| |
| |||||||
Log-Analyse und Auswertung: Mit Avira tr-atraps.gen2 ; TR/necurs.a.71 ; TR/Sirefef.a.78Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
01.05.2013, 17:31
| #1 |
| |  Mit Avira tr-atraps.gen2 ; TR/necurs.a.71 ; TR/Sirefef.a.78 Hab keine Ahnung was machen; insofern bin ich in diesem Forum gelandet und auf der Seite: http://www.trojaner-board.de/69886-a...-beachten.html Ich freu mich auf weiterführende Hilfe, Danke im vorraus. Habe folgende LOG Files erstellt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 01.05.2013 17:25:38 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\....\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 66,58% Memory free 6,20 Gb Paging File | 5,04 Gb Available in Paging File | 81,35% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,09 Gb Total Space | 90,63 Gb Free Space | 62,90% Space Free | Partition Type: NTFS Drive D: | 144,00 Gb Total Space | 89,16 Gb Free Space | 61,92% Space Free | Partition Type: NTFS Computer Name: .... | User Name: ....| Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.01 17:13:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stephan\Desktop\OTL.exe PRC - [2013.04.02 11:46:38 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2013.04.02 11:46:18 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2013.04.02 11:46:15 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.04.02 11:46:15 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2013.01.28 14:19:30 | 001,926,944 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe PRC - [2013.01.28 14:19:26 | 001,724,192 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe PRC - [2010.12.03 20:18:12 | 008,133,120 | ---- | M] () -- c:\xampp\mysql\bin\mysqld.exe PRC - [2010.11.11 13:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe PRC - [2010.11.11 13:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe PRC - [2010.11.11 13:31:36 | 000,064,112 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware Player\hqtray.exe PRC - [2010.11.11 13:30:44 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware Player\vmware-authd.exe PRC - [2010.11.11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe PRC - [2010.10.18 02:32:10 | 000,020,549 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe PRC - [2010.10.18 02:32:10 | 000,020,549 | ---- | M] (Apache Software Foundation) -- c:\xampp\apache\bin\httpd.exe PRC - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE PRC - [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.10 23:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.10.08 02:19:12 | 000,565,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2008.10.06 11:07:26 | 000,679,936 | ---- | M] (SAMSUNG Electronics) -- C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2008.08.26 02:59:54 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe PRC - [2008.08.07 04:55:38 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe PRC - [2008.04.17 04:50:00 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.02.12 06:19:52 | 000,723,496 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe ========== Modules (No Company Name) ========== MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010.11.11 13:31:14 | 000,068,720 | ---- | M] () -- C:\Programme\VMware\VMware Player\zlib1.dll MOD - [2010.11.11 13:31:00 | 000,970,352 | ---- | M] () -- C:\Programme\VMware\VMware Player\libxml2.dll MOD - [2008.03.30 16:22:42 | 000,070,144 | ---- | M] () -- C:\Programme\PSPad editor\PSPadShell.dll MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Samsung Magic Doctor\HookDllPS2.dll MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\EasySpeedUpManager\HookDllPS2.dll MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll ========== Services (SafeList) ========== SRV - [2013.04.13 20:47:49 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.04.13 20:12:33 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.04.02 11:46:38 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.04.02 11:46:15 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.01.28 14:19:26 | 001,724,192 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.09.20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2010.12.03 20:18:12 | 008,133,120 | ---- | M] () [Auto | Running] -- c:\xampp\mysql\bin\mysqld.exe -- (mysql) SRV - [2010.11.11 13:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2010.11.11 13:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service) SRV - [2010.11.11 13:30:44 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService) SRV - [2010.11.11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService) SRV - [2010.10.18 02:32:10 | 000,020,549 | ---- | M] (Apache Software Foundation) [Auto | Running] -- c:\xampp\apache\bin\httpd.exe -- (Apache2.2) SRV - [2010.10.17 21:38:42 | 000,742,912 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- c:\xampp\FileZillaFTP\FileZillaServer.exe -- (FileZilla Server) SRV - [2010.08.19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Programme\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60) SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2008.07.10 13:42:14 | 000,819,200 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2008.07.10 13:12:40 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2008.05.13 01:47:20 | 000,077,480 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\VMC302.sys -- (VMC302) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2013.04.02 11:46:52 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2013.04.02 11:46:52 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2013.04.02 11:46:52 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2013.04.02 11:46:52 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2012.11.16 16:51:36 | 000,010,088 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2010.11.11 13:32:10 | 000,070,768 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci) DRV - [2010.11.11 13:32:08 | 000,854,128 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86) DRV - [2010.11.11 13:30:34 | 000,024,688 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd) DRV - [2010.11.11 13:29:26 | 000,026,352 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif) DRV - [2010.11.11 12:31:28 | 000,032,368 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon) DRV - [2010.11.11 10:04:52 | 000,036,400 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge) DRV - [2010.11.11 10:04:52 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV - [2010.08.19 13:56:38 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Programme\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60) DRV - [2009.12.17 16:02:20 | 001,203,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.09.03 18:05:34 | 000,238,464 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMC326.sys -- (VMC326) DRV - [2008.08.05 20:29:26 | 000,044,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008.07.26 21:24:00 | 007,548,000 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2007.05.23 10:13:10 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO) DRV - [2006.11.28 09:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.11.02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2001.12.14 15:08:22 | 000,014,096 | ---- | M] (Wordcraft International Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\WILPAR.SYS -- (WILPAR) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.13 20:47:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.04.03 17:36:10 | 000,000,000 | ---D | M] [2013.04.02 11:58:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\....\AppData\Roaming\mozilla\Extensions [2013.04.04 08:15:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\....\AppData\Roaming\mozilla\Firefox\Profiles\89flgnib.default\extensions [2013.04.04 08:15:47 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\....\AppData\Roaming\mozilla\firefox\profiles\89flgnib.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.04.13 20:47:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.04.13 20:47:49 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013.03.07 17:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.03.07 17:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.03.07 17:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.03.07 17:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.07 17:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.03.07 17:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - Extension: YouTube = C:\Users\Wohnzimmer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: YouTube = C:\Users\Wohnzimmer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\Wohnzimmer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google-Suche = C:\Users\Wohnzimmer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Google-Suche = C:\Users\Wohnzimmer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Google Mail = C:\Users\Wohnzimmer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: Google Mail = C:\Users\Wohnzimmer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [VMware hqtray] C:\Program Files\VMware\VMware Player\hqtray.exe (VMware, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\RunOnce: [Unimessage Pro] C:\Program Files\Unimessage Pro\Unimsg.exe (Wordcraft International Ltd) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 10.17.2) O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37FBAEDD-AAAA-4F86-8391-1917F8367B32}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A6DDB10-BD00-4C70-8553-1B807EEADD85}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Sec\Wallpapers\wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Windows\Sec\Wallpapers\wallpaper.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.04.13 20:47:42 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.04.12 20:40:27 | 000,000,000 | ---D | C] -- C:\Users\Wohnzimmer\AppData\Roaming\vlc [2013.04.12 20:40:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.04.12 20:39:50 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2013.04.12 15:45:23 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink [2013.04.10 08:02:25 | 000,000,000 | ---D | C] -- C:\Scanner [2013.04.10 08:02:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\S700 Scancopier [2013.04.10 08:01:40 | 000,000,000 | ---D | C] -- C:\Users\Wohnzimmer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\S700 Scancopier Printer Profile Utility [2013.04.10 08:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\S700 Scancopier Printer Profile Utility [2013.04.10 08:01:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unimessage Pro [2013.04.10 08:00:37 | 000,014,096 | ---- | C] (Wordcraft International Ltd.) -- C:\Windows\System32\drivers\WILPAR.SYS [2013.04.10 08:00:19 | 000,110,592 | ---- | C] (Wordcraft International Limited) -- C:\Windows\System32\wilspool.dll [2013.04.10 08:00:19 | 000,045,056 | ---- | C] (Wordcraft International Limited) -- C:\Windows\System32\Faxfil32.dll [2013.04.10 08:00:02 | 000,282,624 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\System32\Imgman32.dll [2013.04.10 08:00:02 | 000,035,328 | ---- | C] (Data Techniques, Inc.) -- C:\Windows\System32\Im31bmp.dil [2013.04.10 08:00:01 | 000,000,000 | ---D | C] -- C:\Program Files\Unimessage Pro [2013.04.09 19:09:52 | 000,000,000 | ---D | C] -- C:\Users\Wohnzimmer\AppData\Roaming\PSpad [2013.04.09 19:08:52 | 000,000,000 | ---D | C] -- C:\Users\Wohnzimmer\AppData\Local\Macromedia [2013.04.09 19:08:26 | 000,000,000 | ---D | C] -- C:\Users\Wohnzimmer\AppData\Local\VMware [2013.04.09 19:08:21 | 000,000,000 | ---D | C] -- C:\Users\Wohnzimmer\AppData\Roaming\VMware [2013.04.09 19:06:07 | 000,000,000 | ---D | C] -- C:\Users\Wohnzimmer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apache Friends [2013.04.09 19:02:49 | 000,000,000 | ---D | C] -- C:\xampp [2013.04.09 18:49:50 | 000,334,448 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe [2013.04.09 18:49:46 | 000,404,080 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe [2013.04.09 18:49:46 | 000,026,352 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\vmnetuserif.sys [2013.04.09 18:48:57 | 000,760,432 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vnetlib.dll [2013.04.09 18:48:27 | 000,024,688 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\VMkbd.sys [2013.04.09 18:47:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware [2013.04.09 18:47:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware [2013.04.09 18:47:23 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware [2013.04.09 18:47:23 | 000,000,000 | ---D | C] -- C:\Program Files\VMware [2013.04.09 18:44:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPad editor [2013.04.09 18:44:53 | 000,000,000 | ---D | C] -- C:\Program Files\PSPad editor [2013.04.04 07:48:39 | 000,032,032 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2013.04.04 07:48:39 | 000,021,792 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2013.04.04 07:48:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013 [2013.04.04 07:48:22 | 000,000,000 | ---D | C] -- C:\Users\Wohnzimmer\AppData\Roaming\TuneUp Software [2013.04.04 07:48:09 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2013 [2013.04.04 07:47:52 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2013.04.04 07:47:38 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2013.04.04 07:47:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2013.04.04 07:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2013.04.04 07:44:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013.04.03 19:12:54 | 000,000,000 | ---D | C] -- C:\Users\Wohnzimmer\Documents\Play Camera Media [2013.04.03 17:36:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2013.04.03 17:04:48 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices [2013.04.02 18:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint [2013.04.02 18:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2013.04.02 18:35:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services [2013.04.02 18:35:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2013.04.02 18:35:06 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2013.04.02 18:35:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework [2013.04.02 18:35:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition [2013.04.02 18:32:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8 [2013.04.02 18:31:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services [2013.04.02 18:30:47 | 000,000,000 | ---D | C] -- C:\Users\Wohnzimmer\AppData\Local\Microsoft Help [2013.04.02 18:30:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2013.04.02 18:30:25 | 000,000,000 | RH-D | C] -- C:\MSOCache [2013.04.02 17:32:00 | 000,000,000 | ---D | C] -- C:\Users\Wohnzimmer\AppData\Roaming\DataDesign [2013.04.02 17:25:09 | 000,000,000 | ---D | C] -- C:\Users\Wohnzimmer\AppData\Roaming\Lexware [2013.04.02 17:23:38 | 000,000,000 | ---D | C] -- C:\ProgramData\World Money [2013.04.02 17:23:38 | 000,000,000 | ---D | C] -- C:\Program Files\Wertpapieranalyse 2012 [2013.04.02 17:23:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DataDesign [2013.04.02 17:22:41 | 000,000,000 | ---D | C] -- C:\Users\Wohnzimmer\Documents\Lexware [2013.04.02 17:22:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware [2013.04.02 17:21:56 | 000,000,000 | ---D | C] -- C:\Program Files\Lexware [2013.04.02 17:21:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Lexware [2013.04.02 17:18:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.04.02 17:17:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.04.02 17:16:52 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.04.02 16:58:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES [2013.04.02 16:58:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES [2013.04.02 16:58:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN [2013.04.02 16:56:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview [2013.04.02 16:40:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders [2013.04.02 15:48:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2013.04.02 15:31:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Lexware [2013.04.02 15:31:29 | 000,000,000 | ---D | C] -- C:\Users\Wohnzimmer\AppData\Local\Lexware [2013.04.02 15:26:38 | 000,000,000 | ---D | C] -- C:\Users\Wohnzimmer\AppData\Local\Mozilla [2013.04.02 15:12:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell [2013.04.02 12:32:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013.04.02 12:31:51 | 000,000,000 | ---D | C] -- C:\Users\Wohnzimmer\AppData\Local\Google [2013.04.02 12:31:44 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2013.04.02 12:30:53 | 000,000,000 | ---D | C] -- C:\Users\Wohnzimmer\AppData\Local\Zattoo [2013.04.02 12:30:08 | 000,000,000 | ---D | C] -- C:\Users\Wohnzimmer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zattoo4 [2013.04.02 12:30:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zattoo4 [2013.04.02 12:30:07 | 000,000,000 | ---D | C] -- C:\Program Files\Zattoo4 [2013.04.02 11:58:31 | 000,000,000 | ---D | C] -- C:\Users\Wohnzimmer\AppData\Roaming\Mozilla [2013.04.02 11:58:30 | 000,000,000 | ---D | C] -- C:\Users\Wohnzimmer\AppData\Roaming\Thunderbird [2013.04.02 11:58:30 | 000,000,000 | ---D | C] -- C:\Users\Wohnzimmer\AppData\Local\Thunderbird [2013.04.02 11:58:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2013.04.02 11:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2013.04.02 11:55:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2013.04.02 11:55:41 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2013.04.02 11:53:41 | 000,000,000 | ---D | C] -- C:\Users\Wohnzimmer\AppData\Roaming\Macromedia [2013.04.02 11:53:33 | 000,000,000 | ---D | C] -- C:\Users\Wohnzimmer\AppData\Roaming\Avira [2013.04.02 11:53:21 | 000,000,000 | ---D | C] -- C:\Users\Wohnzimmer\AppData\Roaming\Adobe [2013.04.02 11:48:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.04.02 11:47:53 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2013.04.02 11:47:51 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2013.04.02 11:47:51 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2013.04.02 11:47:51 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2013.04.02 11:47:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.04.02 11:47:50 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2013.04.02 11:26:55 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2013.04.02 11:26:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013.04.02 10:59:25 | 000,000,000 | ---D | C] -- C:\Samsung [2013.04.02 10:58:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\NetsyncAgent [2013.04.02 10:47:30 | 000,000,000 | ---D | C] -- C:\Users\Wohnzimmer\AppData\Roaming\Intel [2013.04.02 10:08:23 | 000,000,000 | ---D | C] -- C:\Users\Wohnzimmer\AppData\Local\Adobe [2013.04.02 10:00:20 | 000,000,000 | ---D | C] -- C:\Users\Wohnzimmer\AppData\Local\Seven Zip ========== Files - Modified Within 30 Days ========== [2013.05.01 17:15:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.01 17:13:23 | 000,169,629 | ---- | M] () -- C:\ProgramData\nvModes.001 [2013.05.01 17:11:42 | 000,000,000 | ---- | M] () -- C:\Users\Wohnzimmer\defogger_reenable [2013.05.01 16:01:42 | 000,631,426 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.01 16:01:42 | 000,598,680 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.01 16:01:42 | 000,127,664 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.01 16:01:42 | 000,105,280 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.01 15:55:29 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.01 15:55:29 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.01 15:55:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.01 15:55:16 | 3215,572,992 | -HS- | M] () -- C:\hiberfil.sys [2013.05.01 15:54:35 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.05.01 15:26:40 | 000,169,629 | ---- | M] () -- C:\ProgramData\nvModes.dat [2013.04.12 20:40:16 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.04.12 15:41:33 | 000,385,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.04.10 13:41:07 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2013.04.09 19:06:07 | 000,000,558 | ---- | M] () -- C:\Users\Wohnzimmer\Desktop\XAMPP Control Panel.lnk [2013.04.09 18:47:52 | 000,001,024 | ---- | M] () -- C:\.rnd [2013.04.09 18:47:47 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\VMware Player.lnk [2013.04.09 18:44:55 | 000,000,753 | ---- | M] () -- C:\Users\Wohnzimmer\Desktop\PSPad.lnk [2013.04.09 16:05:39 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.09 16:05:39 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.04 07:48:36 | 000,001,869 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2013.04.04 07:48:36 | 000,001,865 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk [2013.04.03 17:02:54 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2013.04.03 09:57:03 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat [2013.04.03 09:57:03 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat [2013.04.03 09:56:52 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2013.04.02 17:28:07 | 000,002,747 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Jubiläumsversion Zahlungserinnerung.lnk [2013.04.02 17:28:07 | 000,002,731 | ---- | M] () -- C:\Users\Public\Desktop\Quicken Jubiläumsversion.lnk [2013.04.02 17:24:03 | 000,000,909 | ---- | M] () -- C:\Users\Public\Desktop\Wertpapieranalyse 2012.lnk [2013.04.02 15:26:34 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.04.02 15:19:01 | 000,001,589 | ---- | M] () -- C:\Users\Public\Desktop\Browserwahl.lnk [2013.04.02 13:10:09 | 000,021,504 | ---- | M] () -- C:\Users\Wohnzimmer\AppData\Local\WebpageIcons.db [2013.04.02 12:42:13 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.04.02 12:30:08 | 000,001,653 | ---- | M] () -- C:\Users\Wohnzimmer\Desktop\Zattoo.lnk [2013.04.02 11:55:59 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2013.04.02 11:48:05 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.04.02 11:46:52 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2013.04.02 11:46:52 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2013.04.02 11:46:52 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2013.04.02 11:46:52 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2013.04.02 11:26:56 | 000,001,790 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2013.04.02 11:18:38 | 000,000,275 | ---- | M] () -- C:\WirelessDiagLog.csv [2013.04.02 11:04:58 | 000,004,222 | ---- | M] () -- C:\Windows\HotFixList.ini [2013.04.02 10:59:03 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\Play AVStation.lnk ========== Files Created - No Company Name ========== [2013.05.01 17:11:42 | 000,000,000 | ---- | C] () -- C:\Users\Wohnzimmer\defogger_reenable [2013.04.13 20:12:33 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.12 20:40:16 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.04.10 13:41:07 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2013.04.10 08:00:19 | 000,163,840 | ---- | C] () -- C:\Windows\System32\Wilpar32.dll [2013.04.10 08:00:19 | 000,139,264 | ---- | C] () -- C:\Windows\System32\Wilcom32.dll [2013.04.10 08:00:19 | 000,020,603 | ---- | C] () -- C:\Windows\System32\wilpar.vxd [2013.04.10 08:00:19 | 000,011,776 | ---- | C] () -- C:\Windows\System32\Faxfrm32.dll [2013.04.09 19:06:07 | 000,000,558 | ---- | C] () -- C:\Users\Wohnzimmer\Desktop\XAMPP Control Panel.lnk [2013.04.09 18:47:52 | 000,001,024 | ---- | C] () -- C:\.rnd [2013.04.09 18:47:47 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\VMware Player.lnk [2013.04.09 18:44:55 | 000,000,753 | ---- | C] () -- C:\Users\Wohnzimmer\Desktop\PSPad.lnk [2013.04.04 07:48:36 | 000,001,869 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2013.04.04 07:48:36 | 000,001,865 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk [2013.04.04 07:48:35 | 000,001,877 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk [2013.04.03 17:02:54 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2013.04.03 09:56:52 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2013.04.03 09:43:48 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013.04.03 09:43:48 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013.04.02 17:24:03 | 000,000,909 | ---- | C] () -- C:\Users\Public\Desktop\Wertpapieranalyse 2012.lnk [2013.04.02 17:22:34 | 000,002,747 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Jubiläumsversion Zahlungserinnerung.lnk [2013.04.02 17:22:34 | 000,002,731 | ---- | C] () -- C:\Users\Public\Desktop\Quicken Jubiläumsversion.lnk [2013.04.02 16:42:37 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf [2013.04.02 16:42:36 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml [2013.04.02 16:42:29 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf [2013.04.02 16:42:27 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2013.04.02 16:42:25 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf [2013.04.02 16:41:45 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF [2013.04.02 16:41:31 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2013.04.02 16:41:29 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs [2013.04.02 16:41:28 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man [2013.04.02 16:41:27 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd [2013.04.02 15:26:34 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.04.02 15:26:34 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.04.02 15:19:01 | 000,001,589 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk [2013.04.02 13:15:27 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs [2013.04.02 13:15:27 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml [2013.04.02 13:15:27 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl [2013.04.02 12:32:15 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.04.02 12:31:54 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.02 12:31:54 | 000,001,102 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.02 12:30:53 | 000,021,504 | ---- | C] () -- C:\Users\Wohnzimmer\AppData\Local\WebpageIcons.db [2013.04.02 12:30:08 | 000,001,653 | ---- | C] () -- C:\Users\Wohnzimmer\Desktop\Zattoo.lnk [2013.04.02 12:05:38 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf [2013.04.02 11:55:59 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2013.04.02 11:55:59 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2013.04.02 11:48:05 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.04.02 11:26:56 | 000,001,802 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk [2013.04.02 11:26:56 | 000,001,790 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2013.04.02 10:59:03 | 000,000,877 | ---- | C] () -- C:\Users\Public\Desktop\Play AVStation.lnk [2013.04.02 10:47:10 | 000,000,275 | ---- | C] () -- C:\WirelessDiagLog.csv [2012.03.29 10:52:10 | 000,138,608 | ---- | C] () -- C:\Windows\System32\LxDNTvmc100.dll [2012.03.29 10:52:10 | 000,074,608 | ---- | C] () -- C:\Windows\System32\LxDNTvm100.dll [2012.03.29 10:52:08 | 000,309,616 | ---- | C] () -- C:\Windows\System32\LxDNT100.dll [2008.10.18 23:11:19 | 000,169,629 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008.10.18 23:11:18 | 000,169,629 | ---- | C] () -- C:\ProgramData\nvModes.dat ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.04.02 17:32:00 | 000,000,000 | ---D | M] -- C:\Users\Wohnzimmer\AppData\Roaming\DataDesign [2013.04.02 17:30:12 | 000,000,000 | ---D | M] -- C:\Users\Wohnzimmer\AppData\Roaming\Lexware [2013.04.02 11:58:30 | 000,000,000 | ---D | M] -- C:\Users\Wohnzimmer\AppData\Roaming\Thunderbird [2013.04.04 07:48:22 | 000,000,000 | ---D | M] -- C:\Users\Wohnzimmer\AppData\Roaming\TuneUp Software ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 01.05.2013 17:25:38 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\....\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 66,58% Memory free
6,20 Gb Paging File | 5,04 Gb Available in Paging File | 81,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 90,63 Gb Free Space | 62,90% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 89,16 Gb Free Space | 61,92% Space Free | Partition Type: NTFS
Computer Name: WOHNZIMMER-PC | User Name: ....| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0374A92C-EE16-4873-B525-BFCACE626464}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1B2497C2-9244-4CE8-A7C7-51FE7E92B2A5}" = rport=139 | protocol=6 | dir=out | app=system |
"{1D09FACC-B8FD-4E2F-A0C9-6B048A3C039A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2E04865B-ABDC-4A48-8C91-CE2F50365674}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3F635912-6C2D-41DB-8081-6611E94BB5A7}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4109CAD8-0919-447D-8C13-B506311AC191}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{467BDFAB-8767-4EDC-BD85-606E18F1C731}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4A2B3146-08CE-40B8-BDF4-85836A8148BB}" = rport=445 | protocol=6 | dir=out | app=system |
"{50C73B9D-C87F-49A7-8C66-51513B24B85A}" = rport=138 | protocol=17 | dir=out | app=system |
"{578C2189-399C-40DF-8EFE-55166E4C56FE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5E182C44-84CC-4D3C-BF28-EE7C73C7B247}" = lport=139 | protocol=6 | dir=in | app=system |
"{614F7B75-406A-479A-8918-BFA6602EA20D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{663AC32B-516A-418A-B91D-030082CDB9ED}" = rport=137 | protocol=17 | dir=out | app=system |
"{68121BFD-7B52-43F1-B027-08CB466590EA}" = lport=138 | protocol=17 | dir=in | app=system |
"{69463DEB-709A-48A3-BE3C-00A7896CDE3F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7602E6F3-3FA1-4A49-95F0-B7356C6FE12A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{77F9C8D6-8731-4178-9F50-1D16ABF5BAA1}" = lport=445 | protocol=6 | dir=in | app=system |
"{7AE15844-CE63-469F-AB82-0575ECCE4772}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{861CAC83-3EB4-4CE0-8794-A882110ED7A8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{970F7A3B-F698-4291-B932-A5D3392C8D98}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{98C7E677-8BFE-43EC-81FD-73731D3969AE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9D67487D-8ED0-4CC0-B274-772157D05085}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9E8450E1-CA94-4D09-A187-C1C6195202D7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BCF024A6-372B-4782-8B92-3ECAC87DDE4F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{EAE7423D-6208-41D2-80F6-B0F4923E710A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EBE5178B-48D1-4D9C-870D-6DB71091E034}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F09ACBD6-A8A7-4FE8-881F-F24D647B4812}" = lport=137 | protocol=17 | dir=in | app=system |
"{F760D1E4-0B50-4E51-B7A6-EB686E3976EF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E0DD28B-FDB8-46BE-B90B-F60A50C74053}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1751DB3B-5923-4C99-AFAF-139C21648D46}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{19EAF123-2454-4DD4-8CB1-C1B1BF81C043}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{1EB5AD34-BAFD-4DD6-AA16-9D8CF653E5A9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{2CD122CC-E8BA-425E-A137-47B465048FBC}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware player\vmware-authd.exe |
"{3034CDC9-2A0A-4934-A823-4E74DC5A2523}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{365C27ED-3CFA-4D9C-9B54-4FDF9C4FD258}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{39C3A882-2EDD-4D76-9299-C7CAA9486F02}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3A6FDD4F-E6E0-410F-AA3A-3231A1DDE3F2}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware player\vmware-authd.exe |
"{3E740CEA-7484-441D-A42B-E8D40E8BF3DA}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{68327C3E-DEC4-49F8-BA57-9A96DA3D7FB4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6A534BC1-D6DF-477B-B5C1-4223605181E9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6BE82CBD-E4F8-452F-83BD-C9622FD7498E}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware player\vmware-authd.exe |
"{72F62834-75D5-422B-9B00-F92396C45C01}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7B942282-C231-4B4E-B8FC-FF173651B04E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{90E2AEB1-9477-4A11-83F0-AD4AD5008730}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9868112B-2EF0-4B8C-AEA0-26F9A1B54DD9}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware player\vmware-authd.exe |
"{AA1B79D4-7DC4-4729-9B14-A283BB1AA4FF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B3A87F71-8097-437C-ACD5-42FAA652FA6A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B48A66D2-FC0B-4F1B-A130-227C8B9BD017}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BA7A9EDA-9D0E-4FFC-A9E8-2FE4DA8AFBA5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BC1E9FE5-F49A-4B36-B0E1-F726E1C5738A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C2E02C0D-C08A-472C-9110-061D1DEB3B68}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D9F2E484-91D1-4005-A9A1-04B0E15BF322}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DA7DD00D-18C6-4240-807B-D844DB8BA9C1}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{DBE77CFE-B8F0-4123-BDBD-F4D4632ACCA1}" = protocol=6 | dir=out | app=system |
"{DD62F3CB-AD0A-410D-8CA2-55EADD92505D}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware player\vmware-authd.exe |
"{E4F20798-F5F2-4F40-BE36-A305F1FC45DD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EF505EFA-E74D-4B27-992A-C63BD9F6AB5E}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware player\vmware-authd.exe |
"TCP Query User{5CC443C5-EB66-43CA-9BD0-D4D7FC037870}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{A9115ABE-61B0-41EF-A695-2DBECC8D9A48}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{84D56725-DB0A-4654-971C-19D2F451DD08}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{A41C1641-A7A4-469A-88E1-F0F0337F8ACA}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{220DC8D0-3CC8-41A4-8C58-15A1D9FA0362}" = DDBAC
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2C41394E-E15B-47DC-B33C-54D33EA85B68}" = Lexware online banking
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera
"{71A51B59-E7D3-11DB-A386-005056C00008}" = Namuga 1.3M Webcam
"{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"{7FE9F5F5-8C9B-49F2-989C-BD885BD79B8D}" = Quicken Import Export Server Jubiläumsversion
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{990D6165-CA26-483A-9C0B-CDA087F15D37}" = S700 Scancopier
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{A7166A02-9745-4F19-BB16-A0CC1F3ABDB1}" = Wertpapieranalyse 2012
"{A907A713-DA24-4352-8786-96C7A6944646}" = Quicken Jubiläumsversion
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AED53CDF-1046-4C6B-B5E2-C195125ECDA0}" = Intel(R) PROSet/Wireless WiFi-Software
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira Free Antivirus
"Google Chrome" = Google Chrome
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"ProInst" = Intel PROSet Wireless
"PSPad editor_is1" = PSPad editor
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"Unimessage Pro" = Unimessage Pro
"VLC media player" = VLC media player 2.0.6
"VMware_Player" = VMware Player
"xampp" = XAMPP 1.7.4
"Zattoo4" = Zattoo4 4.0.5
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 04.04.2013 01:49:27 | Computer Name = Wohnzimmer-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 04.04.2013 01:49:27 | Computer Name = Wohnzimmer-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 04.04.2013 01:49:32 | Computer Name = Wohnzimmer-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 04.04.2013 01:49:32 | Computer Name = Wohnzimmer-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 04.04.2013 01:49:38 | Computer Name = Wohnzimmer-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 04.04.2013 01:49:38 | Computer Name = Wohnzimmer-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 04.04.2013 01:49:43 | Computer Name = Wohnzimmer-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 04.04.2013 01:49:43 | Computer Name = Wohnzimmer-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 04.04.2013 03:27:46 | Computer Name = Wohnzimmer-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16470 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 14e4 Anfangszeit: 01ce30ff802f91d4 Zeitpunkt
der Beendigung: 4
Error - 04.04.2013 04:44:55 | Computer Name = Wohnzimmer-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 03.04.2013 03:10:40 | Computer Name = Wohnzimmer-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
Error - 03.04.2013 03:10:40 | Computer Name = Wohnzimmer-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 03.04.2013 03:10:40 | Computer Name = Wohnzimmer-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
Error - 03.04.2013 03:10:40 | Computer Name = Wohnzimmer-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 03.04.2013 03:10:40 | Computer Name = Wohnzimmer-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 03.04.2013 03:10:40 | Computer Name = Wohnzimmer-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
Error - 03.04.2013 03:10:40 | Computer Name = Wohnzimmer-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 03.04.2013 03:10:40 | Computer Name = Wohnzimmer-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
Error - 03.04.2013 03:10:40 | Computer Name = Wohnzimmer-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 03.04.2013 03:10:40 | Computer Name = Wohnzimmer-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
< End of report >
GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-01 18:09:52
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\WOHNZI~1\AppData\Local\Temp\kxrcauoc.sys
---- System - GMER 2.1 ----
SSDT 8CD30EEE ZwCreateSection
SSDT 8CD30EF8 ZwRequestWaitReplyPort
SSDT 8CD30EF3 ZwSetContextThread
SSDT 8CD30EFD ZwSetSecurityObject
SSDT 8CD30F02 ZwSystemDebugControl
SSDT 8CD30E8F ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntoskrnl.exe!KeInsertQueue + 405 82081A3C 4 Bytes [EE, 0E, D3, 8C]
.text ntoskrnl.exe!KeInsertQueue + 729 82081D60 4 Bytes [F8, 0E, D3, 8C]
.text ntoskrnl.exe!KeInsertQueue + 75D 82081D94 4 Bytes [F3, 0E, D3, 8C]
.text ntoskrnl.exe!KeInsertQueue + 7C1 82081DF8 4 Bytes [FD, 0E, D3, 8C]
.text ntoskrnl.exe!KeInsertQueue + 809 82081E40 4 Bytes [02, 0F, D3, 8C]
.text ...
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8E805340, 0x3EE687, 0xE8000020]
---- User code sections - GMER 2.1 ----
? C:\Windows\system32\svchost.exe[584] C:\Windows\system32\smss.exe image checksum mismatch; time/date stamp mismatch; unknown module: OLEAUT32.dllunknown module: urlmon.dllunknown module: VERSION.dll
.text C:\Windows\system32\svchost.exe[584] USER32.dll!DialogBoxIndirectParamAorW 76BC2EB6 5 Bytes [33, C0, C2, 18, 00] {XOR EAX, EAX; RET 0x18}
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 VMkbd.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 VMkbd.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
Device \Driver\usbuhci \Device\USBPDO-0 hcmon.sys
Device \Driver\usbuhci \Device\USBPDO-1 hcmon.sys
Device \Driver\usbuhci \Device\USBPDO-2 hcmon.sys
Device \Driver\usbehci \Device\USBPDO-3 hcmon.sys
Device \Driver\usbuhci \Device\USBPDO-4 hcmon.sys
Device \Driver\usbuhci \Device\USBPDO-5 hcmon.sys
Device \Driver\usbuhci \Device\USBPDO-6 hcmon.sys
Device \Driver\usbehci \Device\USBPDO-7 hcmon.sys
Device \Driver\usbhub \Device\00000065 hcmon.sys
Device \Driver\usbhub \Device\00000066 hcmon.sys
Device \Driver\usbhub \Device\00000067 hcmon.sys
Device \Driver\usbhub \Device\00000068 hcmon.sys
Device \Driver\usbhub \Device\00000069 hcmon.sys
Device \Driver\usbhub \Device\0000006a hcmon.sys
Device \Driver\usbhub \Device\0000006b hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-0 hcmon.sys
Device \Driver\usbhub \Device\0000006c hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-1 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-2 hcmon.sys
Device \Driver\usbehci \Device\USBFDO-3 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-4 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-5 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-6 hcmon.sys
Device \Driver\usbehci \Device\USBFDO-7 hcmon.sys
---- Processes - GMER 2.1 ----
Library c:\windows\system32\z (*** hidden *** ) @ C:\Windows\Explorer.EXE [2856] 0x04090000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0002787923ce
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1f37b91
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1f5d89c
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269cdd0c4
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0002787923ce (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe1f37b91 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe1f5d89c (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\002269cdd0c4 (not active ControlSet)
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Geändert von Heyo (01.05.2013 um 17:40 Uhr) |
|
01.05.2013, 18:45
| #2 |
| /// TB-Ausbilder   | Mit Avira tr-atraps.gen2 ; TR/necurs.a.71 ; TR/Sirefef.a.78 Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Wo hat Avira "tr-atraps.gen2 ; TR/necurs.a.71 ; TR/Sirefef.a.78" gefunden? Ich hätte gerne dazu die Logdatei: Bitte alle Logs mit Funden posten  Lesestoff: Rootkit-Warnung Dein Computer wurde mit einem besonderen Schädling infiziert, der sich vor herkömmlichen Virenscannern und dem Betriebssystem selbst verstecken kann. Zusätzlich hat so ein Schädling meist auch Backdoor-Funktionalität, reißt also ganz bewußt Löcher durch alle Schutzmaßnahmen, damit er weiteren Schadcode nachladen oder die Daten, die er so sammelt, an die "bösen Jungs" weiterleiten kann. Was heißt das jetzt für dich?
Solltest du dich für eine Bereinigung entschieden haben, beginnen wir folgendermaßen: Schritt 1 Scan mit Combofix
Schritt 2 Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Schritt 3 Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte poste mit deiner nächsten Antwort
|
|
01.05.2013, 19:00
| #3 |
| | Mit Avira tr-atraps.gen2 ; TR/necurs.a.71 ; TR/Sirefef.a.78 Sicherheitshinweis 01.05.2013 19:54 Typ Fund
__________________Zugriff auf die Datei C:\$Recycle.Bin\...\00000001.@ die ein Virus oder unerwünschtes Programm TR/Sirefef.A.78 enthält, wurde verweigert die anderen zwei sind jetzt eine Weile nicht mehr gekommen, poste diese aber sobald sie auftauchen! Werde jetzt mich dann den anderen Programmen zuwenden ... Vielen Dank für Deine schnelle Hilfe Combofix Logfile: Code:
ATTFilter ComboFix 13-05-01.03 - Wohnzimmer 01.05.2013 20:08:27.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3066.1731 [GMT 2:00]
ausgeführt von:: c:\users\Stephan\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\$recycle.bin\S-1-5-21-2304657712-77872177-212307690-1004\$68d5fa2aa6fdf17613258da79fe586ad\@
c:\$recycle.bin\S-1-5-21-2304657712-77872177-212307690-1004\$68d5fa2aa6fdf17613258da79fe586ad\n
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\windows\Installer\{A907A713-DA24-4352-8786-96C7A6944646}\BillMinder.8C5DA79E_7079_4AB3_81F7_712153351D0D.exe
c:\windows\IsUn0407.exe
c:\windows\system32\rnaph.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-04-01 bis 2013-05-01 ))))))))))))))))))))))))))))))
.
.
2013-05-01 18:15 . 2013-05-01 18:15 -------- d-----w- c:\users\Wohnzimmer\AppData\Local\temp
2013-05-01 18:15 . 2013-05-01 18:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-12 18:40 . 2013-04-12 18:40 -------- d-----w- c:\users\Wohnzimmer\AppData\Roaming\vlc
2013-04-12 18:39 . 2013-04-12 18:39 -------- d-----w- c:\program files\VideoLAN
2013-04-12 13:45 . 2013-04-12 13:45 -------- d-----w- c:\programdata\CyberLink
2013-04-10 11:47 . 2013-03-03 19:07 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 11:47 . 2013-03-11 13:25 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-10 11:47 . 2013-03-11 13:25 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 11:47 . 2013-03-09 03:45 49152 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 11:47 . 2013-03-09 01:28 64000 ----a-w- c:\windows\system32\smss.exe
2013-04-10 11:47 . 2013-03-08 03:53 376320 ----a-w- c:\windows\system32\winsrv.dll
2013-04-10 11:47 . 2013-03-08 03:52 2067968 ----a-w- c:\windows\system32\mstscax.dll
2013-04-10 11:47 . 2013-03-05 01:40 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 06:02 . 2013-04-10 06:02 -------- d-----w- C:\Scanner
2013-04-10 06:01 . 2013-04-10 06:01 -------- d-----w- c:\program files\S700 Scancopier Printer Profile Utility
2013-04-10 06:00 . 2001-12-14 13:08 14096 ----a-w- c:\windows\system32\drivers\WILPAR.SYS
2013-04-10 06:00 . 2002-06-14 12:08 20603 ----a-w- c:\windows\system32\wilpar.vxd
2013-04-10 06:00 . 2002-05-27 13:35 110592 ----a-w- c:\windows\system32\wilspool.dll
2013-04-10 06:00 . 2002-02-06 12:23 139264 ----a-w- c:\windows\system32\Wilcom32.dll
2013-04-10 06:00 . 2001-06-07 11:49 163840 ----a-w- c:\windows\system32\Wilpar32.dll
2013-04-10 06:00 . 2000-11-22 15:20 45056 ----a-w- c:\windows\system32\Faxfil32.dll
2013-04-10 06:00 . 2000-11-22 12:04 11776 ----a-w- c:\windows\system32\Faxfrm32.dll
2013-04-10 06:00 . 1996-08-05 01:00 92160 ----a-w- c:\windows\system32\GRID32.OCX
2013-04-10 06:00 . 1999-09-07 08:43 282624 ----a-w- c:\windows\system32\Imgman32.dll
2013-04-10 06:00 . 1999-01-26 14:39 35328 ----a-w- c:\windows\system32\Im31bmp.dil
2013-04-10 06:00 . 2013-04-10 06:01 -------- d-----w- c:\program files\Unimessage Pro
2013-04-09 17:09 . 2013-04-09 17:09 -------- d-----w- c:\users\Wohnzimmer\AppData\Roaming\PSpad
2013-04-09 17:08 . 2013-04-09 17:08 -------- d-----w- c:\users\Wohnzimmer\AppData\Local\Macromedia
2013-04-09 17:08 . 2013-04-09 17:09 -------- d-----w- c:\users\Wohnzimmer\AppData\Local\VMware
2013-04-09 17:08 . 2013-04-09 17:08 -------- d-----w- c:\users\Wohnzimmer\AppData\Roaming\VMware
2013-04-09 17:02 . 2013-04-09 17:05 -------- d-----w- C:\xampp
2013-04-09 16:49 . 2010-11-11 11:31 334448 ----a-w- c:\windows\system32\vmnetdhcp.exe
2013-04-09 16:49 . 2010-11-11 11:31 404080 ----a-w- c:\windows\system32\vmnat.exe
2013-04-09 16:49 . 2010-11-11 11:29 26352 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2013-04-09 16:48 . 2010-11-11 11:31 760432 ----a-w- c:\windows\system32\vnetlib.dll
2013-04-09 16:48 . 2010-11-11 11:30 24688 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2013-04-09 16:47 . 2013-04-09 16:47 -------- d-----w- c:\program files\Common Files\VMware
2013-04-09 16:47 . 2013-05-01 15:45 -------- d-----w- c:\programdata\VMware
2013-04-09 16:47 . 2013-04-09 16:47 -------- d-----w- c:\program files\VMware
2013-04-09 16:44 . 2013-04-09 16:44 -------- d-----w- c:\program files\PSPad editor
2013-04-04 11:20 . 2013-04-04 11:20 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2013-04-04 05:48 . 2013-01-28 12:19 32032 ----a-w- c:\windows\system32\TURegOpt.exe
2013-04-04 05:48 . 2013-01-28 12:19 21792 ----a-w- c:\windows\system32\authuitu.dll
2013-04-04 05:48 . 2013-04-04 05:48 -------- d-----w- c:\users\Wohnzimmer\AppData\Roaming\TuneUp Software
2013-04-04 05:48 . 2013-04-04 05:48 -------- d-----w- c:\program files\TuneUp Utilities 2013
2013-04-04 05:47 . 2013-04-04 05:48 -------- d-----w- c:\programdata\TuneUp Software
2013-04-04 05:47 . 2013-04-04 05:55 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-04-04 05:47 . 2013-04-04 05:47 -------- d--h--w- c:\programdata\Common Files
2013-04-04 05:44 . 2013-04-04 05:44 -------- d-----w- c:\program files\Common Files\Java
2013-04-04 05:44 . 2013-04-04 05:43 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-04-04 05:44 . 2013-04-04 05:43 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-04 05:35 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2013-04-04 05:35 . 2012-03-01 14:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-04-04 05:35 . 2012-03-01 14:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2013-04-04 05:35 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2013-04-04 05:35 . 2012-02-29 13:44 683008 ----a-w- c:\windows\system32\d2d1.dll
2013-04-04 05:35 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\system32\DWrite.dll
2013-04-03 15:36 . 2013-04-03 15:36 -------- d-----w- c:\program files\Mozilla Thunderbird
2013-04-03 15:10 . 2013-04-09 17:10 -------- d-----w- c:\users\Stephan
2013-04-03 15:04 . 2013-04-03 15:04 -------- d-----w- c:\program files\Windows Portable Devices
2013-04-03 08:11 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2013-04-03 08:11 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2013-04-03 08:11 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2013-04-03 08:04 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2013-04-03 08:04 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2013-04-03 08:04 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-04-03 07:55 . 2013-04-03 07:55 519680 ----a-w- c:\windows\system32\d3d11.dll
2013-04-03 07:55 . 2013-04-03 07:55 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2013-04-03 07:55 . 2013-04-03 07:55 252928 ----a-w- c:\windows\system32\dxdiag.exe
2013-04-03 07:55 . 2013-04-03 07:55 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2013-04-03 07:55 . 2013-04-03 07:55 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-04-03 07:55 . 2013-04-03 07:55 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2013-04-03 07:55 . 2013-04-03 07:55 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-04-03 07:43 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-04-03 07:43 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-04-03 07:43 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-04-03 07:43 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-04-03 07:43 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-04-03 07:43 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll
2013-04-03 07:43 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-04-03 07:43 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-04-03 07:43 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2013-04-03 07:43 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2013-04-03 07:43 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-04-03 07:36 . 2012-12-16 13:12 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-04-03 07:36 . 2012-12-16 10:50 293376 ----a-w- c:\windows\system32\atmfd.dll
2013-04-03 07:33 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2013-04-03 07:33 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2013-04-03 07:33 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2013-04-03 07:33 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2013-04-03 07:33 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2013-04-03 07:33 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2013-04-03 07:33 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2013-04-03 07:33 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2013-04-03 07:32 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
2013-04-03 07:32 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
2013-04-03 07:32 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll
2013-04-03 07:32 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2013-04-03 07:32 . 2012-08-21 11:47 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys
2013-04-03 07:29 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2013-04-03 07:29 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2013-04-03 07:29 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-04-03 07:29 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2013-04-03 07:29 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2013-04-03 07:29 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
2013-04-03 07:29 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
2013-04-03 07:29 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2013-04-03 07:29 . 2013-02-12 01:57 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-04-03 07:17 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2013-04-03 07:09 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2013-04-03 07:09 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2013-04-03 07:09 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2013-04-03 07:09 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2013-04-03 07:09 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2013-04-03 07:09 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2013-04-03 07:09 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2013-04-03 07:09 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2013-04-03 07:09 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2013-04-02 16:35 . 2013-04-02 16:35 -------- d-----w- c:\program files\Microsoft Synchronization Services
2013-04-02 16:35 . 2013-04-02 16:35 -------- d-----w- c:\windows\PCHEALTH
2013-04-02 16:35 . 2013-04-02 16:35 -------- d-----w- c:\program files\Microsoft Sync Framework
2013-04-02 16:35 . 2013-04-02 16:35 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2013-04-02 16:32 . 2013-04-02 16:32 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2013-04-02 16:31 . 2013-04-02 16:31 -------- d-----w- c:\program files\Microsoft Analysis Services
2013-04-02 16:30 . 2013-04-02 16:30 -------- d-----w- c:\users\Wohnzimmer\AppData\Local\Microsoft Help
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-03 07:55 . 2013-04-03 07:55 4096 ----a-w- c:\windows\system32\drivers\de-DE\dxgkrnl.sys.mui
2013-03-04 14:06 . 2013-03-04 14:06 825672 ----a-w- c:\windows\system32\Ddbaccpl.cpl
2013-03-04 14:06 . 2013-03-04 14:06 227656 ----a-w- c:\windows\system32\ddBACCTM.cpl
2013-04-13 18:47 . 2013-04-13 18:47 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-17 2289664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-26 13548064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-26 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-04-02 345312]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2010-11-11 64112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496]
Quicken Jubiläumsversion Zahlungserinnerung.lnk - [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"LexwareInfoService"=c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - KXRCAUOC
*Deregistered* - kxrcauoc
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-17 08:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-02 10:41 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-02 18:12]
.
2013-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-02 10:31]
.
2013-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-02 10:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
LSP: c:\program files\VMware\VMware Player\vsocklib.dll
FF - ProfilePath - c:\users\Wohnzimmer\AppData\Roaming\Mozilla\Firefox\Profiles\89flgnib.default\
FF - ExtSQL: 2013-04-02 13:28; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: 2013-04-04 08:15; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Wohnzimmer\AppData\Roaming\Mozilla\Firefox\Profiles\89flgnib.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Unimessage Pro - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-05-01 20:15
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
c:\users\WOHNZI~1\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Zeit der Fertigstellung: 2013-05-01 20:17:48
ComboFix-quarantined-files.txt 2013-05-01 18:17
.
Vor Suchlauf: 9 Verzeichnis(se), 98.403.094.528 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 98.140.184.576 Bytes frei
.
- - End Of File - - 0F994A6F1231CCAA80C237ECC00E0E18
Malwarebytes Anti-Rootkit BETA 1.05.0.1001 www.malwarebytes.org Database version: v2013.05.01.07 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Wohnzimmer :: WOHNZIMMER-PC [administrator] 01.05.2013 20:40:58 mbar-log-2013-05-01 (20-40-58).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 28062 Time elapsed: 8 minute(s), 30 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Malwarebytes Anti-Rootkit BETA 1.05.0.1001 www.malwarebytes.org Database version: v2013.05.01.07 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Wohnzimmer :: WOHNZIMMER-PC [administrator] 01.05.2013 20:57:27 mbar-log-2013-05-01 (20-57-27).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 28091 Time elapsed: 12 minute(s), 2 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) 20:58:13.0060 4916 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 20:58:13.0590 4916 ============================================================ 20:58:13.0590 4916 Current date / time: 2013/05/01 20:58:13.0590 20:58:13.0590 4916 SystemInfo: 20:58:13.0590 4916 20:58:13.0590 4916 OS Version: 6.0.6002 ServicePack: 2.0 20:58:13.0590 4916 Product type: Workstation 20:58:13.0591 4916 ComputerName: WOHNZIMMER-PC 20:58:13.0591 4916 UserName: Wohnzimmer 20:58:13.0591 4916 Windows directory: C:\Windows 20:58:13.0591 4916 System windows directory: C:\Windows 20:58:13.0591 4916 Processor architecture: Intel x86 20:58:13.0591 4916 Number of processors: 2 20:58:13.0591 4916 Page size: 0x1000 20:58:13.0591 4916 Boot type: Normal boot 20:58:13.0591 4916 ============================================================ 20:58:14.0000 4916 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 20:58:14.0002 4916 ============================================================ 20:58:14.0002 4916 \Device\Harddisk0\DR0: 20:58:14.0002 4916 MBR partitions: 20:58:14.0002 4916 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x1202E000 20:58:14.0002 4916 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1342E800, BlocksNum 0x11FFF800 20:58:14.0002 4916 ============================================================ 20:58:14.0046 4916 C: <-> \Device\Harddisk0\DR0\Partition1 20:58:14.0080 4916 D: <-> \Device\Harddisk0\DR0\Partition2 20:58:14.0080 4916 ============================================================ 20:58:14.0080 4916 Initialize success 20:58:14.0080 4916 ============================================================ 20:58:37.0010 4396 ============================================================ 20:58:37.0010 4396 Scan started 20:58:37.0010 4396 Mode: Manual; SigCheck; TDLFS; 20:58:37.0010 4396 ============================================================ 20:58:37.0617 4396 ================ Scan system memory ======================== 20:58:37.0617 4396 System memory - ok 20:58:37.0618 4396 ================ Scan services ============================= 20:58:37.0804 4396 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys 20:58:37.0917 4396 ACPI - ok 20:58:38.0009 4396 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 20:58:38.0024 4396 AdobeARMservice - ok 20:58:38.0108 4396 [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 20:58:38.0123 4396 AdobeFlashPlayerUpdateSvc - ok 20:58:38.0193 4396 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 20:58:38.0220 4396 adp94xx - ok 20:58:38.0261 4396 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys 20:58:38.0278 4396 adpahci - ok 20:58:38.0319 4396 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 20:58:38.0334 4396 adpu160m - ok 20:58:38.0380 4396 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 20:58:38.0395 4396 adpu320 - ok 20:58:38.0437 4396 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 20:58:38.0482 4396 AeLookupSvc - ok 20:58:38.0518 4396 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys 20:58:38.0553 4396 AFD - ok 20:58:38.0625 4396 [ CE91B158FA490CF4C4D487A4130F4660 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys 20:58:38.0719 4396 AgereSoftModem - ok 20:58:38.0762 4396 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys 20:58:38.0776 4396 agp440 - ok 20:58:38.0829 4396 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys 20:58:38.0843 4396 aic78xx - ok 20:58:38.0865 4396 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe 20:58:38.0900 4396 ALG - ok 20:58:38.0916 4396 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys 20:58:38.0928 4396 aliide - ok 20:58:38.0949 4396 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys 20:58:38.0962 4396 amdagp - ok 20:58:38.0987 4396 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys 20:58:39.0000 4396 amdide - ok 20:58:39.0016 4396 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys 20:58:39.0059 4396 AmdK7 - ok 20:58:39.0099 4396 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 20:58:39.0137 4396 AmdK8 - ok 20:58:39.0192 4396 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe 20:58:39.0204 4396 AntiVirSchedulerService - ok 20:58:39.0215 4396 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe 20:58:39.0228 4396 AntiVirService - ok 20:58:39.0302 4396 [ 53EA061ECC67223A430F153C3682AD54 ] Apache2.2 c:\xampp\apache\bin\httpd.exe 20:58:39.0322 4396 Apache2.2 ( UnsignedFile.Multi.Generic ) - warning 20:58:39.0323 4396 Apache2.2 - detected UnsignedFile.Multi.Generic (1) 20:58:39.0404 4396 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll 20:58:39.0444 4396 Appinfo - ok 20:58:39.0497 4396 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys 20:58:39.0512 4396 arc - ok 20:58:39.0561 4396 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys 20:58:39.0575 4396 arcsas - ok 20:58:39.0618 4396 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 20:58:39.0664 4396 AsyncMac - ok 20:58:39.0683 4396 [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi C:\Windows\system32\drivers\atapi.sys 20:58:39.0696 4396 atapi - ok 20:58:39.0767 4396 [ F32FEE7CB2EE32C1F808409BC8019701 ] athr C:\Windows\system32\DRIVERS\athr.sys 20:58:39.0846 4396 athr - ok 20:58:39.0919 4396 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 20:58:39.0943 4396 AudioEndpointBuilder - ok 20:58:39.0964 4396 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll 20:58:39.0987 4396 Audiosrv - ok 20:58:40.0025 4396 [ 87425709A251386064C99B684BF96F72 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 20:58:40.0041 4396 avgntflt - ok 20:58:40.0064 4396 [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 20:58:40.0077 4396 avipbb - ok 20:58:40.0090 4396 [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 20:58:40.0102 4396 avkmgr - ok 20:58:40.0149 4396 [ 08015D34F6FDD0B355805BAD978497C3 ] bcm4sbxp C:\Windows\system32\DRIVERS\bcm4sbxp.sys 20:58:40.0203 4396 bcm4sbxp - ok 20:58:40.0233 4396 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys 20:58:40.0265 4396 Beep - ok 20:58:40.0320 4396 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll 20:58:40.0376 4396 BFE - ok 20:58:40.0446 4396 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll 20:58:40.0498 4396 BITS - ok 20:58:40.0512 4396 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 20:58:40.0548 4396 blbdrive - ok 20:58:40.0582 4396 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys 20:58:40.0605 4396 bowser - ok 20:58:40.0633 4396 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 20:58:40.0665 4396 BrFiltLo - ok 20:58:40.0688 4396 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 20:58:40.0720 4396 BrFiltUp - ok 20:58:40.0753 4396 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll 20:58:40.0805 4396 Browser - ok 20:58:40.0825 4396 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys 20:58:40.0881 4396 Brserid - ok 20:58:40.0905 4396 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 20:58:40.0959 4396 BrSerWdm - ok 20:58:40.0981 4396 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 20:58:41.0032 4396 BrUsbMdm - ok 20:58:41.0051 4396 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 20:58:41.0113 4396 BrUsbSer - ok 20:58:41.0155 4396 [ DA7B195275BDA7F8FCF79B40E0F45DDE ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys 20:58:41.0184 4396 BthEnum - ok 20:58:41.0204 4396 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 20:58:41.0256 4396 BTHMODEM - ok 20:58:41.0282 4396 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 20:58:41.0325 4396 BthPan - ok 20:58:41.0352 4396 [ 73D53F8E90550BA81E2CF44A0873B410 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys 20:58:41.0375 4396 BTHPORT - ok 20:58:41.0400 4396 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll 20:58:41.0434 4396 BthServ - ok 20:58:41.0452 4396 [ 32045A4BB143BBC5BAB1298C4E9E309A ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys 20:58:41.0482 4396 BTHUSB - ok 20:58:41.0521 4396 [ 3EA1A20DC0CA1AD23E7AA8C37A91BCD1 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys 20:58:41.0534 4396 btwaudio - ok 20:58:41.0557 4396 [ 195872E48A7FB01F8BC9B800F70F4054 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys 20:58:41.0568 4396 btwavdt - ok 20:58:41.0584 4396 [ 0724E7D6C9B6A289EDDDA33FA8176E80 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys 20:58:41.0593 4396 btwrchid - ok 20:58:41.0694 4396 catchme - ok 20:58:41.0739 4396 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 20:58:41.0781 4396 cdfs - ok 20:58:41.0838 4396 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 20:58:41.0872 4396 cdrom - ok 20:58:41.0908 4396 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll 20:58:41.0943 4396 CertPropSvc - ok 20:58:42.0039 4396 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys 20:58:42.0080 4396 circlass - ok 20:58:42.0118 4396 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys 20:58:42.0136 4396 CLFS - ok 20:58:42.0190 4396 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 20:58:42.0203 4396 clr_optimization_v2.0.50727_32 - ok 20:58:42.0270 4396 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 20:58:42.0283 4396 clr_optimization_v4.0.30319_32 - ok 20:58:42.0310 4396 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 20:58:42.0350 4396 CmBatt - ok 20:58:42.0365 4396 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys 20:58:42.0377 4396 cmdide - ok 20:58:42.0395 4396 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 20:58:42.0409 4396 Compbatt - ok 20:58:42.0415 4396 COMSysApp - ok 20:58:42.0423 4396 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 20:58:42.0437 4396 crcdisk - ok 20:58:42.0455 4396 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys 20:58:42.0493 4396 Crusoe - ok 20:58:42.0550 4396 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll 20:58:42.0580 4396 CryptSvc - ok 20:58:42.0618 4396 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll 20:58:42.0676 4396 DcomLaunch - ok 20:58:42.0692 4396 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys 20:58:42.0716 4396 DfsC - ok 20:58:42.0786 4396 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe 20:58:42.0911 4396 DFSR - ok 20:58:42.0951 4396 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll 20:58:42.0987 4396 Dhcp - ok 20:58:43.0004 4396 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys 20:58:43.0019 4396 disk - ok 20:58:43.0053 4396 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll 20:58:43.0081 4396 Dnscache - ok 20:58:43.0101 4396 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll 20:58:43.0133 4396 dot3svc - ok 20:58:43.0172 4396 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll 20:58:43.0209 4396 DPS - ok 20:58:43.0249 4396 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 20:58:43.0313 4396 drmkaud - ok 20:58:43.0347 4396 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 20:58:43.0409 4396 DXGKrnl - ok 20:58:43.0431 4396 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys 20:58:43.0458 4396 E1G60 - ok 20:58:43.0493 4396 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll 20:58:43.0529 4396 EapHost - ok 20:58:43.0563 4396 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys 20:58:43.0579 4396 Ecache - ok 20:58:43.0631 4396 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 20:58:43.0648 4396 ehRecvr - ok 20:58:43.0666 4396 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe 20:58:43.0692 4396 ehSched - ok 20:58:43.0720 4396 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll 20:58:43.0739 4396 ehstart - ok 20:58:43.0791 4396 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys 20:58:43.0815 4396 elxstor - ok 20:58:43.0854 4396 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll 20:58:43.0888 4396 EMDMgmt - ok 20:58:43.0934 4396 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys 20:58:43.0976 4396 ErrDev - ok 20:58:44.0009 4396 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll 20:58:44.0047 4396 EventSystem - ok 20:58:44.0179 4396 [ 2D41D7250F73272946DE04FF7A19761E ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe 20:58:44.0218 4396 EvtEng ( UnsignedFile.Multi.Generic ) - warning 20:58:44.0218 4396 EvtEng - detected UnsignedFile.Multi.Generic (1) 20:58:44.0258 4396 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys 20:58:44.0288 4396 exfat - ok 20:58:44.0310 4396 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys 20:58:44.0351 4396 fastfat - ok 20:58:44.0390 4396 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys 20:58:44.0424 4396 fdc - ok 20:58:44.0468 4396 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll 20:58:44.0493 4396 fdPHost - ok 20:58:44.0532 4396 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll 20:58:44.0577 4396 FDResPub - ok 20:58:44.0593 4396 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 20:58:44.0607 4396 FileInfo - ok 20:58:44.0631 4396 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys 20:58:44.0673 4396 Filetrace - ok 20:58:44.0718 4396 [ E3A0CC636F313CB34867123539691DD5 ] FileZilla Server c:\xampp\FileZillaFTP\FileZillaServer.exe 20:58:44.0765 4396 FileZilla Server ( UnsignedFile.Multi.Generic ) - warning 20:58:44.0765 4396 FileZilla Server - detected UnsignedFile.Multi.Generic (1) 20:58:44.0780 4396 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 20:58:44.0807 4396 flpydisk - ok 20:58:44.0839 4396 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 20:58:44.0857 4396 FltMgr - ok 20:58:44.0925 4396 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll 20:58:44.0951 4396 FontCache - ok 20:58:45.0001 4396 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 20:58:45.0013 4396 FontCache3.0.0.0 - ok 20:58:45.0037 4396 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 20:58:45.0063 4396 Fs_Rec - ok 20:58:45.0092 4396 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 20:58:45.0105 4396 gagp30kx - ok 20:58:45.0145 4396 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll 20:58:45.0243 4396 gpsvc - ok 20:58:45.0316 4396 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 20:58:45.0328 4396 gupdate - ok 20:58:45.0334 4396 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 20:58:45.0345 4396 gupdatem - ok 20:58:45.0374 4396 [ 9F40FC2A562DC9F4D9E10943586D9ED1 ] hcmon C:\Windows\system32\drivers\hcmon.sys 20:58:45.0385 4396 hcmon - ok 20:58:45.0425 4396 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 20:58:45.0486 4396 HdAudAddService - ok 20:58:45.0527 4396 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 20:58:45.0556 4396 HDAudBus - ok 20:58:45.0580 4396 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys 20:58:45.0634 4396 HidBth - ok 20:58:45.0652 4396 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys 20:58:45.0713 4396 HidIr - ok 20:58:45.0747 4396 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll 20:58:45.0774 4396 hidserv - ok 20:58:45.0811 4396 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 20:58:45.0844 4396 HidUsb - ok 20:58:45.0867 4396 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll 20:58:45.0906 4396 hkmsvc - ok 20:58:45.0921 4396 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 20:58:45.0934 4396 HpCISSs - ok 20:58:45.0974 4396 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys 20:58:46.0004 4396 HTTP - ok 20:58:46.0035 4396 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys 20:58:46.0073 4396 i2omp - ok 20:58:46.0128 4396 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 20:58:46.0163 4396 i8042prt - ok 20:58:46.0240 4396 [ 496DB78E6A0C4C44023D9A92B4A7AC31 ] ialm C:\Windows\system32\DRIVERS\igdkmd32.sys 20:58:46.0353 4396 ialm - ok 20:58:46.0391 4396 [ ABFEBC5F846C71AFEBD7F8F6BA740C03 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 20:58:46.0406 4396 iaStor - ok 20:58:46.0436 4396 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 20:58:46.0455 4396 iaStorV - ok 20:58:46.0518 4396 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 20:58:46.0603 4396 idsvc - ok 20:58:46.0658 4396 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys 20:58:46.0671 4396 iirsp - ok 20:58:46.0734 4396 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll 20:58:46.0789 4396 IKEEXT - ok 20:58:46.0880 4396 [ FFD2B3BC042596ABE785D3C15F51AB46 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys 20:58:46.0990 4396 IntcAzAudAddService - ok 20:58:47.0019 4396 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys 20:58:47.0033 4396 intelide - ok 20:58:47.0054 4396 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 20:58:47.0097 4396 intelppm - ok 20:58:47.0121 4396 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 20:58:47.0154 4396 IPBusEnum - ok 20:58:47.0177 4396 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 20:58:47.0211 4396 IpFilterDriver - ok 20:58:47.0249 4396 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 20:58:47.0277 4396 iphlpsvc - ok 20:58:47.0283 4396 IpInIp - ok 20:58:47.0300 4396 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 20:58:47.0341 4396 IPMIDRV - ok 20:58:47.0370 4396 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 20:58:47.0396 4396 IPNAT - ok 20:58:47.0416 4396 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 20:58:47.0441 4396 IRENUM - ok 20:58:47.0460 4396 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys 20:58:47.0474 4396 isapnp - ok 20:58:47.0514 4396 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 20:58:47.0531 4396 iScsiPrt - ok 20:58:47.0549 4396 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 20:58:47.0562 4396 iteatapi - ok 20:58:47.0600 4396 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys 20:58:47.0612 4396 iteraid - ok 20:58:47.0633 4396 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 20:58:47.0646 4396 kbdclass - ok 20:58:47.0663 4396 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 20:58:47.0697 4396 kbdhid - ok 20:58:47.0737 4396 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe 20:58:47.0772 4396 KeyIso - ok 20:58:47.0791 4396 [ EBC507F129DF8F0E0CA270DCFC0CF87F ] KMDFMEMIO C:\Windows\system32\DRIVERS\kmdfmemio.sys 20:58:47.0808 4396 KMDFMEMIO - ok 20:58:47.0829 4396 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 20:58:47.0855 4396 KSecDD - ok 20:58:47.0900 4396 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll 20:58:47.0938 4396 KtmRm - ok 20:58:47.0968 4396 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll 20:58:47.0994 4396 LanmanServer - ok 20:58:48.0019 4396 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 20:58:48.0037 4396 LanmanWorkstation - ok 20:58:48.0067 4396 [ C215E09622118383B236DD56C2065183 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe 20:58:48.0086 4396 LightScribeService ( UnsignedFile.Multi.Generic ) - warning 20:58:48.0087 4396 LightScribeService - detected UnsignedFile.Multi.Generic (1) 20:58:48.0112 4396 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 20:58:48.0154 4396 lltdio - ok 20:58:48.0186 4396 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll 20:58:48.0226 4396 lltdsvc - ok 20:58:48.0249 4396 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll 20:58:48.0309 4396 lmhosts - ok 20:58:48.0335 4396 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 20:58:48.0349 4396 LSI_FC - ok 20:58:48.0370 4396 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 20:58:48.0385 4396 LSI_SAS - ok 20:58:48.0396 4396 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 20:58:48.0411 4396 LSI_SCSI - ok 20:58:48.0426 4396 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys 20:58:48.0462 4396 luafv - ok 20:58:48.0478 4396 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 20:58:48.0500 4396 Mcx2Svc - ok 20:58:48.0530 4396 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys 20:58:48.0543 4396 megasas - ok 20:58:48.0570 4396 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys 20:58:48.0595 4396 MegaSR - ok 20:58:48.0673 4396 Microsoft SharePoint Workspace Audit Service - ok 20:58:48.0695 4396 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll 20:58:48.0734 4396 MMCSS - ok 20:58:48.0749 4396 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys 20:58:48.0792 4396 Modem - ok 20:58:48.0814 4396 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 20:58:48.0857 4396 monitor - ok 20:58:48.0875 4396 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 20:58:48.0888 4396 mouclass - ok 20:58:48.0910 4396 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 20:58:48.0944 4396 mouhid - ok 20:58:48.0961 4396 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 20:58:48.0974 4396 MountMgr - ok 20:58:49.0036 4396 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 20:58:49.0050 4396 MozillaMaintenance - ok 20:58:49.0098 4396 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys 20:58:49.0112 4396 mpio - ok 20:58:49.0137 4396 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 20:58:49.0164 4396 mpsdrv - ok 20:58:49.0202 4396 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll 20:58:49.0235 4396 MpsSvc - ok 20:58:49.0251 4396 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 20:58:49.0264 4396 Mraid35x - ok 20:58:49.0280 4396 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 20:58:49.0302 4396 MRxDAV - ok 20:58:49.0330 4396 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 20:58:49.0345 4396 mrxsmb - ok 20:58:49.0373 4396 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 20:58:49.0402 4396 mrxsmb10 - ok 20:58:49.0409 4396 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 20:58:49.0440 4396 mrxsmb20 - ok 20:58:49.0468 4396 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys 20:58:49.0481 4396 msahci - ok 20:58:49.0501 4396 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys 20:58:49.0516 4396 msdsm - ok 20:58:49.0528 4396 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe 20:58:49.0572 4396 MSDTC - ok 20:58:49.0597 4396 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys 20:58:49.0634 4396 Msfs - ok 20:58:49.0657 4396 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 20:58:49.0670 4396 msisadrv - ok 20:58:49.0700 4396 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 20:58:49.0727 4396 MSiSCSI - ok 20:58:49.0733 4396 msiserver - ok 20:58:49.0747 4396 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 20:58:49.0789 4396 MSKSSRV - ok 20:58:49.0805 4396 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 20:58:49.0840 4396 MSPCLOCK - ok 20:58:49.0859 4396 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 20:58:49.0885 4396 MSPQM - ok 20:58:49.0914 4396 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 20:58:49.0932 4396 MsRPC - ok 20:58:49.0946 4396 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 20:58:49.0959 4396 mssmbios - ok 20:58:49.0982 4396 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 20:58:50.0007 4396 MSTEE - ok 20:58:50.0026 4396 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys 20:58:50.0040 4396 Mup - ok 20:58:50.0079 4396 mysql - ok 20:58:50.0118 4396 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll 20:58:50.0153 4396 napagent - ok 20:58:50.0196 4396 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 20:58:50.0225 4396 NativeWifiP - ok 20:58:50.0252 4396 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys 20:58:50.0290 4396 NDIS - ok 20:58:50.0316 4396 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 20:58:50.0344 4396 NdisTapi - ok 20:58:50.0362 4396 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 20:58:50.0388 4396 Ndisuio - ok 20:58:50.0409 4396 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 20:58:50.0432 4396 NdisWan - ok 20:58:50.0441 4396 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 20:58:50.0463 4396 NDProxy - ok 20:58:50.0474 4396 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 20:58:50.0507 4396 NetBIOS - ok 20:58:50.0529 4396 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 20:58:50.0568 4396 netbt - ok 20:58:50.0584 4396 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe 20:58:50.0598 4396 Netlogon - ok 20:58:50.0631 4396 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll 20:58:50.0679 4396 Netman - ok 20:58:50.0702 4396 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll 20:58:50.0749 4396 netprofm - ok 20:58:50.0779 4396 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 20:58:50.0791 4396 NetTcpPortSharing - ok 20:58:50.0884 4396 [ 35D5458D9A1B26B2005ABFFBF4C1C5E7 ] NETw3v32 C:\Windows\system32\DRIVERS\NETw3v32.sys 20:58:50.0991 4396 NETw3v32 - ok 20:58:51.0012 4396 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 20:58:51.0025 4396 nfrd960 - ok 20:58:51.0046 4396 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll 20:58:51.0077 4396 NlaSvc - ok 20:58:51.0102 4396 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys 20:58:51.0136 4396 Npfs - ok 20:58:51.0154 4396 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll 20:58:51.0196 4396 nsi - ok 20:58:51.0202 4396 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 20:58:51.0233 4396 nsiproxy - ok 20:58:51.0285 4396 [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 20:58:51.0367 4396 Ntfs - ok 20:58:51.0417 4396 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys 20:58:51.0461 4396 ntrigdigi - ok 20:58:51.0476 4396 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys 20:58:51.0514 4396 Null - ok 20:58:51.0528 4396 [ A103162C62C336C2CB3C5E1E2773D17B ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys 20:58:51.0539 4396 NVHDA - ok 20:58:51.0797 4396 [ C526B4A24EF951EF219C3BFA1534B152 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 20:58:52.0019 4396 nvlddmkm - ok 20:58:52.0046 4396 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys 20:58:52.0060 4396 nvraid - ok 20:58:52.0089 4396 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys 20:58:52.0103 4396 nvstor - ok 20:58:52.0124 4396 [ DF6315CE4FF30F706ABF3802D7749E70 ] nvsvc C:\Windows\system32\nvvsvc.exe 20:58:52.0152 4396 nvsvc - ok 20:58:52.0170 4396 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 20:58:52.0185 4396 nv_agp - ok 20:58:52.0190 4396 NwlnkFlt - ok 20:58:52.0197 4396 NwlnkFwd - ok 20:58:52.0233 4396 [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys 20:58:52.0261 4396 ohci1394 - ok 20:58:52.0304 4396 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 20:58:52.0317 4396 ose - ok 20:58:52.0466 4396 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 20:58:52.0813 4396 osppsvc - ok 20:58:52.0963 4396 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll 20:58:53.0068 4396 p2pimsvc - ok 20:58:53.0082 4396 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll 20:58:53.0142 4396 p2psvc - ok 20:58:53.0204 4396 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys 20:58:53.0248 4396 Parport - ok 20:58:53.0271 4396 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys 20:58:53.0285 4396 partmgr - ok 20:58:53.0305 4396 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys 20:58:53.0362 4396 Parvdm - ok 20:58:53.0385 4396 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll 20:58:53.0408 4396 PcaSvc - ok 20:58:53.0423 4396 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys 20:58:53.0439 4396 pci - ok 20:58:53.0453 4396 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys 20:58:53.0466 4396 pciide - ok 20:58:53.0499 4396 [ B7C5A8769541900F6DFA6FE0C5E4D513 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 20:58:53.0516 4396 pcmcia - ok 20:58:53.0557 4396 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys 20:58:53.0646 4396 PEAUTH - ok 20:58:53.0730 4396 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll 20:58:53.0808 4396 pla - ok 20:58:53.0844 4396 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll 20:58:53.0883 4396 PlugPlay - ok 20:58:53.0919 4396 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 20:58:53.0944 4396 PNRPAutoReg - ok 20:58:53.0975 4396 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll 20:58:53.0999 4396 PNRPsvc - ok 20:58:54.0028 4396 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 20:58:54.0058 4396 PolicyAgent - ok 20:58:54.0097 4396 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 20:58:54.0133 4396 PptpMiniport - ok 20:58:54.0152 4396 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys 20:58:54.0178 4396 Processor - ok 20:58:54.0213 4396 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll 20:58:54.0236 4396 ProfSvc - ok 20:58:54.0253 4396 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe 20:58:54.0267 4396 ProtectedStorage - ok 20:58:54.0295 4396 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys 20:58:54.0327 4396 PSched - ok 20:58:54.0387 4396 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 20:58:54.0457 4396 ql2300 - ok 20:58:54.0475 4396 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 20:58:54.0489 4396 ql40xx - ok 20:58:54.0524 4396 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll 20:58:54.0559 4396 QWAVE - ok 20:58:54.0576 4396 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 20:58:54.0590 4396 QWAVEdrv - ok 20:58:54.0602 4396 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 20:58:54.0641 4396 RasAcd - ok 20:58:54.0662 4396 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll 20:58:54.0707 4396 RasAuto - ok 20:58:54.0727 4396 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 20:58:54.0755 4396 Rasl2tp - ok 20:58:54.0778 4396 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll 20:58:54.0818 4396 RasMan - ok 20:58:54.0836 4396 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 20:58:54.0873 4396 RasPppoe - ok 20:58:54.0891 4396 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 20:58:54.0915 4396 RasSstp - ok 20:58:54.0938 4396 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 20:58:54.0962 4396 rdbss - ok 20:58:54.0988 4396 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 20:58:55.0023 4396 RDPCDD - ok 20:58:55.0046 4396 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys 20:58:55.0074 4396 rdpdr - ok 20:58:55.0079 4396 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 20:58:55.0107 4396 RDPENCDD - ok 20:58:55.0151 4396 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 20:58:55.0168 4396 RDPWD - ok 20:58:55.0235 4396 [ ED8C9F16E10C1E4C4C5D16CD04966E24 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 20:58:55.0268 4396 RegSrvc ( UnsignedFile.Multi.Generic ) - warning 20:58:55.0268 4396 RegSrvc - detected UnsignedFile.Multi.Generic (1) 20:58:55.0308 4396 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll 20:58:55.0335 4396 RemoteAccess - ok 20:58:55.0370 4396 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll 20:58:55.0393 4396 RemoteRegistry - ok 20:58:55.0423 4396 [ 10536B0AD6F416FC7F1149977C28CCDC ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 20:58:55.0456 4396 RFCOMM - ok 20:58:55.0527 4396 [ 4D05898896EC49CF663DDA61041AB096 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe 20:58:55.0541 4396 RichVideo - ok 20:58:55.0568 4396 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe 20:58:55.0582 4396 RpcLocator - ok 20:58:55.0605 4396 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll 20:58:55.0648 4396 RpcSs - ok 20:58:55.0677 4396 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 20:58:55.0717 4396 rspndr - ok 20:58:55.0731 4396 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe 20:58:55.0746 4396 SamSs - ok 20:58:55.0834 4396 [ A9D840FA78F65857EB554229914F855C ] Samsung Update Plus C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe 20:58:55.0860 4396 Samsung Update Plus ( UnsignedFile.Multi.Generic ) - warning 20:58:55.0860 4396 Samsung Update Plus - detected UnsignedFile.Multi.Generic (1) 20:58:55.0883 4396 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 20:58:55.0895 4396 sbp2port - ok 20:58:55.0934 4396 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll 20:58:55.0956 4396 SCardSvr - ok 20:58:55.0994 4396 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll 20:58:56.0064 4396 Schedule - ok 20:58:56.0084 4396 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll 20:58:56.0106 4396 SCPolicySvc - ok 20:58:56.0134 4396 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys 20:58:56.0178 4396 sdbus - ok 20:58:56.0204 4396 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll 20:58:56.0220 4396 SDRSVC - ok 20:58:56.0234 4396 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 20:58:56.0291 4396 secdrv - ok 20:58:56.0311 4396 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll 20:58:56.0339 4396 seclogon - ok 20:58:56.0356 4396 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll 20:58:56.0384 4396 SENS - ok 20:58:56.0407 4396 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys 20:58:56.0463 4396 Serenum - ok 20:58:56.0490 4396 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys 20:58:56.0555 4396 Serial - ok 20:58:56.0577 4396 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys 20:58:56.0604 4396 sermouse - ok 20:58:56.0633 4396 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll 20:58:56.0668 4396 SessionEnv - ok 20:58:56.0687 4396 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 20:58:56.0707 4396 sffdisk - ok 20:58:56.0729 4396 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 20:58:56.0770 4396 sffp_mmc - ok 20:58:56.0788 4396 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 20:58:56.0813 4396 sffp_sd - ok 20:58:56.0822 4396 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 20:58:56.0875 4396 sfloppy - ok 20:58:56.0916 4396 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll 20:58:56.0960 4396 SharedAccess - ok 20:58:57.0000 4396 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 20:58:57.0033 4396 ShellHWDetection - ok 20:58:57.0050 4396 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys 20:58:57.0064 4396 sisagp - ok 20:58:57.0084 4396 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 20:58:57.0098 4396 SiSRaid2 - ok 20:58:57.0122 4396 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 20:58:57.0136 4396 SiSRaid4 - ok 20:58:57.0286 4396 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe 20:58:57.0746 4396 slsvc - ok 20:58:57.0811 4396 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll 20:58:57.0849 4396 SLUINotify - ok 20:58:57.0865 4396 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys 20:58:57.0894 4396 Smb - ok 20:58:57.0927 4396 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 20:58:57.0942 4396 SNMPTRAP - ok 20:58:57.0978 4396 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys 20:58:57.0991 4396 spldr - ok 20:58:58.0021 4396 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe 20:58:58.0037 4396 Spooler - ok 20:58:58.0072 4396 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys 20:58:58.0097 4396 srv - ok 20:58:58.0122 4396 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 20:58:58.0148 4396 srv2 - ok 20:58:58.0157 4396 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 20:58:58.0179 4396 srvnet - ok 20:58:58.0196 4396 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 20:58:58.0234 4396 SSDPSRV - ok 20:58:58.0259 4396 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys 20:58:58.0270 4396 ssmdrv - ok 20:58:58.0302 4396 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll 20:58:58.0318 4396 SstpSvc - ok 20:58:58.0354 4396 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll 20:58:58.0403 4396 stisvc - ok 20:58:58.0433 4396 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 20:58:58.0446 4396 swenum - ok 20:58:58.0465 4396 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll 20:58:58.0503 4396 swprv - ok 20:58:58.0526 4396 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 20:58:58.0538 4396 Symc8xx - ok 20:58:58.0566 4396 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 20:58:58.0578 4396 Sym_hi - ok 20:58:58.0591 4396 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 20:58:58.0603 4396 Sym_u3 - ok 20:58:58.0636 4396 [ 451E8037E2EB6DA6BDF0A66F65D1810B ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 20:58:58.0651 4396 SynTP - ok 20:58:58.0674 4396 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll 20:58:58.0741 4396 SysMain - ok 20:58:58.0781 4396 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll 20:58:58.0799 4396 TabletInputService - ok 20:58:58.0827 4396 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll 20:58:58.0865 4396 TapiSrv - ok 20:58:58.0887 4396 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll 20:58:58.0927 4396 TBS - ok 20:58:58.0975 4396 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 20:58:59.0041 4396 Tcpip - ok 20:58:59.0061 4396 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 20:58:59.0118 4396 Tcpip6 - ok 20:58:59.0150 4396 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 20:58:59.0164 4396 tcpipreg - ok 20:58:59.0186 4396 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 20:58:59.0211 4396 TDPIPE - ok 20:58:59.0227 4396 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 20:58:59.0254 4396 TDTCP - ok 20:58:59.0295 4396 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 20:58:59.0328 4396 tdx - ok 20:58:59.0345 4396 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 20:58:59.0361 4396 TermDD - ok 20:58:59.0395 4396 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll 20:58:59.0430 4396 TermService - ok 20:58:59.0469 4396 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll 20:58:59.0486 4396 Themes - ok 20:58:59.0502 4396 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll 20:58:59.0529 4396 THREADORDER - ok 20:58:59.0570 4396 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll 20:58:59.0605 4396 TrkWks - ok 20:58:59.0631 4396 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 20:58:59.0652 4396 TrustedInstaller - ok 20:58:59.0675 4396 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 20:58:59.0703 4396 tssecsrv - ok 20:58:59.0781 4396 [ FC740E4FF236B72CA59B8F762D30C7F3 ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe 20:58:59.0885 4396 TuneUp.UtilitiesSvc - ok 20:58:59.0902 4396 [ 94C4CD2D19B8C4137A46261F229FEC24 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys 20:58:59.0912 4396 TuneUpUtilitiesDrv - ok 20:58:59.0926 4396 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 20:58:59.0948 4396 tunmp - ok 20:58:59.0975 4396 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 20:58:59.0990 4396 tunnel - ok 20:59:00.0008 4396 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys 20:59:00.0022 4396 uagp35 - ok 20:59:00.0064 4396 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 20:59:00.0087 4396 udfs - ok 20:59:00.0231 4396 [ 215462AE7E6A897D675E84DD1E3B3B56 ] ufad-ws60 C:\Program Files\VMware\VMware Player\vmware-ufad.exe 20:59:00.0244 4396 ufad-ws60 - ok 20:59:00.0273 4396 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 20:59:00.0313 4396 UI0Detect - ok 20:59:00.0338 4396 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 20:59:00.0353 4396 uliagpkx - ok 20:59:00.0376 4396 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys 20:59:00.0395 4396 uliahci - ok 20:59:00.0418 4396 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys 20:59:00.0431 4396 UlSata - ok 20:59:00.0449 4396 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 20:59:00.0464 4396 ulsata2 - ok 20:59:00.0491 4396 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 20:59:00.0531 4396 umbus - ok 20:59:00.0561 4396 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll 20:59:00.0609 4396 upnphost - ok 20:59:00.0654 4396 [ AFB10A231254A1920C3BB4A0D02E1CA6 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 20:59:00.0689 4396 usbccgp - ok 20:59:00.0713 4396 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys 20:59:00.0757 4396 usbcir - ok 20:59:00.0789 4396 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 20:59:00.0822 4396 usbehci - ok 20:59:00.0861 4396 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 20:59:00.0900 4396 usbhub - ok 20:59:00.0920 4396 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys 20:59:00.0965 4396 usbohci - ok 20:59:00.0976 4396 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys 20:59:01.0020 4396 usbprint - ok 20:59:01.0034 4396 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 20:59:01.0058 4396 USBSTOR - ok 20:59:01.0075 4396 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 20:59:01.0096 4396 usbuhci - ok 20:59:01.0124 4396 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 20:59:01.0166 4396 usbvideo - ok 20:59:01.0191 4396 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll 20:59:01.0213 4396 UxSms - ok 20:59:01.0237 4396 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe 20:59:01.0269 4396 vds - ok 20:59:01.0310 4396 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 20:59:01.0347 4396 vga - ok 20:59:01.0383 4396 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys 20:59:01.0423 4396 VgaSave - ok 20:59:01.0447 4396 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys 20:59:01.0461 4396 viaagp - ok 20:59:01.0478 4396 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys 20:59:01.0504 4396 ViaC7 - ok 20:59:01.0522 4396 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys 20:59:01.0535 4396 viaide - ok 20:59:01.0584 4396 [ 42F0ECAF36636841A4A006850695507F ] VMAuthdService C:\Program Files\VMware\VMware Player\vmware-authd.exe 20:59:01.0597 4396 VMAuthdService - ok 20:59:01.0603 4396 VMC302 - ok 20:59:01.0643 4396 [ B4FC3E68EF1AD16D6D60240D2A5445D8 ] VMC326 C:\Windows\system32\Drivers\VMC326.sys 20:59:01.0657 4396 VMC326 - ok 20:59:01.0688 4396 [ 69F761F00950C65AF8E5F836BF251D61 ] vmci C:\Windows\system32\Drivers\vmci.sys 20:59:01.0699 4396 vmci - ok 20:59:01.0728 4396 [ DCD2F4A14795E8A8114A7CAE2A9B9465 ] vmkbd C:\Windows\system32\drivers\VMkbd.sys 20:59:01.0738 4396 vmkbd - ok 20:59:01.0753 4396 [ E41704D8149992107B333CC7A52C07CC ] VMnetAdapter C:\Windows\system32\DRIVERS\vmnetadapter.sys 20:59:01.0763 4396 VMnetAdapter - ok 20:59:01.0781 4396 [ 462F2A31EA8B87A28962ACA998DF1869 ] VMnetBridge C:\Windows\system32\DRIVERS\vmnetbridge.sys 20:59:01.0791 4396 VMnetBridge - ok 20:59:01.0816 4396 [ 4C8927595E18017F9C1716370F572B7D ] VMnetDHCP C:\Windows\system32\vmnetdhcp.exe 20:59:01.0834 4396 VMnetDHCP - ok 20:59:01.0850 4396 [ 6BD13F3F8A4A67A4FC5C3DC1696C00D8 ] VMnetuserif C:\Windows\system32\drivers\vmnetuserif.sys 20:59:01.0860 4396 VMnetuserif - ok 20:59:01.0899 4396 [ F22098DBDD13C1221C274496B3E18DA7 ] VMUSBArbService C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe 20:59:01.0945 4396 VMUSBArbService - ok 20:59:02.0001 4396 [ 61DA8934252B140C4B568813F543D0D2 ] VMware NAT Service C:\Windows\system32\vmnat.exe 20:59:02.0035 4396 VMware NAT Service - ok 20:59:02.0090 4396 [ 963A6A23EEB5AB6277C64FBC98517DE8 ] vmx86 C:\Windows\system32\Drivers\vmx86.sys 20:59:02.0158 4396 vmx86 - ok 20:59:02.0188 4396 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys 20:59:02.0201 4396 volmgr - ok 20:59:02.0218 4396 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 20:59:02.0236 4396 volmgrx - ok 20:59:02.0263 4396 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys 20:59:02.0282 4396 volsnap - ok 20:59:02.0299 4396 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 20:59:02.0314 4396 vsmraid - ok 20:59:02.0362 4396 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe 20:59:02.0441 4396 VSS - ok 20:59:02.0475 4396 [ 98929C5C5314C4C048E2F60492C26723 ] vstor2-ws60 C:\Program Files\VMware\VMware Player\vstor2-ws60.sys 20:59:02.0485 4396 vstor2-ws60 - ok 20:59:02.0508 4396 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll 20:59:02.0536 4396 W32Time - ok 20:59:02.0559 4396 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 20:59:02.0613 4396 WacomPen - ok 20:59:02.0633 4396 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 20:59:02.0654 4396 Wanarp - ok 20:59:02.0659 4396 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 20:59:02.0681 4396 Wanarpv6 - ok 20:59:02.0706 4396 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll 20:59:02.0729 4396 wcncsvc - ok 20:59:02.0756 4396 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 20:59:02.0778 4396 WcsPlugInService - ok 20:59:02.0803 4396 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys 20:59:02.0816 4396 Wd - ok 20:59:02.0852 4396 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 20:59:02.0884 4396 Wdf01000 - ok 20:59:02.0903 4396 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll 20:59:02.0945 4396 WdiServiceHost - ok 20:59:02.0950 4396 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll 20:59:02.0980 4396 WdiSystemHost - ok 20:59:03.0003 4396 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll 20:59:03.0031 4396 WebClient - ok 20:59:03.0045 4396 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll 20:59:03.0063 4396 Wecsvc - ok 20:59:03.0078 4396 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll 20:59:03.0106 4396 wercplsupport - ok 20:59:03.0131 4396 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll 20:59:03.0156 4396 WerSvc - ok 20:59:03.0203 4396 [ A84D595076650CCE94021EEDA243D027 ] WILPAR C:\Windows\System32\Drivers\WILPAR.SYS 20:59:03.0215 4396 WILPAR ( UnsignedFile.Multi.Generic ) - warning 20:59:03.0215 4396 WILPAR - detected UnsignedFile.Multi.Generic (1) 20:59:03.0292 4396 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 20:59:03.0310 4396 WinDefend - ok 20:59:03.0316 4396 WinHttpAutoProxySvc - ok 20:59:03.0378 4396 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 20:59:03.0402 4396 Winmgmt - ok 20:59:03.0459 4396 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll 20:59:03.0545 4396 WinRM - ok 20:59:03.0586 4396 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll 20:59:03.0665 4396 Wlansvc - ok 20:59:03.0692 4396 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 20:59:03.0728 4396 WmiAcpi - ok 20:59:03.0755 4396 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 20:59:03.0784 4396 wmiApSrv - ok 20:59:03.0850 4396 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 20:59:03.0898 4396 WMPNetworkSvc - ok 20:59:03.0927 4396 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll 20:59:03.0953 4396 WPCSvc - ok 20:59:03.0999 4396 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 20:59:04.0017 4396 WPDBusEnum - ok 20:59:04.0059 4396 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys 20:59:04.0073 4396 WpdUsb - ok 20:59:04.0177 4396 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 20:59:04.0203 4396 WPFFontCache_v0400 - ok 20:59:04.0228 4396 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 20:59:04.0260 4396 ws2ifsl - ok 20:59:04.0287 4396 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll 20:59:04.0315 4396 wscsvc - ok 20:59:04.0321 4396 WSearch - ok 20:59:04.0395 4396 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 20:59:04.0502 4396 wuauserv - ok 20:59:04.0532 4396 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 20:59:04.0548 4396 WudfPf - ok 20:59:04.0565 4396 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 20:59:04.0594 4396 WUDFRd - ok 20:59:04.0607 4396 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 20:59:04.0624 4396 wudfsvc - ok 20:59:04.0660 4396 [ 04E268ADFC81964C49DC0C082D520F7E ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys 20:59:04.0684 4396 yukonwlh - ok 20:59:04.0697 4396 ================ Scan global =============================== 20:59:04.0717 4396 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll 20:59:04.0755 4396 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll 20:59:04.0778 4396 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll 20:59:04.0824 4396 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe 20:59:04.0831 4396 [Global] - ok 20:59:04.0831 4396 ================ Scan MBR ================================== 20:59:04.0857 4396 [ 61A349592C4728853F4A90FF78F7628E ] \Device\Harddisk0\DR0 20:59:05.0306 4396 \Device\Harddisk0\DR0 - ok 20:59:05.0306 4396 ================ Scan VBR ================================== 20:59:05.0310 4396 [ 8F680E9C96742F84409DE2DEFDF6E44E ] \Device\Harddisk0\DR0\Partition1 20:59:05.0311 4396 \Device\Harddisk0\DR0\Partition1 - ok 20:59:05.0336 4396 [ C6B1334342E9CCC2D83F9A7A634EBA15 ] \Device\Harddisk0\DR0\Partition2 20:59:05.0338 4396 \Device\Harddisk0\DR0\Partition2 - ok 20:59:05.0338 4396 ============================================================ 20:59:05.0338 4396 Scan finished 20:59:05.0338 4396 ============================================================ 20:59:05.0351 5468 Detected object count: 7 20:59:05.0351 5468 Actual detected object count: 7 20:59:59.0467 5468 Apache2.2 ( UnsignedFile.Multi.Generic ) - skipped by user 20:59:59.0467 5468 Apache2.2 ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:59:59.0470 5468 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user 20:59:59.0470 5468 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:59:59.0472 5468 FileZilla Server ( UnsignedFile.Multi.Generic ) - skipped by user 20:59:59.0472 5468 FileZilla Server ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:59:59.0475 5468 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user 20:59:59.0475 5468 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:59:59.0475 5468 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user 20:59:59.0475 5468 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:59:59.0478 5468 Samsung Update Plus ( UnsignedFile.Multi.Generic ) - skipped by user 20:59:59.0478 5468 Samsung Update Plus ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:59:59.0480 5468 WILPAR ( UnsignedFile.Multi.Generic ) - skipped by user 20:59:59.0480 5468 WILPAR ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:00:35.0742 5740 Deinitialize success Kann das sein, dass Deine Programme schon das Problem beseitigt haben? Jedenfalls kommt bis jetzt jedenfalls keine Meldung mehr!!! PTL Vielen Dank wenn dem so ist. |
|
02.05.2013, 10:04
| #4 | |
| /// TB-Ausbilder | Mit Avira tr-atraps.gen2 ; TR/necurs.a.71 ; TR/Sirefef.a.78 Servus, Zitat:
 Führe bitte nochmal OTL und GMER aus und poste die Logdateien dazu: Schritt 1 Starte bitte OTL.exe. Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button. Poste die OTL.txt und die Extras.txt hier in deinen Thread. Schritt 2 Bitte lade dir  GMER herunter: (Dateiname zufällig)
Tauchen Probleme auf?
Bitte poste mit deiner nächsten Antwort
|
|
02.05.2013, 21:02
| #5 |
| | Mit Avira tr-atraps.gen2 ; TR/necurs.a.71 ; TR/Sirefef.a.78 Vielen Dank für die Mühe - habe immer noch keine weitere Warnmeldung, Danke. |
|
03.05.2013, 15:09
| #6 |
| /// TB-Ausbilder | Mit Avira tr-atraps.gen2 ; TR/necurs.a.71 ; TR/Sirefef.a.78 Servus, ok, hört sich gut an. Wir kontrollieren nochmal alles: Schritt 1 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 2 ESET Online Scanner
Schritt 3 Downloade Dir bitte  SecurityCheck und:
Bitte poste mit deiner nächsten Antwort
|
|
03.05.2013, 18:51
| #7 |
| | Mit Avira tr-atraps.gen2 ; TR/necurs.a.71 ; TR/Sirefef.a.78 Halöonochmals diesmal hat das Programm was gefunden ... |
|
03.05.2013, 18:54
| #8 |
| /// TB-Ausbilder | Mit Avira tr-atraps.gen2 ; TR/necurs.a.71 ; TR/Sirefef.a.78 Servus, ok, MBAM hat den Rest noch entfernt.  Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.  Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Ich sehe, dass du sog. Registry Cleaner auf dem System hast. In deinem Fall TuneUp Utilities 2013 . Wir empfehlen auf keinen Fall jegliche Art von Registry Cleaner. Der Grund ist ganz einfach: Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich. Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr booted.
Zerstörst Du die Registry, zerstörst Du Windows. Ich empfehle dir hiermit die oben genannte Software zu deinstallieren und in Zukunft auf solche Art von Software zu verzichten. Am Ende empfehle ich dir ein anderes Tool, mit dem du deine temporären Dateien entfernen kannst. Schritt 1 Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Schritt 2 Deine Version von Adobe Flash Player ist veraltet. Bitte folge diesen Schritte, um Adobe Flash zu aktualisieren:
Schritt 3
Prüfe bitte auch (regelmässig) ob folgende Links fehlende Updates bei deinen Plugins zeigen: Schritt 4 Sofern verwendet, starte DeFogger und klicke auf Re-enable. Gegebenenfalls muss dein Rechner neu gestartet werden. Schritt 5 Downloade dir bitte delfix auf deinen Desktop.
Schritt 6 Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems. Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von Registry Cleanern. Diese Schaden deinem System mehr als dass sie helfen. Hier ein englischer Link: Miekemoes Blogspot ( MVP ) Was du vermeiden solltest:
Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen. Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
|
04.05.2013, 08:27
| #9 |
| | Mit Avira tr-atraps.gen2 ; TR/necurs.a.71 ; TR/Sirefef.a.78 Auf halbem Weg (Schritt 3 beendet) kamen zwei Virenmeldungen: TR/PSW.Fareit724 Adware/InstqallCore.gen soll ich einfach weitermachen? Adobe Reader gibt es wohl nicht als Update für Vista Rechner; erst als ich XP auswählte hatte ich die Option der gewünschten Version. Normalerweise klicke ich nicht auf alles; noch öffne ich unbekannte Anhänge etc. Das Problem ist aufgetaucht als ich im Netz folgendes Forum besucht habe: hxxp://www.kuechen-forum.de Vielleicht haben die ein Problem ... . |
|
04.05.2013, 16:11
| #10 | |
| /// TB-Ausbilder | Mit Avira tr-atraps.gen2 ; TR/necurs.a.71 ; TR/Sirefef.a.78Zitat:
Bitte alle Logs mit Funden posten Ohne genaue Angaben sind solche Infos wertlos. |
|
04.05.2013, 16:18
| #11 |
| | Mit Avira tr-atraps.gen2 ; TR/necurs.a.71 ; TR/Sirefef.a.78 Hallo anbei die Beschreibung aus dem Viren Scanner |
|
04.05.2013, 16:40
| #12 |
| /// TB-Ausbilder | Mit Avira tr-atraps.gen2 ; TR/necurs.a.71 ; TR/Sirefef.a.78 Servus, das sind unbedeutende Funde. Fixen mit OTL
Code:
ATTFilter :Commands
[emptytemp]
Anschließend mit Schritt 4 meines Abschlussposts weiter. Gibt es noch Probleme? |
|
04.05.2013, 19:09
| #13 |
| | Mit Avira tr-atraps.gen2 ; TR/necurs.a.71 ; TR/Sirefef.a.78 Nochmals vielen Dank für all Deine Mühe!!! |
|
04.05.2013, 19:44
| #14 |
| | Mit Avira tr-atraps.gen2 ; TR/necurs.a.71 ; TR/Sirefef.a.78 Jetzt ist glaube ich alles OK |
|
05.05.2013, 13:13
| #15 |
| /// TB-Ausbilder | Mit Avira tr-atraps.gen2 ; TR/necurs.a.71 ; TR/Sirefef.a.78 Ich bin froh, dass wir helfen konnten  In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest: Lob, Kritik und Wünsche Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank! Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |
|
| Themen zu Mit Avira tr-atraps.gen2 ; TR/necurs.a.71 ; TR/Sirefef.a.78 |
| antivir, avira, bho, error, excel, firefox, flash player, format, helper, home, homepage, iexplore.exe, install.exe, logfile, mozilla, plug-in, realtek, registry, rundll, scan, security, senden, software, svchost.exe, tr/sirefef.a., tr/sirefef.a.7, tr/sirefef.a.78, udp, usb, vista, visual studio, wallpapers |
Textbox. 
