|
Plagegeister aller Art und deren Bekämpfung: Exploit Java CVE-2012-1723Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
17.03.2013, 13:57 | #1 |
| Exploit Java CVE-2012-1723 Hallo. Meine Zonealarm-Firewall meldete mir nach der Aktualieserung, dass er einen Virus gefunden hat. Danach konnte ich keine Dateien mehr öffnen und der PC fuhr selbständig runter. Danach habe ich mit "Windows Defener Offline" den PC wieder hochgefahren. Dieses Programm meldete mir dann, folgenden Trojaner gefunden zu haben: "Exploit: Java CVE-2012-1723". Ich bin dann der Empfehlung des Programms gefolgt, und habe auf "löschen" geklickt. Jetzt meine Frage: Ist der Trojaner dann weg - oder eben nicht? Anbei meine Log-Files von OTL und GMER. Schon mal vielen Dank im Voraus für eure Hilfe! |
17.03.2013, 17:57 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Exploit Java CVE-2012-1723 Hallo und
__________________Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten! Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
17.03.2013, 20:46 | #3 |
| Exploit Java CVE-2012-1723 Hallo Cosinus,
__________________nein, ich habe keine weiteren Logs. Bin auch eine unerfahrene Nutzerin und habe mich an euer Protokoll gehalten. Gruß Silke |
17.03.2013, 20:57 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Exploit Java CVE-2012-1723Code:
ATTFilter Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner? Code:
ATTFilter DRV - [2012.11.02 19:17:16 | 000,027,056 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL) DRV - [2012.07.13 06:02:48 | 000,120,616 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINProt.sys -- (PSINProt) DRV - [2012.01.09 17:59:34 | 000,485,808 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF) Wenn dann verwendet man höchstens einen Virenscanner, alles andere ist kontraproduktiv.
__________________ Logfiles bitte immer in CODE-Tags posten |
17.03.2013, 21:10 | #5 |
| Exploit Java CVE-2012-1723 Hallo Cosinus, habe den Rechner so geschenkt bekommen... Von ner Freundin, die ihn in ihrem Laden stehen hatte und jetzt einen neuen Rechner bekommen hat. Ist das für dich wichtig, welche Windows-Version da drauf ist? Und die Programme waren alle schon so drauf... Mehr kann ich dir leider auch nicht dazu sagen - sorry... Gruß, Silke |
18.03.2013, 09:46 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Exploit Java CVE-2012-1723 Das ist schon ein Indiz für gewerbliche Nutzung, aber in deinem Fall ok. Mich interessieren dann halt die Umstände, weil wir bei gewerblicher Nutzung besondere Hinweise posten müssen Die von mir angesprochenen Progtamme bitte deinstallieren, die sind v.a. auch in dieser ANzahl kontraproduktiv.
__________________ --> Exploit Java CVE-2012-1723 |
18.03.2013, 09:53 | #7 |
| Exploit Java CVE-2012-1723 Ist schon Ok! Und wenn ich die deinstalliert habe, welches Programm reicht aus oder kannst Du eins empfehlen? Und vor allen Dingen...Muss sich sonst noch etwas machen?? Danke! |
18.03.2013, 11:58 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Exploit Java CVE-2012-1723 Ja bitte erstmal deinstallieren, dann gehts weiter erstmal mit einem neuen OTL-Log zur Kontrolle:
__________________ Logfiles bitte immer in CODE-Tags posten |
19.03.2013, 16:05 | #9 |
| Exploit Java CVE-2012-1723 Hallo Cosinus, ich hoffe, jetzt habe ich alles richtig gemacht. Das Zonealarm habe ich noch nicht runtergelöscht - man sagte mir, ich bräuchte ja auf jeden Fall eine Firewall. Ist das richtig? Hier die Ergebnisse von OTL: OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.03.2013 15:53:05 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\service\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 0,92 Gb Available Physical Memory | 45,96% Memory free 3,83 Gb Paging File | 2,92 Gb Available in Paging File | 76,28% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 220,87 Gb Total Space | 184,33 Gb Free Space | 83,46% Space Free | Partition Type: NTFS Drive D: | 12,00 Gb Total Space | 11,83 Gb Free Space | 98,60% Space Free | Partition Type: NTFS Computer Name: xxxx | User Name: xxxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\service\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) PRC - C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD) PRC - C:\Programme\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) PRC - C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies) PRC - C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\EPSON\EPuras\EPuras.exe (SEIKO EPSON CORPORATION) PRC - C:\Programme\EPSON\EPuras\EPurasLog.exe (SEIKO EPSON CORPORATION) PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Programme\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION) PRC - C:\Programme\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio) PRC - C:\Programme\Tools\BySoft StayAlive Pro\StayAlive.exe (BySoft) PRC - C:\Programme\Symantec\pcAnywhere\awhost32.exe (Symantec Corporation) ========== Modules (No Company Name) ========== MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\e143370f0583abe015d8e3d2d536185e\System.Web.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ba12e418b906593b7c9c18f971f36bf9\System.Windows.Forms.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IsdiInterop\4038934c72a4e48c80e283dd96d7eb94\IsdiInterop.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7a2248a76f0e94d56c92c5bf96f5175\System.Runtime.Remoting.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4a80de1d5c899d0b972227bec60b127f\IAStorUtil.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IAStorDataMgr\f622e88d112892df8d9018c02e69c7c0\IAStorDataMgr.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IAStorDataMgrSvc\79b9f3b766996e0c2e44ba0e68a8e0ea\IAStorDataMgrSvc.ni.exe () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\4b889e41364baff1e456817b4777b610\WindowsBase.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll () MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU () MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll () MOD - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll () MOD - C:\WINDOWS\system32\DLAAPI_W.DLL () MOD - C:\Programme\Gemeinsame Dateien\LightScribe\QtGui4.dll () MOD - C:\Programme\Gemeinsame Dateien\LightScribe\plugins\imageformats\qjpeg4.dll () MOD - C:\Programme\Gemeinsame Dateien\LightScribe\QtCore4.dll () MOD - C:\WINDOWS\system32\msjetoledb40.dll () ========== Services (SafeList) ========== SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (vsmon) -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD) SRV - (IswSvc) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies) SRV - (EpsonPuras) -- C:\Programme\EPSON\EPuras\EPuras.exe (SEIKO EPSON CORPORATION) SRV - (EpsonPurasLog) -- C:\Programme\EPSON\EPuras\EPurasLog.exe (SEIKO EPSON CORPORATION) SRV - (IAStorDataMgrSvc) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (osppsvc) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (EpsonBidirectionalService) -- C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION) SRV - (RoxMediaDB9) -- C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions) SRV - (stllssvr) -- C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.) SRV - (IDriverT) -- C:\Programme\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (awhost32) -- C:\Programme\Symantec\pcAnywhere\awhost32.exe (Symantec Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (Changer) -- File not found DRV - (Vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD) DRV - (ISWKL) -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies) DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab) DRV - (KL1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab ZAO) DRV - (kl2) -- C:\WINDOWS\system32\drivers\kl2.sys (Kaspersky Lab ZAO) DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (EPSON TM Parallel Port Driver) -- C:\WINDOWS\system32\drivers\tmlpt.sys (SEIKO EPSON CORPORATION) DRV - (TMUSB) -- C:\WINDOWS\system32\drivers\TMUSBXP.sys (SEIKO EPSON CORPORATION) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (Blfp) -- C:\WINDOWS\system32\drivers\baspxp32.sys (Broadcom Corporation) DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio) DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio) DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio) DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio) DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio) DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio) DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio) DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio) DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio) DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio) DRV - (AW_HOST) -- C:\WINDOWS\system32\drivers\AW_HOST5.sys (Symantec Corporation) DRV - (Gernuwa) -- C:\WINDOWS\System32\drivers\GERNUWA.sys (Symantec Corporation) DRV - (SymEvent) -- C:\Programme\Symantec\SYMEVENT.SYS (Symantec Corporation) DRV - (awlegacy) -- C:\WINDOWS\system32\drivers\AWLEGACY.sys (Symantec Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-746137067-1547161642-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-746137067-1547161642-1177238915-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-746137067-1547161642-1177238915-1003\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = IE - HKU\S-1-5-21-746137067-1547161642-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..extensions.enabledItems: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}:3.0.0.9b FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}:6.0.34 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}:6.0.39 FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?rlz=1V2IPYX&ie=utf-8&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Programme\CheckPoint\ZAForceField\TrustChecker [2013.01.24 11:00:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.03.08 11:46:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.03.09 10:11:35 | 000,000,000 | ---D | M] [2011.03.08 11:46:44 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\service\Anwendungsdaten\Mozilla\Extensions [2013.03.08 11:38:26 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\service\Anwendungsdaten\Mozilla\Firefox\Profiles\aasgfavo.default\extensions [2012.08.11 14:21:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\service\Anwendungsdaten\Mozilla\Firefox\Profiles\aasgfavo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.01.03 15:27:44 | 000,002,333 | ---- | M] () -- C:\Dokumente und Einstellungen\service\Anwendungsdaten\Mozilla\Firefox\Profiles\aasgfavo.default\searchplugins\askcom.xml [2013.03.08 11:38:26 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.08.16 13:08:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2012.11.12 15:13:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013.02.09 18:14:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\SERVICE\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\AASGFAVO.DEFAULT\EXTENSIONS\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} [2012.08.16 13:07:50 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011.03.03 19:06:04 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.03.03 19:06:04 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2011.03.03 19:06:04 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2011.03.03 19:06:04 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2011.03.03 19:06:04 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.03.17 12:34:44 | 000,446,016 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 15317 more lines... O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKU\S-1-5-21-746137067-1547161642-1177238915-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKU\S-1-5-21-746137067-1547161642-1177238915-1003\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [FUFAXSTM] C:\Programme\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [ISW] C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4 - HKLM..\Run: [RoxioDragToDisc] C:\Programme\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [ZoneAlarm] C:\Programme\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) O4 - HKU\S-1-5-21-746137067-1547161642-1177238915-1003..\Run: [BySoft StayAlive Pro] C:\Programme\Tools\BySoft StayAlive Pro\StayAlive.exe (BySoft) O4 - HKU\S-1-5-21-746137067-1547161642-1177238915-1003..\Run: [LightScribe Control Panel] C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) O4 - HKU\S-1-5-21-746137067-1547161642-1177238915-1003..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\TM-T88V Utility(Automatic Restore).lnk = C:\Programme\EPSON\TM-T88V Software\TM88VUTL\TMRESTOREAPP.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-746137067-1547161642-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1299523476984 (MUWebControl Class) O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8BB1AE26-C3AD-437F-87EA-F16220C22EEA}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\PCANotify: DllName - (PCANotify.dll) - C:\WINDOWS\System32\PCANotify.dll (Symantec Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.03.07 15:06:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.03.17 12:46:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\service\Desktop\OTL.exe [2013.03.09 10:15:26 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java [2013.03.09 10:15:09 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2013.03.09 10:14:43 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2013.03.09 10:14:43 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2013.03.09 10:14:43 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2013.03.08 11:38:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\service\Eigene Dateien\Downloads ========== Files - Modified Within 30 Days ========== [2013.03.19 15:35:53 | 000,802,140 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.03.19 15:35:53 | 000,711,132 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.03.19 15:35:53 | 000,230,166 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.03.19 15:35:53 | 000,187,178 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.03.19 15:31:39 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.03.19 15:31:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.03.19 15:31:00 | 000,317,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.03.17 13:45:24 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013.03.17 13:45:24 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013.03.17 12:52:11 | 000,377,856 | ---- | M] () -- C:\Dokumente und Einstellungen\service\Desktop\gmer_2.1.19155.exe [2013.03.17 12:46:41 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\service\Desktop\Defogger.exe [2013.03.17 12:46:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\service\Desktop\OTL.exe [2013.03.17 12:34:44 | 000,446,016 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2013.03.09 18:21:34 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013.03.09 10:14:30 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2013.03.09 10:14:28 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll [2013.03.09 10:14:28 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll [2013.03.09 10:14:28 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2013.03.09 10:14:28 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2013.03.09 10:14:28 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2013.03.09 10:14:28 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2013.03.01 03:28:11 | 006,011,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll ========== Files Created - No Company Name ========== [2013.03.17 12:52:11 | 000,377,856 | ---- | C] () -- C:\Dokumente und Einstellungen\service\Desktop\gmer_2.1.19155.exe [2013.03.17 12:46:08 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\service\Desktop\Defogger.exe [2012.08.29 18:04:39 | 000,007,680 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NanoRepository.bin.bak [2012.08.29 18:04:39 | 000,007,680 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NanoRepository.bin [2012.02.15 09:52:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll ========== ZeroAccess Check ========== [2011.03.08 07:27:19 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2010.12.20 23:14:52 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 06:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Hier die Extras: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 19.03.2013 15:37:31 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\service\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 0,95 Gb Available Physical Memory | 47,89% Memory free 3,83 Gb Paging File | 2,91 Gb Available in Paging File | 75,94% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 220,87 Gb Total Space | 184,33 Gb Free Space | 83,46% Space Free | Partition Type: NTFS Drive D: | 12,00 Gb Total Space | 11,83 Gb Free Space | 98,60% Space Free | Partition Type: NTFS Computer Name: xxxx | User Name: xxxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Programme\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Programme\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] "DisableMonitoring" = 1 ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "5985:TCP" = 5985:TCP:*:Disabled:Windows-Remoteverwaltung "80:TCP" = 80:TCP:*:Disabled:Windows-Remoteverwaltung - Kompatibilitätsmodus (HTTP eingehend) "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\DATEV\PROGRAMM\Install\ExecDll\ExecDllExe.exe" = C:\DATEV\PROGRAMM\Install\ExecDll\ExecDllExe.exe:*:Enabled:ExecDllExe.exe "C:\DATEV\PROGRAMM\Install\Uninstal.exe" = C:\DATEV\PROGRAMM\Install\Uninstal.exe:*:Enabled:Uninstal.exe "C:\DATEV\PROGRAMM\Sws\LimaServer.exe" = C:\DATEV\PROGRAMM\Sws\LimaServer.exe:*:Enabled:LimaServer.exe "C:\DATEV\PROGRAMM\Sws\LimaService.exe" = C:\DATEV\PROGRAMM\Sws\LimaService.exe:*:Enabled:LimaService.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Programme\Microsoft Office\Office14\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation) "C:\Programme\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "C:\Programme\Internet Explorer\iexplore.exe" = C:\Programme\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation) "C:\Programme\Symantec\pcAnywhere\winaw32.exe" = C:\Programme\Symantec\pcAnywhere\winaw32.exe:*:Enabled:pcAnywhere Main Program -- (Symantec Corporation) "C:\Programme\Symantec\pcAnywhere\awhost32.exe" = C:\Programme\Symantec\pcAnywhere\awhost32.exe:*:Enabled:pcAnywhere Host Service -- (Symantec Corporation) "C:\Programme\EPSON\TM-T88V Software\TM88VUTL\TM88VUTL.EXE" = C:\Programme\EPSON\TM-T88V Software\TM88VUTL\TM88VUTL.EXE:*:Enabled:EPSON TM-T88V Utility Ver.1.11 -- (SEIKO EPSON CORPORATION) "C:\Programme\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe" = C:\Programme\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe:*:Enabled:EpsonNet Setup -- (SEIKO EPSON CORPORATION) "C:\DATEV\PROGRAMM\Install\ExecDll\ExecDllExe.exe" = C:\DATEV\PROGRAMM\Install\ExecDll\ExecDllExe.exe:*:Enabled:ExecDllExe.exe "C:\DATEV\PROGRAMM\Install\Uninstal.exe" = C:\DATEV\PROGRAMM\Install\Uninstal.exe:*:Enabled:Uninstal.exe "C:\DATEV\PROGRAMM\Sws\LimaServer.exe" = C:\DATEV\PROGRAMM\Sws\LimaServer.exe:*:Enabled:LimaServer.exe "C:\DATEV\PROGRAMM\Sws\LimaService.exe" = C:\DATEV\PROGRAMM\Sws\LimaService.exe:*:Enabled:LimaService.exe ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data "{11FF6AF6-0141-4EF8-829A-989459A1E5D8}" = EPSON Advanced Printer Driver 4 "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20791209-B040-4DAA-B903-540CB9121BBA}_is1" = DD-Cash Version 1.10.5.0 "{26A24AE4-039D-4CA4-87B4-2F83216034FF}" = Java(TM) 6 Update 39 "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17 "{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module "{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4BB82AD9-0CF6-4E14-BD75-C1AB657C2914}" = EPSON APD4 Point and Print Support "{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{735DEB9C-61BD-4D31-994B-92395BBB4E45}" = Microsoft XML Parser "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7BB045C3-D5E4-4620-B536-DC11AACD5942}" = Broadcom Management Programs "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90140000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 14 "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9 "{948D7445-1CF2-49AE-874A-9DE58A038321}" = EPSON TM-T88V Utility Ver.1.11 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A2F3559-6776-4F67-B46E-5F973B901234}" = ZoneAlarm Antivirus "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch "{AD32654E-90CF-42F2-8CB3-88DA6F1AA11A}" = ZoneAlarm Security "{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU "{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9 "{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3 "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D05E8183-866A-11D3-97DF-0000F8D8F2E9}" = pcAnywhere Nur Host "{DA9DAC64-C947-47BA-B411-8A1959B177CF}" = LightScribe System Software 1.14.25.1 "{E25ED28D-3F3F-4707-8DFA-66CA75FB9329}" = ZoneAlarm Firewall "{E546D253-D9A2-44C3-8437-B0A5DB3264AB}" = Broadcom TPM Driver Installer "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F5D84887-8A6F-4993-8560-B3AA44CB620D}" = Avery Wizard 4.0 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F870B987-18BC-45FC-9BE8-35C02DCDA10F}" = Broadcom NetXtreme Ethernet Controller "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "BySoft StayAlive Pro" = BySoft StayAlive Pro 3.0 "CCleaner" = CCleaner "EPSON BX305 Series" = EPSON BX305 Series Printer Uninstall "EPSON BX305 Series Manual" = EPSON BX305 Series Handbuch "EPSON BX305 Series Network Guide" = EPSON BX305 Series Netzwerk-Handbuch "EPSON PC-FAX Driver 2" = Epson PC-FAX Driver "EPSON Scanner" = EPSON Scan "HDMI" = Intel(R) Graphics Media Accelerator Driver "ie8" = Windows Internet Explorer 8 "LiveReg" = LiveReg (Symantec Corporation) "LiveUpdate1.6" = LiveUpdate 1.6 (Symantec Corporation) "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "Office14.SingleImage" = Microsoft Office Home and Business 2010 "SP44286" = HP Softpaq SP49160 "SP49161" = HP Softpaq SP49161 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 "ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall "ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 15.03.2013 07:45:17 | Computer Name = xxxx | Source = LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess Performance auf dem Erweitungerungsindikator-Anbieter ausgeführt wird. Der Wert BaseIndex aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert LastCounter ist das zweite DWORD im Datenbereich und der Werte LastHelp ist das dritte DWORD im Datenbereich. Error - 15.03.2013 07:45:17 | Computer Name = xxxx | Source = LoadPerf | ID = 3011 Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst WmiApRpl (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error - 18.03.2013 06:19:32 | Computer Name = xxxx | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 18.03.2013 06:19:50 | Computer Name = xxxx | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 19.03.2013 10:31:50 | Computer Name = xxxx | Source = LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess Performance auf dem Erweitungerungsindikator-Anbieter ausgeführt wird. Der Wert BaseIndex aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert LastCounter ist das zweite DWORD im Datenbereich und der Werte LastHelp ist das dritte DWORD im Datenbereich. Error - 19.03.2013 10:31:50 | Computer Name = xxxx | Source = LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess Performance auf dem Erweitungerungsindikator-Anbieter ausgeführt wird. Der Wert BaseIndex aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert LastCounter ist das zweite DWORD im Datenbereich und der Werte LastHelp ist das dritte DWORD im Datenbereich. Error - 19.03.2013 10:31:50 | Computer Name = xxxx | Source = LoadPerf | ID = 3011 Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst WmiApRpl (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error - 19.03.2013 10:35:50 | Computer Name = xxxx | Source = LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess Performance auf dem Erweitungerungsindikator-Anbieter ausgeführt wird. Der Wert BaseIndex aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert LastCounter ist das zweite DWORD im Datenbereich und der Werte LastHelp ist das dritte DWORD im Datenbereich. Error - 19.03.2013 10:35:50 | Computer Name = xxxx | Source = LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess Performance auf dem Erweitungerungsindikator-Anbieter ausgeführt wird. Der Wert BaseIndex aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert LastCounter ist das zweite DWORD im Datenbereich und der Werte LastHelp ist das dritte DWORD im Datenbereich. Error - 19.03.2013 10:35:50 | Computer Name = xxxx | Source = LoadPerf | ID = 3011 Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst WmiApRpl (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. [ System Events ] Error - 19.01.2013 06:15:10 | Computer Name = xxxx | Source = Windows Update Agent | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Update für Microsoft Office 2010 (KB2598242) 32-Bit-Edition Error - 15.03.2013 06:29:14 | Computer Name = xxxx | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: atapi PCIIde Error - 15.03.2013 07:41:30 | Computer Name = xxxx | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: atapi PCIIde < End of report > Viele Grüße Silke |
19.03.2013, 16:32 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Exploit Java CVE-2012-1723 Bevor wir uns an die weitere Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
20.03.2013, 10:35 | #11 |
| Exploit Java CVE-2012-1723 Hallo Cosinus, anbei die drei Logfiles: Hier der von ASW: Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software Run date: 2013-03-20 09:37:31 ----------------------------- 09:37:31.609 OS Version: Windows 5.1.2600 Service Pack 3 09:37:31.609 Number of processors: 2 586 0xF0D 09:37:31.609 ComputerName: XXXX UserName: XXXX 09:37:32.046 Initialize success 09:37:43.593 AVAST engine defs: 13031901 09:37:48.125 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 09:37:48.125 Disk 0 Vendor: Intel___ 1.0. Size: 238472MB BusType: 8 09:37:48.281 Disk 0 MBR read successfully 09:37:48.281 Disk 0 MBR scan 09:37:48.328 Disk 0 Windows XP default MBR code 09:37:48.328 Disk 0 Partition - 00 0F Extended LBA 226172 MB offset 16065 09:37:48.343 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 12289 MB offset 463222784 09:37:48.390 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 226172 MB offset 16128 09:37:48.421 Disk 0 scanning sectors +488390656 09:37:48.578 Disk 0 scanning C:\WINDOWS\system32\drivers 09:38:01.609 Service scanning 09:38:17.421 Modules scanning 09:38:24.093 Disk 0 trace - called modules: 09:38:24.125 09:38:24.531 AVAST engine scan C:\WINDOWS 09:38:33.562 AVAST engine scan C:\WINDOWS\system32 09:42:50.718 AVAST engine scan C:\WINDOWS\system32\drivers 09:43:13.578 AVAST engine scan C:\Dokumente und Einstellungen\service 09:48:09.296 AVAST engine scan C:\Dokumente und Einstellungen\All Users 09:52:41.828 Scan finished successfully 09:53:05.328 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\silke\Desktop\MBR.dat" 09:53:05.343 The log file has been saved successfully to "C:\Dokumente und Einstellungen\silke\Desktop\aswMBR.txt" Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021 www.malwarebytes.org Database version: v2013.03.20.06 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 service :: XXXX [administrator] 20.03.2013 09:24:27 mbar-log-2013-03-20 (09-24-27).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 42295 Time elapsed: 12 minute(s), 11 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Code:
ATTFilter 09:54:21.0984 1048 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 09:54:22.0125 1048 ============================================================ 09:54:22.0125 1048 Current date / time: 2013/03/20 09:54:22.0125 09:54:22.0125 1048 SystemInfo: 09:54:22.0125 1048 09:54:22.0125 1048 OS Version: 5.1.2600 ServicePack: 3.0 09:54:22.0125 1048 Product type: Workstation 09:54:22.0125 1048 ComputerName: XXXX 09:54:22.0125 1048 UserName: service 09:54:22.0125 1048 Windows directory: C:\WINDOWS 09:54:22.0125 1048 System windows directory: C:\WINDOWS 09:54:22.0125 1048 Processor architecture: Intel x86 09:54:22.0125 1048 Number of processors: 2 09:54:22.0125 1048 Page size: 0x1000 09:54:22.0125 1048 Boot type: Normal boot 09:54:22.0125 1048 ============================================================ 09:54:22.0656 1048 Drive \Device\Harddisk0\DR0 - Size: 0x3A388F8E00 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 09:54:22.0671 1048 ============================================================ 09:54:22.0671 1048 \Device\Harddisk0\DR0: 09:54:22.0671 1048 MBR partitions: 09:54:22.0671 1048 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x1B9BE722 09:54:22.0671 1048 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B9C3800, BlocksNum 0x1800800 09:54:22.0671 1048 ============================================================ 09:54:22.0734 1048 D: <-> \Device\Harddisk0\DR0\Partition2 09:54:22.0781 1048 C: <-> \Device\Harddisk0\DR0\Partition1 09:54:22.0781 1048 ============================================================ 09:54:22.0781 1048 Initialize success 09:54:22.0781 1048 ============================================================ 09:54:24.0859 2736 ============================================================ 09:54:24.0859 2736 Scan started 09:54:24.0859 2736 Mode: Manual; 09:54:24.0859 2736 ============================================================ 09:54:25.0156 2736 ================ Scan system memory ======================== 09:54:25.0156 2736 System memory - ok 09:54:25.0156 2736 ================ Scan services ============================= 09:54:25.0265 2736 Abiosdsk - ok 09:54:25.0281 2736 abp480n5 - ok 09:54:25.0328 2736 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys 09:54:25.0343 2736 ACPI - ok 09:54:25.0390 2736 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys 09:54:25.0421 2736 ACPIEC - ok 09:54:25.0421 2736 adpu160m - ok 09:54:25.0484 2736 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys 09:54:25.0515 2736 aec - ok 09:54:25.0562 2736 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys 09:54:25.0578 2736 AFD - ok 09:54:25.0578 2736 Aha154x - ok 09:54:25.0578 2736 aic78u2 - ok 09:54:25.0593 2736 aic78xx - ok 09:54:25.0609 2736 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll 09:54:25.0625 2736 Alerter - ok 09:54:25.0671 2736 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe 09:54:25.0687 2736 ALG - ok 09:54:25.0703 2736 AliIde - ok 09:54:25.0703 2736 amsint - ok 09:54:25.0734 2736 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll 09:54:25.0750 2736 AppMgmt - ok 09:54:25.0750 2736 asc - ok 09:54:25.0765 2736 asc3350p - ok 09:54:25.0765 2736 asc3550 - ok 09:54:25.0812 2736 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 09:54:25.0828 2736 aspnet_state - ok 09:54:25.0859 2736 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys 09:54:25.0875 2736 AsyncMac - ok 09:54:25.0890 2736 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys 09:54:25.0921 2736 atapi - ok 09:54:25.0921 2736 Atdisk - ok 09:54:25.0937 2736 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys 09:54:25.0937 2736 Atmarpc - ok 09:54:25.0953 2736 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll 09:54:25.0968 2736 AudioSrv - ok 09:54:26.0000 2736 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys 09:54:26.0015 2736 audstub - ok 09:54:26.0078 2736 [ 9C2CE606E4E7E572799F33AEE5A59C3C ] awhost32 C:\Programme\Symantec\pcAnywhere\awhost32.exe 09:54:26.0093 2736 awhost32 - ok 09:54:26.0125 2736 [ F7E75C620A04963C9A53C3B47DA80405 ] awlegacy C:\WINDOWS\System32\Drivers\awlegacy.sys 09:54:26.0140 2736 awlegacy - ok 09:54:26.0156 2736 [ 7AB1047FCC742BD4ABF1016C031969CE ] AW_HOST C:\WINDOWS\system32\drivers\aw_host5.sys 09:54:26.0171 2736 AW_HOST - ok 09:54:26.0203 2736 [ 5175E788BCD1CB7345AB21F3E14369D2 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys 09:54:26.0234 2736 b57w2k - ok 09:54:26.0265 2736 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys 09:54:26.0265 2736 Beep - ok 09:54:26.0312 2736 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll 09:54:26.0312 2736 BITS - ok 09:54:26.0343 2736 [ 9B53D428DE0A2566A03499D7AA48DEC4 ] Blfp C:\WINDOWS\system32\DRIVERS\baspxp32.sys 09:54:26.0375 2736 Blfp - ok 09:54:26.0406 2736 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll 09:54:26.0421 2736 Browser - ok 09:54:26.0437 2736 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys 09:54:26.0437 2736 cbidf2k - ok 09:54:26.0437 2736 cd20xrnt - ok 09:54:26.0453 2736 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys 09:54:26.0453 2736 Cdaudio - ok 09:54:26.0468 2736 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys 09:54:26.0468 2736 Cdfs - ok 09:54:26.0484 2736 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys 09:54:26.0500 2736 Cdrom - ok 09:54:26.0500 2736 Changer - ok 09:54:26.0515 2736 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe 09:54:26.0515 2736 CiSvc - ok 09:54:26.0531 2736 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe 09:54:26.0531 2736 ClipSrv - ok 09:54:26.0562 2736 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 09:54:26.0593 2736 clr_optimization_v2.0.50727_32 - ok 09:54:26.0671 2736 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 09:54:26.0687 2736 clr_optimization_v4.0.30319_32 - ok 09:54:26.0687 2736 CmdIde - ok 09:54:26.0687 2736 COMSysApp - ok 09:54:26.0703 2736 Cpqarray - ok 09:54:26.0718 2736 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll 09:54:26.0734 2736 CryptSvc - ok 09:54:26.0734 2736 dac2w2k - ok 09:54:26.0734 2736 dac960nt - ok 09:54:26.0781 2736 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll 09:54:26.0781 2736 DcomLaunch - ok 09:54:26.0828 2736 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll 09:54:26.0828 2736 Dhcp - ok 09:54:26.0843 2736 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys 09:54:26.0843 2736 Disk - ok 09:54:26.0875 2736 [ E328F653BB38DCA443B6B5C209550F16 ] DLABMFSM C:\WINDOWS\system32\DLA\DLABMFSM.SYS 09:54:26.0890 2736 DLABMFSM - ok 09:54:26.0890 2736 [ 5324FBE31307EDDD03DF5539225454C8 ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS 09:54:26.0906 2736 DLABOIOM - ok 09:54:26.0906 2736 [ 5230CDB7E715F3A3B4A882E254CDD35D ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS 09:54:26.0906 2736 DLACDBHM - ok 09:54:26.0921 2736 [ 5D71DB0C8C693324A20D6A6E230D3877 ] DLADResM C:\WINDOWS\system32\DLA\DLADResM.SYS 09:54:26.0937 2736 DLADResM - ok 09:54:26.0937 2736 [ B89653704319073F71311A676BAF70D4 ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS 09:54:26.0953 2736 DLAIFS_M - ok 09:54:26.0953 2736 [ E08F04C7F7E0C31C9AC928ABAC9D0193 ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS 09:54:26.0968 2736 DLAOPIOM - ok 09:54:26.0968 2736 [ DAA942572D1B3393040209BF5EADF4A8 ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS 09:54:26.0984 2736 DLAPoolM - ok 09:54:26.0984 2736 [ 77FE51F0F8D86804CB81F6EF6BFB86DD ] DLARTL_M C:\WINDOWS\system32\Drivers\DLARTL_M.SYS 09:54:26.0984 2736 DLARTL_M - ok 09:54:27.0000 2736 [ E1160A37A6F1A7607510744267501836 ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS 09:54:27.0000 2736 DLAUDFAM - ok 09:54:27.0015 2736 [ 26DAD89DC9DE1F7F4990849BC5731D03 ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS 09:54:27.0015 2736 DLAUDF_M - ok 09:54:27.0031 2736 dmadmin - ok 09:54:27.0078 2736 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys 09:54:27.0093 2736 dmboot - ok 09:54:27.0109 2736 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys 09:54:27.0109 2736 dmio - ok 09:54:27.0109 2736 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys 09:54:27.0109 2736 dmload - ok 09:54:27.0125 2736 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll 09:54:27.0140 2736 dmserver - ok 09:54:27.0171 2736 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys 09:54:27.0187 2736 DMusic - ok 09:54:27.0218 2736 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll 09:54:27.0234 2736 Dnscache - ok 09:54:27.0265 2736 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll 09:54:27.0265 2736 Dot3svc - ok 09:54:27.0281 2736 dpti2o - ok 09:54:27.0296 2736 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys 09:54:27.0312 2736 drmkaud - ok 09:54:27.0328 2736 [ C00440385CF9F3D142917C63F989E244 ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS 09:54:27.0328 2736 DRVMCDB - ok 09:54:27.0343 2736 [ FFC371525AA55D1BAE18715EBCB8797C ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS 09:54:27.0359 2736 DRVNDDM - ok 09:54:27.0390 2736 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll 09:54:27.0406 2736 EapHost - ok 09:54:27.0453 2736 [ A4FA9D9DC31F5237C1C023AC4A0484B9 ] EPSON TM Parallel Port Driver C:\WINDOWS\system32\drivers\tmlpt.sys 09:54:27.0453 2736 EPSON TM Parallel Port Driver - ok 09:54:27.0515 2736 [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSVC.exe 09:54:27.0531 2736 EpsonBidirectionalService - ok 09:54:27.0609 2736 [ 93FEEC00914B0F704DC9E0B97A81872F ] EpsonPuras C:\Programme\EPSON\EPuras\EPuras.exe 09:54:27.0609 2736 EpsonPuras - ok 09:54:27.0625 2736 [ 720C81213558420B5C291EA18BF0D74F ] EpsonPurasLog C:\Programme\EPSON\EPuras\EPurasLog.exe 09:54:27.0625 2736 EpsonPurasLog - ok 09:54:27.0640 2736 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll 09:54:27.0656 2736 ERSvc - ok 09:54:27.0671 2736 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe 09:54:27.0687 2736 Eventlog - ok 09:54:27.0718 2736 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll 09:54:27.0734 2736 EventSystem - ok 09:54:27.0750 2736 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys 09:54:27.0750 2736 Fastfat - ok 09:54:27.0796 2736 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll 09:54:27.0796 2736 FastUserSwitchingCompatibility - ok 09:54:27.0812 2736 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys 09:54:27.0812 2736 Fdc - ok 09:54:27.0828 2736 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys 09:54:27.0828 2736 Fips - ok 09:54:27.0843 2736 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys 09:54:27.0843 2736 Flpydisk - ok 09:54:27.0875 2736 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys 09:54:27.0875 2736 FltMgr - ok 09:54:27.0937 2736 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 09:54:27.0953 2736 FontCache3.0.0.0 - ok 09:54:27.0968 2736 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys 09:54:27.0984 2736 Fs_Rec - ok 09:54:27.0984 2736 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys 09:54:27.0984 2736 Ftdisk - ok 09:54:28.0000 2736 [ BA294768509FA03FCFE766962DEE3CAD ] Gernuwa C:\WINDOWS\system32\drivers\Gernuwa.sys 09:54:28.0000 2736 Gernuwa - ok 09:54:28.0031 2736 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys 09:54:28.0046 2736 Gpc - ok 09:54:28.0093 2736 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 09:54:28.0093 2736 HDAudBus - ok 09:54:28.0156 2736 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 09:54:28.0156 2736 helpsvc - ok 09:54:28.0171 2736 HidServ - ok 09:54:28.0203 2736 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll 09:54:28.0203 2736 hkmsvc - ok 09:54:28.0218 2736 hpn - ok 09:54:28.0250 2736 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys 09:54:28.0281 2736 HTTP - ok 09:54:28.0296 2736 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll 09:54:28.0312 2736 HTTPFilter - ok 09:54:28.0312 2736 i2omgmt - ok 09:54:28.0312 2736 i2omp - ok 09:54:28.0328 2736 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys 09:54:28.0328 2736 i8042prt - ok 09:54:28.0500 2736 [ 66A685B05066683621920BC14A45CFE8 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 09:54:28.0562 2736 ialm - ok 09:54:28.0593 2736 [ 26541A068572F650A2FA490726FE81BE ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys 09:54:28.0593 2736 iaStor - ok 09:54:28.0671 2736 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 09:54:28.0671 2736 IAStorDataMgrSvc - ok 09:54:28.0750 2736 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Programme\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe 09:54:28.0765 2736 IDriverT - ok 09:54:28.0875 2736 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 09:54:28.0906 2736 idsvc - ok 09:54:28.0906 2736 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys 09:54:28.0906 2736 Imapi - ok 09:54:28.0937 2736 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe 09:54:28.0953 2736 ImapiService - ok 09:54:28.0953 2736 ini910u - ok 09:54:29.0109 2736 [ 70A42B2D9B5ABDC3D91CEEBA0618B22D ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys 09:54:29.0218 2736 IntcAzAudAddService - ok 09:54:29.0234 2736 IntelIde - ok 09:54:29.0265 2736 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys 09:54:29.0265 2736 intelppm - ok 09:54:29.0312 2736 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 09:54:29.0312 2736 Ip6Fw - ok 09:54:29.0328 2736 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 09:54:29.0343 2736 IpFilterDriver - ok 09:54:29.0343 2736 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys 09:54:29.0343 2736 IpInIp - ok 09:54:29.0375 2736 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys 09:54:29.0390 2736 IpNat - ok 09:54:29.0390 2736 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys 09:54:29.0390 2736 IPSec - ok 09:54:29.0421 2736 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys 09:54:29.0421 2736 IRENUM - ok 09:54:29.0453 2736 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys 09:54:29.0468 2736 isapnp - ok 09:54:29.0531 2736 [ 33112D12B95BD1DE18AF409D865DF10C ] ISWKL C:\Programme\CheckPoint\ZAForceField\ISWKL.sys 09:54:29.0531 2736 ISWKL - ok 09:54:29.0578 2736 [ CFF1CD2C1CC8F5271967AA268982E878 ] IswSvc C:\Programme\CheckPoint\ZAForceField\IswSvc.exe 09:54:29.0593 2736 IswSvc - ok 09:54:29.0687 2736 [ 999DB5F88C8E145CCA9D471E33227143 ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe 09:54:29.0687 2736 JavaQuickStarterService - ok 09:54:29.0718 2736 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys 09:54:29.0734 2736 Kbdclass - ok 09:54:29.0750 2736 [ 186B54479D98E48AEE0E9ADA4B3C4D31 ] KL1 C:\WINDOWS\system32\DRIVERS\kl1.sys 09:54:29.0765 2736 KL1 - ok 09:54:29.0781 2736 [ BF485BFBA13C0AB116701FD9C55324D0 ] kl2 C:\WINDOWS\system32\DRIVERS\kl2.sys 09:54:29.0796 2736 kl2 - ok 09:54:29.0828 2736 [ 1267FC6F43F2868127A01E9766BF51A7 ] KLIF C:\WINDOWS\system32\DRIVERS\klif.sys 09:54:29.0843 2736 KLIF - ok 09:54:29.0859 2736 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys 09:54:29.0875 2736 kmixer - ok 09:54:29.0906 2736 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys 09:54:29.0906 2736 KSecDD - ok 09:54:29.0937 2736 [ 2BBDCB79900990F0716DFCB714E72DE7 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll 09:54:29.0953 2736 LanmanServer - ok 09:54:29.0984 2736 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll 09:54:29.0984 2736 lanmanworkstation - ok 09:54:30.0000 2736 lbrtfdc - ok 09:54:30.0046 2736 [ E75ADCFAFDEF3F4C3AF3332928D59926 ] LightScribeService C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe 09:54:30.0046 2736 LightScribeService - ok 09:54:30.0078 2736 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll 09:54:30.0093 2736 LmHosts - ok 09:54:30.0125 2736 [ 4A5FFDF0FE830C448830BD4B02B02B4B ] mbamchameleon C:\WINDOWS\system32\drivers\mbamchameleon.sys 09:54:30.0140 2736 mbamchameleon - ok 09:54:30.0140 2736 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll 09:54:30.0156 2736 Messenger - ok 09:54:30.0187 2736 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys 09:54:30.0187 2736 mnmdd - ok 09:54:30.0203 2736 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe 09:54:30.0218 2736 mnmsrvc - ok 09:54:30.0250 2736 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys 09:54:30.0281 2736 Modem - ok 09:54:30.0296 2736 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys 09:54:30.0312 2736 Mouclass - ok 09:54:30.0343 2736 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys 09:54:30.0359 2736 MountMgr - ok 09:54:30.0359 2736 mraid35x - ok 09:54:30.0375 2736 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys 09:54:30.0390 2736 MRxDAV - ok 09:54:30.0421 2736 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 09:54:30.0453 2736 MRxSmb - ok 09:54:30.0468 2736 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe 09:54:30.0468 2736 MSDTC - ok 09:54:30.0484 2736 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys 09:54:30.0500 2736 Msfs - ok 09:54:30.0515 2736 MSIServer - ok 09:54:30.0546 2736 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys 09:54:30.0578 2736 MSKSSRV - ok 09:54:30.0578 2736 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys 09:54:30.0593 2736 MSPCLOCK - ok 09:54:30.0593 2736 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys 09:54:30.0609 2736 MSPQM - ok 09:54:30.0625 2736 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys 09:54:30.0656 2736 mssmbios - ok 09:54:30.0671 2736 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys 09:54:30.0671 2736 Mup - ok 09:54:30.0703 2736 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll 09:54:30.0718 2736 napagent - ok 09:54:30.0718 2736 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys 09:54:30.0734 2736 NDIS - ok 09:54:30.0765 2736 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys 09:54:30.0781 2736 NdisTapi - ok 09:54:30.0796 2736 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys 09:54:30.0812 2736 Ndisuio - ok 09:54:30.0828 2736 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys 09:54:30.0828 2736 NdisWan - ok 09:54:30.0859 2736 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys 09:54:30.0859 2736 NDProxy - ok 09:54:30.0859 2736 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys 09:54:30.0875 2736 NetBIOS - ok 09:54:30.0890 2736 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys 09:54:30.0906 2736 NetBT - ok 09:54:30.0921 2736 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe 09:54:30.0937 2736 NetDDE - ok 09:54:30.0937 2736 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe 09:54:30.0953 2736 NetDDEdsdm - ok 09:54:30.0968 2736 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe 09:54:30.0984 2736 Netlogon - ok 09:54:31.0000 2736 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll 09:54:31.0015 2736 Netman - ok 09:54:31.0046 2736 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 09:54:31.0062 2736 NetTcpPortSharing - ok 09:54:31.0109 2736 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll 09:54:31.0109 2736 Nla - ok 09:54:31.0125 2736 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys 09:54:31.0140 2736 Npfs - ok 09:54:31.0171 2736 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys 09:54:31.0187 2736 Ntfs - ok 09:54:31.0187 2736 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe 09:54:31.0187 2736 NtLmSsp - ok 09:54:31.0234 2736 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll 09:54:31.0265 2736 NtmsSvc - ok 09:54:31.0281 2736 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys 09:54:31.0281 2736 Null - ok 09:54:31.0296 2736 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 09:54:31.0296 2736 NwlnkFlt - ok 09:54:31.0312 2736 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 09:54:31.0312 2736 NwlnkFwd - ok 09:54:31.0359 2736 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE 09:54:31.0375 2736 ose - ok 09:54:31.0546 2736 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 09:54:31.0625 2736 osppsvc - ok 09:54:31.0656 2736 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys 09:54:31.0671 2736 Parport - ok 09:54:31.0687 2736 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys 09:54:31.0687 2736 PartMgr - ok 09:54:31.0734 2736 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys 09:54:31.0734 2736 ParVdm - ok 09:54:31.0750 2736 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys 09:54:31.0765 2736 PCI - ok 09:54:31.0765 2736 PCIDump - ok 09:54:31.0781 2736 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys 09:54:31.0796 2736 PCIIde - ok 09:54:31.0812 2736 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys 09:54:31.0843 2736 Pcmcia - ok 09:54:31.0843 2736 PDCOMP - ok 09:54:31.0843 2736 PDFRAME - ok 09:54:31.0859 2736 PDRELI - ok 09:54:31.0859 2736 PDRFRAME - ok 09:54:31.0859 2736 perc2 - ok 09:54:31.0875 2736 perc2hib - ok 09:54:31.0906 2736 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe 09:54:31.0906 2736 PlugPlay - ok 09:54:31.0906 2736 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe 09:54:31.0906 2736 PolicyAgent - ok 09:54:31.0953 2736 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys 09:54:31.0968 2736 PptpMiniport - ok 09:54:31.0968 2736 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe 09:54:31.0968 2736 ProtectedStorage - ok 09:54:31.0968 2736 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys 09:54:32.0000 2736 PSched - ok 09:54:32.0015 2736 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys 09:54:32.0015 2736 Ptilink - ok 09:54:32.0031 2736 [ FEFFCFDC528764A04C8ED63D5FA6E711 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys 09:54:32.0031 2736 PxHelp20 - ok 09:54:32.0031 2736 ql1080 - ok 09:54:32.0031 2736 Ql10wnt - ok 09:54:32.0046 2736 ql12160 - ok 09:54:32.0046 2736 ql1240 - ok 09:54:32.0046 2736 ql1280 - ok 09:54:32.0062 2736 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys 09:54:32.0062 2736 RasAcd - ok 09:54:32.0078 2736 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll 09:54:32.0093 2736 RasAuto - ok 09:54:32.0125 2736 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 09:54:32.0125 2736 Rasl2tp - ok 09:54:32.0156 2736 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll 09:54:32.0156 2736 RasMan - ok 09:54:32.0156 2736 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys 09:54:32.0171 2736 RasPppoe - ok 09:54:32.0203 2736 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys 09:54:32.0203 2736 Raspti - ok 09:54:32.0234 2736 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys 09:54:32.0234 2736 Rdbss - ok 09:54:32.0250 2736 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 09:54:32.0250 2736 RDPCDD - ok 09:54:32.0250 2736 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys 09:54:32.0265 2736 rdpdr - ok 09:54:32.0312 2736 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys 09:54:32.0328 2736 RDPWD - ok 09:54:32.0375 2736 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe 09:54:32.0406 2736 RDSessMgr - ok 09:54:32.0421 2736 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys 09:54:32.0421 2736 redbook - ok 09:54:32.0453 2736 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll 09:54:32.0468 2736 RemoteAccess - ok 09:54:32.0484 2736 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll 09:54:32.0500 2736 RemoteRegistry - ok 09:54:32.0640 2736 [ AD1411A7EA50F2F97A73A3F51153066E ] RoxMediaDB9 C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe 09:54:32.0671 2736 RoxMediaDB9 - ok 09:54:32.0687 2736 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe 09:54:32.0703 2736 RpcLocator - ok 09:54:32.0734 2736 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll 09:54:32.0750 2736 RpcSs - ok 09:54:32.0765 2736 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe 09:54:32.0781 2736 RSVP - ok 09:54:32.0781 2736 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe 09:54:32.0796 2736 SamSs - ok 09:54:32.0812 2736 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe 09:54:32.0812 2736 SCardSvr - ok 09:54:32.0859 2736 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll 09:54:32.0859 2736 Schedule - ok 09:54:32.0875 2736 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys 09:54:32.0906 2736 Secdrv - ok 09:54:32.0921 2736 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll 09:54:32.0921 2736 seclogon - ok 09:54:32.0937 2736 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll 09:54:32.0937 2736 SENS - ok 09:54:32.0953 2736 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys 09:54:32.0953 2736 serenum - ok 09:54:32.0968 2736 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys 09:54:32.0968 2736 Serial - ok 09:54:33.0000 2736 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys 09:54:33.0000 2736 Sfloppy - ok 09:54:33.0046 2736 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll 09:54:33.0046 2736 SharedAccess - ok 09:54:33.0062 2736 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll 09:54:33.0062 2736 ShellHWDetection - ok 09:54:33.0062 2736 Simbad - ok 09:54:33.0078 2736 Sparrow - ok 09:54:33.0125 2736 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys 09:54:33.0140 2736 splitter - ok 09:54:33.0156 2736 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe 09:54:33.0171 2736 Spooler - ok 09:54:33.0187 2736 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys 09:54:33.0187 2736 sr - ok 09:54:33.0203 2736 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll 09:54:33.0203 2736 srservice - ok 09:54:33.0218 2736 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys 09:54:33.0234 2736 Srv - ok 09:54:33.0265 2736 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll 09:54:33.0281 2736 SSDPSRV - ok 09:54:33.0328 2736 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll 09:54:33.0343 2736 stisvc - ok 09:54:33.0406 2736 [ B254B1434208F280EDF3785613DCC41B ] stllssvr C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe 09:54:33.0437 2736 stllssvr - ok 09:54:33.0484 2736 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys 09:54:33.0500 2736 swenum - ok 09:54:33.0500 2736 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys 09:54:33.0515 2736 swmidi - ok 09:54:33.0515 2736 SwPrv - ok 09:54:33.0515 2736 symc810 - ok 09:54:33.0531 2736 symc8xx - ok 09:54:33.0562 2736 [ AFDCF8008D0FFE23F42071C1540F35E7 ] SymEvent C:\Programme\Symantec\SYMEVENT.SYS 09:54:33.0578 2736 SymEvent - ok 09:54:33.0578 2736 sym_hi - ok 09:54:33.0593 2736 sym_u3 - ok 09:54:33.0593 2736 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys 09:54:33.0609 2736 sysaudio - ok 09:54:33.0625 2736 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe 09:54:33.0640 2736 SysmonLog - ok 09:54:33.0671 2736 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll 09:54:33.0671 2736 TapiSrv - ok 09:54:33.0718 2736 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys 09:54:33.0734 2736 Tcpip - ok 09:54:33.0765 2736 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys 09:54:33.0781 2736 TDPIPE - ok 09:54:33.0796 2736 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys 09:54:33.0812 2736 TDTCP - ok 09:54:33.0812 2736 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys 09:54:33.0812 2736 TermDD - ok 09:54:33.0828 2736 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll 09:54:33.0843 2736 TermService - ok 09:54:33.0843 2736 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll 09:54:33.0843 2736 Themes - ok 09:54:33.0875 2736 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe 09:54:33.0890 2736 TlntSvr - ok 09:54:33.0921 2736 [ AD698FAAD37F325A277C3108EC5172C9 ] TMUSB C:\WINDOWS\system32\DRIVERS\TMUSBXP.SYS 09:54:33.0937 2736 TMUSB - ok 09:54:33.0953 2736 TosIde - ok 09:54:33.0968 2736 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll 09:54:33.0968 2736 TrkWks - ok 09:54:34.0000 2736 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys 09:54:34.0000 2736 Udfs - ok 09:54:34.0015 2736 ultra - ok 09:54:34.0046 2736 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys 09:54:34.0062 2736 Update - ok 09:54:34.0093 2736 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll 09:54:34.0093 2736 upnphost - ok 09:54:34.0109 2736 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe 09:54:34.0140 2736 UPS - ok 09:54:34.0156 2736 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys 09:54:34.0171 2736 usbccgp - ok 09:54:34.0187 2736 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys 09:54:34.0203 2736 usbehci - ok 09:54:34.0234 2736 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys 09:54:34.0250 2736 usbhub - ok 09:54:34.0281 2736 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys 09:54:34.0312 2736 usbscan - ok 09:54:34.0328 2736 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 09:54:34.0359 2736 USBSTOR - ok 09:54:34.0390 2736 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys 09:54:34.0406 2736 usbuhci - ok 09:54:34.0421 2736 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys 09:54:34.0437 2736 VgaSave - ok 09:54:34.0437 2736 ViaIde - ok 09:54:34.0437 2736 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys 09:54:34.0453 2736 VolSnap - ok 09:54:34.0500 2736 [ E0743BBE28AD2C310698148C75333729 ] Vsdatant C:\WINDOWS\system32\vsdatant.sys 09:54:34.0515 2736 Vsdatant - ok 09:54:34.0578 2736 vsmon - ok 09:54:34.0609 2736 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe 09:54:34.0625 2736 VSS - ok 09:54:34.0656 2736 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll 09:54:34.0656 2736 W32Time - ok 09:54:34.0671 2736 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys 09:54:34.0671 2736 Wanarp - ok 09:54:34.0671 2736 WDICA - ok 09:54:34.0687 2736 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys 09:54:34.0703 2736 wdmaud - ok 09:54:34.0734 2736 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll 09:54:34.0750 2736 WebClient - ok 09:54:34.0812 2736 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll 09:54:34.0812 2736 winmgmt - ok 09:54:34.0875 2736 [ F10075C2EC96D2EB118012E78ECE2FC2 ] WinRM C:\WINDOWS\system32\WsmSvc.dll 09:54:34.0906 2736 WinRM - ok 09:54:34.0953 2736 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll 09:54:34.0968 2736 WmdmPmSN - ok 09:54:35.0015 2736 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll 09:54:35.0015 2736 Wmi - ok 09:54:35.0031 2736 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 09:54:35.0046 2736 WmiAcpi - ok 09:54:35.0062 2736 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe 09:54:35.0078 2736 WmiApSrv - ok 09:54:35.0140 2736 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe 09:54:35.0187 2736 WMPNetworkSvc - ok 09:54:35.0203 2736 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys 09:54:35.0203 2736 WpdUsb - ok 09:54:35.0328 2736 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 09:54:35.0343 2736 WPFFontCache_v0400 - ok 09:54:35.0390 2736 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll 09:54:35.0421 2736 wscsvc - ok 09:54:35.0453 2736 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll 09:54:35.0453 2736 wuauserv - ok 09:54:35.0484 2736 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys 09:54:35.0500 2736 WudfPf - ok 09:54:35.0515 2736 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys 09:54:35.0546 2736 WudfRd - ok 09:54:35.0562 2736 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll 09:54:35.0578 2736 WudfSvc - ok 09:54:35.0609 2736 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll 09:54:35.0625 2736 WZCSVC - ok 09:54:35.0640 2736 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll 09:54:35.0656 2736 xmlprov - ok 09:54:35.0671 2736 ================ Scan global =============================== 09:54:35.0703 2736 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll 09:54:35.0750 2736 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll 09:54:35.0750 2736 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll 09:54:35.0765 2736 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe 09:54:35.0765 2736 [Global] - ok 09:54:35.0765 2736 ================ Scan MBR ================================== 09:54:35.0781 2736 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0 09:54:35.0906 2736 \Device\Harddisk0\DR0 - ok 09:54:35.0921 2736 ================ Scan VBR ================================== 09:54:35.0937 2736 [ FC91864087FAD1021C6C55E3D1592287 ] \Device\Harddisk0\DR0\Partition1 09:54:35.0937 2736 \Device\Harddisk0\DR0\Partition1 - ok 09:54:35.0937 2736 [ B25F31FDA2636443CD1221B8EA17E01D ] \Device\Harddisk0\DR0\Partition2 09:54:35.0953 2736 \Device\Harddisk0\DR0\Partition2 - ok 09:54:35.0953 2736 ============================================================ 09:54:35.0953 2736 Scan finished 09:54:35.0953 2736 ============================================================ 09:54:35.0953 2176 Detected object count: 0 09:54:35.0953 2176 Actual detected object count: 0 Silke |
20.03.2013, 13:40 | #12 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Exploit Java CVE-2012-1723Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
20.03.2013, 15:07 | #13 |
| Exploit Java CVE-2012-1723 So, sorgfältiger gelesen und hier das hoffentlich richtige Logfile: Code:
ATTFilter 14:43:05.0078 3528 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 14:43:05.0234 3528 ============================================================ 14:43:05.0234 3528 Current date / time: 2013/03/20 14:43:05.0234 14:43:05.0234 3528 SystemInfo: 14:43:05.0234 3528 14:43:05.0234 3528 OS Version: 5.1.2600 ServicePack: 3.0 14:43:05.0234 3528 Product type: Workstation 14:43:05.0250 3528 ComputerName: XXXX 14:43:05.0250 3528 UserName: XXXX 14:43:05.0250 3528 Windows directory: C:\WINDOWS 14:43:05.0250 3528 System windows directory: C:\WINDOWS 14:43:05.0250 3528 Processor architecture: Intel x86 14:43:05.0250 3528 Number of processors: 2 14:43:05.0250 3528 Page size: 0x1000 14:43:05.0250 3528 Boot type: Normal boot 14:43:05.0250 3528 ============================================================ 14:43:05.0640 3528 Drive \Device\Harddisk0\DR0 - Size: 0x3A388F8E00 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 14:43:05.0640 3528 ============================================================ 14:43:05.0640 3528 \Device\Harddisk0\DR0: 14:43:05.0640 3528 MBR partitions: 14:43:05.0656 3528 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x1B9BE722 14:43:05.0656 3528 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B9C3800, BlocksNum 0x1800800 14:43:05.0656 3528 ============================================================ 14:43:05.0718 3528 D: <-> \Device\Harddisk0\DR0\Partition2 14:43:05.0781 3528 C: <-> \Device\Harddisk0\DR0\Partition1 14:43:05.0781 3528 ============================================================ 14:43:05.0781 3528 Initialize success 14:43:05.0781 3528 ============================================================ 14:43:16.0046 5936 ============================================================ 14:43:16.0046 5936 Scan started 14:43:16.0046 5936 Mode: Manual; SigCheck; TDLFS; 14:43:16.0046 5936 ============================================================ 14:43:16.0781 5936 ================ Scan system memory ======================== 14:43:16.0781 5936 System memory - ok 14:43:16.0781 5936 ================ Scan services ============================= 14:43:16.0875 5936 Abiosdsk - ok 14:43:16.0890 5936 abp480n5 - ok 14:43:16.0953 5936 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys 14:43:17.0718 5936 ACPI - ok 14:43:17.0750 5936 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys 14:43:17.0921 5936 ACPIEC - ok 14:43:17.0921 5936 adpu160m - ok 14:43:17.0953 5936 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys 14:43:18.0109 5936 aec - ok 14:43:18.0156 5936 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys 14:43:18.0218 5936 AFD - ok 14:43:18.0234 5936 Aha154x - ok 14:43:18.0234 5936 aic78u2 - ok 14:43:18.0234 5936 aic78xx - ok 14:43:18.0265 5936 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll 14:43:18.0406 5936 Alerter - ok 14:43:18.0421 5936 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe 14:43:18.0500 5936 ALG - ok 14:43:18.0500 5936 AliIde - ok 14:43:18.0515 5936 amsint - ok 14:43:18.0531 5936 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll 14:43:18.0640 5936 AppMgmt - ok 14:43:18.0640 5936 asc - ok 14:43:18.0656 5936 asc3350p - ok 14:43:18.0656 5936 asc3550 - ok 14:43:18.0718 5936 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 14:43:18.0765 5936 aspnet_state - ok 14:43:18.0781 5936 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys 14:43:18.0890 5936 AsyncMac - ok 14:43:18.0921 5936 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys 14:43:19.0062 5936 atapi - ok 14:43:19.0078 5936 Atdisk - ok 14:43:19.0078 5936 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys 14:43:19.0218 5936 Atmarpc - ok 14:43:19.0234 5936 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll 14:43:19.0359 5936 AudioSrv - ok 14:43:19.0390 5936 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys 14:43:19.0500 5936 audstub - ok 14:43:19.0625 5936 [ 9C2CE606E4E7E572799F33AEE5A59C3C ] awhost32 C:\Programme\Symantec\pcAnywhere\awhost32.exe 14:43:19.0640 5936 awhost32 ( UnsignedFile.Multi.Generic ) - warning 14:43:19.0640 5936 awhost32 - detected UnsignedFile.Multi.Generic (1) 14:43:19.0671 5936 [ F7E75C620A04963C9A53C3B47DA80405 ] awlegacy C:\WINDOWS\System32\Drivers\awlegacy.sys 14:43:19.0718 5936 awlegacy ( UnsignedFile.Multi.Generic ) - warning 14:43:19.0718 5936 awlegacy - detected UnsignedFile.Multi.Generic (1) 14:43:19.0734 5936 [ 7AB1047FCC742BD4ABF1016C031969CE ] AW_HOST C:\WINDOWS\system32\drivers\aw_host5.sys 14:43:19.0781 5936 AW_HOST ( UnsignedFile.Multi.Generic ) - warning 14:43:19.0781 5936 AW_HOST - detected UnsignedFile.Multi.Generic (1) 14:43:19.0796 5936 [ 5175E788BCD1CB7345AB21F3E14369D2 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys 14:43:19.0890 5936 b57w2k - ok 14:43:19.0906 5936 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys 14:43:20.0015 5936 Beep - ok 14:43:20.0078 5936 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll 14:43:20.0218 5936 BITS - ok 14:43:20.0250 5936 [ 9B53D428DE0A2566A03499D7AA48DEC4 ] Blfp C:\WINDOWS\system32\DRIVERS\baspxp32.sys 14:43:20.0328 5936 Blfp - ok 14:43:20.0359 5936 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll 14:43:20.0546 5936 Browser - ok 14:43:20.0546 5936 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys 14:43:20.0671 5936 cbidf2k - ok 14:43:20.0687 5936 cd20xrnt - ok 14:43:20.0687 5936 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys 14:43:20.0812 5936 Cdaudio - ok 14:43:20.0828 5936 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys 14:43:20.0953 5936 Cdfs - ok 14:43:20.0984 5936 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys 14:43:21.0078 5936 Cdrom - ok 14:43:21.0078 5936 Changer - ok 14:43:21.0093 5936 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe 14:43:21.0203 5936 CiSvc - ok 14:43:21.0218 5936 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe 14:43:21.0343 5936 ClipSrv - ok 14:43:21.0375 5936 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 14:43:21.0437 5936 clr_optimization_v2.0.50727_32 - ok 14:43:21.0500 5936 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 14:43:21.0546 5936 clr_optimization_v4.0.30319_32 - ok 14:43:21.0546 5936 CmdIde - ok 14:43:21.0546 5936 COMSysApp - ok 14:43:21.0562 5936 Cpqarray - ok 14:43:21.0625 5936 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll 14:43:21.0765 5936 CryptSvc - ok 14:43:21.0781 5936 dac2w2k - ok 14:43:21.0781 5936 dac960nt - ok 14:43:21.0812 5936 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll 14:43:21.0906 5936 DcomLaunch - ok 14:43:21.0921 5936 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll 14:43:22.0062 5936 Dhcp - ok 14:43:22.0093 5936 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys 14:43:22.0218 5936 Disk - ok 14:43:22.0234 5936 [ E328F653BB38DCA443B6B5C209550F16 ] DLABMFSM C:\WINDOWS\system32\DLA\DLABMFSM.SYS 14:43:22.0312 5936 DLABMFSM - ok 14:43:22.0312 5936 [ 5324FBE31307EDDD03DF5539225454C8 ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS 14:43:22.0328 5936 DLABOIOM - ok 14:43:22.0343 5936 [ 5230CDB7E715F3A3B4A882E254CDD35D ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS 14:43:22.0359 5936 DLACDBHM - ok 14:43:22.0375 5936 [ 5D71DB0C8C693324A20D6A6E230D3877 ] DLADResM C:\WINDOWS\system32\DLA\DLADResM.SYS 14:43:22.0406 5936 DLADResM - ok 14:43:22.0406 5936 [ B89653704319073F71311A676BAF70D4 ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS 14:43:22.0437 5936 DLAIFS_M - ok 14:43:22.0437 5936 [ E08F04C7F7E0C31C9AC928ABAC9D0193 ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS 14:43:22.0468 5936 DLAOPIOM - ok 14:43:22.0468 5936 [ DAA942572D1B3393040209BF5EADF4A8 ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS 14:43:22.0484 5936 DLAPoolM - ok 14:43:22.0500 5936 [ 77FE51F0F8D86804CB81F6EF6BFB86DD ] DLARTL_M C:\WINDOWS\system32\Drivers\DLARTL_M.SYS 14:43:22.0515 5936 DLARTL_M - ok 14:43:22.0515 5936 [ E1160A37A6F1A7607510744267501836 ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS 14:43:22.0546 5936 DLAUDFAM - ok 14:43:22.0546 5936 [ 26DAD89DC9DE1F7F4990849BC5731D03 ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS 14:43:22.0578 5936 DLAUDF_M - ok 14:43:22.0578 5936 dmadmin - ok 14:43:22.0656 5936 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys 14:43:22.0812 5936 dmboot - ok 14:43:22.0812 5936 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys 14:43:22.0937 5936 dmio - ok 14:43:22.0953 5936 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys 14:43:23.0062 5936 dmload - ok 14:43:23.0078 5936 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll 14:43:23.0203 5936 dmserver - ok 14:43:23.0234 5936 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys 14:43:23.0390 5936 DMusic - ok 14:43:23.0421 5936 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll 14:43:23.0515 5936 Dnscache - ok 14:43:23.0546 5936 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll 14:43:23.0703 5936 Dot3svc - ok 14:43:23.0703 5936 dpti2o - ok 14:43:23.0734 5936 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys 14:43:23.0859 5936 drmkaud - ok 14:43:23.0875 5936 [ C00440385CF9F3D142917C63F989E244 ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS 14:43:23.0890 5936 DRVMCDB - ok 14:43:23.0921 5936 [ FFC371525AA55D1BAE18715EBCB8797C ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS 14:43:23.0937 5936 DRVNDDM - ok 14:43:23.0953 5936 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll 14:43:24.0078 5936 EapHost - ok 14:43:24.0093 5936 [ A4FA9D9DC31F5237C1C023AC4A0484B9 ] EPSON TM Parallel Port Driver C:\WINDOWS\system32\drivers\tmlpt.sys 14:43:24.0125 5936 EPSON TM Parallel Port Driver - ok 14:43:24.0203 5936 [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSVC.exe 14:43:24.0218 5936 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning 14:43:24.0218 5936 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1) 14:43:24.0250 5936 [ 93FEEC00914B0F704DC9E0B97A81872F ] EpsonPuras C:\Programme\EPSON\EPuras\EPuras.exe 14:43:24.0265 5936 EpsonPuras ( UnsignedFile.Multi.Generic ) - warning 14:43:24.0265 5936 EpsonPuras - detected UnsignedFile.Multi.Generic (1) 14:43:24.0265 5936 [ 720C81213558420B5C291EA18BF0D74F ] EpsonPurasLog C:\Programme\EPSON\EPuras\EPurasLog.exe 14:43:24.0281 5936 EpsonPurasLog ( UnsignedFile.Multi.Generic ) - warning 14:43:24.0281 5936 EpsonPurasLog - detected UnsignedFile.Multi.Generic (1) 14:43:24.0328 5936 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll 14:43:24.0453 5936 ERSvc - ok 14:43:24.0468 5936 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe 14:43:24.0515 5936 Eventlog - ok 14:43:24.0546 5936 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll 14:43:24.0609 5936 EventSystem - ok 14:43:24.0625 5936 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys 14:43:24.0734 5936 Fastfat - ok 14:43:24.0765 5936 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll 14:43:24.0828 5936 FastUserSwitchingCompatibility - ok 14:43:24.0843 5936 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys 14:43:24.0968 5936 Fdc - ok 14:43:25.0015 5936 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys 14:43:25.0156 5936 Fips - ok 14:43:25.0156 5936 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys 14:43:25.0281 5936 Flpydisk - ok 14:43:25.0296 5936 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys 14:43:25.0406 5936 FltMgr - ok 14:43:25.0484 5936 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 14:43:25.0531 5936 FontCache3.0.0.0 - ok 14:43:25.0531 5936 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys 14:43:25.0640 5936 Fs_Rec - ok 14:43:25.0656 5936 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys 14:43:25.0765 5936 Ftdisk - ok 14:43:25.0781 5936 [ BA294768509FA03FCFE766962DEE3CAD ] Gernuwa C:\WINDOWS\system32\drivers\Gernuwa.sys 14:43:25.0796 5936 Gernuwa ( UnsignedFile.Multi.Generic ) - warning 14:43:25.0796 5936 Gernuwa - detected UnsignedFile.Multi.Generic (1) 14:43:25.0828 5936 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys 14:43:25.0968 5936 Gpc - ok 14:43:26.0015 5936 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 14:43:26.0140 5936 HDAudBus - ok 14:43:26.0218 5936 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 14:43:26.0328 5936 helpsvc - ok 14:43:26.0343 5936 HidServ - ok 14:43:26.0375 5936 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll 14:43:26.0500 5936 hkmsvc - ok 14:43:26.0500 5936 hpn - ok 14:43:26.0546 5936 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys 14:43:26.0640 5936 HTTP - ok 14:43:26.0671 5936 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll 14:43:26.0796 5936 HTTPFilter - ok 14:43:26.0812 5936 i2omgmt - ok 14:43:26.0812 5936 i2omp - ok 14:43:26.0828 5936 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys 14:43:26.0968 5936 i8042prt - ok 14:43:27.0265 5936 [ 66A685B05066683621920BC14A45CFE8 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 14:43:27.0453 5936 ialm - ok 14:43:27.0484 5936 [ 26541A068572F650A2FA490726FE81BE ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys 14:43:27.0515 5936 iaStor - ok 14:43:27.0593 5936 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 14:43:27.0625 5936 IAStorDataMgrSvc - ok 14:43:27.0687 5936 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Programme\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe 14:43:27.0718 5936 IDriverT ( UnsignedFile.Multi.Generic ) - warning 14:43:27.0718 5936 IDriverT - detected UnsignedFile.Multi.Generic (1) 14:43:27.0828 5936 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 14:43:27.0890 5936 idsvc - ok 14:43:27.0890 5936 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys 14:43:28.0015 5936 Imapi - ok 14:43:28.0046 5936 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe 14:43:28.0171 5936 ImapiService - ok 14:43:28.0171 5936 ini910u - ok 14:43:28.0328 5936 [ 70A42B2D9B5ABDC3D91CEEBA0618B22D ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys 14:43:28.0546 5936 IntcAzAudAddService - ok 14:43:28.0546 5936 IntelIde - ok 14:43:28.0578 5936 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys 14:43:28.0765 5936 intelppm - ok 14:43:28.0781 5936 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 14:43:28.0921 5936 Ip6Fw - ok 14:43:28.0937 5936 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 14:43:29.0078 5936 IpFilterDriver - ok 14:43:29.0078 5936 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys 14:43:29.0187 5936 IpInIp - ok 14:43:29.0203 5936 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys 14:43:29.0359 5936 IpNat - ok 14:43:29.0359 5936 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys 14:43:29.0484 5936 IPSec - ok 14:43:29.0484 5936 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys 14:43:29.0546 5936 IRENUM - ok 14:43:29.0609 5936 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys 14:43:29.0765 5936 isapnp - ok 14:43:29.0843 5936 [ 33112D12B95BD1DE18AF409D865DF10C ] ISWKL C:\Programme\CheckPoint\ZAForceField\ISWKL.sys 14:43:29.0875 5936 ISWKL - ok 14:43:29.0921 5936 [ CFF1CD2C1CC8F5271967AA268982E878 ] IswSvc C:\Programme\CheckPoint\ZAForceField\IswSvc.exe 14:43:29.0953 5936 IswSvc - ok 14:43:30.0031 5936 [ 999DB5F88C8E145CCA9D471E33227143 ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe 14:43:30.0046 5936 JavaQuickStarterService - ok 14:43:30.0078 5936 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys 14:43:30.0218 5936 Kbdclass - ok 14:43:30.0281 5936 [ 186B54479D98E48AEE0E9ADA4B3C4D31 ] KL1 C:\WINDOWS\system32\DRIVERS\kl1.sys 14:43:30.0328 5936 KL1 - ok 14:43:30.0343 5936 [ BF485BFBA13C0AB116701FD9C55324D0 ] kl2 C:\WINDOWS\system32\DRIVERS\kl2.sys 14:43:30.0375 5936 kl2 - ok 14:43:30.0406 5936 [ 1267FC6F43F2868127A01E9766BF51A7 ] KLIF C:\WINDOWS\system32\DRIVERS\klif.sys 14:43:30.0468 5936 KLIF - ok 14:43:30.0484 5936 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys 14:43:30.0609 5936 kmixer - ok 14:43:30.0625 5936 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys 14:43:30.0703 5936 KSecDD - ok 14:43:30.0734 5936 [ 2BBDCB79900990F0716DFCB714E72DE7 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll 14:43:30.0828 5936 LanmanServer - ok 14:43:30.0859 5936 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll 14:43:30.0937 5936 lanmanworkstation - ok 14:43:30.0937 5936 lbrtfdc - ok 14:43:30.0984 5936 [ E75ADCFAFDEF3F4C3AF3332928D59926 ] LightScribeService C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe 14:43:31.0015 5936 LightScribeService ( UnsignedFile.Multi.Generic ) - warning 14:43:31.0015 5936 LightScribeService - detected UnsignedFile.Multi.Generic (1) 14:43:31.0046 5936 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll 14:43:31.0218 5936 LmHosts - ok 14:43:31.0234 5936 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll 14:43:31.0359 5936 Messenger - ok 14:43:31.0375 5936 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys 14:43:31.0531 5936 mnmdd - ok 14:43:31.0546 5936 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe 14:43:31.0671 5936 mnmsrvc - ok 14:43:31.0687 5936 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys 14:43:31.0843 5936 Modem - ok 14:43:31.0843 5936 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys 14:43:31.0984 5936 Mouclass - ok 14:43:32.0000 5936 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys 14:43:32.0140 5936 MountMgr - ok 14:43:32.0140 5936 mraid35x - ok 14:43:32.0156 5936 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys 14:43:32.0281 5936 MRxDAV - ok 14:43:32.0328 5936 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 14:43:32.0390 5936 MRxSmb - ok 14:43:32.0421 5936 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe 14:43:32.0546 5936 MSDTC - ok 14:43:32.0546 5936 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys 14:43:32.0703 5936 Msfs - ok 14:43:32.0703 5936 MSIServer - ok 14:43:32.0734 5936 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys 14:43:32.0875 5936 MSKSSRV - ok 14:43:32.0890 5936 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys 14:43:33.0015 5936 MSPCLOCK - ok 14:43:33.0015 5936 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys 14:43:33.0156 5936 MSPQM - ok 14:43:33.0171 5936 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys 14:43:33.0281 5936 mssmbios - ok 14:43:33.0343 5936 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys 14:43:33.0406 5936 Mup - ok 14:43:33.0437 5936 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll 14:43:33.0578 5936 napagent - ok 14:43:33.0593 5936 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys 14:43:33.0750 5936 NDIS - ok 14:43:33.0796 5936 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys 14:43:33.0859 5936 NdisTapi - ok 14:43:33.0875 5936 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys 14:43:34.0015 5936 Ndisuio - ok 14:43:34.0031 5936 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys 14:43:34.0140 5936 NdisWan - ok 14:43:34.0156 5936 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys 14:43:34.0218 5936 NDProxy - ok 14:43:34.0218 5936 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys 14:43:34.0359 5936 NetBIOS - ok 14:43:34.0375 5936 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys 14:43:34.0484 5936 NetBT - ok 14:43:34.0500 5936 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe 14:43:34.0625 5936 NetDDE - ok 14:43:34.0640 5936 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe 14:43:34.0750 5936 NetDDEdsdm - ok 14:43:34.0781 5936 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe 14:43:34.0890 5936 Netlogon - ok 14:43:34.0921 5936 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll 14:43:35.0046 5936 Netman - ok 14:43:35.0093 5936 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 14:43:35.0109 5936 NetTcpPortSharing - ok 14:43:35.0171 5936 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll 14:43:35.0218 5936 Nla - ok 14:43:35.0234 5936 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys 14:43:35.0359 5936 Npfs - ok 14:43:35.0406 5936 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys 14:43:35.0562 5936 Ntfs - ok 14:43:35.0578 5936 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe 14:43:35.0703 5936 NtLmSsp - ok 14:43:35.0734 5936 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll 14:43:35.0890 5936 NtmsSvc - ok 14:43:35.0937 5936 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys 14:43:36.0062 5936 Null - ok 14:43:36.0078 5936 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 14:43:36.0218 5936 NwlnkFlt - ok 14:43:36.0218 5936 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 14:43:36.0343 5936 NwlnkFwd - ok 14:43:36.0390 5936 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE 14:43:36.0437 5936 ose - ok 14:43:36.0718 5936 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 14:43:36.0875 5936 osppsvc - ok 14:43:36.0906 5936 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys 14:43:37.0046 5936 Parport - ok 14:43:37.0046 5936 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys 14:43:37.0171 5936 PartMgr - ok 14:43:37.0203 5936 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys 14:43:37.0328 5936 ParVdm - ok 14:43:37.0359 5936 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys 14:43:37.0484 5936 PCI - ok 14:43:37.0484 5936 PCIDump - ok 14:43:37.0500 5936 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys 14:43:37.0625 5936 PCIIde - ok 14:43:37.0640 5936 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys 14:43:37.0781 5936 Pcmcia - ok 14:43:37.0781 5936 PDCOMP - ok 14:43:37.0796 5936 PDFRAME - ok 14:43:37.0796 5936 PDRELI - ok 14:43:37.0796 5936 PDRFRAME - ok 14:43:37.0812 5936 perc2 - ok 14:43:37.0812 5936 perc2hib - ok 14:43:37.0843 5936 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe 14:43:37.0875 5936 PlugPlay - ok 14:43:37.0875 5936 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe 14:43:37.0984 5936 PolicyAgent - ok 14:43:38.0015 5936 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys 14:43:38.0125 5936 PptpMiniport - ok 14:43:38.0140 5936 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe 14:43:38.0250 5936 ProtectedStorage - ok 14:43:38.0265 5936 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys 14:43:38.0375 5936 PSched - ok 14:43:38.0390 5936 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys 14:43:38.0500 5936 Ptilink - ok 14:43:38.0515 5936 [ FEFFCFDC528764A04C8ED63D5FA6E711 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys 14:43:38.0515 5936 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning 14:43:38.0515 5936 PxHelp20 - detected UnsignedFile.Multi.Generic (1) 14:43:38.0515 5936 ql1080 - ok 14:43:38.0531 5936 Ql10wnt - ok 14:43:38.0531 5936 ql12160 - ok 14:43:38.0546 5936 ql1240 - ok 14:43:38.0546 5936 ql1280 - ok 14:43:38.0546 5936 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys 14:43:38.0656 5936 RasAcd - ok 14:43:38.0687 5936 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll 14:43:38.0812 5936 RasAuto - ok 14:43:38.0843 5936 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 14:43:38.0953 5936 Rasl2tp - ok 14:43:38.0968 5936 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll 14:43:39.0093 5936 RasMan - ok 14:43:39.0093 5936 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys 14:43:39.0218 5936 RasPppoe - ok 14:43:39.0218 5936 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys 14:43:39.0343 5936 Raspti - ok 14:43:39.0375 5936 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys 14:43:39.0484 5936 Rdbss - ok 14:43:39.0500 5936 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 14:43:39.0625 5936 RDPCDD - ok 14:43:39.0640 5936 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys 14:43:39.0765 5936 rdpdr - ok 14:43:39.0796 5936 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys 14:43:39.0875 5936 RDPWD - ok 14:43:39.0953 5936 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe 14:43:40.0093 5936 RDSessMgr - ok 14:43:40.0109 5936 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys 14:43:40.0250 5936 redbook - ok 14:43:40.0250 5936 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll 14:43:40.0390 5936 RemoteAccess - ok 14:43:40.0406 5936 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll 14:43:40.0546 5936 RemoteRegistry - ok 14:43:40.0703 5936 [ AD1411A7EA50F2F97A73A3F51153066E ] RoxMediaDB9 C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe 14:43:40.0765 5936 RoxMediaDB9 - ok 14:43:40.0781 5936 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe 14:43:40.0906 5936 RpcLocator - ok 14:43:40.0937 5936 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll 14:43:40.0968 5936 RpcSs - ok 14:43:41.0000 5936 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe 14:43:41.0125 5936 RSVP - ok 14:43:41.0125 5936 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe 14:43:41.0234 5936 SamSs - ok 14:43:41.0265 5936 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe 14:43:41.0390 5936 SCardSvr - ok 14:43:41.0421 5936 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll 14:43:41.0546 5936 Schedule - ok 14:43:41.0578 5936 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys 14:43:41.0640 5936 Secdrv - ok 14:43:41.0656 5936 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll 14:43:41.0765 5936 seclogon - ok 14:43:41.0828 5936 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll 14:43:41.0937 5936 SENS - ok 14:43:41.0937 5936 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys 14:43:42.0078 5936 serenum - ok 14:43:42.0093 5936 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys 14:43:42.0218 5936 Serial - ok 14:43:42.0250 5936 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys 14:43:42.0375 5936 Sfloppy - ok 14:43:42.0390 5936 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll 14:43:42.0546 5936 SharedAccess - ok 14:43:42.0562 5936 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll 14:43:42.0593 5936 ShellHWDetection - ok 14:43:42.0593 5936 Simbad - ok 14:43:42.0609 5936 Sparrow - ok 14:43:42.0640 5936 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys 14:43:42.0796 5936 splitter - ok 14:43:42.0843 5936 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe 14:43:42.0906 5936 Spooler - ok 14:43:42.0968 5936 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys 14:43:43.0031 5936 sr - ok 14:43:43.0062 5936 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll 14:43:43.0140 5936 srservice - ok 14:43:43.0156 5936 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys 14:43:43.0218 5936 Srv - ok 14:43:43.0250 5936 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll 14:43:43.0328 5936 SSDPSRV - ok 14:43:43.0375 5936 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll 14:43:43.0484 5936 stisvc - ok 14:43:43.0562 5936 [ B254B1434208F280EDF3785613DCC41B ] stllssvr C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe 14:43:43.0609 5936 stllssvr ( UnsignedFile.Multi.Generic ) - warning 14:43:43.0609 5936 stllssvr - detected UnsignedFile.Multi.Generic (1) 14:43:43.0625 5936 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys 14:43:43.0765 5936 swenum - ok 14:43:43.0781 5936 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys 14:43:43.0921 5936 swmidi - ok 14:43:43.0921 5936 SwPrv - ok 14:43:43.0937 5936 symc810 - ok 14:43:43.0937 5936 symc8xx - ok 14:43:43.0968 5936 [ AFDCF8008D0FFE23F42071C1540F35E7 ] SymEvent C:\Programme\Symantec\SYMEVENT.SYS 14:43:43.0984 5936 SymEvent ( UnsignedFile.Multi.Generic ) - warning 14:43:43.0984 5936 SymEvent - detected UnsignedFile.Multi.Generic (1) 14:43:44.0000 5936 sym_hi - ok 14:43:44.0000 5936 sym_u3 - ok 14:43:44.0031 5936 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys 14:43:44.0156 5936 sysaudio - ok 14:43:44.0171 5936 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe 14:43:44.0296 5936 SysmonLog - ok 14:43:44.0343 5936 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll 14:43:44.0468 5936 TapiSrv - ok 14:43:44.0531 5936 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys 14:43:44.0562 5936 Tcpip - ok 14:43:44.0593 5936 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys 14:43:44.0718 5936 TDPIPE - ok 14:43:44.0734 5936 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys 14:43:44.0875 5936 TDTCP - ok 14:43:44.0906 5936 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys 14:43:45.0015 5936 TermDD - ok 14:43:45.0062 5936 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll 14:43:45.0187 5936 TermService - ok 14:43:45.0187 5936 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll 14:43:45.0218 5936 Themes - ok 14:43:45.0250 5936 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe 14:43:45.0328 5936 TlntSvr - ok 14:43:45.0359 5936 [ AD698FAAD37F325A277C3108EC5172C9 ] TMUSB C:\WINDOWS\system32\DRIVERS\TMUSBXP.SYS 14:43:45.0437 5936 TMUSB - ok 14:43:45.0453 5936 TosIde - ok 14:43:45.0468 5936 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll 14:43:45.0593 5936 TrkWks - ok 14:43:45.0609 5936 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys 14:43:45.0734 5936 Udfs - ok 14:43:45.0734 5936 ultra - ok 14:43:45.0796 5936 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys 14:43:45.0937 5936 Update - ok 14:43:45.0984 5936 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll 14:43:46.0062 5936 upnphost - ok 14:43:46.0093 5936 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe 14:43:46.0234 5936 UPS - ok 14:43:46.0265 5936 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys 14:43:46.0421 5936 usbccgp - ok 14:43:46.0437 5936 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys 14:43:46.0578 5936 usbehci - ok 14:43:46.0640 5936 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys 14:43:46.0765 5936 usbhub - ok 14:43:46.0796 5936 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys 14:43:46.0953 5936 usbscan - ok 14:43:46.0968 5936 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 14:43:47.0125 5936 USBSTOR - ok 14:43:47.0140 5936 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys 14:43:47.0281 5936 usbuhci - ok 14:43:47.0296 5936 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys 14:43:47.0421 5936 VgaSave - ok 14:43:47.0421 5936 ViaIde - ok 14:43:47.0437 5936 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys 14:43:47.0562 5936 VolSnap - ok 14:43:47.0671 5936 [ E0743BBE28AD2C310698148C75333729 ] Vsdatant C:\WINDOWS\system32\vsdatant.sys 14:43:47.0718 5936 Vsdatant - ok 14:43:47.0750 5936 vsmon - ok 14:43:47.0796 5936 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe 14:43:47.0890 5936 VSS - ok 14:43:47.0921 5936 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll 14:43:48.0031 5936 W32Time - ok 14:43:48.0046 5936 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys 14:43:48.0171 5936 Wanarp - ok 14:43:48.0171 5936 WDICA - ok 14:43:48.0187 5936 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys 14:43:48.0312 5936 wdmaud - ok 14:43:48.0343 5936 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll 14:43:48.0468 5936 WebClient - ok 14:43:48.0531 5936 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll 14:43:48.0656 5936 winmgmt - ok 14:43:48.0734 5936 [ F10075C2EC96D2EB118012E78ECE2FC2 ] WinRM C:\WINDOWS\system32\WsmSvc.dll 14:43:49.0000 5936 WinRM - ok 14:43:49.0031 5936 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll 14:43:49.0156 5936 WmdmPmSN - ok 14:43:49.0203 5936 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll 14:43:49.0296 5936 Wmi - ok 14:43:49.0328 5936 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 14:43:49.0437 5936 WmiAcpi - ok 14:43:49.0468 5936 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe 14:43:49.0578 5936 WmiApSrv - ok 14:43:49.0640 5936 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe 14:43:49.0703 5936 WMPNetworkSvc - ok 14:43:49.0703 5936 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys 14:43:49.0750 5936 WpdUsb - ok 14:43:49.0875 5936 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 14:43:49.0937 5936 WPFFontCache_v0400 - ok 14:43:49.0968 5936 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll 14:43:50.0109 5936 wscsvc - ok 14:43:50.0140 5936 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll 14:43:50.0265 5936 wuauserv - ok 14:43:50.0312 5936 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys 14:43:50.0390 5936 WudfPf - ok 14:43:50.0406 5936 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys 14:43:50.0453 5936 WudfRd - ok 14:43:50.0468 5936 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll 14:43:50.0546 5936 WudfSvc - ok 14:43:50.0593 5936 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll 14:43:50.0734 5936 WZCSVC - ok 14:43:50.0750 5936 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll 14:43:50.0875 5936 xmlprov - ok 14:43:50.0875 5936 ================ Scan global =============================== 14:43:50.0906 5936 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll 14:43:50.0953 5936 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll 14:43:50.0953 5936 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll 14:43:50.0984 5936 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe 14:43:50.0984 5936 [Global] - ok 14:43:50.0984 5936 ================ Scan MBR ================================== 14:43:51.0000 5936 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0 14:43:51.0234 5936 \Device\Harddisk0\DR0 - ok 14:43:51.0234 5936 ================ Scan VBR ================================== 14:43:51.0265 5936 [ FC91864087FAD1021C6C55E3D1592287 ] \Device\Harddisk0\DR0\Partition1 14:43:51.0265 5936 \Device\Harddisk0\DR0\Partition1 - ok 14:43:51.0265 5936 [ B25F31FDA2636443CD1221B8EA17E01D ] \Device\Harddisk0\DR0\Partition2 14:43:51.0265 5936 \Device\Harddisk0\DR0\Partition2 - ok 14:43:51.0265 5936 ============================================================ 14:43:51.0265 5936 Scan finished 14:43:51.0265 5936 ============================================================ 14:43:51.0375 5912 Detected object count: 12 14:43:51.0375 5912 Actual detected object count: 12 14:44:55.0234 5912 awhost32 ( UnsignedFile.Multi.Generic ) - skipped by user 14:44:55.0234 5912 awhost32 ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:44:55.0234 5912 awlegacy ( UnsignedFile.Multi.Generic ) - skipped by user 14:44:55.0234 5912 awlegacy ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:44:55.0234 5912 AW_HOST ( UnsignedFile.Multi.Generic ) - skipped by user 14:44:55.0234 5912 AW_HOST ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:44:55.0234 5912 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user 14:44:55.0234 5912 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:44:55.0234 5912 EpsonPuras ( UnsignedFile.Multi.Generic ) - skipped by user 14:44:55.0234 5912 EpsonPuras ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:44:55.0250 5912 EpsonPurasLog ( UnsignedFile.Multi.Generic ) - skipped by user 14:44:55.0250 5912 EpsonPurasLog ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:44:55.0250 5912 Gernuwa ( UnsignedFile.Multi.Generic ) - skipped by user 14:44:55.0250 5912 Gernuwa ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:44:55.0250 5912 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 14:44:55.0250 5912 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:44:55.0250 5912 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user 14:44:55.0250 5912 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:44:55.0250 5912 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user 14:44:55.0250 5912 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:44:55.0250 5912 stllssvr ( UnsignedFile.Multi.Generic ) - skipped by user 14:44:55.0250 5912 stllssvr ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:44:55.0250 5912 SymEvent ( UnsignedFile.Multi.Generic ) - skipped by user 14:44:55.0250 5912 SymEvent ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:45:52.0468 2028 Deinitialize success |
20.03.2013, 15:50 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Exploit Java CVE-2012-1723 Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Exploit Java CVE-2012-1723 |
anbei, dateien, empfehlung, exploit, folge, folgende, folgenden, frage, gefunde, hilfe!, java, konnte, log-files, löschen, melde, offline, programm, selbständig, troja, trojaner, virus, virus gefunden, windows, öffnen |