02 10:30:18 | 000,039,424 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\intelppm.sys -- (intelppm)
DRV - [2006.11.02 10:30:18 | 000,038,912 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe)
DRV - [2006.11.02 10:30:18 | 000,038,912 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7)
DRV - [2006.11.02 10:30:18 | 000,038,400 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\processr.sys -- (Processor)
DRV - [2006.11.02 10:27:22 | 001,083,520 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2006.11.02 09:36:49 | 000,235,520 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService)
DRV - [2006.11.02 09:30:56 | 002,589,184 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\NETw2v32.sys -- (NETw2v32)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1315399434-4012707586-2408701596-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKU\S-1-5-21-1315399434-4012707586-2408701596-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http:\\www.samsungcomputer.com
IE - HKU\S-1-5-21-1315399434-4012707586-2408701596-1006\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1315399434-4012707586-2408701596-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-1315399434-4012707586-2408701596-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
IE - HKU\S-1-5-21-1315399434-4012707586-2408701596-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1315399434-4012707586-2408701596-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: formhistory@yahoo.com:1.3.0.2
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9
FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.2.0.10687
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.14
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.07.18 11:22:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.07.21 14:00:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.30 13:33:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.16 19:55:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.07.18 11:22:15 | 000,000,000 | ---D | M]
 
[2012.05.31 21:14:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Konto\AppData\Roaming\mozilla\Extensions
[2012.09.02 20:02:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Konto\AppData\Roaming\mozilla\Firefox\Profiles\3bktmake.default\extensions
[2012.06.16 15:23:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Konto\AppData\Roaming\mozilla\Firefox\Profiles\3bktmake.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.07.20 09:56:39 | 000,000,000 | ---D | M] (Form History Control) -- C:\Users\Konto\AppData\Roaming\mozilla\Firefox\Profiles\3bktmake.default\extensions\formhistory@yahoo.com
[2012.08.16 19:53:32 | 002,282,511 | ---- | M] () (No name found) -- C:\Users\Konto\AppData\Roaming\mozilla\firefox\profiles\3bktmake.default\extensions\nasanightlaunch@example.com.xpi
[2012.07.25 12:40:13 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Konto\AppData\Roaming\mozilla\firefox\profiles\3bktmake.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.06.16 15:23:53 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Konto\AppData\Roaming\mozilla\firefox\profiles\3bktmake.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2012.09.02 20:02:29 | 000,699,353 | ---- | M] () (No name found) -- C:\Users\Konto\AppData\Roaming\mozilla\firefox\profiles\3bktmake.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2012.07.27 21:06:42 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2007.09.02 15:51:06 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012.08.26 20:52:57 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.21 14:00:12 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.08.26 20:52:57 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.08.30 13:33:30 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.07.18 09:45:40 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 13:33:26 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.18 09:45:40 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.18 09:45:40 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.18 09:45:40 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.18 09:45:40 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.07.21 18:47:34 | 000,000,785 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [Play AVStation TV Scheduler] C:\Programme\Samsung\Play AVStation\TvScheduler.exe (SAMSUNG ELECTRONICS CO., LTD.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1315399434-4012707586-2408701596-1006..\Run: []  File not found
O4 - HKU\S-1-5-21-1315399434-4012707586-2408701596-1006..\Run: [Akamai NetSession Interface] C:\Users\Konto\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-1315399434-4012707586-2408701596-1006..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKU\S-1-5-21-1315399434-4012707586-2408701596-1006..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoHotStart = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll ()
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 10.4.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.50.140.118 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{082264E5-35B3-4F48-B8BF-CEB85C74F920}: DhcpNameServer = 195.50.140.118 192.168.0.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{ae2f3dde-6ad1-11e1-995d-0013773a05c6}\Shell - "" = AutoRun
O33 - MountPoints2\{ae2f3dde-6ad1-11e1-995d-0013773a05c6}\Shell\AutoRun\command - "" = F:\unlock.exe autoplay=true
O33 - MountPoints2\{facac4be-d349-11e1-a8a2-0013773a05c6}\Shell - "" = AutoRun
O33 - MountPoints2\{facac4be-d349-11e1-a8a2-0013773a05c6}\Shell\AutoRun\command - "" = G:\setup_legend_of_grimrock_1.0.0.6.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.06 00:45:53 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.09.05 23:30:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012.09.05 21:28:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012.09.05 20:11:59 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012.09.05 20:11:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2012.09.05 20:06:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.09.05 15:43:27 | 000,000,000 | ---D | C] -- C:\Users\Konto\AppData\Roaming\Malwarebytes
[2012.09.02 20:16:03 | 000,000,000 | ---D | C] -- C:\Program Files\ATI(21)
[2012.09.02 20:07:50 | 000,000,000 | ---D | C] -- C:\ATI(20)
[2012.09.02 17:16:00 | 000,000,000 | ---D | C] -- C:\Program Files\Driver Cleaner Pro
[2012.09.02 16:41:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2012.09.02 16:37:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
[2012.08.22 14:17:11 | 000,000,000 | ---D | C] -- C:\Users\Konto\AppData\Local\Western_Digital
[2012.08.16 20:19:55 | 000,000,000 | ---D | C] -- C:\Users\Konto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft
[2012.08.16 20:19:51 | 000,000,000 | ---D | C] -- C:\Users\Konto\AppData\Roaming\.minecraft
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.06 01:50:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4C34C866-F54C-4588-9C75-63AD9B10E143}.job
[2012.09.06 01:47:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.06 01:43:26 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.06 01:43:25 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.06 01:43:25 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.06 01:43:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.06 01:41:25 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.09.06 01:30:24 | 000,000,166 | ---- | M] () -- C:\Users\Konto\defogger_reenable
[2012.09.06 00:54:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.06 00:53:47 | 000,755,100 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.06 00:53:47 | 000,704,984 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.06 00:53:47 | 000,163,254 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.06 00:53:47 | 000,140,074 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.05 15:29:27 | 000,006,246 | ---- | M] () -- C:\Users\Konto\Documents\Dokument.rtf
[2012.09.05 11:55:01 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.09.05 00:17:41 | 000,025,088 | ---- | M] () -- C:\Users\Konto\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.02 19:58:25 | 000,001,356 | ---- | M] () -- C:\Users\Konto\AppData\Local\d3d9caps.dat
[2012.09.02 16:37:34 | 000,000,618 | ---- | M] () -- C:\Users\Public\Desktop\Legend of Grimrock.lnk
[2012.09.02 14:52:58 | 000,070,400 | ---- | M] () -- C:\Windows\System32\drivers\d5ef27d2304ff7ae.sys
[2012.08.26 22:19:22 | 001,031,681 | ---- | M] () -- C:\Users\Konto\Documents\Anl1_zu_FB1_ab2011.pdf
[2012.08.11 19:29:08 | 000,011,287 | ---- | M] () -- C:\Users\Konto\Desktop\***.jpg
[2012.08.11 19:28:46 | 000,190,142 | ---- | M] () -- C:\Users\Konto\Desktop\Foto.JPG
 
========== Files Created - No Company Name ==========
 
[2012.09.06 01:30:22 | 000,000,166 | ---- | C] () -- C:\Users\Konto\defogger_reenable
[2012.09.05 15:29:26 | 000,006,246 | ---- | C] () -- C:\Users\Konto\Documents\Dokument.rtf
[2012.09.02 19:49:58 | 000,001,356 | ---- | C] () -- C:\Users\Konto\AppData\Local\d3d9caps.dat
[2012.09.02 16:37:34 | 000,000,618 | ---- | C] () -- C:\Users\Public\Desktop\Legend of Grimrock.lnk
[2012.09.02 14:52:58 | 000,070,400 | ---- | C] () -- C:\Windows\System32\drivers\d5ef27d2304ff7ae.sys
[2012.08.26 21:22:10 | 001,031,681 | ---- | C] () -- C:\Users\Konto\Documents\Anl1_zu_FB1_ab2011.pdf
[2012.08.11 19:29:07 | 000,011,287 | ---- | C] () -- C:\Users\Konto\Desktop\***.jpg
[2012.08.11 19:28:41 | 000,190,142 | ---- | C] () -- C:\Users\Konto\Desktop\Foto.JPG
[2012.07.21 17:38:36 | 000,233,024 | ---- | C] () -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2012.07.18 11:05:29 | 000,219,018 | ---- | C] () -- C:\Windows\hpoins47.dat
[2012.07.18 11:05:29 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl47.dat
[2012.06.17 16:35:45 | 000,000,600 | ---- | C] () -- C:\Users\Konto\AppData\Local\PUTTY.RND
[2012.06.16 20:04:09 | 000,025,088 | ---- | C] () -- C:\Users\Konto\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.16 15:31:08 | 000,000,488 | ---- | C] () -- C:\Users\Konto\.swfinfo
[2012.06.08 11:35:23 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.03.21 22:32:06 | 000,021,504 | ---- | C] () -- C:\Windows\System32\drivers\NDNdisprot.sys
[2012.02.15 12:01:50 | 000,043,520 | ---- | C] () -- C:\Windows\System32\drivers\usbaapl.sys
[2012.02.12 23:01:47 | 000,026,600 | ---- | C] () -- C:\Windows\System32\drivers\GEARAspiWDM.sys
[2012.01.04 20:22:37 | 000,137,928 | ---- | C] () -- C:\Windows\System32\drivers\avipbb.sys
[2012.01.04 20:22:37 | 000,036,000 | ---- | C] () -- C:\Windows\System32\drivers\avkmgr.sys
[2011.08.02 18:38:44 | 000,018,432 | ---- | C] () -- C:\Windows\System32\drivers\netaapl.sys
[2011.02.16 18:52:46 | 000,011,520 | ---- | C] () -- C:\Windows\System32\drivers\wdcsam.sys
[2008.03.23 12:58:02 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2007.09.02 14:52:29 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
 
========== LOP Check ==========
 
[2010.12.27 18:01:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Software4u
[2012.08.16 20:21:24 | 000,000,000 | ---D | M] -- C:\Users\Konto\AppData\Roaming\.minecraft
[2012.06.18 13:00:11 | 000,000,000 | ---D | M] -- C:\Users\Konto\AppData\Roaming\avidemux
[2012.07.21 17:30:36 | 000,000,000 | ---D | M] -- C:\Users\Konto\AppData\Roaming\DAEMON Tools Pro
[2012.06.18 00:34:38 | 000,000,000 | ---D | M] -- C:\Users\Konto\AppData\Roaming\DiskAid
[2012.07.21 14:14:06 | 000,000,000 | ---D | M] -- C:\Users\Konto\AppData\Roaming\GHISLER
[2012.08.05 16:59:58 | 000,000,000 | ---D | M] -- C:\Users\Konto\AppData\Roaming\iFunbox_UserCache
[2012.06.17 18:37:12 | 000,000,000 | ---D | M] -- C:\Users\Konto\AppData\Roaming\IrfanView
[2012.07.21 14:15:31 | 000,000,000 | ---D | M] -- C:\Users\Konto\AppData\Roaming\JAM Software
[2012.06.17 14:47:00 | 000,000,000 | ---D | M] -- C:\Users\Konto\AppData\Roaming\Macroplant LLC
[2012.06.16 16:28:45 | 000,000,000 | ---D | M] -- C:\Users\Konto\AppData\Roaming\mp3DirectCut
[2012.06.17 17:22:51 | 000,000,000 | ---D | M] -- C:\Users\Konto\AppData\Roaming\redsn0w
[2012.06.16 16:09:50 | 000,000,000 | ---D | M] -- C:\Users\Konto\AppData\Roaming\streamripper
[2012.09.01 16:23:25 | 000,000,000 | ---D | M] -- C:\Users\Konto\AppData\Roaming\WindSolutions
[2012.06.16 19:30:15 | 000,000,000 | ---D | M] -- C:\Users\Konto\AppData\Roaming\xrecode2
[2009.09.16 21:07:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo
[2011.11.29 09:08:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Kartina.TV
[2012.06.02 19:13:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PDF reDirect
[2012.06.02 18:03:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\xrecode2
[2012.09.06 01:41:25 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.09.06 01:50:00 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4C34C866-F54C-4588-9C75-63AD9B10E143}.job
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---


OTL Logfile:
Code:
OTL Extras logfile created on: 06.09.2012 01:44:50 - Run 1
OTL by OldTimer - Version 3.2.61.0    Folder = C:\Users\Konto\Downloads\Viren
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,48 Gb Available Physical Memory | 27,36% Memory free
3,71 Gb Paging File | 2,41 Gb Available in Paging File | 65,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,05 Gb Total Space | 2,69 Gb Free Space | 3,90% Space Free | Partition Type: NTFS
Drive D: | 70,00 Gb Total Space | 14,17 Gb Free Space | 20,25% Space Free | Partition Type: NTFS
 
Computer Name: NATALJA | User Name: Konto | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-1315399434-4012707586-2408701596-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{014E482A-0C27-47E3-BA82-307E9DCA2F47}" = HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
"{0212BFBB-50BA-C4FA-D700-DFBB40A9F1AF}" = Catalyst Control Center Localization Arabic
"{0219FD21-8B2E-240B-3D35-997EE0E3F81B}" = Catalyst Control Center Localization Arabic
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{047ACAF8-7642-4940-8EC6-4694E0E60B40}" = CCC Help French
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05D08C4D-58A2-438B-A419-EE994E64E15D}" = B110
"{06F42C96-A96C-F579-B0FA-F44BBA118C51}" = ccc-core-static
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0BB96994-EA3F-D659-6A3B-D2D73FEBD8E4}" = ccc-utility
"{0C1D06CD-D5D1-A718-5C8F-27D089C5C39C}" = Catalyst Control Center Localization Finnish
"{0DF36AB1-1B4C-CAEC-A23E-EFA25738B60A}" = CCC Help Greek
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{110D7DC8-9237-47D3-AB39-50651A10304C}" = SamsungScreensaver
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{12080F61-1225-BCDE-EFE2-3452E826D9AD}" = Catalyst Control Center Graphics Light
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{143539DF-6F6E-9E25-3EDF-0906C7F533B7}" = CCC Help Korean
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution II
"{148806DB-3E2E-4A2E-D7F8-223EFA43C350}" = Catalyst Control Center Graphics Full New
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{20CD8D4B-74ED-BED9-805C-6F4FBE6B4F01}" = ccc-localization-da
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{31ACBC65-C234-BD71-3FCE-520EC0138635}" = CCC Help Norwegian
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{3AB54293-0366-7D73-D97E-3DB689A72E4A}" = CCC Help Danish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DC4A72C-B683-5733-8A2C-136FBB5619D6}" = Catalyst Control Center Localization German
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{47EDD638-F882-A248-FBA5-B0CCBB9175D8}" = CCC Help Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4D6125BF-2586-9175-24FE-854DD6F6F08F}" = CCC Help Hungarian
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51B055DD-A5F8-4D0C-A09C-66E58AD56F20}" = WD SmartWare
"{52FE8F38-057E-26C5-DF29-935DE6E218E0}" = Catalyst Control Center Localization Japanese
"{5579A7B8-F48A-C2F5-75D0-F67CDFD68461}" = Catalyst Control Center Core Implementation
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A4BB8B6-8BE7-A8AF-528C-55A50DD18497}" = Catalyst Control Center Localization Arabic
"{5AA05616-21D6-63D5-CA68-73200B161599}" = CCC Help Czech
"{5D11659E-A95B-42A5-9585-C2999CF119EF}" = eMedia
"{5E99C53A-D37E-CEA5-0398-329F15494618}" = Catalyst Control Center Graphics Full Existing
"{64536DB8-3247-4489-6BC3-BCD0DCC74810}" = Catalyst Control Center Localization Spanish
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6BD4EDE4-053E-FC85-AFC2-58306952BDBD}" = Catalyst Control Center Localization French
"{6F6D2DE6-44FA-EAF4-0028-7FAE37A76B4C}" = CCC Help Turkish
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78E2F10D-4A74-A354-3D41-CF439A501AE5}" = CCC Help Italian
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iExplorer 2.2.1.3
"{8448A09D-0E2A-4EFA-6A16-AFA374AE088F}" = Catalyst Control Center Graphics Previews Vista
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{87858FF1-3D1C-301A-0C62-62F977659969}" = Catalyst Control Center Localization Italian
"{8799B11A-0E01-1729-B527-802A3513BEE7}" = CCC Help Polish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A51FE4C-7DC6-8C9B-67D7-8536B7413BFE}" = Catalyst Control Center Localization Korean
"{8A92CE03-CEEB-145D-1F8D-FBC0DDE0CDEF}" = CCC Help Finnish
"{8E4B1BE8-DCF3-4B90-A726-B28107442623}" = SolutionCenter
"{8ED71B2B-8228-EFF8-B566-890D771A6A98}" = CCC Help Swedish
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{903194A5-E1E4-E56B-8B3C-C52664CD6A65}" = CCC Help Japanese
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{95CCAA64-028C-FF26-B553-3401EA3B137B}" = CCC Help Chinese Standard
"{98C0E007-7225-550C-BD4D-16A53171FA5B}" = CCC Help Chinese Traditional
"{99825ADC-3BAC-40C6-3FA1-A80496C5FE4D}" = CCC Help German
"{99FBF341-96A4-6E6B-F098-F5318F74FD8B}" = Catalyst Control Center Localization Hungarian
"{9AEE384F-4CEB-9FD4-0ECA-5A2A5FF3FC65}" = Catalyst Control Center Localization Arabic
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0A703E5-975D-8426-B654-A3C86EEA771F}" = Catalyst Control Center Localization Greek
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3400
"{A2E2B102-C07F-2D6A-F826-FBE911583029}" = Catalyst Control Center Localization Arabic
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB8465B2-8971-83AA-72AC-08C870CAB14B}" = CCC Help English
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{AFE83615-88BE-47F6-B3E4-A3FEF8B7B57F}_is1" = xrecode II 1.0.0.190
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B57D54D5-BE8F-152A-3DDA-2CCC34916ABB}" = Catalyst Control Center Localization Czech
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BBFB2E59-B0DB-42C8-8F4D-CF4E85471667}" = Toolbox
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BF6379E6-9936-46B0-B6AC-C56EE3987D2E}" = inSSIDer
"{C2F84222-A797-3ADB-F73F-F9FEA356365E}" = Catalyst Control Center Localization Chinese Standard
"{C5DC24CC-98D8-3714-20DE-F3154692CAC1}" = CCC Help Portuguese
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2BD3C8F-9D7F-472B-BDF9-7309A5CB813A}" = Motorola Driver Installation 3.5.0
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D3D1D696-84A8-465A-BC61-CDAC852B24CD}_is1" = Phone to PC 4.1.6.2
"{D6339BC5-BD2E-580C-0A9E-EF09B768C891}" = CCC Help Thai
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DDFA8768-E4A8-4EFA-637B-DF23DC3EFD04}" = Catalyst Control Center Localization Chinese Traditional
"{DF1F4246-C7DF-7C15-6BBD-211E768EB715}" = Catalyst Control Center Localization Arabic
"{E481BC06-6BBB-093B-728A-C8EEB98E1E47}" = Catalyst Control Center Localization Arabic
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E5BED6AE-BEF7-8504-38DB-F881A526F5C2}" = Skins
"{EC69E8A3-A20F-E735-968A-CE6D4E1FA857}" = CCC Help Russian
"{ED8EACD0-3B35-AA21-DA10-6372AB6D19CA}" = CCC Help Dutch
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6081BF5-B4AB-456A-9694-89F5CB6ED270}" = Motorola Phone Tools
"{F80BD4BC-06B8-488E-A62E-C4755013DD71}" = Network
"{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min
"{F9A63CBA-FB65-44E2-9BFB-927E7208B3D7}" = Motorola Phone Tools
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}" = AVStation Now
"{FF602681-E2E7-9FFF-9752-3B0F8E7D38F1}" = Catalyst Control Center Localization Arabic
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Ashampoo Burning Studio 9_is1" = Ashampoo Burning Studio 9.12
"ATI Uninstaller" = ATI Uninstaller
"AudibleManager" = AudibleManager
"Avidemux 2.5" = Avidemux 2.5 (32-bit)
"AviSynth" = AviSynth 2.5
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CCleaner" = CCleaner
"DAEMON Tools Pro" = DAEMON Tools Pro
"DiskAid_is1" = DiskAid 5.14
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"FLV Player" = FLV Player 2.0 (build 25)
"Google Updater" = Google Updater
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"iFunbox_is1" = iFunbox (v1.96.938.649), iFunbox DevTeam
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"InstallShield_{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}" = AVStation Now
"IrfanView" = IrfanView (remove only)
"Kartina.TV" = Kartina.TV
"Legend of Grimrock_is1" = Legend of Grimrock
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Netdetect_is1" = Netdetect 2.0.0b5
"PDF reDirect" = PDF reDirect (remove only)
"plist Editor for Windows" = plist Editor for Windows 1.0.2
"PROHYBRIDR" = 2007 Microsoft Office system
"ratDVD" = ratDVD 0.78.1444
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TreeSize Free_is1" = TreeSize Free V2.7
"Videora iPad Converter" = Videora iPad Converter 6
"VLC media player" = VLC media player 2.0.1
"WinRAR archiver" = WinRAR 4.11 (32-Bit)
"xp-AntiSpy" = xp-AntiSpy 3.98-2
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1315399434-4012707586-2408701596-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"CopyTrans Suite" = Nur Entfernen der CopyTrans Suite möglich
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 05.09.2012 09:36:45 | Computer Name = *** | Source = Avira Antivirus | ID = 4122
Description =
 
Error - 05.09.2012 11:02:01 | Computer Name = *** | Source = Avira Antivirus | ID = 4122
Description =
 
Error - 05.09.2012 13:44:49 | Computer Name = *** | Source = Avira Antivirus | ID = 4122
Description =
 
Error - 05.09.2012 13:48:04 | Computer Name = *** | Source = Avira Antivirus | ID = 4122
Description =
 
Error - 05.09.2012 17:55:36 | Computer Name = *** | Source = MsiInstaller | ID = 11316
Description =
 
Error - 05.09.2012 19:02:11 | Computer Name = *** | Source = EventSystem | ID = 4609
Description =
 
Error - 05.09.2012 19:10:57 | Computer Name = *** | Source = Avira Antivirus | ID = 4122
Description =
 
Error - 05.09.2012 19:12:34 | Computer Name = *** | Source = Avira Antivirus | ID = 4122
Description =
 
Error - 05.09.2012 19:24:37 | Computer Name = *** | Source = Avira Antivirus | ID = 4122
Description =
 
Error - 05.09.2012 19:25:53 | Computer Name = Natalja | Source = Avira Antivirus | ID = 4122
Description =
 
[ Media Center Events ]
Error - 14.06.2012 07:12:05 | Computer Name = *** | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
[ OSession Events ]
Error - 11.09.2009 17:34:36 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 01.10.2009 17:36:35 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 13
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 05.09.2012 19:17:20 | Computer Name = *** | Source = DCOM | ID = 10010
Description =
 
Error - 05.09.2012 19:19:27 | Computer Name = *** | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 06.09.2012 um 01:17:54 unerwartet heruntergefahren.
 
Error - 05.09.2012 19:38:42 | Computer Name = *** | Source = Service Control Manager | ID = 7024
Description =
 
Error - 05.09.2012 19:38:42 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description =
 
Error - 05.09.2012 19:38:42 | Computer Name = *** | Source = Service Control Manager | ID = 7023
Description =
 
Error - 05.09.2012 19:38:42 | Computer Name = *** | Source = Service Control Manager | ID = 7003
Description =
 
Error - 05.09.2012 19:38:42 | Computer Name = *** | Source = Service Control Manager | ID = 7003
Description =
 
Error - 05.09.2012 19:38:42 | Computer Name = *** | Source = Service Control Manager | ID = 7026
Description =
 
Error - 05.09.2012 19:38:42 | Computer Name = *** | Source = Service Control Manager | ID = 7001
Description =
 
Error - 05.09.2012 19:41:22 | Computer Name = *** | Source = DCOM | ID = 10010
Description =
 
[ Windows OneCare Events ]
Error - 26.03.2008 02:32:42 | Computer Name = *** | Source = WinSS | ID = 1011
Description =
 
Error - 26.03.2008 02:32:42 | Computer Name = *** | Source = WinSS | ID = 1011
Description =
 
Error - 26.03.2008 03:55:40 | Computer Name = *** | Source = WinSS | ID = 1011
Description =
 
Error - 30.03.2008 16:10:50 | Computer Name = *** | Source = WinSS | ID = 1011
Description =
 
Error - 30.03.2008 16:10:50 | Computer Name = *** | Source = WinSS | ID = 1011
Description =
 
Error - 10.04.2008 02:55:26 | Computer Name = *** | Source = WinSS | ID = 1011
Description =
 
Error - 11.04.2008 04:57:07 | Computer Name = *** | Source = WinSS | ID = 1011
Description =
 
Error - 15.04.2008 05:17:00 | Computer Name = *** | Source = WinSS | ID = 1011
Description =
 
Error - 15.04.2008 05:17:00 | Computer Name = *** | Source = WinSS | ID = 1011
Description =
 
Error - 15.04.2008 06:16:17 | Computer Name = *** | Source = WinSS | ID = 1011
Description =
 
 
< End of report >
--- --- ---

GMER Logfile:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-06 02:40:27
Windows 6.0.6000 
Running: hbdnsjc6.exe


---- Services - GMER 1.0.15 ----

Service  C:\SystemRoot\System32\Drivers\d5ef27d2304ff7ae.sys (*** hidden *** )                                              [BOOT] d5ef27d2304ff7ae                            <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00027873b61e                                       
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016cfe759b3                                       
Reg      HKLM\SYSTEM\CurrentControlSet\Services\d5ef27d2304ff7ae@ImagePath                                                  \SystemRoot\System32\Drivers\d5ef27d2304ff7ae.sys
Reg      HKLM\SYSTEM\CurrentControlSet\Services\d5ef27d2304ff7ae@Group                                                      Boot Bus Extender
Reg      HKLM\SYSTEM\CurrentControlSet\Services\d5ef27d2304ff7ae@ErrorControl                                                0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\d5ef27d2304ff7ae@Type                                                        1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\d5ef27d2304ff7ae@Start                                                      0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\d5ef27d2304ff7ae@Tag                                                        1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\d5ef27d2304ff7ae@DisplayName                                                syshost.exe
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                   
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                C:\Program Files\DAEMON Tools Pro\
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                0x00 0x00 0x00 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x64 0xDF 0x5E 0x99 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                         
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0xA0 0x02 0x00 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                    0xE4 0x1E 0x2E 0x17 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                     
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x7E 0x63 0xE9 0x0E ...
Reg      HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00027873b61e (not active ControlSet)                   
Reg      HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0016cfe759b3 (not active ControlSet)                   
Reg      HKLM\SYSTEM\ControlSet002\Services\d5ef27d2304ff7ae@ImagePath                                                      \SystemRoot\System32\Drivers\d5ef27d2304ff7ae.sys
Reg      HKLM\SYSTEM\ControlSet002\Services\d5ef27d2304ff7ae@Group                                                          Boot Bus Extender
Reg      HKLM\SYSTEM\ControlSet002\Services\d5ef27d2304ff7ae@ErrorControl                                                    0
Reg      HKLM\SYSTEM\ControlSet002\Services\d5ef27d2304ff7ae@Type                                                            1
Reg      HKLM\SYSTEM\ControlSet002\Services\d5ef27d2304ff7ae@Start                                                          0
Reg      HKLM\SYSTEM\ControlSet002\Services\d5ef27d2304ff7ae@Tag                                                            1
Reg      HKLM\SYSTEM\ControlSet002\Services\d5ef27d2304ff7ae@DisplayName                                                    syshost.exe
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)               
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                    C:\Program Files\DAEMON Tools Pro\
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                    0x00 0x00 0x00 0x00 ...
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                    0
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x64 0xDF 0x5E 0x99 ...
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)     
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0xA0 0x02 0x00 0x00 ...
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                        0xE4 0x1E 0x2E 0x17 ...
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) 
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x7E 0x63 0xE9 0x0E ...

---- EOF - GMER 1.0.15 ----
--- --- ---


Liege ich mit der Vermutung nahe dass ich mir ein Rootkit eingefangen habe? Ich danke euch jetzt schon für die Hilfe …

Lg Andre

Psychotic 06.09.2012 07:59
:hallo:

Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
  1. Bitte arbeite alle Schritte der Reihe nach ab.
  2. Lese die Anleitungen sorgfältig. Solltest du irgendwo nicht weiterkommen, stoppe an diesem Punkt und beschreibe dein Problem hier!
  3. Nur Scans durchführen, zu denen du von einem Helfer aufgefordert wirst.
  4. Bitte kein Crossposting (posten in mehreren Foren) - wenn du die Anweisungen mehrere Helfer ausführst, kann das schwere Probleme nach sich ziehen!.
  5. Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
  6. Wenn etwas unklar ist: Frage, bevor du etwas "blind" machst!

    ...und ganz wichtig:

  7. Poste die Logfiles mit code-tags (das #-Symbol oben im Antwortfenster) in deinen Thread! Nicht anhängen, außer, ich fordere dich dazu auf. (Erschwert mir nämlich das Auswerten).


Vista und Win7 User
Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten.


Scan mit TDSS-Killer


Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Klicke Change parameters, wähle Detect TDLFS file system, klicke OK.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.

loc-nar 06.09.2012 09:35
Moin,

danke dass du dich meiner annimmst:

Erstmal beim starten kam der Fehler "Could not load Driver". Scan hat aber trotzdem funktioniert:

Code:
10:27:01.0336 1800  TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
10:27:01.0497 1800  ============================================================
10:27:01.0497 1800  Current date / time: 2012/09/06 10:27:01.0497
10:27:01.0497 1800  SystemInfo:
10:27:01.0497 1800 
10:27:01.0497 1800  OS Version: 6.0.6000 ServicePack: 0.0
10:27:01.0497 1800  Product type: Workstation
10:27:01.0498 1800  ComputerName: ***
10:27:01.0498 1800  UserName: Konto
10:27:01.0498 1800  Windows directory: C:\Windows
10:27:01.0498 1800  System windows directory: C:\Windows
10:27:01.0498 1800  Processor architecture: Intel x86
10:27:01.0498 1800  Number of processors: 2
10:27:01.0498 1800  Page size: 0x1000
10:27:01.0498 1800  Boot type: Normal boot
10:27:01.0498 1800  ============================================================
10:27:08.0958 1800  !crdlk
10:27:09.0245 1800  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
10:27:09.0274 1800  ============================================================
10:27:09.0274 1800  \Device\Harddisk0\DR0:
10:27:09.0288 1800  MBR partitions:
10:27:09.0288 1800  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x8A19000
10:27:09.0288 1800  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9E19800, BlocksNum 0x8BFF800
10:27:09.0288 1800  ============================================================
10:27:09.0332 1800  C: <-> \Device\Harddisk0\DR0\Partition1
10:27:09.0382 1800  D: <-> \Device\Harddisk0\DR0\Partition2
10:27:09.0383 1800  ============================================================
10:27:09.0383 1800  Initialize success
10:27:09.0383 1800  ============================================================
10:27:41.0416 2736  ============================================================
10:27:41.0416 2736  Scan started
10:27:41.0416 2736  Mode: Manual; TDLFS;
10:27:41.0416 2736  ============================================================
10:27:41.0833 2736  ================ Scan system memory ========================
10:27:41.0833 2736  System memory - ok
10:27:41.0834 2736  ================ Scan services =============================
10:27:42.0095 2736  [ 84FC6DF81212D16BE5C4F441682FECCC ] ACPI            C:\Windows\system32\drivers\acpi.sys
10:27:42.0101 2736  ACPI - ok
10:27:42.0268 2736  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
10:27:42.0270 2736  AdobeARMservice - ok
10:27:42.0364 2736  [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:27:42.0370 2736  AdobeFlashPlayerUpdateSvc - ok
10:27:42.0438 2736  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx        C:\Windows\system32\drivers\adp94xx.sys
10:27:42.0447 2736  adp94xx - ok
10:27:42.0483 2736  [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci        C:\Windows\system32\drivers\adpahci.sys
10:27:42.0492 2736  adpahci - ok
10:27:42.0523 2736  [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
10:27:42.0526 2736  adpu160m - ok
10:27:42.0560 2736  [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320        C:\Windows\system32\drivers\adpu320.sys
10:27:42.0564 2736  adpu320 - ok
10:27:42.0655 2736  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
10:27:42.0656 2736  AeLookupSvc - ok
10:27:42.0716 2736  [ 5D24CAF8EFD924A875698FF28384DB8B ] AFD            C:\Windows\system32\drivers\afd.sys
10:27:42.0723 2736  AFD - ok
10:27:42.0757 2736  [ 39E435C90C9C4F780FA0ED05CA3C3A1B ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
10:27:42.0758 2736  AgereModemAudio - ok
10:27:42.0850 2736  [ A19871AE65A769C65034B4DC44C29023 ] AgereSoftModem  C:\Windows\system32\DRIVERS\AGRSM.sys
10:27:42.0895 2736  AgereSoftModem - ok
10:27:42.0943 2736  [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440          C:\Windows\system32\drivers\agp440.sys
10:27:42.0945 2736  agp440 - ok
10:27:43.0018 2736  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx        C:\Windows\system32\drivers\djsvs.sys
10:27:43.0020 2736  aic78xx - ok
10:27:43.0074 2736  [ E69FB0E3112C40FDC0EF7D21A52DC951 ] ALG            C:\Windows\System32\alg.exe
10:27:43.0076 2736  ALG - ok
10:27:43.0109 2736  [ 90395B64600EBB4552E26E178C94B2E4 ] aliide          C:\Windows\system32\drivers\aliide.sys
10:27:43.0111 2736  aliide - ok
10:27:43.0149 2736  [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
10:27:43.0151 2736  amdagp - ok
10:27:43.0188 2736  [ 0577DF1D323FE75A739C787893D300EA ] amdide          C:\Windows\system32\drivers\amdide.sys
10:27:43.0189 2736  amdide - ok
10:27:43.0237 2736  [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7          C:\Windows\system32\drivers\amdk7.sys
10:27:43.0239 2736  AmdK7 - ok
10:27:43.0284 2736  [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8          C:\Windows\system32\drivers\amdk8.sys
10:27:43.0286 2736  AmdK8 - ok
10:27:43.0359 2736  [ CFA455816879F06F1C4E5BBF9E8AEF7D ] Appinfo        C:\Windows\System32\appinfo.dll
10:27:43.0360 2736  Appinfo - ok
10:27:43.0473 2736  [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:27:43.0476 2736  Apple Mobile Device - ok
10:27:43.0523 2736  [ 5F673180268BB1FDB69C99B6619FE379 ] arc            C:\Windows\system32\drivers\arc.sys
10:27:43.0525 2736  arc - ok
10:27:43.0583 2736  [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
10:27:43.0585 2736  arcsas - ok
10:27:43.0753 2736  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
10:27:43.0755 2736  aspnet_state - ok
10:27:43.0809 2736  [ E86CF7CE67D5DE898F27EF884DC357D8 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
10:27:43.0810 2736  AsyncMac - ok
10:27:43.0869 2736  [ B35CFCEF838382AB6490B321C87EDF17 ] atapi          C:\Windows\system32\drivers\atapi.sys
10:27:43.0870 2736  atapi - ok
10:27:43.0964 2736  [ 2846F5EE802889D500FCF5CC48B28381 ] athr            C:\Windows\system32\DRIVERS\athr.sys
10:27:44.0010 2736  athr - ok
10:27:44.0110 2736  [ D1F2726E89D4BD96F8314B9E303E633D ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
10:27:44.0134 2736  Ati External Event Utility - ok
10:27:44.0402 2736  [ 908600384E8CC829081E468C65850FFD ] AtiDCM          C:\Users\Konto\AppData\Local\Temp\atidcmxx.sys
10:27:44.0404 2736  AtiDCM - ok
10:27:44.0501 2736  [ E760FC1BD68F7F6F1B17EB4E8D9480B0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:27:44.0506 2736  AudioEndpointBuilder - ok
10:27:44.0545 2736  [ E760FC1BD68F7F6F1B17EB4E8D9480B0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
10:27:44.0548 2736  Audiosrv - ok
10:27:44.0634 2736  [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
10:27:44.0635 2736  BcmSqlStartupSvc - ok
10:27:44.0692 2736  [ AC3DD1708B22761EBD7CBE14DCC3B5D7 ] Beep            C:\Windows\system32\drivers\Beep.sys
10:27:44.0693 2736  Beep - ok
10:27:44.0780 2736  [ DA551697E34D2B9943C8B1C8EAFFE89A ] BITS            C:\Windows\System32\qmgr.dll
10:27:44.0814 2736  BITS - ok
10:27:44.0833 2736  blbdrive - ok
10:27:44.0924 2736  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:27:44.0933 2736  Bonjour Service - ok
10:27:44.0978 2736  [ 913CD06FBE9105CE6077E90FD4418561 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
10:27:44.0981 2736  bowser - ok
10:27:45.0022 2736  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
10:27:45.0023 2736  BrFiltLo - ok
10:27:45.0051 2736  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
10:27:45.0052 2736  BrFiltUp - ok
10:27:45.0107 2736  [ BEB6470532B7461D7BB426E3FACB424F ] Browser        C:\Windows\System32\browser.dll
10:27:45.0110 2736  Browser - ok
10:27:45.0200 2736  [ B304E75CFF293029EDDF094246747113 ] Brserid        C:\Windows\system32\drivers\brserid.sys
10:27:45.0202 2736  Brserid - ok
10:27:45.0241 2736  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
10:27:45.0243 2736  BrSerWdm - ok
10:27:45.0283 2736  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
10:27:45.0285 2736  BrUsbMdm - ok
10:27:45.0318 2736  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
10:27:45.0319 2736  BrUsbSer - ok
10:27:45.0383 2736  [ 064FBC56921051DE1075495D628B815F ] BthEnum        C:\Windows\system32\DRIVERS\BthEnum.sys
10:27:45.0385 2736  BthEnum - ok
10:27:45.0410 2736  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
10:27:45.0413 2736  BTHMODEM - ok
10:27:45.0482 2736  [ B8C3D9DDF85FD197C3E5F849FEF71144 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
10:27:45.0485 2736  BthPan - ok
10:27:45.0542 2736  [ B24757D9154CCA035E1BBD3DB92966D7 ] BTHPORT        C:\Windows\system32\Drivers\BTHport.sys
10:27:45.0547 2736  BTHPORT - ok
10:27:45.0615 2736  [ 58EE7F5E68310BC8D4E7CEBD8358C12E ] BthServ        C:\Windows\System32\bthserv.dll
10:27:45.0616 2736  BthServ - ok
10:27:45.0656 2736  [ D42CF5F0C7635B3F1578810FE34D9E41 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
10:27:45.0658 2736  BTHUSB - ok
10:27:45.0738 2736  [ 0CF62C498D60253A4FC3B2AFF0E6373E ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
10:27:45.0740 2736  btwaudio - ok
10:27:45.0788 2736  [ D094142ADE0DA18463609AE656B1F3ED ] btwavdt        C:\Windows\system32\drivers\btwavdt.sys
10:27:45.0793 2736  btwavdt - ok
10:27:45.0869 2736  [ 840439331FF1A72B3A18ED59D27676D8 ] btwdins        C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
10:27:45.0878 2736  btwdins - ok
10:27:45.0920 2736  [ 511159FCB07FD7442E7F399C94A3B408 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
10:27:45.0921 2736  btwrchid - ok
10:27:45.0972 2736  [ 6C3A437FC873C6F6A4FC620B6888CB86 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
10:27:45.0975 2736  cdfs - ok
10:27:46.0022 2736  [ 8D1866E61AF096AE8B582454F5E4D303 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
10:27:46.0025 2736  cdrom - ok
10:27:46.0095 2736  [ 0600E04315FE543802A379D5D23C8BE0 ] CertPropSvc    C:\Windows\System32\certprop.dll
10:27:46.0096 2736  CertPropSvc - ok
10:27:46.0146 2736  [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass        C:\Windows\system32\drivers\circlass.sys
10:27:46.0147 2736  circlass - ok
10:27:46.0220 2736  [ 1B84FD0937D3B99AF9BA38DDFF3DAF54 ] CLFS            C:\Windows\system32\CLFS.sys
10:27:46.0226 2736  CLFS - ok
10:27:46.0310 2736  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:27:46.0312 2736  clr_optimization_v2.0.50727_32 - ok
10:27:46.0391 2736  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:27:46.0394 2736  clr_optimization_v4.0.30319_32 - ok
10:27:46.0459 2736  [ ED97AD3DF1B9005989EAF149BF06C821 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
10:27:46.0461 2736  CmBatt - ok
10:27:46.0519 2736  [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
10:27:46.0520 2736  cmdide - ok
10:27:46.0551 2736  [ 722936AFB75A7F509662B69B5632F48A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
10:27:46.0553 2736  Compbatt - ok
10:27:46.0581 2736  COMSysApp - ok
10:27:46.0621 2736  [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk        C:\Windows\system32\drivers\crcdisk.sys
10:27:46.0622 2736  crcdisk - ok
10:27:46.0660 2736  [ 22A7F883508176489F559EE745B5BF5D ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
10:27:46.0662 2736  Crusoe - ok
10:27:46.0724 2736  [ 1C26FB097170A2A91066D1E3A24366E3 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
10:27:46.0728 2736  CryptSvc - ok
10:27:46.0752 2736  Suspicious service (NoAccess): d5ef27d2304ff7ae
10:27:46.0802 2736  [ DE72960AEFBA0C8ED5B55720F658FCD8 ] d5ef27d2304ff7ae C:\Windows\System32\Drivers\d5ef27d2304ff7ae.sys
10:27:46.0802 2736  Suspicious file (NoAccess): C:\Windows\System32\Drivers\d5ef27d2304ff7ae.sys. md5: DE72960AEFBA0C8ED5B55720F658FCD8
10:27:46.0943 2736  d5ef27d2304ff7ae ( Rootkit.Win32.Necurs.gen ) - infected
10:27:46.0943 2736  d5ef27d2304ff7ae - detected Rootkit.Win32.Necurs.gen (0)
10:27:47.0016 2736  [ 7B981222A257D076885BFFB66F19B7CE ] DcomLaunch      C:\Windows\system32\rpcss.dll
10:27:47.0039 2736  DcomLaunch - ok
10:27:47.0081 2736  [ A7179DE59AE269AB70345527894CCD7C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
10:27:47.0084 2736  DfsC - ok
10:27:47.0195 2736  [ E0D584AA76C7D845BA9F3A788260528F ] DFSR            C:\Windows\system32\DFSR.exe
10:27:47.0261 2736  DFSR - ok
10:27:47.0353 2736  [ DC45739BC22D528D2B3E50D3F6761750 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
10:27:47.0358 2736  Dhcp - ok
10:27:47.0406 2736  [ 841AF4C4D41D3E3B2F244E976B0F7963 ] disk            C:\Windows\system32\drivers\disk.sys
10:27:47.0408 2736  disk - ok
10:27:47.0468 2736  [ EECBA1DD142BF8693C476BE8F32FE253 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
10:27:47.0470 2736  Dnscache - ok
10:27:47.0508 2736  [ 1F795D214820E496BF1124434A6DB546 ] dot3svc        C:\Windows\System32\dot3svc.dll
10:27:47.0512 2736  dot3svc - ok
10:27:47.0561 2736  [ 032C90AD677BF7B7A8013D6087C7A921 ] DPS            C:\Windows\system32\dps.dll
10:27:47.0564 2736  DPS - ok
10:27:47.0595 2736  [ EE472CD2C01F6F8E8AA1FA06FFEF61B6 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
10:27:47.0597 2736  drmkaud - ok
10:27:47.0711 2736  [ 16C5891C6D1FA0B5D9014F85A482EB20 ] dtsoftbus01    C:\Windows\system32\DRIVERS\dtsoftbus01.sys
10:27:47.0716 2736  dtsoftbus01 - ok
10:27:47.0788 2736  [ 334988883DE69ADB27E2CF9F9715BBDB ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
10:27:47.0810 2736  DXGKrnl - ok
10:27:47.0878 2736  [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60          C:\Windows\system32\DRIVERS\E1G60I32.sys
10:27:47.0881 2736  E1G60 - ok
10:27:47.0945 2736  [ 90A0A875642E18618010645311B4E89E ] EapHost        C:\Windows\System32\eapsvc.dll
10:27:47.0947 2736  EapHost - ok
10:27:47.0992 2736  [ 0EFC7531B936EE57FDB4E837664C509F ] Ecache          C:\Windows\system32\drivers\ecache.sys
10:27:47.0996 2736  Ecache - ok
10:27:48.0055 2736  [ 792F72E8B63DF55CE98445D464874986 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
10:27:48.0062 2736  ehRecvr - ok
10:27:48.0133 2736  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched        C:\Windows\ehome\ehsched.exe
10:27:48.0136 2736  ehSched - ok
10:27:48.0170 2736  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart        C:\Windows\ehome\ehstart.dll
10:27:48.0172 2736  ehstart - ok
10:27:48.0249 2736  [ E8F3F21A71720C84BCF423B80028359F ] elxstor        C:\Windows\system32\drivers\elxstor.sys
10:27:48.0256 2736  elxstor - ok
10:27:48.0364 2736  [ 3226FDA08988526E819E364E8CCE4CEE ] EMDMgmt        C:\Windows\system32\emdmgmt.dll
10:27:48.0387 2736  EMDMgmt - ok
10:27:48.0517 2736  [ 7B4971C3D43525175A4EA0D143E0412E ] EventSystem    C:\Windows\system32\es.dll
10:27:48.0523 2736  EventSystem - ok
10:27:48.0583 2736  [ 84A317CB0B3954D3768CDCD018DBF670 ] fastfat        C:\Windows\system32\drivers\fastfat.sys
10:27:48.0587 2736  fastfat - ok
10:27:48.0646 2736  [ 63BDADA84951B9C03E641800E176898A ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
10:27:48.0648 2736  fdc - ok
10:27:48.0696 2736  [ E43BCE1A77D6FD4ED5F8E0482B9E7DF1 ] fdPHost        C:\Windows\system32\fdPHost.dll
10:27:48.0698 2736  fdPHost - ok
10:27:48.0728 2736  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
10:27:48.0730 2736  FDResPub - ok
10:27:48.0759 2736  [ 65773D6115C037FFD7EF8280AE85EB9D ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
10:27:48.0761 2736  FileInfo - ok
10:27:48.0811 2736  [ C226DD0DE060745F3E042F58DCF78402 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
10:27:48.0813 2736  Filetrace - ok
10:27:48.0844 2736  [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
10:27:48.0846 2736  flpydisk - ok
10:27:48.0901 2736  [ A6A8DA7AE4D53394AB22AC3AB6D3F5D3 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
10:27:48.0905 2736  FltMgr - ok
10:27:49.0012 2736  [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:27:49.0013 2736  FontCache3.0.0.0 - ok
10:27:49.0059 2736  [ 66A078591208BAA210C7634B11EB392C ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
10:27:49.0061 2736  Fs_Rec - ok
10:27:49.0112 2736  [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
10:27:49.0114 2736  gagp30kx - ok
10:27:49.0184 2736  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM    C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:27:49.0185 2736  GEARAspiWDM - ok
10:27:49.0281 2736  [ BCF6589C42D8F6A20F33EF133FFE0524 ] gpsvc          C:\Windows\System32\gpsvc.dll
10:27:49.0305 2736  gpsvc - ok
10:27:49.0405 2736  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate        C:\Program Files\Google\Update\GoogleUpdate.exe
10:27:49.0408 2736  gupdate - ok
10:27:49.0440 2736  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
10:27:49.0443 2736  gupdatem - ok
10:27:49.0511 2736  [ 408DDD80EEDE47175F6844817B90213E ] gusvc          C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
10:27:49.0515 2736  gusvc - ok
10:27:49.0593 2736  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:27:49.0598 2736  HdAudAddService - ok
10:27:49.0665 2736  [ 0DB613A7E427B5663563677796FD5258 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
10:27:49.0666 2736  HDAudBus - ok
10:27:49.0704 2736  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
10:27:49.0705 2736  HidBth - ok
10:27:49.0746 2736  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr          C:\Windows\system32\drivers\hidir.sys
10:27:49.0747 2736  HidIr - ok
10:27:49.0805 2736  [ 8FA640195279ACE21BEA91396A0054FC ] hidserv        C:\Windows\system32\hidserv.dll
10:27:49.0807 2736  hidserv - ok
10:27:49.0854 2736  [ 3C64042B95E583B366BA4E5D2450235E ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
10:27:49.0855 2736  HidUsb - ok
10:27:49.0913 2736  [ D40AA05E29BF6ED29B139F044B461E9B ] hkmsvc          C:\Windows\system32\kmsvc.dll
10:27:49.0916 2736  hkmsvc - ok
10:27:49.0964 2736  [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs        C:\Windows\system32\drivers\hpcisss.sys
10:27:49.0966 2736  HpCISSs - ok
10:27:50.0130 2736  [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
10:27:50.0136 2736  hpqcxs08 - ok
10:27:50.0175 2736  [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
10:27:50.0179 2736  hpqddsvc - ok
10:27:50.0252 2736  [ 9D23402D305869844BC6004A05CC74BA ] HPSLPSVC        C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
10:27:50.0275 2736  HPSLPSVC - ok
10:27:50.0356 2736  [ EA24FE637D974A8A31BC650F478E3533 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
10:27:50.0364 2736  HTTP - ok
10:27:50.0428 2736  [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp          C:\Windows\system32\drivers\i2omp.sys
10:27:50.0430 2736  i2omp - ok
10:27:50.0495 2736  [ 1C9EE072BAA3ABB460B91D7EE9152660 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
10:27:50.0497 2736  i8042prt - ok
10:27:50.0544 2736  [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV        C:\Windows\system32\drivers\iastorv.sys
10:27:50.0549 2736  iaStorV - ok
10:27:50.0648 2736  [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc          C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:27:50.0682 2736  idsvc - ok
10:27:50.0740 2736  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp          C:\Windows\system32\drivers\iirsp.sys
10:27:50.0742 2736  iirsp - ok
10:27:50.0836 2736  [ 35662FE4D8622F667AA5A5568F7F1B40 ] IKEEXT          C:\Windows\System32\ikeext.dll
10:27:50.0859 2736  IKEEXT - ok
10:27:50.0973 2736  [ A47B2875680AD67B35C6150BD0203056 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
10:27:51.0030 2736  IntcAzAudAddService - ok
10:27:51.0089 2736  [ 97469037714070E45194ED318D636401 ] intelide        C:\Windows\system32\drivers\intelide.sys
10:27:51.0090 2736  intelide - ok
10:27:51.0149 2736  [ CE44CC04262F28216DD4341E9E36A16F ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
10:27:51.0151 2736  intelppm - ok
10:27:51.0202 2736  [ 88CF5281ED9880D74DC9011CF8B5262D ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
10:27:51.0205 2736  IPBusEnum - ok
10:27:51.0230 2736  [ 880C6F86CC3F551B8FEA2C11141268C0 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:27:51.0232 2736  IpFilterDriver - ok
10:27:51.0251 2736  IpInIp - ok
10:27:51.0293 2736  [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV        C:\Windows\system32\drivers\ipmidrv.sys
10:27:51.0295 2736  IPMIDRV - ok
10:27:51.0352 2736  [ 10077C35845101548037DF04FD1A420B ] IPNAT          C:\Windows\system32\DRIVERS\ipnat.sys
10:27:51.0354 2736  IPNAT - ok
10:27:51.0455 2736  [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
10:27:51.0489 2736  iPod Service - ok
10:27:51.0530 2736  [ A82F328F4792304184642D6D397BB1E3 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
10:27:51.0532 2736  IRENUM - ok
10:27:51.0594 2736  [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
10:27:51.0596 2736  isapnp - ok
10:27:51.0641 2736  [ 4DCA456D4D5723F8FA9C6760D240B0DF ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
10:27:51.0644 2736  iScsiPrt - ok
10:27:51.0714 2736  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
10:27:51.0715 2736  iteatapi - ok
10:27:51.0756 2736  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid        C:\Windows\system32\drivers\iteraid.sys
10:27:51.0757 2736  iteraid - ok
10:27:51.0851 2736  [ B076B2AB806B3F696DAB21375389101C ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
10:27:51.0911 2736  kbdclass - ok
10:27:52.0113 2736  [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
10:27:52.0115 2736  kbdhid - ok
10:27:52.0173 2736  [ C731B1FE449D4E9CEA358C9D55B69BE9 ] KeyIso          C:\Windows\system32\lsass.exe
10:27:52.0176 2736  KeyIso - ok
10:27:52.0225 2736  [ EBC507F129DF8F0E0CA270DCFC0CF87F ] KMDFMEMIO      C:\Windows\system32\DRIVERS\kmdfmemio.sys
10:27:52.0227 2736  KMDFMEMIO - ok
10:27:52.0297 2736  [ 0A829977B078DEA11641FC2AF87CEADE ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
10:27:52.0305 2736  KSecDD - ok
10:27:52.0412 2736  [ 45C537FE5DDE9A0146AEFF76E615737D ] KtmRm          C:\Windows\system32\msdtckrm.dll
10:27:52.0419 2736  KtmRm - ok
10:27:52.0467 2736  [ 53D1482FC1AA36AC015A85E6CF2146BD ] LanmanServer    C:\Windows\system32\srvsvc.dll
10:27:52.0472 2736  LanmanServer - ok
10:27:52.0554 2736  [ 435F0F6DC87A4B5DA78F1FA309884189 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:27:52.0559 2736  LanmanWorkstation - ok
10:27:52.0610 2736  [ FD015B4F95DAA2B712F0E372A116FBAD ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
10:27:52.0611 2736  lltdio - ok
10:27:52.0667 2736  [ 7450DBCF754391DD6363FFFD5EF0E789 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
10:27:52.0673 2736  lltdsvc - ok
10:27:52.0718 2736  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts        C:\Windows\System32\lmhsvc.dll
10:27:52.0720 2736  lmhosts - ok
10:27:52.0786 2736  [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
10:27:52.0788 2736  LSI_FC - ok
10:27:52.0846 2736  [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS        C:\Windows\system32\drivers\lsi_sas.sys
10:27:52.0849 2736  LSI_SAS - ok
10:27:52.0902 2736  [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
10:27:52.0904 2736  LSI_SCSI - ok
10:27:52.0970 2736  [ 42885BB44B6E065B8575A8DD6C430C52 ] luafv          C:\Windows\system32\drivers\luafv.sys
10:27:52.0972 2736  luafv - ok
10:27:53.0042 2736  [ E93C1AD58E88A0846EAEE10671C2A8F3 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
10:27:53.0044 2736  Mcx2Svc - ok
10:27:53.0138 2736  [ 80E2AB1ED5880492C676C456E75D0CF4 ] MDM            C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
10:27:53.0144 2736  MDM - ok
10:27:53.0213 2736  [ D153B14FC6598EAE8422A2037553ADCE ] megasas        C:\Windows\system32\drivers\megasas.sys
10:27:53.0215 2736  megasas - ok
10:27:53.0255 2736  [ 9DFA3A459AF0954AA85B4F7622AD87BB ] MMCSS          C:\Windows\system32\mmcss.dll
10:27:53.0258 2736  MMCSS - ok
10:27:53.0290 2736  [ 21755967298A46FB6ADFEC9DB6012211 ] Modem          C:\Windows\system32\drivers\modem.sys
10:27:53.0294 2736  Modem - ok
10:27:53.0363 2736  [ 7446E104A5FE5987CA9E4983FBAC4F97 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
10:27:53.0364 2736  monitor - ok
10:27:53.0442 2736  [ FE80C18BA448DDD76B7BEAD9EB203D37 ] motmodem        C:\Windows\system32\DRIVERS\motmodem.sys
10:27:53.0444 2736  motmodem - ok
10:27:53.0493 2736  [ 5FBA13C1A1841B0885D316ED3589489D ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
10:27:53.0495 2736  mouclass - ok
10:27:53.0546 2736  [ B569B5C5D3BDE545DF3A6AF512CCCDBA ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
10:27:53.0547 2736  mouhid - ok
10:27:53.0595 2736  [ 01F1E5A3E4877C931CBB31613FEC16A6 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
10:27:53.0598 2736  MountMgr - ok
10:27:53.0660 2736  [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:27:53.0663 2736  MozillaMaintenance - ok
10:27:53.0733 2736  [ 583A41F26278D9E0EA548163D6139397 ] mpio            C:\Windows\system32\drivers\mpio.sys
10:27:53.0736 2736  mpio - ok
10:27:53.0792 2736  [ 6E7A7F0C1193EE5648443FE2D4B789EC ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
10:27:53.0794 2736  mpsdrv - ok
10:27:53.0856 2736  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
10:27:53.0857 2736  Mraid35x - ok
10:27:53.0916 2736  [ 1D8828B98EE309D65E006F0829E280E5 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
10:27:53.0919 2736  MRxDAV - ok
10:27:53.0974 2736  [ 8AF705CE1BB907932157FAB821170F27 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
10:27:53.0977 2736  mrxsmb - ok
10:27:54.0030 2736  [ 47E13AB23371BE3279EEF22BBFA2C1BE ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:27:54.0035 2736  mrxsmb10 - ok
10:27:54.0079 2736  [ 90B3FC7BD6B3D7EE7635DEBBA2187F66 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:27:54.0082 2736  mrxsmb20 - ok
10:27:54.0122 2736  [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci          C:\Windows\system32\drivers\msahci.sys
10:27:54.0124 2736  msahci - ok
10:27:54.0174 2736  [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
10:27:54.0177 2736  msdsm - ok
10:27:54.0222 2736  [ BC64A92D821EFEA8BAB8E8CAF1B668BC ] MSDTC          C:\Windows\System32\msdtc.exe
10:27:54.0226 2736  MSDTC - ok
10:27:54.0287 2736  [ 729EAFEFD4E7417165F353A18DBE947D ] Msfs            C:\Windows\system32\drivers\Msfs.sys
10:27:54.0288 2736  Msfs - ok
10:27:54.0321 2736  MSFWHLPR - ok
10:27:54.0374 2736  [ 207DF26DBB2537C20276DA0E15892274 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
10:27:54.0377 2736  msisadrv - ok
10:27:54.0485 2736  [ 8ACF956D9154E893E789881430C12632 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
10:27:54.0488 2736  MSiSCSI - ok
10:27:54.0512 2736  msiserver - ok
10:27:54.0555 2736  [ 892CEDEFA7E0FFE7BE8DA651B651D047 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
10:27:54.0556 2736  MSKSSRV - ok
10:27:54.0603 2736  [ AE2CB1DA69B2676B4CEE2A501AF5871C ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
10:27:54.0604 2736  MSPCLOCK - ok
10:27:54.0627 2736  [ F910DA84FA90C44A3ADDB7CD874463FD ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
10:27:54.0629 2736  MSPQM - ok
10:27:54.0665 2736  [ 84571C0AE07647BA38D493F5F0015DF7 ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
10:27:54.0669 2736  MsRPC - ok
10:27:54.0720 2736  [ 7DBAA028F625AA46B95DDA4FBE4B602B ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
10:27:54.0721 2736  mssmbios - ok
10:27:54.0786 2736  MSSQL$MSSMLBIZ - ok
10:27:54.0853 2736  [ C06EA83F6FC2959E897C117255B6B1D5 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
10:27:54.0854 2736  MSSQLServerADHelper - ok
10:27:54.0914 2736  [ C826DD1373F38AFD9CA46EC3C436A14E ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
10:27:54.0915 2736  MSTEE - ok
10:27:54.0963 2736  [ FA7AA70050CF5E2D15DE00941E5665E5 ] Mup            C:\Windows\system32\Drivers\mup.sys
10:27:54.0965 2736  Mup - ok
10:27:55.0035 2736  [ 1CDBB5D002FE2BC5300AA20550D8A52E ] napagent        C:\Windows\system32\qagentRT.dll
10:27:55.0042 2736  napagent - ok
10:27:55.0099 2736  [ 6DA4A0FC7C0E83DF0CB3CFD0A514C3BC ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
10:27:55.0103 2736  NativeWifiP - ok
10:27:55.0169 2736  [ 227C11E1E7CF6EF8AFB2A238D209760C ] NDIS            C:\Windows\system32\drivers\ndis.sys
10:27:55.0193 2736  NDIS - ok
10:27:55.0260 2736  [ 81659CDCBD0F9A9E07E6878AD8C78D3F ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
10:27:55.0261 2736  NdisTapi - ok
10:27:55.0306 2736  [ 5DE5EE546BF40838EBE0E01CB629DF64 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
10:27:55.0307 2736  Ndisuio - ok
10:27:55.0340 2736  [ 397402ADCBB8946223A1950101F6CD94 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
10:27:55.0344 2736  NdisWan - ok
10:27:55.0404 2736  [ 8F619CC242442DFA6D42A8227866FD57 ] NDNdisprot      C:\Windows\system32\DRIVERS\ndndisprot.sys
10:27:55.0405 2736  NDNdisprot - ok
10:27:55.0462 2736  [ 1B24FA907AF283199A81B3BB37E5E526 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
10:27:55.0463 2736  NDProxy - ok
10:27:55.0537 2736  [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
10:27:55.0540 2736  Net Driver HPZ12 - ok
10:27:55.0612 2736  [ 356DBB9F98E8DC1028DD3092FCEEB877 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
10:27:55.0614 2736  NetBIOS - ok
10:27:55.0656 2736  [ E3A168912E7EEFC3BD3B814720D68B41 ] netbt          C:\Windows\system32\DRIVERS\netbt.sys
10:27:55.0660 2736  netbt - ok
10:27:55.0696 2736  [ C731B1FE449D4E9CEA358C9D55B69BE9 ] Netlogon        C:\Windows\system32\lsass.exe
10:27:55.0698 2736  Netlogon - ok
10:27:55.0762 2736  [ 90A4DAE28B94497F83BEA0F2A3B77092 ] Netman          C:\Windows\System32\netman.dll
10:27:55.0769 2736  Netman - ok
10:27:55.0832 2736  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:27:55.0835 2736  NetMsmqActivator - ok
10:27:55.0876 2736  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:27:55.0879 2736  NetPipeActivator - ok
10:27:55.0923 2736  [ 7C5C3D9CEEE838856B828AB6F98A2857 ] netprofm        C:\Windows\System32\netprofm.dll
10:27:55.0930 2736  netprofm - ok
10:27:55.0956 2736  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:27:55.0958 2736  NetTcpActivator - ok
10:27:55.0982 2736  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:27:55.0985 2736  NetTcpPortSharing - ok
10:27:56.0116 2736  [ 6E9EDC1020B319E7676387B8CDF2398C ] NETw2v32        C:\Windows\system32\DRIVERS\NETw2v32.sys
10:27:56.0194 2736  NETw2v32 - ok
10:27:56.0259 2736  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960        C:\Windows\system32\drivers\nfrd960.sys
10:27:56.0261 2736  nfrd960 - ok
10:27:56.0327 2736  [ C424117A562F2DE37A42266894C79AEB ] NlaSvc          C:\Windows\System32\nlasvc.dll
10:27:56.0332 2736  NlaSvc - ok
10:27:56.0371 2736  [ 4F9832BEB9FAFD8CEB0E541F1323B26E ] Npfs            C:\Windows\system32\drivers\Npfs.sys
10:27:56.0373 2736  Npfs - ok
10:27:56.0443 2736  [ 23B8201A363DE0E649FC75EE9874DEE2 ] nsi            C:\Windows\system32\nsisvc.dll
10:27:56.0446 2736  nsi - ok
10:27:56.0471 2736  [ B488DFEC274DE1FC9D653870EF2587BE ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
10:27:56.0473 2736  nsiproxy - ok
10:27:56.0571 2736  [ 37430AA7A66D7A63407ADC2C0D05E9F6 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
10:27:56.0605 2736  Ntfs - ok
10:27:56.0659 2736  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi      C:\Windows\system32\drivers\ntrigdigi.sys
10:27:56.0661 2736  ntrigdigi - ok
10:27:56.0713 2736  [ EC5EFB3C60F1B624648344A328BCE596 ] Null            C:\Windows\system32\drivers\Null.sys
10:27:56.0714 2736  Null - ok
10:27:56.0775 2736  [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
10:27:56.0778 2736  nvraid - ok
10:27:56.0815 2736  [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
10:27:56.0817 2736  nvstor - ok
10:27:56.0900 2736  [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
10:27:56.0903 2736  nv_agp - ok
10:27:56.0922 2736  NwlnkFlt - ok
10:27:56.0943 2736  NwlnkFwd - ok
10:27:57.0045 2736  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:27:57.0054 2736  odserv - ok
10:27:57.0328 2736  [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
10:27:57.0330 2736  ohci1394 - ok
10:27:57.0380 2736  [ 5A432A042DAE460ABE7199B758E8606C ] ose            C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:27:57.0383 2736  ose - ok
10:27:57.0457 2736  [ 016D01D3B8FB976A193C7434BED8DCCF ] p2pimsvc        C:\Windows\system32\p2psvc.dll
10:27:57.0491 2736  p2pimsvc - ok
10:27:57.0567 2736  [ 016D01D3B8FB976A193C7434BED8DCCF ] p2psvc          C:\Windows\system32\p2psvc.dll
10:27:57.0575 2736  p2psvc - ok
10:27:57.0636 2736  [ DCA942C0A19A0AD2ABCD9ACF94EB4B10 ] PAC207          C:\Windows\system32\DRIVERS\PFC027.SYS
10:27:57.0659 2736  PAC207 - ok
10:27:57.0718 2736  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport        C:\Windows\system32\drivers\parport.sys
10:27:57.0721 2736  Parport - ok
10:27:57.0770 2736  [ 555A5B2C8022983BC7467BC925B222EE ] partmgr        C:\Windows\system32\drivers\partmgr.sys
10:27:57.0772 2736  partmgr - ok
10:27:57.0807 2736  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
10:27:57.0809 2736  Parvdm - ok
10:27:57.0857 2736  [ D8C5C215C932233A4F1D7F368F4E4E65 ] PcaSvc          C:\Windows\System32\pcasvc.dll
10:27:57.0860 2736  PcaSvc - ok
10:27:57.0914 2736  [ BDD96F9CF34D58958AFF1BE6EF4C8020 ] pci            C:\Windows\system32\drivers\pci.sys
10:27:57.0917 2736  pci - ok
10:27:57.0975 2736  [ CABA65E9C41CD2900D4C92D4F825C5F8 ] pciide          C:\Windows\system32\drivers\pciide.sys
10:27:57.0977 2736  pciide - ok
10:27:58.0038 2736  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
10:27:58.0043 2736  pcmcia - ok
10:27:58.0099 2736  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
10:27:58.0133 2736  PEAUTH - ok
10:27:58.0263 2736  [ 514FADD940A5EE06D6CAA5CD0F6725D6 ] Ph3xIB32        C:\Windows\system32\DRIVERS\Ph3xIB32.sys
10:27:58.0297 2736  Ph3xIB32 - ok
10:27:58.0398 2736  [ CD05A38D166BEADE18030BAFC0C0A939 ] pla            C:\Windows\system32\pla.dll
10:27:58.0490 2736  pla - ok
10:27:58.0554 2736  [ 747BB4C31F3B6E8D1B5ED0AD61518CB5 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
10:27:58.0561 2736  PlugPlay - ok
10:27:58.0633 2736  [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
10:27:58.0635 2736  Pml Driver HPZ12 - ok
10:27:58.0701 2736  [ 016D01D3B8FB976A193C7434BED8DCCF ] PNRPAutoReg    C:\Windows\system32\p2psvc.dll
10:27:58.0708 2736  PNRPAutoReg - ok
10:27:58.0756 2736  [ 016D01D3B8FB976A193C7434BED8DCCF ] PNRPsvc        C:\Windows\system32\p2psvc.dll
10:27:58.0764 2736  PNRPsvc - ok
10:27:58.0830 2736  [ 5EBDEC613BD377CE9A85382BE5C6B83B ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
10:27:58.0838 2736  PolicyAgent - ok
10:27:58.0908 2736  [ 6C359AC71D7B550A0D41F9DB4563CE05 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
10:27:58.0910 2736  PptpMiniport - ok
10:27:58.0954 2736  [ 0E3CEF5D28B40CF273281D620C50700A ] Processor      C:\Windows\system32\drivers\processr.sys
10:27:58.0956 2736  Processor - ok
10:27:59.0025 2736  [ 213112E152E68F0E4705E36F052A2880 ] ProfSvc        C:\Windows\system32\profsvc.dll
10:27:59.0030 2736  ProfSvc - ok
10:27:59.0074 2736  [ C731B1FE449D4E9CEA358C9D55B69BE9 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:27:59.0075 2736  ProtectedStorage - ok
10:27:59.0150 2736  [ 2C8BAE55247C4E09352E870292E4D1AB ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
10:27:59.0152 2736  PSched - ok
10:27:59.0227 2736  [ CCDAC889326317792480C0A67156A1EC ] ql2300          C:\Windows\system32\drivers\ql2300.sys
10:27:59.0261 2736  ql2300 - ok
10:27:59.0363 2736  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
10:27:59.0366 2736  ql40xx - ok
10:27:59.0441 2736  [ CA61BDFD3713A7CE75F2812AFC431594 ] QWAVE          C:\Windows\system32\qwave.dll
10:27:59.0448 2736  QWAVE - ok
10:27:59.0495 2736  [ D2B3E2B7426DC23E185FBC73C8936C12 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
10:27:59.0496 2736  QWAVEdrv - ok
10:27:59.0613 2736  [ 1FD94B167A03C4E9909F6E28A6320019 ] R300            C:\Windows\system32\DRIVERS\atikmdag.sys
10:27:59.0728 2736  R300 - ok
10:27:59.0840 2736  [ FBE824717B9537383730C634D06CCFB0 ] RapiMgr        C:\Windows\WindowsMobile\rapimgr.dll
10:27:59.0844 2736  RapiMgr - ok
10:27:59.0878 2736  [ BD7B30F55B3649506DD8B3D38F571D2A ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
10:27:59.0879 2736  RasAcd - ok
10:27:59.0934 2736  [ F14F4AAB9F54D099FE99192BDB100AC9 ] RasAuto        C:\Windows\System32\rasauto.dll
10:27:59.0938 2736  RasAuto - ok
10:27:59.0965 2736  [ 88587DD843E2059848995B407B67F6CF ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
10:27:59.0968 2736  Rasl2tp - ok
10:28:00.0023 2736  [ 11D65E29BC9D1E4114D18FE68194394C ] RasMan          C:\Windows\System32\rasmans.dll
10:28:00.0030 2736  RasMan - ok
10:28:00.0061 2736  [ CCF4E9C6CBBAC81437F88CB2AE0B6C96 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
10:28:00.0062 2736  RasPppoe - ok
10:28:00.0112 2736  [ 54129C5D9581BBEC8BD1EBD3BA813F47 ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
10:28:00.0117 2736  rdbss - ok
10:28:00.0227 2736  [ 794585276B5D7FCA9F3FC15543F9F0B9 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
10:28:00.0229 2736  RDPCDD - ok
10:28:00.0282 2736  [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr          C:\Windows\system32\drivers\rdpdr.sys
10:28:00.0288 2736  rdpdr - ok
10:28:00.0323 2736  [ 980B56E2E273E19D3A9D72D5C420F008 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
10:28:00.0324 2736  RDPENCDD - ok
10:28:00.0384 2736  [ 8830E790A74A96605FABA74F9665BB3C ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
10:28:00.0388 2736  RDPWD - ok
10:28:00.0464 2736  [ 6C1A43C589EE8011A1EBFD51C01B77CE ] RemoteAccess    C:\Windows\System32\mprdim.dll
10:28:00.0467 2736  RemoteAccess - ok
10:28:00.0526 2736  [ 9A043808667C8C1893DA7275AF373F0E ] RemoteRegistry  C:\Windows\system32\regsvc.dll
10:28:00.0531 2736  RemoteRegistry - ok
10:28:00.0599 2736  [ 7EC90C316177BA3F1BCE92005264B447 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
10:28:00.0601 2736  RFCOMM - ok
10:28:00.0676 2736  [ BD517C7FB119997EFFBE39D5E4B37B05 ] RichVideo      C:\Program Files\CyberLink\Shared Files\RichVideo.exe
10:28:00.0680 2736  RichVideo - ok
10:28:00.0738 2736  [ B39F1BD472E4992382875BAF0B645C6D ] rimmptsk        C:\Windows\system32\DRIVERS\rimmptsk.sys
10:28:00.0740 2736  rimmptsk - ok
10:28:00.0775 2736  [ A4216C71DD4F60B26418CCFD99CD0815 ] rimsptsk        C:\Windows\system32\DRIVERS\rimsptsk.sys
10:28:00.0778 2736  rimsptsk - ok
10:28:00.0801 2736  [ C663AF77E2F4EABF8EB08B388D2F1F36 ] rismxdp        C:\Windows\system32\DRIVERS\rixdptsk.sys
10:28:00.0803 2736  rismxdp - ok
10:28:00.0844 2736  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
10:28:00.0846 2736  RpcLocator - ok
10:28:00.0917 2736  [ 7B981222A257D076885BFFB66F19B7CE ] RpcSs          C:\Windows\system32\rpcss.dll
10:28:00.0924 2736  RpcSs - ok
10:28:00.0997 2736  [ 97E939D2128FEC5D5A3E6E79B290A2F4 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
10:28:00.0999 2736  rspndr - ok
10:28:01.0035 2736  [ F7A8C9024E82534CEC50613D87E88645 ] RTL8023xp      C:\Windows\system32\DRIVERS\Rtnicxp.sys
10:28:01.0037 2736  RTL8023xp - ok
10:28:01.0085 2736  [ C731B1FE449D4E9CEA358C9D55B69BE9 ] SamSs          C:\Windows\system32\lsass.exe
10:28:01.0087 2736  SamSs - ok
10:28:01.0155 2736  [ 4BFB51CDB25D4D4B9E8FCCAB635F262E ] Samsung Update Plus C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
10:28:01.0157 2736  Samsung Update Plus - ok
10:28:01.0224 2736  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
10:28:01.0227 2736  sbp2port - ok
10:28:01.0292 2736  [ 565B4B9E5AD2F2F18A4F8AAFA6C06BBB ] SCardSvr        C:\Windows\System32\SCardSvr.dll
10:28:01.0296 2736  SCardSvr - ok
10:28:01.0381 2736  [ 886CEC884B5BE29AB9828B8AB46B11F7 ] Schedule        C:\Windows\system32\schedsvc.dll
10:28:01.0404 2736  Schedule - ok
10:28:01.0451 2736  [ 0600E04315FE543802A379D5D23C8BE0 ] SCPolicySvc    C:\Windows\System32\certprop.dll
10:28:01.0453 2736  SCPolicySvc - ok
10:28:01.0507 2736  [ 7B3973CC28B8AA3E9E2E5D53E720E2C9 ] sdbus          C:\Windows\system32\DRIVERS\sdbus.sys
10:28:01.0510 2736  sdbus - ok
10:28:01.0551 2736  [ F7B6BF02240D0A764ADF8C8966735552 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
10:28:01.0556 2736  SDRSVC - ok
10:28:01.0613 2736  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
10:28:01.0615 2736  secdrv - ok
10:28:01.0645 2736  [ 8388C4133DDBE62AD7BC3EC9F14271ED ] seclogon        C:\Windows\system32\seclogon.dll
10:28:01.0648 2736  seclogon - ok
10:28:01.0700 2736  [ 34350AE2C1D33D21C7305F861BD8DAD8 ] SENS            C:\Windows\System32\sens.dll
10:28:01.0703 2736  SENS - ok
10:28:01.0765 2736  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
10:28:01.0767 2736  Serenum - ok
10:28:01.0799 2736  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
10:28:01.0802 2736  Serial - ok
10:28:01.0862 2736  [ 450ACCD77EC5CEA720C1CDB9E26B953B ] sermouse        C:\Windows\system32\drivers\sermouse.sys
10:28:01.0863 2736  sermouse - ok
10:28:01.0947 2736  [ 78878235DA4DF0D116E86837A0A21DF8 ] SessionEnv      C:\Windows\system32\sessenv.dll
10:28:01.0952 2736  SessionEnv - ok
10:28:01.0995 2736  [ 51CF56AA8BCC241F134B420B8F850406 ] sffdisk        C:\Windows\system32\DRIVERS\sffdisk.sys
10:28:01.0996 2736  sffdisk - ok
10:28:02.0028 2736  [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
10:28:02.0030 2736  sffp_mmc - ok
10:28:02.0064 2736  [ 8B08CAB1267B2C377883FC9E56981F90 ] sffp_sd        C:\Windows\system32\DRIVERS\sffp_sd.sys
10:28:02.0065 2736  sffp_sd - ok
10:28:02.0122 2736  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy        C:\Windows\system32\drivers\sfloppy.sys
10:28:02.0124 2736  sfloppy - ok
10:28:02.0198 2736  [ B264DFA21677728613267FE63802B332 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:28:02.0206 2736  ShellHWDetection - ok
10:28:02.0258 2736  [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
10:28:02.0260 2736  sisagp - ok
10:28:02.0354 2736  [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
10:28:02.0356 2736  SiSRaid2 - ok
10:28:02.0415 2736  [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
10:28:02.0417 2736  SiSRaid4 - ok
10:28:02.0623 2736  [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
10:28:02.0713 2736  Skype C2C Service - ok
10:28:02.0786 2736  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate    C:\Program Files\Skype\Updater\Updater.exe
10:28:02.0790 2736  SkypeUpdate - ok
10:28:02.0932 2736  [ A1DCD30534835CB67733AD00175125A6 ] slsvc          C:\Windows\system32\SLsvc.exe
10:28:03.0011 2736  slsvc - ok
10:28:03.0060 2736  [ 56DA296E7B376A727E7BDC5AC7FBEE02 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
10:28:03.0064 2736  SLUINotify - ok
10:28:03.0095 2736  [ AC0D90738ADB51A6FD12FF00874A2162 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
10:28:03.0098 2736  Smb - ok
10:28:03.0193 2736  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
10:28:03.0196 2736  SNMPTRAP - ok
10:28:03.0244 2736  [ 426F9B029AA9162CECCF65369457D046 ] spldr          C:\Windows\system32\drivers\spldr.sys
10:28:03.0245 2736  spldr - ok
10:28:03.0276 2736  [ DA612EF2556776DF2630B68BF2D48935 ] Spooler        C:\Windows\System32\spoolsv.exe
10:28:03.0282 2736  Spooler - ok
10:28:03.0332 2736  sptd - ok
10:28:03.0397 2736  [ B2EC3E1DEAC5F0A764BD3486D213A0AF ] SQLBrowser      C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
10:28:03.0403 2736  SQLBrowser - ok
10:28:03.0445 2736  [ D2F4F32B59440011174B4F8137AF4E0C ] SQLWriter      C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
10:28:03.0447 2736  SQLWriter - ok
10:28:03.0503 2736  [ 038579C35F7CAD4A4BBF735DBF83277D ] srv            C:\Windows\system32\DRIVERS\srv.sys
10:28:03.0509 2736  srv - ok
10:28:03.0583 2736  [ 6971A757AF8CB5E2CBCBB76CC530DB6C ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
10:28:03.0586 2736  srv2 - ok
10:28:03.0623 2736  [ 9E1A4603B874EEBCE0298113951ABEFB ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
10:28:03.0626 2736  srvnet - ok
10:28:03.0694 2736  [ 8D3E4BAFF8B3997138C38EB1B600519A ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
10:28:03.0699 2736  SSDPSRV - ok
10:28:03.0768 2736  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
10:28:03.0770 2736  ssmdrv - ok
10:28:03.0823 2736  [ 7A95B5DEB594616F1693486B8161411E ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
10:28:03.0824 2736  StillCam - ok
10:28:03.0883 2736  [ A941E099EF46E3CC12F898CBE1C39910 ] stisvc          C:\Windows\System32\wiaservc.dll
10:28:03.0906 2736  stisvc - ok
10:28:03.0964 2736  [ 3B80B4383C9BCE13279C8482734B32B2 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
10:28:03.0966 2736  swenum - ok
10:28:04.0023 2736  [ 749ADA8D6C18A08ADFEDE69CBF5DB2E0 ] swprv          C:\Windows\System32\swprv.dll
10:28:04.0031 2736  swprv - ok
10:28:04.0100 2736  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx        C:\Windows\system32\drivers\symc8xx.sys
10:28:04.0102 2736  Symc8xx - ok
10:28:04.0131 2736  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
10:28:04.0133 2736  Sym_hi - ok
10:28:04.0171 2736  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
10:28:04.0173 2736  Sym_u3 - ok
10:28:04.0236 2736  [ C7DD991423D364D06FC2DD1B00B53DCE ] SynTP          C:\Windows\system32\DRIVERS\SynTP.sys
10:28:04.0242 2736  SynTP - ok
10:28:04.0334 2736  [ 8F2B5FEDE18BD3C4C926CBF88E6F1264 ] SysMain        C:\Windows\system32\sysmain.dll
10:28:04.0358 2736  SysMain - ok
10:28:04.0422 2736  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:28:04.0426 2736  TabletInputService - ok
10:28:04.0467 2736  [ EF3DD33C740FC2F82E7E4622F1C49289 ] TapiSrv        C:\Windows\System32\tapisrv.dll
10:28:04.0475 2736  TapiSrv - ok
10:28:04.0527 2736  [ 68FA52794AE9ACC61BDE16FE0956B414 ] TBS            C:\Windows\System32\tbssvc.dll
10:28:04.0530 2736  TBS - ok
10:28:04.0617 2736  [ 4A82FA8F0DF67AA354580C3FAAF8BDE3 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
10:28:04.0652 2736  Tcpip - ok
10:28:04.0717 2736  [ 4A82FA8F0DF67AA354580C3FAAF8BDE3 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
10:28:04.0724 2736  Tcpip6 - ok
10:28:04.0764 2736  [ 5CE0C4A7B12D0067DAD527D72B68C726 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
10:28:04.0766 2736  tcpipreg - ok
10:28:04.0817 2736  [ 964248AEF49C31FA6A93201A73FFAF50 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
10:28:04.0819 2736  TDPIPE - ok
10:28:04.0854 2736  [ 7D2C1AE1648A60FCE4AA0F7982E419D3 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
10:28:04.0856 2736  TDTCP - ok
10:28:04.0892 2736  [ AB4FDE8AF4A0270A46A001C08CBCE1C2 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
10:28:04.0895 2736  tdx - ok
10:28:04.0940 2736  [ 849ED71967D45F15C3E0ABFC633FDF2A ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
10:28:04.0942 2736  TermDD - ok
10:28:05.0020 2736  [ FAD71C1E8E4047B154E899AE31EB8CAA ] TermService    C:\Windows\System32\termsrv.dll
10:28:05.0043 2736  TermService - ok
10:28:05.0099 2736  [ B264DFA21677728613267FE63802B332 ] Themes          C:\Windows\system32\shsvcs.dll
10:28:05.0103 2736  Themes - ok
10:28:05.0200 2736  [ 9DFA3A459AF0954AA85B4F7622AD87BB ] THREADORDER    C:\Windows\system32\mmcss.dll
10:28:05.0203 2736  THREADORDER - ok
10:28:05.0258 2736  [ 6BBA0582C0025D43729A1112D3B57897 ] TrkWks          C:\Windows\System32\trkwks.dll
10:28:05.0262 2736  TrkWks - ok
10:28:05.0339 2736  [ 34E388A395FEDBA1D0511ED39BBF4074 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:28:05.0340 2736  TrustedInstaller - ok
10:28:05.0408 2736  [ 29F0ECA726F0D51F7E048BDB0B372F29 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
10:28:05.0410 2736  tssecsrv - ok
10:28:05.0469 2736  [ 65E953BC0084D44498B51F59784D2A82 ] tunmp          C:\Windows\system32\DRIVERS\tunmp.sys
10:28:05.0470 2736  tunmp - ok
10:28:05.0549 2736  [ 4A39BDA5E0FD30BDF4884F9D33AE6105 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
10:28:05.0551 2736  tunnel - ok
10:28:05.0596 2736  [ C3ADE15414120033A36C0F293D4A4121 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
10:28:05.0598 2736  uagp35 - ok
10:28:05.0661 2736  [ 6348DA98707CEDA8A0DFB05820E17732 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
10:28:05.0666 2736  udfs - ok
10:28:05.0765 2736  [ 24A333F4F14DCFB6FF6D5A1B9E5D79DD ] UI0Detect      C:\Windows\system32\UI0Detect.exe
10:28:05.0768 2736  UI0Detect - ok
10:28:05.0802 2736  [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
10:28:05.0804 2736  uliagpkx - ok
10:28:05.0879 2736  [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci        C:\Windows\system32\drivers\uliahci.sys
10:28:05.0884 2736  uliahci - ok
10:28:05.0923 2736  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
10:28:05.0926 2736  UlSata - ok
10:28:05.0985 2736  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2        C:\Windows\system32\drivers\ulsata2.sys
10:28:05.0988 2736  ulsata2 - ok
10:28:06.0035 2736  [ 3FB78F1D1DD86D87BECECD9DFFA24DD9 ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
10:28:06.0036 2736  umbus - ok
10:28:06.0089 2736  [ 8EB871A3DEB6B3D5A85EB6DDFC390B59 ] upnphost        C:\Windows\System32\upnphost.dll
10:28:06.0096 2736  upnphost - ok
10:28:06.0184 2736  [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL        C:\Windows\system32\Drivers\usbaapl.sys
10:28:06.0186 2736  USBAAPL - ok
10:28:06.0242 2736  [ B0BA9CAFFE9B0555EC0317F30CB79CD2 ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
10:28:06.0244 2736  usbccgp - ok
10:28:06.0301 2736  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
10:28:06.0304 2736  usbcir - ok
10:28:06.0353 2736  [ C9FCD05B0A80EA08C2768E5A279B14DE ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
10:28:06.0355 2736  usbehci - ok
10:28:06.0410 2736  [ 5E44F7D957F7560DA06BFE6B84B58A35 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
10:28:06.0415 2736  usbhub - ok
10:28:06.0449 2736  [ 9333E482A173938788CBDE8F81EC52FB ] usbohci        C:\Windows\system32\DRIVERS\usbohci.sys
10:28:06.0451 2736  usbohci - ok
10:28:06.0483 2736  [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
10:28:06.0485 2736  usbprint - ok
10:28:06.0538 2736  [ 7887CE56934E7F104E98C975F47353C5 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:28:06.0540 2736  USBSTOR - ok
10:28:06.0600 2736  [ 325DBBACB8A36AF9988CCF40EAC228CC ] usbuhci        C:\Windows\system32\DRIVERS\usbuhci.sys
10:28:06.0601 2736  usbuhci - ok
10:28:06.0648 2736  [ F79D0D7C9004474CB42746D9B2C30A2B ] UxSms          C:\Windows\System32\uxsms.dll
10:28:06.0652 2736  UxSms - ok
10:28:06.0693 2736  [ C9D0BAFEE0D0A2681F048CA61BC0DA96 ] vds            C:\Windows\System32\vds.exe
10:28:06.0716 2736  vds - ok
10:28:06.0775 2736  [ 7D92BE0028ECDEDEC74617009084B5EF ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
10:28:06.0777 2736  vga - ok
10:28:06.0828 2736  [ 17A8F877314E4067F8C8172CC6D9101C ] VgaSave        C:\Windows\System32\drivers\vga.sys
10:28:06.0829 2736  VgaSave - ok
10:28:06.0874 2736  [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp          C:\Windows\system32\drivers\viaagp.sys
10:28:06.0876 2736  viaagp - ok
10:28:06.0910 2736  [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7          C:\Windows\system32\drivers\viac7.sys
10:28:06.0912 2736  ViaC7 - ok
10:28:06.0963 2736  [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide          C:\Windows\system32\drivers\viaide.sys
10:28:06.0964 2736  viaide - ok
10:28:07.0029 2736  [ FD16FAC15F9F165AC19A618E7B391F5C ] volmgr          C:\Windows\system32\drivers\volmgr.sys
10:28:07.0031 2736  volmgr - ok
10:28:07.0072 2736  [ 294DA8D3F965F6A8DB934A83C7B461FF ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
10:28:07.0078 2736  volmgrx - ok
10:28:07.0122 2736  [ 80DC0C9BCB579ED9815001A4D37CBFD5 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
10:28:07.0127 2736  volsnap - ok
10:28:07.0190 2736  [ D984439746D42B30FC65A4C3546C6829 ] vsmraid        C:\Windows\system32\drivers\vsmraid.sys
10:28:07.0193 2736  vsmraid - ok
10:28:07.0288 2736  [ E0E29D9EF2524ABD11749C7C2FD7F607 ] VSS            C:\Windows\system32\vssvc.exe
10:28:07.0322 2736  VSS - ok
10:28:07.0377 2736  [ 62B0D0F6F5580D9D0DFA5E0B466FF2ED ] W32Time        C:\Windows\system32\w32time.dll
10:28:07.0386 2736  W32Time - ok
10:28:07.0445 2736  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
10:28:07.0446 2736  WacomPen - ok
10:28:07.0501 2736  [ 6798C1209A53B5A0DED8D437C45145FF ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
10:28:07.0504 2736  Wanarp - ok
10:28:07.0531 2736  [ 6798C1209A53B5A0DED8D437C45145FF ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
10:28:07.0532 2736  Wanarpv6 - ok
10:28:07.0598 2736  [ 3350874E51132EA86D153C1B566E261D ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
10:28:07.0606 2736  WcesComm - ok
10:28:07.0672 2736  [ C1B19162E0509CEAB4CDF664E139D956 ] wcncsvc        C:\Windows\System32\wcncsvc.dll
10:28:07.0680 2736  wcncsvc - ok
10:28:07.0736 2736  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:28:07.0741 2736  WcsPlugInService - ok
10:28:07.0796 2736  [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd              C:\Windows\system32\drivers\wd.sys
10:28:07.0798 2736  Wd - ok
10:28:07.0861 2736  [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM        C:\Windows\system32\DRIVERS\wdcsam.sys
10:28:07.0862 2736  WDC_SAM - ok
10:28:07.0958 2736  [ C1768DAF1C32E91C7F0D87AB06310334 ] WDDMService    C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
10:28:07.0964 2736  WDDMService - ok
10:28:08.0040 2736  [ 7B5F66E4A2219C7D9DAF9E738480E534 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
10:28:08.0064 2736  Wdf01000 - ok
10:28:08.0147 2736  [ ABD9E20F561AAB189FD2D766B1774BEB ] WDFMEService    C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
10:28:08.0192 2736  WDFMEService - ok
10:28:08.0241 2736  [ 2A424B89B14EF17A3D06BCB5A8F79601 ] WdiServiceHost  C:\Windows\system32\wdi.dll
10:28:08.0246 2736  WdiServiceHost - ok
10:28:08.0275 2736  [ 2A424B89B14EF17A3D06BCB5A8F79601 ] WdiSystemHost  C:\Windows\system32\wdi.dll
10:28:08.0279 2736  WdiSystemHost - ok
10:28:08.0349 2736  [ FF7808BD8B3C56CCC5E9369001E294DB ] WDRulesService  C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
10:28:08.0383 2736  WDRulesService - ok
10:28:08.0447 2736  [ 01E41C264EEDCB827820A1909162579F ] WebClient      C:\Windows\System32\webclnt.dll
10:28:08.0454 2736  WebClient - ok
10:28:08.0508 2736  [ 9CF67FF7F8D34CBF115D0C278B9F74AA ] Wecsvc          C:\Windows\system32\wecsvc.dll
10:28:08.0517 2736  Wecsvc - ok
10:28:08.0577 2736  [ B68CAB45DB1DAB59D92ACADFAD6364A8 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
10:28:08.0582 2736  wercplsupport - ok
10:28:08.0618 2736  [ 36BA0707680EF4236FD752BEE982CC25 ] WerSvc          C:\Windows\System32\WerSvc.dll
10:28:08.0623 2736  WerSvc - ok
10:28:08.0702 2736  WinHttpAutoProxySvc - ok
10:28:08.0783 2736  [ 38A7B89DE4E3417C122317949667FDD8 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
10:28:08.0788 2736  Winmgmt - ok
10:28:08.0853 2736  [ 3F6823040030C3E4DA1CF11CD40B7534 ] WinRM          C:\Windows\system32\WsmSvc.dll
10:28:08.0876 2736  WinRM - ok
10:28:08.0981 2736  [ 086D2E78EECD6195667282ADC6CA109F ] winusb          C:\Windows\system32\DRIVERS\winusb.sys
10:28:08.0983 2736  winusb - ok
10:28:09.0057 2736  [ 7640ACEA41348BFEF34B76E245501261 ] Wlansvc        C:\Windows\System32\wlansvc.dll
10:28:09.0079 2736  Wlansvc - ok
10:28:09.0140 2736  [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi        C:\Windows\system32\drivers\wmiacpi.sys
10:28:09.0140 2736  Suspicious file (NoAccess): C:\Windows\system32\drivers\wmiacpi.sys. md5: 701A9F884A294327E9141D73746EE279
10:28:09.0145 2736  WmiAcpi ( LockedFile.Multi.Generic ) - warning
10:28:09.0146 2736  WmiAcpi - detected LockedFile.Multi.Generic (1)
10:28:09.0217 2736  [ A279323BEE5FFFAFDA222910BCE92132 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
10:28:09.0222 2736  wmiApSrv - ok
10:28:09.0320 2736  [ ACB2E63D50157E3EA7140F29D9E76A48 ] WMPNetworkSvc  C:\Program Files\Windows Media Player\wmpnetwk.exe
10:28:09.0354 2736  WMPNetworkSvc - ok
10:28:09.0432 2736  [ 3D3B3B80C12ABE506F56930C46422C28 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
10:28:09.0438 2736  WPCSvc - ok
10:28:09.0475 2736  [ C24844A1D0D9528B19D5BC266B8CD572 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
10:28:09.0480 2736  WPDBusEnum - ok
10:28:09.0526 2736  [ 2D27171B16A577EF14C1273668753485 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
10:28:09.0527 2736  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wpdusb.sys. md5: 2D27171B16A577EF14C1273668753485
10:28:09.0548 2736  WpdUsb ( LockedFile.Multi.Generic ) - warning
10:28:09.0548 2736  WpdUsb - detected LockedFile.Multi.Generic (1)
10:28:09.0654 2736  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:28:09.0688 2736  WPFFontCache_v0400 - ok
10:28:09.0736 2736  [ 84620AECDCFD2A7A14E6263927D8C0ED ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
10:28:09.0737 2736  Suspicious file (NoAccess): C:\Windows\system32\drivers\ws2ifsl.sys. md5: 84620AECDCFD2A7A14E6263927D8C0ED
10:28:09.0745 2736  ws2ifsl ( LockedFile.Multi.Generic ) - warning
10:28:09.0745 2736  ws2ifsl - detected LockedFile.Multi.Generic (1)
10:28:09.0775 2736  WSearch - ok
10:28:09.0930 2736  [ 6298277B73C77FA99106B271A7525163 ] wuauserv        C:\Windows\system32\wuaueng.dll
10:28:09.0998 2736  wuauserv - ok
10:28:10.0045 2736  [ A2AAFCC8A204736296D937C7C545B53F ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
10:28:10.0046 2736  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\WUDFRd.sys. md5: A2AAFCC8A204736296D937C7C545B53F
10:28:10.0070 2736  WUDFRd ( LockedFile.Multi.Generic ) - warning
10:28:10.0070 2736  WUDFRd - detected LockedFile.Multi.Generic (1)
10:28:10.0140 2736  [ DB5BF5AAB72B1B99B5331231D09EBB26 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
10:28:10.0144 2736  wudfsvc - ok
10:28:10.0226 2736  ================ Scan global ===============================
10:28:10.0269 2736  [ 8CD98A8EC9CADAF4E051CDCAC15C96C4 ] C:\Windows\system32\basesrv.dll
10:28:10.0307 2736  [ E3F137ADC0A9D7F3A2E4F557272FE6B3 ] C:\Windows\system32\winsrv.dll
10:28:10.0327 2736  [ E3F137ADC0A9D7F3A2E4F557272FE6B3 ] C:\Windows\system32\winsrv.dll
10:28:10.0358 2736  [ 329CF3C97CE4C19375C8ABCABAE258B0 ] C:\Windows\system32\services.exe
10:28:10.0366 2736  [Global] - ok
10:28:10.0366 2736  ================ Scan MBR ==================================
10:28:10.0388 2736  [ C31400769DEFC61154F08815BCB5E020 ] \Device\Harddisk0\DR0
10:28:10.0889 2736  \Device\Harddisk0\DR0 - ok
10:28:10.0890 2736  ================ Scan VBR ==================================
10:28:10.0895 2736  [ 2EB1D45246339B1BD492F210E6FC55FD ] \Device\Harddisk0\DR0\Partition1
10:28:10.0897 2736  \Device\Harddisk0\DR0\Partition1 - ok
10:28:10.0922 2736  [ 49BF10EC37326B55FA39BD1E4236C62B ] \Device\Harddisk0\DR0\Partition2
10:28:10.0924 2736  \Device\Harddisk0\DR0\Partition2 - ok
10:28:10.0925 2736  ============================================================
10:28:10.0925 2736  Scan finished
10:28:10.0925 2736  ============================================================
10:28:10.0944 4964  Detected object count: 5
10:28:10.0944 4964  Actual detected object count: 5
10:28:33.0056 4964  d5ef27d2304ff7ae ( Rootkit.Win32.Necurs.gen ) - skipped by user
10:28:33.0057 4964  d5ef27d2304ff7ae ( Rootkit.Win32.Necurs.gen ) - User select action: Skip
10:28:33.0063 4964  WmiAcpi ( LockedFile.Multi.Generic ) - skipped by user
10:28:33.0063 4964  WmiAcpi ( LockedFile.Multi.Generic ) - User select action: Skip
10:28:33.0064 4964  WpdUsb ( LockedFile.Multi.Generic ) - skipped by user
10:28:33.0064 4964  WpdUsb ( LockedFile.Multi.Generic ) - User select action: Skip
10:28:33.0068 4964  ws2ifsl ( LockedFile.Multi.Generic ) - skipped by user
10:28:33.0068 4964  ws2ifsl ( LockedFile.Multi.Generic ) - User select action: Skip
10:28:33.0072 4964  WUDFRd ( LockedFile.Multi.Generic ) - skipped by user
10:28:33.0072 4964  WUDFRd ( LockedFile.Multi.Generic ) - User select action: Skip
10:28:35.0337 5896  Deinitialize success
Lg Andre

Psychotic 06.09.2012 10:35
Schritt 1: Fix mit TDSS-Killer


Starte TDSSkiller.exe mit Doppelklick.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Klicke Change parameters, wähle Detect TDLFS file system, klicke OK.
  • Drücke auf Start Scan.
    Mache während dem Scan nichts am Rechner
  • ACHTUNG: Gehe sicher das nur beim ERSTEN Fund (d5ef27d2304ff7ae) Cure ( default ) angehakt ist !
  • Drücke Continue --> Reboot.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt

Poste den Inhalt bitte hier in deinen Thread.



Schritt 2: Combofix

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

loc-nar 06.09.2012 10:47
Moin,

folgendes Problme habe den Scan mit TDSS-Killer durchgeführt, die Datei wurde auch gefunden aber da steht keine Option mit Cure sondern nur Skip, Copy to quarantine oder Delete. Was tun?

Lg Andre

Nachtrag:

Wollte das Programm schließen und dabei hat er die Delete Option übernommen! Jetzt verlangt er nach einem Neustart um die Option auszuführen. Mist ...

Psychotic 06.09.2012 10:50
Oh, dann hat sich da etwas geändert!
Wähle bitte Delete.

loc-nar 06.09.2012 11:40
Liste der Anhänge anzeigen (Anzahl: 1)
Moin,

alles erledigt. Sehe ich dass richtig das es nur an xp-Antispy lag -. - Boar wie doof konnte ich nur sein. Sehe aber auch gerade das mein Windows Update Dienst immer noch weg ist ...

Lg Andre

Psychotic 06.09.2012 12:05
Nein, das glaube ich weniger!


Schritt 1: CF-Script


Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:
BleepingComputer.com - ForoSpyware.com
und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
DIRLOOK::
c:\windows\Installer\{EDAD135D-6569-F97E-C8A9-E9AFA834762A}
c:\users\Konto\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
FILELOOK::
c:\windows\TEMP\sqlite_VAgIPSFSNanb72Y
CLEARJAVACACHE::
Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:
  • Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
    Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
  • Mache nichts am PC solange ComboFix läuft.
http://i266.photobucket.com/albums/i.../CFScriptB.gif
  • In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  • Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.



Schritt 2: FSS



Downloade dir bitte Farbar's Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.
Poste bitte den Inhalt hier.

loc-nar 06.09.2012 12:45
Moin,

bitte schön

ComboFix Log

Code:
ComboFix 12-09-05.02 - Konto 06.09.2012  13:21:28.2.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6000.0.1252.49.1031.18.1790.444 [GMT 2:00]
ausgeführt von:: c:\users\Konto\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Konto\Desktop\CFScript.txt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-08-06 bis 2012-09-06  ))))))))))))))))))))))))))))))
.
.
2012-09-06 11:33 . 2012-09-06 11:33        --------        d-----w-        c:\users\Konto\AppData\Local\temp
2012-09-06 11:33 . 2012-09-06 11:33        --------        d-----w-        c:\users\***\AppData\Local\temp
2012-09-06 11:33 . 2012-09-06 11:33        --------        d-----w-        c:\users\***\AppData\Local\temp
2012-09-06 11:33 . 2012-09-06 11:33        --------        d-----w-        c:\users\Gast\AppData\Local\temp
2012-09-06 11:33 . 2012-09-06 11:33        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-09-06 11:14 . 2012-09-06 11:14        --------        d-----w-        c:\program files\Microsoft
2012-09-06 10:43 . 2012-08-27 23:50        7022536        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{D4625D44-2272-4856-B42E-0100076174D6}\mpengine.dll
2012-09-06 10:31 . 2012-09-06 10:31        --------        d-----w-        c:\program files\7-Zip
2012-09-06 09:44 . 2012-09-06 09:44        --------        d-----w-        C:\TDSSKiller_Quarantine
2012-09-05 21:30 . 2012-09-05 21:30        --------        d-----w-        c:\windows\system32\EventProviders
2012-09-05 18:11 . 2012-09-05 19:32        --------        d-----w-        c:\windows\system32\drivers\AVG
2012-09-05 18:11 . 2012-09-05 18:11        --------        d-----w-        C:\$AVG
2012-09-05 18:06 . 2012-09-05 18:06        --------        d--h--w-        c:\programdata\Common Files
2012-09-05 13:43 . 2012-09-05 19:29        --------        d-----w-        c:\users\Konto\AppData\Roaming\Malwarebytes
2012-09-02 18:16 . 2012-09-02 18:16        --------        d-----w-        c:\program files\ATI(21)
2012-09-02 18:07 . 2012-09-02 18:07        --------        d-----w-        C:\ATI(20)
2012-09-02 15:16 . 2012-09-02 15:16        --------        d-----w-        c:\program files\Driver Cleaner Pro
2012-09-02 14:46 . 2009-03-16 12:18        69448        ----a-w-        c:\windows\system32\XAPOFX1_3.dll
2012-08-30 11:33 . 2012-08-30 11:33        73696        ----a-w-        c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-08-22 12:17 . 2012-08-22 12:17        --------        d-----w-        c:\users\Konto\AppData\Local\Western_Digital
2012-08-16 21:30 . 2012-08-16 21:30        --------        d-----w-        c:\users\niko\AppData\Local\Macromedia
2012-08-16 18:19 . 2012-08-16 18:21        --------        d-----w-        c:\users\Konto\AppData\Roaming\.minecraft
2012-08-13 11:35 . 2012-08-13 11:35        5115584        ----a-w-        c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-05 13:37 . 2012-04-04 21:15        696520        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-09-05 13:37 . 2011-05-14 07:48        73416        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-21 15:38 . 2012-07-21 15:38        233024        ----a-w-        c:\windows\system32\drivers\dtsoftbus01.sys
2012-07-21 12:38 . 2012-07-21 12:38        3584        ----a-r-        c:\users\Konto\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2012-06-25 14:30 . 2012-06-25 14:30        1394248        ----a-w-        c:\windows\system32\msxml4.dll
2012-06-25 14:30 . 2012-06-25 14:30        102216        ----a-w-        c:\windows\system32\msxml4r.dll
2012-08-30 11:33 . 2012-07-18 07:45        266720        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((((((((((  Look  )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\Konto\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52} ----
.
2012-07-21 12:38 . 2012-07-21 12:38        3584        ----a-r-        c:\users\Konto\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
.
---- Directory of c:\windows\Installer\{EDAD135D-6569-F97E-C8A9-E9AFA834762A} ----
.
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-10 1232896]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Akamai NetSession Interface"="c:\users\Konto\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-12-09 815104]
"Play AVStation TV Scheduler"="c:\program files\Samsung\Play AVStation\TvScheduler.exe" [2007-01-09 73728]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-22 719664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
WD Quick View.lnk - c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe [2011-8-1 3983760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"NoHotStart"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs        REG_MULTI_SZ          BthServ
WindowsMobile        REG_MULTI_SZ          wcescomm rapimgr
LocalServiceRestricted        REG_MULTI_SZ          WcesComm RapiMgr
HPService        REG_MULTI_SZ          HPSLPSVC
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 13:37]
.
2012-09-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-05 20:24]
.
2012-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 18:20]
.
2012-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 18:20]
.
2012-09-06 c:\windows\Tasks\User_Feed_Synchronization-{4C34C866-F54C-4588-9C75-63AD9B10E143}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp:\\www.samsungcomputer.com
uInternet Settings,ProxyOverride = <local>
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.50.140.118 192.168.0.1
FF - ProfilePath - c:\users\Konto\AppData\Roaming\Mozilla\Firefox\Profiles\3bktmake.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-09-06 13:33
Windows 6.0.6000  NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-09-06  13:36:57
ComboFix-quarantined-files.txt  2012-09-06 11:36
.
Vor Suchlauf: 16 Verzeichnis(se), 10.455.736.320 Bytes frei
Nach Suchlauf: 8.968.843.264 Bytes frei
.
- - End Of File - - 719CCBB1F772414440F8B9AA6DBD016B
und Farbar

Code:
Farbar Service Scanner Version: 06-08-2012
Ran by Konto (administrator) on 06-09-2012 at 13:40:19
Running from "C:\Users\Konto\Downloads"
Microsoft® Windows Vista™ Home Premium  (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
Bin ich jetzt sauber?

Lg

Update:

Der Rechner arbeitet sich jetzt aufeinmal einen Wolf ab nach dem ich mein Antiv Virusprogramm geupdatet habe :/

Psychotic 07.09.2012 07:50
Sieht ganz gut aus - kontrollieren wir alles nochmal! :)


Schritt 1: MBAM vollständig


Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Vollständigen Scan durchführen und drücke auf Scannen. (Hinweis: Alle Festplatten anhaken!)
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.



Schritt 2: ESET



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Psychotic 10.09.2012 10:25
Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist

Psychotic 11.09.2012 11:48
Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:28 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132