| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Sicherheitscenter bei Windows Vista lässt sich nicht startenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
06.02.2013, 11:29
| #1 |
 |  Sicherheitscenter bei Windows Vista lässt sich nicht starten Hallo, das Sicherheitscenter von Windows Vista hat gemeldet, dass es inaktiv ist und lässt sich jetzt nicht mehr starten. Beim Googeln nach diesem Thema werden mir Ergebnisse von Microsoft-Seiten angezeigt, die Links führen aber auf merkwürdige kommerzielle Seiten. Mc Afee Security Scan hat nichts gefunden. Wer kann mir bitte weiterhelfen? Und mir die Frage beantworten: Kann ich denn überhaupt mit dem Gerät weiterarbeiten? Z.B. Internetrecherche? Fehlen noch Informationen? Herzlichen Dank für eine baldige Antwort. Gruß Regine Die Meldungen von OTL, OTL Extras und Gmer.exe sind so lang, das ich erstmal nur OTL logfile poste. Zum direkten Hochladen sind die Dateien zu groß.OTL Logfile: Code:
ATTFilter OTL logfile created on: 06.02.2013 09:27:54 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hauptbenutzer\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,75 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 66,28% Memory free 5,73 Gb Paging File | 4,69 Gb Available in Paging File | 81,92% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,17 Gb Total Space | 81,62 Gb Free Space | 56,62% Space Free | Partition Type: NTFS Drive D: | 144,15 Gb Total Space | 102,05 Gb Free Space | 70,79% Space Free | Partition Type: NTFS Computer Name: NOTEBOOK | User Name: Hauptbenutzer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.06 09:07:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hauptbenutzer\Desktop\OTL.exe PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.10.26 19:16:12 | 000,271,808 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\3.0.313\SSScheduler.exe PRC - [2012.09.21 09:59:18 | 000,537,240 | ---- | M] () -- C:\Programme\Buhl finance\tax Steuersoftware 2012\taxaktuell.exe PRC - [2012.09.12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\MsMpEng.exe PRC - [2012.08.13 10:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Programme\program\soffice.exe PRC - [2012.08.13 10:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Programme\program\soffice.bin PRC - [2012.04.06 13:12:55 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\Update\realsched.exe PRC - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2009.04.11 14:18:30 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 14:18:26 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe PRC - [2008.09.30 13:06:50 | 000,485,208 | ---- | M] (Nikon Corporation) -- C:\Programme\Common Files\Nikon\Monitor\NkMonitor.exe PRC - [2008.09.15 18:27:34 | 000,165,144 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2008.09.15 18:27:30 | 000,554,264 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe PRC - [2008.09.15 18:21:30 | 004,353,088 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe PRC - [2008.09.10 23:02:24 | 000,809,480 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe PRC - [2008.06.11 09:22:16 | 000,409,600 | ---- | M] (Acer Inc.) -- C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe PRC - [2008.05.29 16:44:30 | 000,167,936 | ---- | M] (CyberLink) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe PRC - [2008.05.29 16:44:22 | 000,147,456 | ---- | M] (CyberLink Corp.) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe PRC - [2008.05.14 16:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe PRC - [2008.05.14 16:05:22 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe PRC - [2008.05.12 16:28:04 | 000,167,936 | ---- | M] (Acer Corp.) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe PRC - [2008.03.21 12:22:52 | 000,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe PRC - [2008.01.16 17:35:02 | 000,081,504 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe PRC - [2007.12.06 15:15:28 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe ========== Modules (No Company Name) ========== MOD - [2013.01.11 10:06:42 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\56e40fa3c6d2f2a4200ee4e11fce57e7\System.ServiceProcess.ni.dll MOD - [2013.01.11 10:06:38 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\9b2eef59d0cfc5aff182d0951de5f040\Accessibility.ni.dll MOD - [2013.01.11 10:06:35 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll MOD - [2013.01.11 10:06:29 | 011,820,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\259f7342c8ebb1150db3df1bc4d3394c\System.Web.ni.dll MOD - [2013.01.11 10:06:07 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll MOD - [2013.01.11 10:06:03 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll MOD - [2013.01.11 10:05:41 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0c3da9004b277959e24a9fd606d3dd05\System.Windows.Forms.ni.dll MOD - [2013.01.11 10:05:30 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll MOD - [2013.01.11 10:04:19 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll MOD - [2013.01.11 10:04:05 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll MOD - [2012.09.21 10:00:08 | 004,467,864 | ---- | M] () -- C:\Programme\Buhl finance\tax Steuersoftware 2012\wauff12.dll MOD - [2012.09.21 10:00:05 | 002,017,432 | ---- | M] () -- C:\Programme\Buhl finance\tax Steuersoftware 2012\wfvie12.dll MOD - [2012.09.21 09:59:58 | 007,956,120 | ---- | M] () -- C:\Programme\Buhl finance\tax Steuersoftware 2012\wgui12.dll MOD - [2012.09.21 09:59:37 | 001,649,816 | ---- | M] () -- C:\Programme\Buhl finance\tax Steuersoftware 2012\wreli12.dll MOD - [2012.09.21 09:59:36 | 003,001,496 | ---- | M] () -- C:\Programme\Buhl finance\tax Steuersoftware 2012\wcore12.dll MOD - [2012.09.21 09:59:31 | 001,548,952 | ---- | M] () -- C:\Programme\Buhl finance\tax Steuersoftware 2012\wsteu12.dll MOD - [2012.09.21 09:59:28 | 000,319,640 | ---- | M] () -- C:\Programme\Buhl finance\tax Steuersoftware 2012\rsguiwinapi47.dll MOD - [2012.09.21 09:59:26 | 000,275,096 | ---- | M] () -- C:\Programme\Buhl finance\tax Steuersoftware 2012\rscorewinapi47.dll MOD - [2012.09.21 09:59:18 | 000,537,240 | ---- | M] () -- C:\Programme\Buhl finance\tax Steuersoftware 2012\taxaktuell.exe MOD - [2012.09.21 09:59:09 | 000,135,832 | ---- | M] () -- C:\Programme\Buhl finance\tax Steuersoftware 2012\rsodbc47.dll MOD - [2012.09.21 09:59:07 | 000,028,672 | ---- | M] () -- C:\Programme\Buhl finance\tax Steuersoftware 2012\rsdcom47.dll MOD - [2012.08.10 15:51:32 | 000,985,088 | ---- | M] () -- C:\Programme\program\libxml2.dll MOD - [2012.02.07 11:37:06 | 000,865,280 | ---- | M] () -- C:\Programme\Buhl finance\tax Steuersoftware 2012\qtcluceners47.dll MOD - [2012.02.07 11:37:06 | 000,271,872 | ---- | M] () -- C:\Programme\Buhl finance\tax Steuersoftware 2012\phononrs47.dll MOD - [2012.02.07 11:37:04 | 011,163,648 | ---- | M] () -- C:\Programme\Buhl finance\tax Steuersoftware 2012\qtwebkitrs47.dll MOD - [2012.02.07 11:37:02 | 000,108,544 | ---- | M] () -- C:\Programme\Buhl finance\tax Steuersoftware 2012\qttestrs47.dll MOD - [2012.02.07 11:37:00 | 001,340,416 | ---- | M] () -- C:\Programme\Buhl finance\tax Steuersoftware 2012\qtscriptrs47.dll MOD - [2012.02.07 11:36:58 | 002,395,648 | ---- | M] () -- C:\Programme\Buhl finance\tax Steuersoftware 2012\qt3supportrs47.dll MOD - [2012.02.07 11:36:58 | 000,720,896 | ---- | M] () -- C:\Programme\Buhl finance\tax Steuersoftware 2012\qtsqlrs47.dll MOD - [2012.02.07 11:36:58 | 000,281,088 | ---- | M] () -- C:\Programme\Buhl finance\tax Steuersoftware 2012\qtsvgrs47.dll MOD - [2012.02.07 11:36:56 | 000,358,400 | ---- | M] () -- C:\Programme\Buhl finance\tax Steuersoftware 2012\qtxmlrs47.dll MOD - [2012.02.07 11:36:54 | 008,934,400 | ---- | M] () -- C:\Programme\Buhl finance\tax Steuersoftware 2012\qtguirs47.dll MOD - [2012.02.07 11:36:54 | 002,356,736 | ---- | M] () -- C:\Programme\Buhl finance\tax Steuersoftware 2012\qtcorers47.dll MOD - [2012.02.07 11:36:54 | 000,990,208 | ---- | M] () -- C:\Programme\Buhl finance\tax Steuersoftware 2012\qtnetworkrs47.dll MOD - [2011.05.26 22:11:51 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3097.37359__90ba9c70f846762e\MOM.Implementation.dll MOD - [2011.05.26 22:11:51 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3091.17956__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2011.05.26 22:11:51 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3091.17977__90ba9c70f846762e\MOM.Foundation.dll MOD - [2011.05.26 22:11:48 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3097.37356__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2011.05.26 22:11:48 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3091.17965__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2011.05.26 22:11:48 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3091.17954__90ba9c70f846762e\LOG.Foundation.dll MOD - [2011.05.26 22:11:48 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3091.17977__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2011.05.26 22:11:48 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3091.17963__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll MOD - [2011.05.26 22:11:47 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3006.0__4df5dcab8860d239\Framework.Utility.dll MOD - [2011.05.26 22:11:47 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll MOD - [2011.05.26 22:11:47 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3097.37411__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll MOD - [2011.05.26 22:11:45 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3006.0__3036420f80dd6947\Framework.Library.dll MOD - [2011.05.26 22:11:45 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3006.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll MOD - [2011.05.26 22:11:44 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2011.05.26 22:11:44 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3091.17981__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2011.05.26 22:11:44 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3091.17980__90ba9c70f846762e\DEM.OS.dll MOD - [2011.05.26 22:11:44 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2011.05.26 22:11:44 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3091.17981__90ba9c70f846762e\DEM.Graphics.dll MOD - [2011.05.26 22:11:44 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2011.05.26 22:11:43 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3091.17957__90ba9c70f846762e\CLI.Foundation.dll MOD - [2011.05.26 22:11:43 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3091.17961__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2011.05.26 22:11:43 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3091.18035__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2011.05.26 22:11:43 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3091.17978__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2011.05.26 22:11:43 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3091.17970__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2011.05.26 22:11:42 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3097.37100__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2011.05.26 22:11:40 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory.resources\2.0.3097.37062_de_90ba9c70f846762e\CLI.Component.SkinFactory.resources.dll MOD - [2011.05.26 22:11:39 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3097.37062__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2011.05.26 22:11:39 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3097.37060__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2011.05.26 22:11:39 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3091.17979__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2011.05.26 22:11:39 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3091.17967__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2011.05.26 22:11:39 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3097.37059__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2011.05.26 22:11:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3091.17977__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2011.05.26 22:11:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3091.17968__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2011.05.26 22:11:34 | 000,995,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3097.37077__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2011.05.26 22:11:34 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3091.17970__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2011.05.26 22:11:34 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3091.17961__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2011.05.26 22:11:34 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3091.17987__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2011.05.26 22:11:33 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3091.17970__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2011.05.26 22:11:33 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3097.37107__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2011.05.26 22:11:33 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3091.17993__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2011.05.26 22:11:32 | 000,270,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3097.37069__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2011.05.26 22:11:32 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3091.17982__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2011.05.26 22:11:31 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3097.37084__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2011.05.26 22:11:30 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3097.37379__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2011.05.26 22:11:27 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3097.37372__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2011.05.26 22:11:27 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3091.18001__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2011.05.26 22:11:24 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3097.37306__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2011.05.26 22:11:24 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3091.17992__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2011.05.26 22:11:14 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3097.37130__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2011.05.26 22:11:13 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3097.37137__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2011.05.26 22:11:13 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3091.17983__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2011.05.26 22:11:13 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3097.37090__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2011.05.26 22:11:11 | 001,687,552 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3097.37114__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2011.05.26 22:11:10 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3097.37093__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2011.05.26 22:11:08 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3097.37332__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2011.05.26 22:11:08 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3091.17993__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2011.05.26 22:11:07 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3097.37237__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2011.05.26 22:11:07 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3091.17976__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2011.05.26 22:11:05 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3097.37153__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2011.05.26 22:11:05 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3097.37277__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2011.05.26 22:11:05 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3091.17982__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2011.05.26 22:11:03 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3097.37278__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2011.05.26 22:11:03 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3097.37238__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2011.05.26 22:11:03 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3091.17990__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2011.05.26 22:11:01 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3097.37287__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2011.05.26 22:11:01 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3091.17992__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2011.05.26 22:11:00 | 000,376,832 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3097.37239__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2011.05.26 22:11:00 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3091.17990__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2011.05.26 22:11:00 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3097.37239__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2011.05.26 22:11:00 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3091.17979__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2011.05.26 22:11:00 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3097.37358__90ba9c70f846762e\CCC.Implementation.dll MOD - [2011.05.26 22:11:00 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll MOD - [2011.05.26 22:10:59 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3097.37061__90ba9c70f846762e\ATIDEMOS.dll MOD - [2011.05.26 22:10:59 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3097.37057__90ba9c70f846762e\APM.Server.dll MOD - [2011.05.26 22:10:59 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3097.37058__90ba9c70f846762e\AEM.Server.dll MOD - [2011.05.26 22:10:59 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3097.37396__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2011.05.26 22:10:59 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2011.05.26 22:10:59 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3091.17977__90ba9c70f846762e\APM.Foundation.dll MOD - [2011.05.26 22:10:59 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3091.17968__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2011.05.26 22:10:59 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3091.17961__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2011.05.26 22:10:59 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3091.17968__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2011.05.26 22:10:59 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3091.17980__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2011.05.26 22:10:59 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3091.18004__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2011.05.26 22:10:59 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3091.17978__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2011.05.26 22:10:59 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3091.18004__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2011.05.26 22:10:59 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2011.05.26 22:10:58 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2009.04.11 17:48:40 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2009.04.11 17:48:39 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2009.04.11 17:48:18 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.04.11 17:48:15 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2008.06.25 07:13:46 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2008.06.11 09:21:46 | 000,204,800 | ---- | M] () -- C:\Windows\System32\SysHook.dll MOD - [2008.05.29 16:44:34 | 000,753,664 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll MOD - [2008.05.29 16:44:28 | 000,007,680 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll MOD - [2008.05.14 16:05:10 | 000,227,888 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll MOD - [2008.04.28 08:49:20 | 000,003,072 | ---- | M] () -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll MOD - [2003.06.07 22:30:08 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\PowerUtl.dll ========== Services (SafeList) ========== SRV - [2013.01.21 17:25:03 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.01.10 08:03:46 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.10.26 19:15:26 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.313\McCHSvc.exe -- (McComponentHostService) SRV - [2012.09.12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.09.12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService) SRV - [2008.09.15 18:27:30 | 000,554,264 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2008.05.14 16:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008.03.21 12:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.16 17:35:02 | 000,081,504 | ---- | M] () [Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService) SRV - [2007.12.06 15:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.08.30 21:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2009.01.17 17:04:57 | 000,950,848 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpm124.sys -- (tdrpman124) DRV - [2009.01.17 16:56:44 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snman378.sys -- (snapman378) DRV - [2008.08.15 03:37:08 | 000,921,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.06.25 07:53:34 | 003,844,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008.05.28 16:54:20 | 000,022,072 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter) DRV - [2008.05.27 22:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s) DRV - [2008.05.09 11:03:58 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) DRV - [2008.04.28 18:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) DRV - [2008.03.21 09:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2008.01.16 17:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel) DRV - [2007.07.12 11:58:54 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5) DRV - [2006.11.29 01:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 08 5F 19 63 A8 38 CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7GGLL_de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/webhp?hl=de&tab=Xw" FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.4 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.313\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.04.06 13:13:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.21 17:25:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.21 17:24:07 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.21 17:25:06 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.21 17:24:07 | 000,000,000 | ---D | M] [2011.05.26 22:19:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hauptbenutzer\AppData\Roaming\mozilla\Extensions [2013.01.18 20:38:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hauptbenutzer\AppData\Roaming\mozilla\Firefox\Profiles\66xu3ay9.default\extensions [2011.05.26 22:19:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Hauptbenutzer\AppData\Roaming\mozilla\Firefox\Profiles\66xu3ay9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013.01.18 20:38:22 | 000,538,938 | ---- | M] () (No name found) -- C:\Users\Hauptbenutzer\AppData\Roaming\mozilla\firefox\profiles\66xu3ay9.default\extensions\toolbar@web.de.xpi [2013.01.18 20:38:26 | 000,000,911 | ---- | M] () -- C:\Users\Hauptbenutzer\AppData\Roaming\mozilla\firefox\profiles\66xu3ay9.default\searchplugins\11-suche.xml [2013.01.18 20:38:27 | 000,002,273 | ---- | M] () -- C:\Users\Hauptbenutzer\AppData\Roaming\mozilla\firefox\profiles\66xu3ay9.default\searchplugins\englische-ergebnisse.xml [2013.01.18 20:38:26 | 000,010,563 | ---- | M] () -- C:\Users\Hauptbenutzer\AppData\Roaming\mozilla\firefox\profiles\66xu3ay9.default\searchplugins\gmx-suche.xml [2013.01.18 20:38:26 | 000,002,432 | ---- | M] () -- C:\Users\Hauptbenutzer\AppData\Roaming\mozilla\firefox\profiles\66xu3ay9.default\searchplugins\lastminute.xml [2013.01.18 20:38:26 | 000,005,545 | ---- | M] () -- C:\Users\Hauptbenutzer\AppData\Roaming\mozilla\firefox\profiles\66xu3ay9.default\searchplugins\webde-suche.xml [2013.01.21 17:23:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.01.21 17:23:41 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.01.21 17:25:05 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.02.16 12:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.04 19:05:59 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.16 12:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.02.16 12:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.16 12:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.16 12:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.313\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll () O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll () O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll () O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Programme\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - Startup: C:\Users\Hauptbenutzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Programme\program\quickstart.exe () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 10.13.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.100.198 80.69.102.158 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1FE02DFE-0767-48E6-96C2-F05D932B6E75}: DhcpNameServer = 80.69.100.198 80.69.102.158 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21A43059-8D0B-432B-B6BB-7427E6F51834}: DhcpNameServer = 192.168.182.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21A43059-8D0B-432B-B6BB-7427E6F51834}: NameServer = 145.253.2.11 O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Hauptbenutzer\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Hauptbenutzer\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.02.06 09:07:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hauptbenutzer\Desktop\OTL.exe [2013.02.05 17:58:06 | 000,000,000 | ---D | C] -- C:\Users\Hauptbenutzer\AppData\Local\Windows Live [2013.01.28 17:33:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2013.01.21 17:23:40 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2010.03.19 15:42:54 | 024,791,032 | ---- | C] (SiSoftware ) -- C:\Users\Hauptbenutzer\san2010-1626-BQR.exe [2005.07.04 16:35:43 | 000,155,648 | ---- | C] (Illustrate) -- C:\Program Files\WMA8Connect.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.06 09:07:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hauptbenutzer\Desktop\OTL.exe [2013.02.06 09:06:46 | 000,628,918 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.02.06 09:06:46 | 000,596,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.02.06 09:06:46 | 000,126,692 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.02.06 09:06:46 | 000,104,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.02.06 09:05:28 | 000,000,000 | ---- | M] () -- C:\Users\Hauptbenutzer\defogger_reenable [2013.02.06 09:04:23 | 000,050,477 | ---- | M] () -- C:\Users\Hauptbenutzer\Desktop\Defogger.exe [2013.02.06 09:03:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.06 09:01:23 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2013.02.06 09:01:07 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\klkmpnrxv.job [2013.02.06 09:01:00 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.06 09:01:00 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.06 09:00:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.05 18:08:07 | 000,610,364 | ---- | M] () -- C:\Users\Hauptbenutzer\Desktop\msert.exe [2013.02.05 14:28:05 | 000,098,304 | RHS- | M] () -- C:\Windows\System32\tquery8.dll [2013.01.28 17:33:46 | 000,001,915 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013.01.28 17:33:46 | 000,001,915 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013.01.26 08:59:29 | 000,024,064 | ---- | M] () -- C:\Users\Hauptbenutzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.01.23 19:09:14 | 000,479,924 | ---- | M] () -- C:\Users\Hauptbenutzer\Desktop\Fahrkarte Kornwestheim.pdf [2013.01.14 18:47:11 | 000,006,836 | ---- | M] () -- C:\Users\Hauptbenutzer\AppData\Local\d3d9caps.dat [2013.01.11 10:02:32 | 000,339,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.06 09:05:28 | 000,000,000 | ---- | C] () -- C:\Users\Hauptbenutzer\defogger_reenable [2013.02.06 09:04:22 | 000,050,477 | ---- | C] () -- C:\Users\Hauptbenutzer\Desktop\Defogger.exe [2013.02.05 18:08:07 | 000,610,364 | ---- | C] () -- C:\Users\Hauptbenutzer\Desktop\msert.exe [2013.02.05 14:28:05 | 000,098,304 | RHS- | C] () -- C:\Windows\System32\tquery8.dll [2013.02.05 14:28:05 | 000,000,330 | ---- | C] () -- C:\Windows\tasks\klkmpnrxv.job [2013.01.28 17:33:46 | 000,001,915 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2012.08.13 10:08:08 | 000,014,217 | ---- | C] () -- C:\Program Files\readme.html [2012.05.08 13:15:36 | 000,000,005 | ---- | C] () -- C:\Program Files\basis-link [2011.10.30 12:16:47 | 000,000,931 | ---- | C] () -- C:\Windows\wiso.ini [2011.07.25 16:12:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.07.19 18:41:06 | 000,024,064 | ---- | C] () -- C:\Users\Hauptbenutzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.07.12 16:58:02 | 000,006,836 | ---- | C] () -- C:\Users\Hauptbenutzer\AppData\Local\d3d9caps.dat [2011.07.01 15:27:21 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2011.06.29 17:08:31 | 000,000,000 | ---- | C] () -- C:\ProgramData\PKP_DLdu.DAT [2011.05.26 22:40:17 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2011.05.26 22:40:17 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011.05.26 22:40:17 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2011.05.26 22:40:17 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe [2011.05.26 22:40:13 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2011.05.26 22:26:47 | 000,021,532 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat [2011.05.26 21:51:52 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.07.20 19:48:46 | 000,000,268 | RH-- | C] () -- C:\Users\Hauptbenutzer\AppData\Roaming\Sounds [2009.07.20 19:43:23 | 000,000,268 | RH-- | C] () -- C:\Users\Hauptbenutzer\AppData\Roaming\Solid Colors [2005.07.04 16:35:43 | 001,309,668 | ---- | C] () -- C:\Program Files\Line-In.pdf [2005.07.04 16:35:43 | 000,138,240 | ---- | C] () -- C:\Program Files\vorbis.dll [2005.07.04 16:35:43 | 000,064,000 | ---- | C] () -- C:\Program Files\vorbisenc.dll [2005.07.04 16:35:43 | 000,044,863 | ---- | C] () -- C:\Program Files\German.lng [2005.07.04 16:35:43 | 000,043,771 | ---- | C] () -- C:\Program Files\Italian.lng [2005.07.04 16:35:43 | 000,042,533 | ---- | C] () -- C:\Program Files\Spanish.lng [2005.07.04 16:35:43 | 000,011,776 | ---- | C] () -- C:\Program Files\vorbisfile.dll [2005.07.04 16:35:43 | 000,009,216 | ---- | C] () -- C:\Program Files\ogg.dll [2005.07.04 16:35:42 | 000,899,072 | ---- | C] () -- C:\Program Files\audiograbber.exe [2005.07.04 16:35:42 | 000,178,412 | ---- | C] () -- C:\Program Files\Erste_Schritte.pdf [2005.07.04 16:35:42 | 000,046,092 | ---- | C] () -- C:\Program Files\French.lng [2005.07.04 16:35:42 | 000,036,352 | ---- | C] () -- C:\Program Files\ag12full.dll [2005.07.04 16:35:42 | 000,004,774 | ---- | C] () -- C:\Program Files\audiograbber.ini [2005.07.04 16:35:42 | 000,000,760 | ---- | C] () -- C:\Program Files\audiograbber.apr [2005.07.04 16:35:42 | 000,000,386 | ---- | C] () -- C:\Program Files\Auto.Nam ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 14:18:30 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 14:18:20 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.05.26 22:19:37 | 000,000,000 | ---D | M] -- C:\Users\Hauptbenutzer\AppData\Roaming\AAV [2011.05.26 22:19:37 | 000,000,000 | ---D | M] -- C:\Users\Hauptbenutzer\AppData\Roaming\Acer GameZone Console [2011.05.26 22:19:37 | 000,000,000 | ---D | M] -- C:\Users\Hauptbenutzer\AppData\Roaming\Amazon [2012.03.05 18:22:06 | 000,000,000 | ---D | M] -- C:\Users\Hauptbenutzer\AppData\Roaming\AnvSoft [2011.10.30 12:20:26 | 000,000,000 | ---D | M] -- C:\Users\Hauptbenutzer\AppData\Roaming\Buhl Data Service [2011.05.26 22:19:37 | 000,000,000 | ---D | M] -- C:\Users\Hauptbenutzer\AppData\Roaming\fotobuch.de AG [2011.05.26 22:19:51 | 000,000,000 | ---D | M] -- C:\Users\Hauptbenutzer\AppData\Roaming\Nikon [2011.05.26 22:19:51 | 000,000,000 | ---D | M] -- C:\Users\Hauptbenutzer\AppData\Roaming\OpenOffice.org ========== Purity Check ========== < End of report > |
|
06.02.2013, 11:50
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Sicherheitscenter bei Windows Vista lässt sich nicht starten Hallo und
__________________ Zitat:
__________________ |
|
06.02.2013, 12:39
| #3 |
| | Sicherheitscenter bei Windows Vista lässt sich nicht starten Sorry, aber wo hänge ich die Zip-Datei an?
__________________ |
|
06.02.2013, 12:53
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Sicherheitscenter bei Windows Vista lässt sich nicht starten Hinweise mal wieder nicht gelesen?  Diese hier => http://www.trojaner-board.de/69886-a...tml#post566999
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
06.02.2013, 12:58
| #5 |
| | Sicherheitscenter bei Windows Vista lässt sich nicht starten Schäm! Jetzt hab ich's. Sorry, bin wohl etwas nervös.Die Zip-Datei folgt also hier. Gruß Regine |
|
06.02.2013, 14:13
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Sicherheitscenter bei Windows Vista lässt sich nicht startenCode:
ATTFilter [2013.02.05 14:28:05 | 000,098,304 | RHS- | C] () -- C:\Windows\System32\tquery8.dll
[2013.02.05 14:28:05 | 000,000,330 | ---- | C] () -- C:\Windows\tasks\klkmpnrxv.job
 Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Malwarebytes Anti-Rootkit  Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ --> Sicherheitscenter bei Windows Vista lässt sich nicht starten |
|
06.02.2013, 20:52
| #7 |
| | Sicherheitscenter bei Windows Vista lässt sich nicht starten Ich denke, ich habe bisher alles verstanden. Mbar hat beim ersten Durchlauf 8 malware gefunden, beim zweiten Mal keines mehr. Logfile des ersten Durchgangs: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1017
www.malwarebytes.org
Database version: v2013.02.06.08
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Hauptbenutzer :: NOTEBOOK [administrator]
06.02.2013 20:21:42
mbar-log-2013-02-06 (20-21-42).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28440
Time elapsed: 13 minute(s), 30 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 4
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES\OGG.DLL (Spyware.OnlineGames) -> Data: 1 -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES\VORBIS.DLL (Spyware.OnlineGames) -> Data: 1 -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES\VORBISENC.DLL (Spyware.OnlineGames) -> Data: 1 -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES\VORBISFILE.DLL (Spyware.OnlineGames) -> Data: 1 -> Delete on reboot.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 4
c:\Program Files\ogg.dll (Spyware.OnlineGames) -> Delete on reboot.
c:\Program Files\vorbis.dll (Spyware.OnlineGames) -> Delete on reboot.
c:\Program Files\vorbisenc.dll (Spyware.OnlineGames) -> Delete on reboot.
c:\Program Files\vorbisfile.dll (Spyware.OnlineGames) -> Delete on reboot.
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1017
www.malwarebytes.org
Database version: v2013.02.06.08
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Hauptbenutzer :: NOTEBOOK [administrator]
06.02.2013 20:41:33
mbar-log-2013-02-06 (20-41-33).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28417
Time elapsed: 12 minute(s), 50 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Schönen Abend! Regine |
|
06.02.2013, 21:51
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Sicherheitscenter bei Windows Vista lässt sich nicht starten 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.02.2013, 12:16
| #9 |
| | Sicherheitscenter bei Windows Vista lässt sich nicht starten Hier das aswMBR-Log: Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-07 11:38:04
-----------------------------
11:38:04.734 OS Version: Windows 6.0.6002 Service Pack 2
11:38:04.734 Number of processors: 2 586 0x301
11:38:04.750 ComputerName: NOTEBOOK UserName:
11:38:13.876 Initialize success
11:39:50.682 AVAST engine defs: 13020700
11:40:26.780 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005d
11:40:26.796 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 8
11:40:26.811 Disk 0 MBR read successfully
11:40:26.811 Disk 0 MBR scan
11:40:26.842 Disk 0 Windows VISTA default MBR code
11:40:26.842 Disk 0 Partition 1 00 27 Hidden NTFS WinRE MSDOS5.0 10000 MB offset 2048
11:40:26.874 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 147630 MB offset 20482048
11:40:26.936 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 147613 MB offset 322828288
11:40:26.967 Disk 0 scanning sectors +625139712
11:40:27.076 Disk 0 scanning C:\Windows\system32\drivers
11:40:56.108 Service scanning
11:41:17.698 Service MpKsl433aa42e C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{48F9D230-E394-472E-A4A5-D165F618A4F8}\MpKsl433aa42e.sys **LOCKED** 32
11:41:48.711 Modules scanning
11:41:53.781 Disk 0 trace - called modules:
11:41:53.812 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys ahcix86s.sys tcpip.sys NETIO.SYS
11:41:53.828 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86a3fac8]
11:41:53.844 3 CLASSPNP.SYS[8a1cc8b3] -> nt!IofCallDriver -> [0x86102850]
11:41:53.859 5 acpi.sys[806106bc] -> nt!IofCallDriver -> \Device\0000005d[0x85b0cb08]
11:41:55.794 AVAST engine scan C:\Windows
11:42:07.603 AVAST engine scan C:\Windows\system32
11:51:17.409 AVAST engine scan C:\Windows\system32\drivers
11:51:58.858 AVAST engine scan C:\Users\Hauptbenutzer
11:57:30.374 AVAST engine scan C:\ProgramData
11:59:03.834 Scan finished successfully
12:00:57.355 Disk 0 MBR has been saved successfully to "C:\Users\Hauptbenutzer\Desktop\MBR.dat"
12:00:57.370 The log file has been saved successfully to "C:\Users\Hauptbenutzer\Desktop\aswMBR_log.txt"
Code:
ATTFilter 12:05:09.0956 2720 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
12:05:10.0143 2720 ============================================================
12:05:10.0143 2720 Current date / time: 2013/02/07 12:05:10.0143
12:05:10.0143 2720 SystemInfo:
12:05:10.0143 2720
12:05:10.0143 2720 OS Version: 6.0.6002 ServicePack: 2.0
12:05:10.0143 2720 Product type: Workstation
12:05:10.0143 2720 ComputerName: NOTEBOOK
12:05:10.0143 2720 UserName: Hauptbenutzer
12:05:10.0143 2720 Windows directory: C:\Windows
12:05:10.0143 2720 System windows directory: C:\Windows
12:05:10.0143 2720 Processor architecture: Intel x86
12:05:10.0143 2720 Number of processors: 2
12:05:10.0143 2720 Page size: 0x1000
12:05:10.0143 2720 Boot type: Normal boot
12:05:10.0143 2720 ============================================================
12:05:12.0202 2720 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:05:12.0218 2720 ============================================================
12:05:12.0218 2720 \Device\Harddisk0\DR0:
12:05:12.0233 2720 MBR partitions:
12:05:12.0233 2720 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x12057000
12:05:12.0233 2720 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x133DF800, BlocksNum 0x1204E800
12:05:12.0233 2720 ============================================================
12:05:12.0265 2720 C: <-> \Device\Harddisk0\DR0\Partition1
12:05:12.0436 2720 D: <-> \Device\Harddisk0\DR0\Partition2
12:05:12.0436 2720 ============================================================
12:05:12.0436 2720 Initialize success
12:05:12.0436 2720 ============================================================
12:05:35.0243 3876 ============================================================
12:05:35.0243 3876 Scan started
12:05:35.0243 3876 Mode: Manual; SigCheck; TDLFS;
12:05:35.0243 3876 ============================================================
12:05:36.0179 3876 ================ Scan system memory ========================
12:05:36.0179 3876 System memory - ok
12:05:36.0179 3876 ================ Scan services =============================
12:05:36.0289 3876 [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
12:05:36.0507 3876 AAV UpdateService - ok
12:05:36.0647 3876 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
12:05:36.0694 3876 ACPI - ok
12:05:36.0757 3876 [ CF16937C4F653D131056F50012A8C8E7 ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
12:05:36.0819 3876 AcrSch2Svc - ok
12:05:36.0881 3876 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:05:36.0913 3876 AdobeARMservice - ok
12:05:36.0991 3876 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:05:37.0022 3876 AdobeFlashPlayerUpdateSvc - ok
12:05:37.0069 3876 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
12:05:37.0131 3876 adp94xx - ok
12:05:37.0178 3876 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
12:05:37.0225 3876 adpahci - ok
12:05:37.0240 3876 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
12:05:37.0271 3876 adpu160m - ok
12:05:37.0287 3876 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
12:05:37.0334 3876 adpu320 - ok
12:05:37.0381 3876 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:05:37.0505 3876 AeLookupSvc - ok
12:05:37.0537 3876 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
12:05:37.0583 3876 AFD - ok
12:05:37.0646 3876 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
12:05:37.0677 3876 agp440 - ok
12:05:37.0708 3876 [ FBE4016F9EF3AB3DB547E40A936B6CD9 ] ahcix86s C:\Windows\system32\drivers\ahcix86s.sys
12:05:37.0739 3876 ahcix86s - ok
12:05:37.0771 3876 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
12:05:37.0802 3876 aic78xx - ok
12:05:37.0849 3876 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
12:05:37.0989 3876 ALG - ok
12:05:38.0020 3876 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
12:05:38.0051 3876 aliide - ok
12:05:38.0067 3876 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
12:05:38.0098 3876 amdagp - ok
12:05:38.0129 3876 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
12:05:38.0145 3876 amdide - ok
12:05:38.0176 3876 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
12:05:38.0254 3876 AmdK7 - ok
12:05:38.0285 3876 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
12:05:38.0363 3876 AmdK8 - ok
12:05:38.0426 3876 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
12:05:38.0473 3876 Appinfo - ok
12:05:38.0488 3876 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
12:05:38.0519 3876 arc - ok
12:05:38.0551 3876 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
12:05:38.0582 3876 arcsas - ok
12:05:38.0597 3876 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:05:38.0660 3876 AsyncMac - ok
12:05:38.0675 3876 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
12:05:38.0691 3876 atapi - ok
12:05:38.0753 3876 [ 7FA516FC81DD5931F389B56279A27A3E ] athr C:\Windows\system32\DRIVERS\athr.sys
12:05:38.0863 3876 athr - ok
12:05:38.0909 3876 [ EEC308E4E061344BB31AE295A016721B ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
12:05:39.0003 3876 Ati External Event Utility - ok
12:05:39.0175 3876 [ 8FDD2385D30080711633FE9FF2A64126 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
12:05:39.0471 3876 atikmdag - ok
12:05:39.0518 3876 [ 5A1465AD2E7C1BC39CDA12A355329096 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
12:05:39.0549 3876 AtiPcie - ok
12:05:39.0596 3876 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:05:39.0674 3876 AudioEndpointBuilder - ok
12:05:39.0705 3876 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
12:05:39.0752 3876 Audiosrv - ok
12:05:39.0783 3876 [ 7D0F2BFA273831124FA08526AF48AF18 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
12:05:39.0845 3876 b57nd60x - ok
12:05:39.0892 3876 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
12:05:39.0923 3876 Beep - ok
12:05:39.0955 3876 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
12:05:40.0033 3876 BFE - ok
12:05:40.0095 3876 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
12:05:40.0189 3876 BITS - ok
12:05:40.0220 3876 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
12:05:40.0298 3876 blbdrive - ok
12:05:40.0345 3876 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:05:40.0391 3876 bowser - ok
12:05:40.0438 3876 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
12:05:40.0485 3876 BrFiltLo - ok
12:05:40.0501 3876 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
12:05:40.0547 3876 BrFiltUp - ok
12:05:40.0594 3876 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
12:05:40.0625 3876 Browser - ok
12:05:40.0641 3876 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
12:05:40.0813 3876 Brserid - ok
12:05:40.0828 3876 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
12:05:40.0906 3876 BrSerWdm - ok
12:05:40.0937 3876 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
12:05:41.0015 3876 BrUsbMdm - ok
12:05:41.0031 3876 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
12:05:41.0109 3876 BrUsbSer - ok
12:05:41.0125 3876 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
12:05:41.0203 3876 BTHMODEM - ok
12:05:41.0249 3876 [ 09E6AFFAE6C0E9158BF05C7D08D0107A ] BUNAgentSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
12:05:41.0265 3876 BUNAgentSvc ( UnsignedFile.Multi.Generic ) - warning
12:05:41.0265 3876 BUNAgentSvc - detected UnsignedFile.Multi.Generic (1)
12:05:41.0281 3876 [ 6598D078D5446197AED6B46C6A2A3431 ] BVRPMPR5 C:\Windows\system32\drivers\BVRPMPR5.SYS
12:05:41.0296 3876 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning
12:05:41.0296 3876 BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)
12:05:41.0312 3876 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:05:41.0374 3876 cdfs - ok
12:05:41.0390 3876 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:05:41.0421 3876 cdrom - ok
12:05:41.0437 3876 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
12:05:41.0483 3876 CertPropSvc - ok
12:05:41.0515 3876 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
12:05:41.0546 3876 circlass - ok
12:05:41.0593 3876 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
12:05:41.0624 3876 CLFS - ok
12:05:41.0702 3876 [ 5CA9B1062C0C3E3AE19C23AD9D8A5048 ] CLHNService C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
12:05:41.0717 3876 CLHNService ( UnsignedFile.Multi.Generic ) - warning
12:05:41.0717 3876 CLHNService - detected UnsignedFile.Multi.Generic (1)
12:05:41.0780 3876 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:05:41.0811 3876 clr_optimization_v2.0.50727_32 - ok
12:05:41.0873 3876 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:05:41.0905 3876 clr_optimization_v4.0.30319_32 - ok
12:05:41.0951 3876 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:05:41.0998 3876 CmBatt - ok
12:05:42.0029 3876 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:05:42.0061 3876 cmdide - ok
12:05:42.0076 3876 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:05:42.0092 3876 Compbatt - ok
12:05:42.0107 3876 COMSysApp - ok
12:05:42.0123 3876 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
12:05:42.0139 3876 crcdisk - ok
12:05:42.0170 3876 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
12:05:42.0217 3876 Crusoe - ok
12:05:42.0279 3876 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:05:42.0295 3876 CryptSvc - ok
12:05:42.0341 3876 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:05:42.0419 3876 DcomLaunch - ok
12:05:42.0451 3876 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:05:42.0513 3876 DfsC - ok
12:05:42.0591 3876 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
12:05:42.0731 3876 DFSR - ok
12:05:42.0778 3876 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
12:05:42.0841 3876 Dhcp - ok
12:05:42.0856 3876 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
12:05:42.0887 3876 disk - ok
12:05:42.0919 3876 [ 73BAF270D24FE726B9CD7F80BB17A23D ] DKbFltr C:\Windows\system32\DRIVERS\DKbFltr.sys
12:05:42.0950 3876 DKbFltr - ok
12:05:42.0981 3876 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:05:43.0012 3876 Dnscache - ok
12:05:43.0043 3876 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
12:05:43.0090 3876 dot3svc - ok
12:05:43.0121 3876 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
12:05:43.0199 3876 DPS - ok
12:05:43.0231 3876 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:05:43.0277 3876 drmkaud - ok
12:05:43.0324 3876 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:05:43.0387 3876 DXGKrnl - ok
12:05:43.0433 3876 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
12:05:43.0480 3876 E1G60 - ok
12:05:43.0511 3876 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
12:05:43.0543 3876 EapHost - ok
12:05:43.0558 3876 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
12:05:43.0574 3876 Ecache - ok
12:05:43.0667 3876 [ 2CE2DDCB1A41ED4488A2A8B98D286B3D ] eDataSecurity Service C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
12:05:43.0699 3876 eDataSecurity Service - ok
12:05:43.0745 3876 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:05:43.0777 3876 ehRecvr - ok
12:05:43.0792 3876 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
12:05:43.0808 3876 ehSched - ok
12:05:43.0823 3876 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
12:05:43.0839 3876 ehstart - ok
12:05:43.0886 3876 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
12:05:43.0901 3876 elxstor - ok
12:05:43.0964 3876 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
12:05:44.0073 3876 EMDMgmt - ok
12:05:44.0104 3876 [ A81AB23EDDB4693612014D87367D014C ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:05:44.0151 3876 ErrDev - ok
12:05:44.0198 3876 [ A51FD9DF23720485991F56741BBEFCFB ] ETService C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
12:05:44.0213 3876 ETService ( UnsignedFile.Multi.Generic ) - warning
12:05:44.0213 3876 ETService - detected UnsignedFile.Multi.Generic (1)
12:05:44.0245 3876 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
12:05:44.0307 3876 EventSystem - ok
12:05:44.0338 3876 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
12:05:44.0385 3876 exfat - ok
12:05:44.0416 3876 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:05:44.0463 3876 fastfat - ok
12:05:44.0494 3876 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:05:44.0525 3876 fdc - ok
12:05:44.0541 3876 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
12:05:44.0572 3876 fdPHost - ok
12:05:44.0588 3876 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
12:05:44.0650 3876 FDResPub - ok
12:05:44.0681 3876 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:05:44.0713 3876 FileInfo - ok
12:05:44.0728 3876 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:05:44.0775 3876 Filetrace - ok
12:05:44.0791 3876 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:05:44.0853 3876 flpydisk - ok
12:05:44.0884 3876 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:05:44.0915 3876 FltMgr - ok
12:05:44.0978 3876 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
12:05:45.0025 3876 FontCache - ok
12:05:45.0071 3876 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:05:45.0087 3876 FontCache3.0.0.0 - ok
12:05:45.0118 3876 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:05:45.0165 3876 Fs_Rec - ok
12:05:45.0212 3876 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
12:05:45.0227 3876 gagp30kx - ok
12:05:45.0243 3876 [ 5DC17164F66380CBFEFD895C18467773 ] GearAspiWDM C:\Windows\system32\drivers\GEARAspiWDM.sys
12:05:45.0259 3876 GearAspiWDM - ok
12:05:45.0305 3876 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
12:05:45.0399 3876 gpsvc - ok
12:05:45.0446 3876 [ 1BF044E23206FDDC16891A32922D571B ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
12:05:45.0461 3876 gusvc - ok
12:05:45.0477 3876 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
12:05:45.0539 3876 HDAudBus - ok
12:05:45.0571 3876 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
12:05:45.0664 3876 HidBth - ok
12:05:45.0695 3876 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
12:05:45.0789 3876 HidIr - ok
12:05:45.0836 3876 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
12:05:45.0867 3876 hidserv - ok
12:05:45.0898 3876 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:05:45.0929 3876 HidUsb - ok
12:05:45.0961 3876 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:05:46.0007 3876 hkmsvc - ok
12:05:46.0039 3876 [ 7EBEC5EB56B90ED65A8BBD91464E5CFB ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
12:05:46.0070 3876 HpCISSs - ok
12:05:46.0132 3876 [ 7BC42C65B5C6281777C1A7605B253BA8 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
12:05:46.0257 3876 HSF_DPV - ok
12:05:46.0288 3876 [ 9EBF2D102CCBB6BCDFBF1B7922F8BA2E ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
12:05:46.0335 3876 HSXHWAZL - ok
12:05:46.0382 3876 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:05:46.0491 3876 HTTP - ok
12:05:46.0522 3876 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
12:05:46.0553 3876 i2omp - ok
12:05:46.0585 3876 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
12:05:46.0647 3876 i8042prt - ok
12:05:46.0678 3876 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
12:05:46.0725 3876 iaStorV - ok
12:05:46.0772 3876 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:05:46.0787 3876 IDriverT ( UnsignedFile.Multi.Generic ) - warning
12:05:46.0787 3876 IDriverT - detected UnsignedFile.Multi.Generic (1)
12:05:46.0865 3876 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:05:46.0959 3876 idsvc - ok
12:05:46.0975 3876 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
12:05:47.0006 3876 iirsp - ok
12:05:47.0053 3876 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
12:05:47.0131 3876 IKEEXT - ok
12:05:47.0177 3876 [ C6E5276C00EBDEB096BB5EF4B797D1B6 ] int15 C:\Windows\system32\drivers\int15.sys
12:05:47.0209 3876 int15 - ok
12:05:47.0302 3876 [ 58628F232A00A3149D7CC7708C521499 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
12:05:47.0505 3876 IntcAzAudAddService - ok
12:05:47.0536 3876 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
12:05:47.0552 3876 intelide - ok
12:05:47.0599 3876 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:05:47.0661 3876 intelppm - ok
12:05:47.0708 3876 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:05:47.0770 3876 IPBusEnum - ok
12:05:47.0786 3876 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:05:47.0848 3876 IpFilterDriver - ok
12:05:47.0895 3876 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:05:47.0942 3876 iphlpsvc - ok
12:05:47.0957 3876 IpInIp - ok
12:05:47.0973 3876 [ 4B9C0F4D4A3ACC535F9771039ECD6365 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
12:05:48.0035 3876 IPMIDRV - ok
12:05:48.0067 3876 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
12:05:48.0129 3876 IPNAT - ok
12:05:48.0160 3876 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:05:48.0223 3876 IRENUM - ok
12:05:48.0269 3876 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:05:48.0285 3876 isapnp - ok
12:05:48.0316 3876 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
12:05:48.0363 3876 iScsiPrt - ok
12:05:48.0379 3876 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
12:05:48.0410 3876 iteatapi - ok
12:05:48.0425 3876 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
12:05:48.0441 3876 iteraid - ok
12:05:48.0457 3876 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:05:48.0472 3876 kbdclass - ok
12:05:48.0488 3876 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:05:48.0519 3876 kbdhid - ok
12:05:48.0550 3876 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
12:05:48.0566 3876 KeyIso - ok
12:05:48.0613 3876 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:05:48.0644 3876 KSecDD - ok
12:05:48.0691 3876 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
12:05:48.0722 3876 KtmRm - ok
12:05:48.0769 3876 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
12:05:48.0800 3876 LanmanServer - ok
12:05:48.0847 3876 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:05:48.0893 3876 LanmanWorkstation - ok
12:05:48.0971 3876 [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
12:05:48.0971 3876 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
12:05:48.0987 3876 LightScribeService - detected UnsignedFile.Multi.Generic (1)
12:05:49.0018 3876 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:05:49.0096 3876 lltdio - ok
12:05:49.0143 3876 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:05:49.0221 3876 lltdsvc - ok
12:05:49.0252 3876 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:05:49.0346 3876 lmhosts - ok
12:05:49.0377 3876 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
12:05:49.0408 3876 LSI_FC - ok
12:05:49.0424 3876 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
12:05:49.0439 3876 LSI_SAS - ok
12:05:49.0471 3876 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
12:05:49.0486 3876 LSI_SCSI - ok
12:05:49.0502 3876 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
12:05:49.0564 3876 luafv - ok
12:05:49.0627 3876 [ C58F15CD4EF79210455512CF0C449F39 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.313\McCHSvc.exe
12:05:49.0642 3876 McComponentHostService - ok
12:05:49.0689 3876 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:05:49.0736 3876 Mcx2Svc - ok
12:05:49.0767 3876 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
12:05:49.0798 3876 mdmxsdk - ok
12:05:49.0845 3876 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
12:05:49.0876 3876 megasas - ok
12:05:49.0923 3876 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
12:05:49.0970 3876 MegaSR - ok
12:05:49.0985 3876 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
12:05:50.0063 3876 MMCSS - ok
12:05:50.0126 3876 MobilityService - ok
12:05:50.0141 3876 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
12:05:50.0204 3876 Modem - ok
12:05:50.0251 3876 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:05:50.0313 3876 monitor - ok
12:05:50.0344 3876 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:05:50.0375 3876 mouclass - ok
12:05:50.0391 3876 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:05:50.0469 3876 mouhid - ok
12:05:50.0485 3876 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
12:05:50.0516 3876 MountMgr - ok
12:05:50.0563 3876 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:05:50.0594 3876 MozillaMaintenance - ok
12:05:50.0641 3876 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
12:05:50.0687 3876 MpFilter - ok
12:05:50.0719 3876 [ 5DA347912FD3AF24D7BFB3DE519D4BD0 ] mpio C:\Windows\system32\drivers\mpio.sys
12:05:50.0750 3876 mpio - ok
12:05:50.0859 3876 [ A69630D039C38018689190234F866D77 ] MpKsl433aa42e C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{48F9D230-E394-472E-A4A5-D165F618A4F8}\MpKsl433aa42e.sys
12:05:50.0875 3876 MpKsl433aa42e - ok
12:05:50.0906 3876 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:05:50.0953 3876 mpsdrv - ok
12:05:50.0999 3876 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
12:05:51.0109 3876 MpsSvc - ok
12:05:51.0140 3876 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
12:05:51.0171 3876 Mraid35x - ok
12:05:51.0218 3876 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:05:51.0280 3876 MRxDAV - ok
12:05:51.0327 3876 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:05:51.0374 3876 mrxsmb - ok
12:05:51.0405 3876 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:05:51.0452 3876 mrxsmb10 - ok
12:05:51.0467 3876 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:05:51.0499 3876 mrxsmb20 - ok
12:05:51.0530 3876 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci C:\Windows\system32\drivers\msahci.sys
12:05:51.0545 3876 msahci - ok
12:05:51.0577 3876 [ 2C563AEF15B8D0014C36C5F27742AC7B ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:05:51.0608 3876 msdsm - ok
12:05:51.0623 3876 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
12:05:51.0701 3876 MSDTC - ok
12:05:51.0748 3876 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:05:51.0826 3876 Msfs - ok
12:05:51.0857 3876 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:05:51.0889 3876 msisadrv - ok
12:05:51.0920 3876 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:05:52.0013 3876 MSiSCSI - ok
12:05:52.0013 3876 msiserver - ok
12:05:52.0060 3876 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:05:52.0107 3876 MSKSSRV - ok
12:05:52.0169 3876 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
12:05:52.0201 3876 MsMpSvc - ok
12:05:52.0232 3876 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:05:52.0294 3876 MSPCLOCK - ok
12:05:52.0310 3876 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:05:52.0372 3876 MSPQM - ok
12:05:52.0419 3876 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:05:52.0450 3876 MsRPC - ok
12:05:52.0481 3876 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
12:05:52.0513 3876 mssmbios - ok
12:05:52.0528 3876 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:05:52.0606 3876 MSTEE - ok
12:05:52.0637 3876 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
12:05:52.0669 3876 Mup - ok
12:05:52.0700 3876 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
12:05:52.0793 3876 napagent - ok
12:05:52.0825 3876 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:05:52.0856 3876 NativeWifiP - ok
12:05:52.0903 3876 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:05:52.0949 3876 NDIS - ok
12:05:52.0981 3876 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:05:52.0996 3876 NdisTapi - ok
12:05:53.0012 3876 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:05:53.0043 3876 Ndisuio - ok
12:05:53.0074 3876 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:05:53.0121 3876 NdisWan - ok
12:05:53.0152 3876 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:05:53.0199 3876 NDProxy - ok
12:05:53.0230 3876 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:05:53.0261 3876 NetBIOS - ok
12:05:53.0277 3876 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
12:05:53.0324 3876 netbt - ok
12:05:53.0355 3876 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
12:05:53.0371 3876 Netlogon - ok
12:05:53.0402 3876 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
12:05:53.0449 3876 Netman - ok
12:05:53.0464 3876 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
12:05:53.0527 3876 netprofm - ok
12:05:53.0573 3876 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:05:53.0589 3876 NetTcpPortSharing - ok
12:05:53.0605 3876 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
12:05:53.0620 3876 nfrd960 - ok
12:05:53.0636 3876 [ 2CD24A6AF497D0E9B9BF3DA924ED05E6 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
12:05:53.0667 3876 NisDrv - ok
12:05:53.0698 3876 [ 3B846434055F80D9E89D0742F3ADAD34 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
12:05:53.0714 3876 NisSrv - ok
12:05:53.0745 3876 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:05:53.0792 3876 NlaSvc - ok
12:05:53.0823 3876 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:05:53.0870 3876 Npfs - ok
12:05:53.0901 3876 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
12:05:53.0932 3876 nsi - ok
12:05:53.0948 3876 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:05:53.0979 3876 nsiproxy - ok
12:05:54.0041 3876 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:05:54.0151 3876 Ntfs - ok
12:05:54.0182 3876 [ A2B6583A5652A385DFF5E4F49AD48761 ] NTIBackupSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
12:05:54.0197 3876 NTIBackupSvc ( UnsignedFile.Multi.Generic ) - warning
12:05:54.0197 3876 NTIBackupSvc - detected UnsignedFile.Multi.Generic (1)
12:05:54.0229 3876 [ 2757D2BA59AEE155209E24942AB127C9 ] NTIDrvr C:\Windows\system32\DRIVERS\NTIDrvr.sys
12:05:54.0260 3876 NTIDrvr - ok
12:05:54.0291 3876 [ 547BFA3591C70674B0BFC99354AB78B3 ] NTIPPKernel C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
12:05:54.0322 3876 NTIPPKernel ( UnsignedFile.Multi.Generic ) - warning
12:05:54.0322 3876 NTIPPKernel - detected UnsignedFile.Multi.Generic (1)
12:05:54.0369 3876 [ 40B87FE8A1A9A5AC9E5A91D96F212BCD ] NTISchedulerSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
12:05:54.0400 3876 NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - warning
12:05:54.0400 3876 NTISchedulerSvc - detected UnsignedFile.Multi.Generic (1)
12:05:54.0431 3876 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
12:05:54.0541 3876 ntrigdigi - ok
12:05:54.0556 3876 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
12:05:54.0634 3876 Null - ok
12:05:54.0665 3876 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:05:54.0697 3876 nvraid - ok
12:05:54.0728 3876 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:05:54.0759 3876 nvstor - ok
12:05:54.0775 3876 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:05:54.0806 3876 nv_agp - ok
12:05:54.0821 3876 NwlnkFlt - ok
12:05:54.0837 3876 NwlnkFwd - ok
12:05:54.0868 3876 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:05:54.0931 3876 ohci1394 - ok
12:05:54.0962 3876 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
12:05:55.0055 3876 p2pimsvc - ok
12:05:55.0071 3876 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
12:05:55.0118 3876 p2psvc - ok
12:05:55.0149 3876 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
12:05:55.0196 3876 Parport - ok
12:05:55.0227 3876 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:05:55.0258 3876 partmgr - ok
12:05:55.0274 3876 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
12:05:55.0336 3876 Parvdm - ok
12:05:55.0367 3876 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
12:05:55.0414 3876 PcaSvc - ok
12:05:55.0445 3876 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
12:05:55.0461 3876 pci - ok
12:05:55.0477 3876 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
12:05:55.0492 3876 pciide - ok
12:05:55.0508 3876 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
12:05:55.0523 3876 pcmcia - ok
12:05:55.0570 3876 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:05:55.0742 3876 PEAUTH - ok
12:05:55.0867 3876 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
12:05:56.0038 3876 pla - ok
12:05:56.0085 3876 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:05:56.0147 3876 PlugPlay - ok
12:05:56.0194 3876 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
12:05:56.0257 3876 PNRPAutoReg - ok
12:05:56.0303 3876 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
12:05:56.0350 3876 PNRPsvc - ok
12:05:56.0381 3876 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:05:56.0459 3876 PolicyAgent - ok
12:05:56.0491 3876 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:05:56.0537 3876 PptpMiniport - ok
12:05:56.0569 3876 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\DRIVERS\processr.sys
12:05:56.0600 3876 Processor - ok
12:05:56.0647 3876 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
12:05:56.0662 3876 ProfSvc - ok
12:05:56.0678 3876 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
12:05:56.0693 3876 ProtectedStorage - ok
12:05:56.0725 3876 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
12:05:56.0771 3876 PSched - ok
12:05:56.0818 3876 [ 1DCBB35090CC4B2BD3D661E6089523C6 ] PSDFilter C:\Windows\system32\DRIVERS\psdfilter.sys
12:05:56.0834 3876 PSDFilter - ok
12:05:56.0849 3876 [ E26E46D619469964AC3609620F443867 ] PSDNServ C:\Windows\system32\DRIVERS\PSDNServ.sys
12:05:56.0865 3876 PSDNServ - ok
12:05:56.0881 3876 [ 3E1D134AF2806867D06047C4CC33CC65 ] psdvdisk C:\Windows\system32\DRIVERS\PSDVdisk.sys
12:05:56.0896 3876 psdvdisk - ok
12:05:56.0943 3876 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
12:05:57.0037 3876 ql2300 - ok
12:05:57.0052 3876 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
12:05:57.0068 3876 ql40xx - ok
12:05:57.0115 3876 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
12:05:57.0130 3876 QWAVE - ok
12:05:57.0146 3876 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:05:57.0193 3876 QWAVEdrv - ok
12:05:57.0208 3876 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:05:57.0255 3876 RasAcd - ok
12:05:57.0286 3876 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
12:05:57.0349 3876 RasAuto - ok
12:05:57.0380 3876 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:05:57.0427 3876 Rasl2tp - ok
12:05:57.0458 3876 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
12:05:57.0505 3876 RasMan - ok
12:05:57.0520 3876 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:05:57.0567 3876 RasPppoe - ok
12:05:57.0598 3876 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:05:57.0629 3876 RasSstp - ok
12:05:57.0661 3876 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:05:57.0707 3876 rdbss - ok
12:05:57.0723 3876 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:05:57.0770 3876 RDPCDD - ok
12:05:57.0817 3876 [ 943B18305EAE3935598A9B4A3D560B4C ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
12:05:57.0863 3876 rdpdr - ok
12:05:57.0879 3876 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:05:57.0926 3876 RDPENCDD - ok
12:05:57.0973 3876 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:05:58.0019 3876 RDPWD - ok
12:05:58.0082 3876 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:05:58.0144 3876 RemoteAccess - ok
12:05:58.0175 3876 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:05:58.0222 3876 RemoteRegistry - ok
12:05:58.0269 3876 [ 17E0BEF5CA5C9CE52CC8082AC6EBC449 ] RichVideo C:\Program Files\Cyberlink\Shared files\RichVideo.exe
12:05:58.0300 3876 RichVideo - ok
12:05:58.0331 3876 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
12:05:58.0378 3876 RpcLocator - ok
12:05:58.0425 3876 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
12:05:58.0487 3876 RpcSs - ok
12:05:58.0519 3876 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:05:58.0597 3876 rspndr - ok
12:05:58.0628 3876 [ 30AF53469B2A60F693ACB24FBD90ABD7 ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
12:05:58.0690 3876 RTSTOR - ok
12:05:58.0721 3876 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
12:05:58.0737 3876 SamSs - ok
12:05:58.0768 3876 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:05:58.0799 3876 sbp2port - ok
12:05:58.0831 3876 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:05:58.0877 3876 SCardSvr - ok
12:05:58.0924 3876 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
12:05:58.0987 3876 Schedule - ok
12:05:59.0018 3876 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
12:05:59.0049 3876 SCPolicySvc - ok
12:05:59.0080 3876 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:05:59.0127 3876 SDRSVC - ok
12:05:59.0189 3876 [ 271077B91D7AD1B616F8AFDFE8E3F981 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
12:05:59.0236 3876 SeaPort - ok
12:05:59.0267 3876 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:05:59.0377 3876 secdrv - ok
12:05:59.0408 3876 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
12:05:59.0470 3876 seclogon - ok
12:05:59.0486 3876 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
12:05:59.0564 3876 SENS - ok
12:05:59.0595 3876 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
12:05:59.0720 3876 Serenum - ok
12:05:59.0751 3876 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
12:05:59.0860 3876 Serial - ok
12:05:59.0876 3876 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
12:05:59.0923 3876 sermouse - ok
12:05:59.0954 3876 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
12:05:59.0985 3876 SessionEnv - ok
12:06:00.0001 3876 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:06:00.0032 3876 sffdisk - ok
12:06:00.0047 3876 [ E5EAFE85815BD89095FEF3144A09AB68 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:06:00.0063 3876 sffp_mmc - ok
12:06:00.0079 3876 [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:06:00.0125 3876 sffp_sd - ok
12:06:00.0141 3876 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
12:06:00.0219 3876 sfloppy - ok
12:06:00.0250 3876 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:06:00.0313 3876 SharedAccess - ok
12:06:00.0344 3876 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:06:00.0391 3876 ShellHWDetection - ok
12:06:00.0406 3876 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
12:06:00.0422 3876 sisagp - ok
12:06:00.0437 3876 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
12:06:00.0453 3876 SiSRaid2 - ok
12:06:00.0484 3876 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
12:06:00.0500 3876 SiSRaid4 - ok
12:06:00.0547 3876 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
12:06:00.0578 3876 SkypeUpdate - ok
12:06:00.0687 3876 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
12:06:00.0890 3876 slsvc - ok
12:06:00.0921 3876 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
12:06:00.0937 3876 SLUINotify - ok
12:06:00.0952 3876 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:06:00.0999 3876 Smb - ok
12:06:01.0046 3876 [ 793F65AAC52E5ECCB83E6D9DE054C865 ] snapman378 C:\Windows\system32\DRIVERS\snman378.sys
12:06:01.0061 3876 snapman378 - ok
12:06:01.0077 3876 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:06:01.0093 3876 SNMPTRAP - ok
12:06:01.0108 3876 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
12:06:01.0124 3876 spldr - ok
12:06:01.0171 3876 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
12:06:01.0202 3876 Spooler - ok
12:06:01.0280 3876 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
12:06:01.0311 3876 srv - ok
12:06:01.0327 3876 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:06:01.0373 3876 srv2 - ok
12:06:01.0405 3876 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:06:01.0451 3876 srvnet - ok
12:06:01.0467 3876 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:06:01.0561 3876 SSDPSRV - ok
12:06:01.0592 3876 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:06:01.0639 3876 SstpSvc - ok
12:06:01.0670 3876 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
12:06:01.0701 3876 stisvc - ok
12:06:01.0748 3876 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
12:06:01.0763 3876 swenum - ok
12:06:01.0779 3876 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
12:06:01.0810 3876 swprv - ok
12:06:01.0841 3876 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
12:06:01.0857 3876 Symc8xx - ok
12:06:01.0873 3876 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
12:06:01.0888 3876 Sym_hi - ok
12:06:01.0904 3876 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
12:06:01.0919 3876 Sym_u3 - ok
12:06:01.0966 3876 [ 4C9BB4B3B9EAC26211484C30B914C6DC ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
12:06:01.0982 3876 SynTP - ok
12:06:02.0013 3876 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
12:06:02.0091 3876 SysMain - ok
12:06:02.0107 3876 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:06:02.0153 3876 TabletInputService - ok
12:06:02.0185 3876 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
12:06:02.0231 3876 TapiSrv - ok
12:06:02.0263 3876 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
12:06:02.0309 3876 TBS - ok
12:06:02.0356 3876 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:06:02.0434 3876 Tcpip - ok
12:06:02.0465 3876 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
12:06:02.0528 3876 Tcpip6 - ok
12:06:02.0559 3876 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:06:02.0575 3876 tcpipreg - ok
12:06:02.0606 3876 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:06:02.0653 3876 TDPIPE - ok
12:06:02.0715 3876 [ 1C66BD6C1C2463514635CDD9443EB0E9 ] tdrpman124 C:\Windows\system32\DRIVERS\tdrpm124.sys
12:06:02.0793 3876 tdrpman124 - ok
12:06:02.0824 3876 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:06:02.0887 3876 TDTCP - ok
12:06:02.0902 3876 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:06:02.0980 3876 tdx - ok
12:06:03.0011 3876 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
12:06:03.0027 3876 TermDD - ok
12:06:03.0074 3876 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
12:06:03.0167 3876 TermService - ok
12:06:03.0214 3876 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
12:06:03.0245 3876 Themes - ok
12:06:03.0261 3876 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
12:06:03.0323 3876 THREADORDER - ok
12:06:03.0339 3876 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
12:06:03.0401 3876 TrkWks - ok
12:06:03.0448 3876 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:06:03.0479 3876 TrustedInstaller - ok
12:06:03.0511 3876 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:06:03.0557 3876 tssecsrv - ok
12:06:03.0573 3876 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
12:06:03.0620 3876 tunmp - ok
12:06:03.0651 3876 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:06:03.0682 3876 tunnel - ok
12:06:03.0698 3876 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
12:06:03.0713 3876 uagp35 - ok
12:06:03.0745 3876 [ F763E070843EE2803DE1395002B42938 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
12:06:03.0760 3876 UBHelper - ok
12:06:03.0791 3876 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:06:03.0838 3876 udfs - ok
12:06:03.0885 3876 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:06:03.0916 3876 UI0Detect - ok
12:06:03.0932 3876 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:06:03.0947 3876 uliagpkx - ok
12:06:03.0979 3876 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
12:06:03.0994 3876 uliahci - ok
12:06:04.0025 3876 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
12:06:04.0041 3876 UlSata - ok
12:06:04.0057 3876 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
12:06:04.0072 3876 ulsata2 - ok
12:06:04.0088 3876 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
12:06:04.0150 3876 umbus - ok
12:06:04.0181 3876 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
12:06:04.0213 3876 upnphost - ok
12:06:04.0259 3876 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:06:04.0291 3876 usbccgp - ok
12:06:04.0306 3876 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:06:04.0353 3876 usbcir - ok
12:06:04.0384 3876 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:06:04.0400 3876 usbehci - ok
12:06:04.0447 3876 [ EDCA5124B54BCF04E5C0538AA397A9C1 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
12:06:04.0462 3876 usbfilter - ok
12:06:04.0478 3876 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:06:04.0509 3876 usbhub - ok
12:06:04.0525 3876 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
12:06:04.0571 3876 usbohci - ok
12:06:04.0603 3876 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
12:06:04.0649 3876 usbprint - ok
12:06:04.0665 3876 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:06:04.0696 3876 USBSTOR - ok
12:06:04.0712 3876 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
12:06:04.0727 3876 usbuhci - ok
12:06:04.0743 3876 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
12:06:04.0790 3876 usbvideo - ok
12:06:04.0837 3876 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
12:06:04.0852 3876 UxSms - ok
12:06:04.0883 3876 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
12:06:04.0946 3876 vds - ok
12:06:04.0961 3876 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:06:05.0039 3876 vga - ok
12:06:05.0071 3876 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
12:06:05.0149 3876 VgaSave - ok
12:06:05.0180 3876 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
12:06:05.0211 3876 viaagp - ok
12:06:05.0242 3876 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
12:06:05.0289 3876 ViaC7 - ok
12:06:05.0320 3876 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
12:06:05.0351 3876 viaide - ok
12:06:05.0367 3876 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:06:05.0398 3876 volmgr - ok
12:06:05.0429 3876 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:06:05.0476 3876 volmgrx - ok
12:06:05.0507 3876 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:06:05.0539 3876 volsnap - ok
12:06:05.0585 3876 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
12:06:05.0617 3876 vsmraid - ok
12:06:05.0679 3876 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
12:06:05.0819 3876 VSS - ok
12:06:05.0851 3876 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
12:06:05.0897 3876 W32Time - ok
12:06:05.0929 3876 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
12:06:05.0991 3876 WacomPen - ok
12:06:06.0007 3876 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
12:06:06.0038 3876 Wanarp - ok
12:06:06.0053 3876 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:06:06.0069 3876 Wanarpv6 - ok
12:06:06.0100 3876 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:06:06.0116 3876 wcncsvc - ok
12:06:06.0147 3876 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:06:06.0209 3876 WcsPlugInService - ok
12:06:06.0256 3876 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
12:06:06.0272 3876 Wd - ok
12:06:06.0319 3876 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:06:06.0365 3876 Wdf01000 - ok
12:06:06.0381 3876 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:06:06.0443 3876 WdiServiceHost - ok
12:06:06.0459 3876 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:06:06.0506 3876 WdiSystemHost - ok
12:06:06.0537 3876 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
12:06:06.0584 3876 WebClient - ok
12:06:06.0631 3876 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:06:06.0677 3876 Wecsvc - ok
12:06:06.0693 3876 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:06:06.0755 3876 wercplsupport - ok
12:06:06.0787 3876 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
12:06:06.0818 3876 WerSvc - ok
12:06:06.0849 3876 [ 5A77AC34A0FFB70CE8B35B524FEDE9BA ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
12:06:06.0958 3876 winachsf - ok
12:06:07.0005 3876 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
12:06:07.0021 3876 WinDefend - ok
12:06:07.0036 3876 WinHttpAutoProxySvc - ok
12:06:07.0114 3876 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:06:07.0145 3876 Winmgmt - ok
12:06:07.0208 3876 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
12:06:07.0301 3876 WinRM - ok
12:06:07.0364 3876 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
12:06:07.0442 3876 Wlansvc - ok
12:06:07.0489 3876 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
12:06:07.0520 3876 WmiAcpi - ok
12:06:07.0567 3876 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:06:07.0598 3876 wmiApSrv - ok
12:06:07.0691 3876 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
12:06:07.0801 3876 WMPNetworkSvc - ok
12:06:07.0832 3876 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:06:07.0879 3876 WPCSvc - ok
12:06:07.0925 3876 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:06:07.0957 3876 WPDBusEnum - ok
12:06:07.0988 3876 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
12:06:08.0019 3876 WpdUsb - ok
12:06:08.0113 3876 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:06:08.0175 3876 WPFFontCache_v0400 - ok
12:06:08.0206 3876 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:06:08.0284 3876 ws2ifsl - ok
12:06:08.0331 3876 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
12:06:08.0378 3876 wscsvc - ok
12:06:08.0393 3876 WSearch - ok
12:06:08.0518 3876 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
12:06:08.0690 3876 wuauserv - ok
12:06:08.0737 3876 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:06:08.0768 3876 WudfPf - ok
12:06:08.0830 3876 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:06:08.0908 3876 WUDFRd - ok
12:06:08.0939 3876 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:06:08.0971 3876 wudfsvc - ok
12:06:08.0986 3876 [ 88AF537264F2B818DA15479CEEAF5D7C ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
12:06:09.0017 3876 XAudio - ok
12:06:09.0033 3876 [ 15A317674A08DF26BE65164D959E9203 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
12:06:09.0080 3876 XAudioService - ok
12:06:09.0158 3876 [ 4D840C6AF3C020ED3A35EFBA9025CF4A ] {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
12:06:09.0173 3876 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok
12:06:09.0173 3876 ================ Scan global ===============================
12:06:09.0205 3876 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
12:06:09.0236 3876 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
12:06:09.0267 3876 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
12:06:09.0298 3876 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
12:06:09.0314 3876 [Global] - ok
12:06:09.0314 3876 ================ Scan MBR ==================================
12:06:09.0329 3876 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
12:06:09.0719 3876 \Device\Harddisk0\DR0 - ok
12:06:09.0719 3876 ================ Scan VBR ==================================
12:06:09.0735 3876 [ BB278F094C39BE47E05BE7C4BAEE0D18 ] \Device\Harddisk0\DR0\Partition1
12:06:09.0735 3876 \Device\Harddisk0\DR0\Partition1 - ok
12:06:09.0766 3876 [ 932A15A22F6DA086DEAE086D394E3E5C ] \Device\Harddisk0\DR0\Partition2
12:06:09.0766 3876 \Device\Harddisk0\DR0\Partition2 - ok
12:06:09.0766 3876 ============================================================
12:06:09.0766 3876 Scan finished
12:06:09.0766 3876 ============================================================
12:06:09.0797 5292 Detected object count: 9
12:06:09.0797 5292 Actual detected object count: 9
12:06:54.0351 5292 BUNAgentSvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:06:54.0351 5292 BUNAgentSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:06:54.0351 5292 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user
12:06:54.0351 5292 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:06:54.0351 5292 CLHNService ( UnsignedFile.Multi.Generic ) - skipped by user
12:06:54.0351 5292 CLHNService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:06:54.0367 5292 ETService ( UnsignedFile.Multi.Generic ) - skipped by user
12:06:54.0367 5292 ETService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:06:54.0367 5292 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
12:06:54.0367 5292 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:06:54.0367 5292 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
12:06:54.0367 5292 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:06:54.0382 5292 NTIBackupSvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:06:54.0382 5292 NTIBackupSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:06:54.0382 5292 NTIPPKernel ( UnsignedFile.Multi.Generic ) - skipped by user
12:06:54.0382 5292 NTIPPKernel ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:06:54.0382 5292 NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:06:54.0382 5292 NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
07.02.2013, 12:54
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Sicherheitscenter bei Windows Vista lässt sich nicht starten Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.02.2013, 20:18
| #11 |
| | Sicherheitscenter bei Windows Vista lässt sich nicht starten Hallo, ich musste Microsoft Security Essentials deinstallieren, da ich es nicht stoppen konnte, weil ich keinen Zugriff mehr hatte. Combofix meldete, dass es noch aktiv sei. Hier das Ergebnis von Combofix: Code:
ATTFilter ComboFix 13-02-07.01 - Hauptbenutzer 07.02.2013 19:43:39.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2814.1873 [GMT 1:00]
ausgeführt von:: c:\users\Hauptbenutzer\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Hauptbenutzer\4.0
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-01-07 bis 2013-02-07 ))))))))))))))))))))))))))))))
.
.
2013-02-07 18:52 . 2013-02-07 18:52 -------- d-----w- c:\users\Hauptbenutzer\AppData\Local\temp
2013-02-07 18:52 . 2013-02-07 18:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-06 19:07 . 2013-02-06 19:07 -------- d-----w- c:\programdata\Malwarebytes
2013-02-05 17:04 . 2013-02-05 17:04 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-05 16:59 . 2013-02-05 16:59 7450888 ----a-w- c:\program files\Common Files\Windows Live\.cache\15d216e71ce03c205\bingbarsetup.exe
2013-02-05 16:58 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2013-02-05 16:58 . 2013-02-05 16:58 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\eadf6e71ce03c204\MeshBetaRemover.exe
2013-02-05 16:58 . 2013-02-05 16:58 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\bb43ee71ce03c203\DXSETUP.exe
2013-02-05 16:58 . 2013-02-05 16:58 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\bb43ee71ce03c203\DSETUP.dll
2013-02-05 16:58 . 2013-02-05 16:58 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\bb43ee71ce03c203\dsetup32.dll
2013-02-05 16:58 . 2013-02-05 16:58 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\807ffc71ce03c202\DXSETUP.exe
2013-02-05 16:58 . 2013-02-05 16:58 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\807ffc71ce03c202\dsetup32.dll
2013-02-05 16:58 . 2013-02-05 16:58 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\807ffc71ce03c202\DSETUP.dll
2013-02-05 16:58 . 2013-02-05 16:58 -------- d-----w- c:\users\Hauptbenutzer\AppData\Local\Windows Live
2013-02-05 13:28 . 2013-02-05 13:28 98304 --sha-r- c:\windows\system32\tquery8.dll
2013-01-10 06:15 . 2012-11-23 01:35 2048000 ----a-w- c:\windows\system32\win32k.sys
2013-01-10 06:15 . 2012-11-20 04:22 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-10 06:14 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\system32\msxml6.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-05 17:04 . 2012-07-09 20:25 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-05 17:04 . 2010-05-12 20:22 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-30 10:53 . 2009-10-04 14:51 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-10 07:03 . 2012-04-06 12:11 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-10 07:03 . 2011-07-01 09:02 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 13:12 . 2012-12-21 07:25 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 10:50 . 2012-12-21 07:25 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-11-14 02:09 . 2012-12-15 10:56 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-15 10:56 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-15 10:56 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-15 10:56 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-15 10:56 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-15 10:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-13 01:29 . 2012-12-14 08:38 2048 ----a-w- c:\windows\system32\tzres.dll
2004-02-09 03:48 . 2005-07-04 15:35 899072 ----a-w- c:\program files\audiograbber.exe
2002-01-03 20:50 . 2005-07-04 15:35 155648 ----a-w- c:\program files\WMA8Connect.dll
2000-01-15 23:01 . 2005-07-04 15:35 36352 ----a-w- c:\program files\ag12full.dll
2013-02-06 10:15 . 2013-02-06 10:14 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-14 15:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-17 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-09-15 165144]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-09-15 962456]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-05-29 147456]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-05-29 167936]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-14 526896]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-11 409600]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-05-12 167936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-12-11 286720]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-09-15 4353088]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-09-10 809480]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-04-06 273528]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Hauptbenutzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.313\SSScheduler.exe [2012-10-26 271808]
t@x aktuell.lnk - c:\program files\Buhl finance\tax Steuersoftware 2012\taxaktuell.exe [2012-10-8 537240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 07:03]
.
2013-02-07 c:\windows\Tasks\klkmpnrxv.job
- c:\windows\system32\tquery8.dll [2013-02-05 13:28]
.
.
------- Zusätzlicher Suchlauf -------
.
TCP: DhcpNameServer = 80.69.100.198 80.69.102.158
TCP: Interfaces\{21A43059-8D0B-432B-B6BB-7427E6F51834}: NameServer = 145.253.2.11
FF - ProfilePath - c:\users\Hauptbenutzer\AppData\Roaming\Mozilla\Firefox\Profiles\66xu3ay9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/webhp?hl=de&tab=Xw
FF - ExtSQL: !HIDDEN! 2011-05-26 23:09; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-02-07 19:52
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
c:\users\HAUPTB~1\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(4736)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\System32\SysHook.dll
.
Zeit der Fertigstellung: 2013-02-07 19:54:43
ComboFix-quarantined-files.txt 2013-02-07 18:54
.
Vor Suchlauf: 9 Verzeichnis(se), 86.788.804.608 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 87.037.050.880 Bytes frei
.
- - End Of File - - 62582D9BFE3532F3516B7D6742BB761B
Regine |
|
08.02.2013, 13:23
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Sicherheitscenter bei Windows Vista lässt sich nicht starten Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter File::
c:\windows\system32\tquery8.dll
C:\Windows\tasks\klkmpnrxv.job
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.02.2013, 16:53
| #13 |
| | Sicherheitscenter bei Windows Vista lässt sich nicht starten Hallo, leider bekam ich wieder von Combofix die Meldung, das Microsoft Security Essentials aktiv sei, obwohl ich das Prohrammm deinstalliert habe. Hier das Ergebnis: Code:
ATTFilter ComboFix 13-02-07.01 - Hauptbenutzer 08.02.2013 16:33:27.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2814.1772 [GMT 1:00]
ausgeführt von:: c:\users\Hauptbenutzer\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Hauptbenutzer\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\tquery8.dll"
"c:\windows\tasks\klkmpnrxv.job"
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-01-08 bis 2013-02-08 ))))))))))))))))))))))))))))))
.
.
2013-02-08 15:42 . 2013-02-08 15:42 -------- d-----w- c:\users\Hauptbenutzer\AppData\Local\temp
2013-02-08 15:42 . 2013-02-08 15:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-06 19:07 . 2013-02-06 19:07 -------- d-----w- c:\programdata\Malwarebytes
2013-02-05 17:04 . 2013-02-05 17:04 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-05 16:59 . 2013-02-05 16:59 7450888 ----a-w- c:\program files\Common Files\Windows Live\.cache\15d216e71ce03c205\bingbarsetup.exe
2013-02-05 16:58 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2013-02-05 16:58 . 2013-02-05 16:58 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\eadf6e71ce03c204\MeshBetaRemover.exe
2013-02-05 16:58 . 2013-02-05 16:58 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\bb43ee71ce03c203\DXSETUP.exe
2013-02-05 16:58 . 2013-02-05 16:58 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\bb43ee71ce03c203\DSETUP.dll
2013-02-05 16:58 . 2013-02-05 16:58 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\bb43ee71ce03c203\dsetup32.dll
2013-02-05 16:58 . 2013-02-05 16:58 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\807ffc71ce03c202\DXSETUP.exe
2013-02-05 16:58 . 2013-02-05 16:58 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\807ffc71ce03c202\dsetup32.dll
2013-02-05 16:58 . 2013-02-05 16:58 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\807ffc71ce03c202\DSETUP.dll
2013-02-05 16:58 . 2013-02-05 16:58 -------- d-----w- c:\users\Hauptbenutzer\AppData\Local\Windows Live
2013-02-05 13:28 . 2013-02-05 13:28 98304 --sha-r- c:\windows\system32\tquery8.dll
2013-01-10 06:15 . 2012-11-23 01:35 2048000 ----a-w- c:\windows\system32\win32k.sys
2013-01-10 06:15 . 2012-11-20 04:22 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-10 06:14 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\system32\msxml6.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-05 17:04 . 2012-07-09 20:25 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-05 17:04 . 2010-05-12 20:22 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-30 10:53 . 2009-10-04 14:51 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-10 07:03 . 2012-04-06 12:11 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-10 07:03 . 2011-07-01 09:02 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 13:12 . 2012-12-21 07:25 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 10:50 . 2012-12-21 07:25 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-11-14 02:09 . 2012-12-15 10:56 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-15 10:56 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-15 10:56 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-15 10:56 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-15 10:56 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-15 10:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-13 01:29 . 2012-12-14 08:38 2048 ----a-w- c:\windows\system32\tzres.dll
2004-02-09 03:48 . 2005-07-04 15:35 899072 ----a-w- c:\program files\audiograbber.exe
2002-01-03 20:50 . 2005-07-04 15:35 155648 ----a-w- c:\program files\WMA8Connect.dll
2000-01-15 23:01 . 2005-07-04 15:35 36352 ----a-w- c:\program files\ag12full.dll
2013-02-06 10:15 . 2013-02-06 10:14 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-14 15:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-17 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-09-15 165144]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-09-15 962456]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-05-29 147456]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-05-29 167936]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-14 526896]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-11 409600]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-05-12 167936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-12-11 286720]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-09-15 4353088]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-09-10 809480]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-04-06 273528]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Hauptbenutzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.313\SSScheduler.exe [2012-10-26 271808]
t@x aktuell.lnk - c:\program files\Buhl finance\tax Steuersoftware 2012\taxaktuell.exe [2012-10-8 537240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 07:03]
.
2013-02-08 c:\windows\Tasks\klkmpnrxv.job
- c:\windows\system32\tquery8.dll [2013-02-05 13:28]
.
.
------- Zusätzlicher Suchlauf -------
.
TCP: DhcpNameServer = 80.69.100.198 80.69.102.158
TCP: Interfaces\{21A43059-8D0B-432B-B6BB-7427E6F51834}: NameServer = 145.253.2.11
FF - ProfilePath - c:\users\Hauptbenutzer\AppData\Roaming\Mozilla\Firefox\Profiles\66xu3ay9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/webhp?hl=de&tab=Xw
FF - ExtSQL: !HIDDEN! 2011-05-26 23:09; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-02-08 16:42
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1004)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\System32\SysHook.dll
.
Zeit der Fertigstellung: 2013-02-08 16:44:26
ComboFix-quarantined-files.txt 2013-02-08 15:44
ComboFix2.txt 2013-02-07 18:54
.
Vor Suchlauf: 11 Verzeichnis(se), 86.863.425.536 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 86.840.586.240 Bytes frei
.
- - End Of File - - FDB41432DB37DD981DB63B2E78C64849
Regine |
|
08.02.2013, 21:07
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Sicherheitscenter bei Windows Vista lässt sich nicht starten adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.02.2013, 10:15
| #15 |
| | Sicherheitscenter bei Windows Vista lässt sich nicht starten Guten Morgen, der adwcleaner lief einmal, hier das Ergebnis: Code:
ATTFilter # AdwCleaner v2.111 - Datei am 09/02/2013 um 09:39:45 erstellt
# Aktualisiert am 05/02/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Hauptbenutzer - NOTEBOOK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Hauptbenutzer\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Hauptbenutzer\AppData\Roaming\Mozilla\Firefox\Profiles\66xu3ay9.default\searchplugins\11-suche.xml
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v18.0.2 (de)
Datei : C:\Users\Hauptbenutzer\AppData\Roaming\Mozilla\Firefox\Profiles\66xu3ay9.default\prefs.js
C:\Users\Hauptbenutzer\AppData\Roaming\Mozilla\Firefox\Profiles\66xu3ay9.default\user.js ... Gelöscht !
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [1132 octets] - [09/02/2013 09:39:45]
########## EOF - C:\AdwCleaner[S1].txt - [1192 octets] ##########
Und hier die beiden OTL Logfiles: Code:
ATTFilter OTL logfile created on: 09.02.2013 09:49:29 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hauptbenutzer\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,75 Gb Total Physical Memory | 1,71 Gb Available Physical Memory | 62,14% Memory free 5,72 Gb Paging File | 4,66 Gb Available in Paging File | 81,45% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,17 Gb Total Space | 80,91 Gb Free Space | 56,12% Space Free | Partition Type: NTFS Drive D: | 144,15 Gb Total Space | 102,05 Gb Free Space | 70,79% Space Free | Partition Type: NTFS Computer Name: NOTEBOOK | User Name: Hauptbenutzer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Hauptbenutzer\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\McAfee Security Scan\3.0.313\SSScheduler.exe (McAfee, Inc.) PRC - C:\Programme\Buhl finance\tax Steuersoftware 2012\taxaktuell.exe () PRC - C:\Programme\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () PRC - C:\Programme\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation) PRC - C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) PRC - C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) PRC - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) PRC - C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe () PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () PRC - C:\Acer\Mobility Center\MobilityService.exe () ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\56e40fa3c6d2f2a4200ee4e11fce57e7\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\9b2eef59d0cfc5aff182d0951de5f040\Accessibility.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\259f7342c8ebb1150db3df1bc4d3394c\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0c3da9004b277959e24a9fd606d3dd05\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll () MOD - C:\Programme\Buhl finance\tax Steuersoftware 2012\wauff12.dll () MOD - C:\Programme\Buhl finance\tax Steuersoftware 2012\wfvie12.dll () MOD - C:\Programme\Buhl finance\tax Steuersoftware 2012\wgui12.dll () MOD - C:\Programme\Buhl finance\tax Steuersoftware 2012\wreli12.dll () MOD - C:\Programme\Buhl finance\tax Steuersoftware 2012\wcore12.dll () MOD - C:\Programme\Buhl finance\tax Steuersoftware 2012\wsteu12.dll () MOD - C:\Programme\Buhl finance\tax Steuersoftware 2012\rsguiwinapi47.dll () MOD - C:\Programme\Buhl finance\tax Steuersoftware 2012\rscorewinapi47.dll () MOD - C:\Programme\Buhl finance\tax Steuersoftware 2012\taxaktuell.exe () MOD - C:\Programme\Buhl finance\tax Steuersoftware 2012\rsodbc47.dll () MOD - C:\Programme\Buhl finance\tax Steuersoftware 2012\rsdcom47.dll () MOD - C:\Programme\program\libxml2.dll () MOD - C:\Programme\Buhl finance\tax Steuersoftware 2012\qtcluceners47.dll () MOD - C:\Programme\Buhl finance\tax Steuersoftware 2012\phononrs47.dll () MOD - C:\Programme\Buhl finance\tax Steuersoftware 2012\qtwebkitrs47.dll () MOD - C:\Programme\Buhl finance\tax Steuersoftware 2012\qttestrs47.dll () MOD - C:\Programme\Buhl finance\tax Steuersoftware 2012\qtscriptrs47.dll () MOD - C:\Programme\Buhl finance\tax Steuersoftware 2012\qt3supportrs47.dll () MOD - C:\Programme\Buhl finance\tax Steuersoftware 2012\qtsqlrs47.dll () MOD - C:\Programme\Buhl finance\tax Steuersoftware 2012\qtsvgrs47.dll () MOD - C:\Programme\Buhl finance\tax Steuersoftware 2012\qtxmlrs47.dll () MOD - C:\Programme\Buhl finance\tax Steuersoftware 2012\qtguirs47.dll () MOD - C:\Programme\Buhl finance\tax Steuersoftware 2012\qtcorers47.dll () MOD - C:\Programme\Buhl finance\tax Steuersoftware 2012\qtnetworkrs47.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3097.37359__90ba9c70f846762e\MOM.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3091.17956__90ba9c70f846762e\NEWAEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3091.17977__90ba9c70f846762e\MOM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3097.37356__90ba9c70f846762e\LOG.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3091.17965__90ba9c70f846762e\LOG.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3091.17954__90ba9c70f846762e\LOG.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3091.17977__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3091.17963__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3006.0__4df5dcab8860d239\Framework.Utility.dll () MOD - C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3097.37411__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3006.0__3036420f80dd6947\Framework.Library.dll () MOD - C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3006.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3091.17981__90ba9c70f846762e\DEM.OS.I0602.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3091.17980__90ba9c70f846762e\DEM.OS.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3091.17981__90ba9c70f846762e\DEM.Graphics.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3091.17957__90ba9c70f846762e\CLI.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3091.17961__90ba9c70f846762e\CLI.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3091.18035__90ba9c70f846762e\CLI.Foundation.XManifest.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3091.17978__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3091.17970__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3097.37100__90ba9c70f846762e\CLI.Component.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory.resources\2.0.3097.37062_de_90ba9c70f846762e\CLI.Component.SkinFactory.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3097.37062__90ba9c70f846762e\CLI.Component.SkinFactory.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3097.37060__90ba9c70f846762e\CLI.Component.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3091.17979__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3091.17967__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3097.37059__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3091.17977__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3091.17968__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3097.37077__90ba9c70f846762e\CLI.Component.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3091.17970__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3091.17961__90ba9c70f846762e\CLI.Component.Client.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3091.17987__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3091.17970__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3097.37107__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3091.17993__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3097.37069__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3091.17982__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3097.37084__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3097.37379__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3097.37372__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3091.18001__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3097.37306__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3091.17992__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3097.37130__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3097.37137__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3091.17983__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3097.37090__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3097.37114__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3097.37093__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3097.37332__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3091.17993__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3097.37237__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3091.17976__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3097.37153__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3097.37277__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3091.17982__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3097.37278__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3097.37238__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3091.17990__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3097.37287__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3091.17992__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3097.37239__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3091.17990__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3097.37239__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3091.17979__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3097.37358__90ba9c70f846762e\CCC.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3097.37061__90ba9c70f846762e\ATIDEMOS.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3097.37057__90ba9c70f846762e\APM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3097.37058__90ba9c70f846762e\AEM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3097.37396__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3091.17977__90ba9c70f846762e\APM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3091.17968__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3091.17961__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3091.17968__90ba9c70f846762e\AEM.Server.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3091.17980__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3091.18004__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3091.17978__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3091.18004__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll () MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Windows\System32\atitmmxx.dll () MOD - C:\Windows\System32\SysHook.dll () MOD - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll () MOD - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll () MOD - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll () MOD - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll () MOD - C:\Programme\Launch Manager\PowerUtl.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.313\McCHSvc.exe (McAfee, Inc.) SRV - (SeaPort) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (AAV UpdateService) -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () SRV - (AcrSch2Svc) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (eDataSecurity Service) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe () SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe () ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (catchme) -- C:\Users\HAUPTB~1\AppData\Local\Temp\catchme.sys File not found DRV - (tdrpman124) -- C:\Windows\System32\drivers\tdrpm124.sys (Acronis) DRV - (snapman378) -- C:\Windows\System32\drivers\snman378.sys (Acronis) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices Inc.) DRV - (ahcix86s) -- C:\Windows\System32\drivers\ahcix86s.sys (AMD Technologies Inc.) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl (Cyberlink Corp.) DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.) DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.) DRV - (NTIPPKernel) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys (Cyberlink Corp.) DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3536314564-2519316015-1050042000-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3536314564-2519316015-1050042000-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 08 5F 19 63 A8 38 CC 01 [binary data] IE - HKU\S-1-5-21-3536314564-2519316015-1050042000-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3536314564-2519316015-1050042000-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-3536314564-2519316015-1050042000-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-3536314564-2519316015-1050042000-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/webhp?hl=de&tab=Xw" FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.4 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.313\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.04.06 13:13:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.06 11:15:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.06 11:14:25 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.06 11:15:23 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.06 11:14:25 | 000,000,000 | ---D | M] [2011.05.26 22:19:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hauptbenutzer\AppData\Roaming\mozilla\Extensions [2013.01.18 20:38:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hauptbenutzer\AppData\Roaming\mozilla\Firefox\Profiles\66xu3ay9.default\extensions [2011.05.26 22:19:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Hauptbenutzer\AppData\Roaming\mozilla\Firefox\Profiles\66xu3ay9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013.01.18 20:38:22 | 000,538,938 | ---- | M] () (No name found) -- C:\Users\Hauptbenutzer\AppData\Roaming\mozilla\firefox\profiles\66xu3ay9.default\extensions\toolbar@web.de.xpi [2013.01.18 20:38:27 | 000,002,273 | ---- | M] () -- C:\Users\Hauptbenutzer\AppData\Roaming\mozilla\firefox\profiles\66xu3ay9.default\searchplugins\englische-ergebnisse.xml [2013.01.18 20:38:26 | 000,010,563 | ---- | M] () -- C:\Users\Hauptbenutzer\AppData\Roaming\mozilla\firefox\profiles\66xu3ay9.default\searchplugins\gmx-suche.xml [2013.01.18 20:38:26 | 000,002,432 | ---- | M] () -- C:\Users\Hauptbenutzer\AppData\Roaming\mozilla\firefox\profiles\66xu3ay9.default\searchplugins\lastminute.xml [2013.01.18 20:38:26 | 000,005,545 | ---- | M] () -- C:\Users\Hauptbenutzer\AppData\Roaming\mozilla\firefox\profiles\66xu3ay9.default\searchplugins\webde-suche.xml [2013.02.06 11:14:23 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.02.06 11:14:23 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.02.06 11:15:23 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.02.16 12:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.04 19:05:59 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.16 12:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.02.16 12:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.16 12:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.16 12:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.313\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll () O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll () O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKU\S-1-5-21-3536314564-2519316015-1050042000-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKU\S-1-5-21-3536314564-2519316015-1050042000-1000\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll () O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Programme\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated) O4 - Startup: C:\Users\Hauptbenutzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Programme\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3536314564-2519316015-1050042000-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3536314564-2519316015-1050042000-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 10.13.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.100.198 80.69.102.158 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1FE02DFE-0767-48E6-96C2-F05D932B6E75}: DhcpNameServer = 80.69.100.198 80.69.102.158 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21A43059-8D0B-432B-B6BB-7427E6F51834}: DhcpNameServer = 192.168.182.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21A43059-8D0B-432B-B6BB-7427E6F51834}: NameServer = 145.253.2.11 O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Hauptbenutzer\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Hauptbenutzer\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.02.08 16:44:28 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.02.08 16:44:28 | 000,000,000 | ---D | C] -- C:\Users\Hauptbenutzer\AppData\Local\temp [2013.02.08 16:43:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.02.08 16:30:17 | 000,000,000 | ---D | C] -- C:\ComboFix [2013.02.07 19:40:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.02.07 19:40:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.02.07 19:40:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.02.07 19:31:49 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.02.07 19:31:31 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.02.07 19:29:46 | 005,031,093 | R--- | C] (Swearware) -- C:\Users\Hauptbenutzer\Desktop\ComboFix.exe [2013.02.07 12:03:32 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Hauptbenutzer\Desktop\tdsskiller.exe [2013.02.07 11:35:12 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Hauptbenutzer\Desktop\aswMBR.exe [2013.02.06 20:07:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.06 20:06:13 | 000,000,000 | ---D | C] -- C:\Users\Hauptbenutzer\Desktop\mbar-1.01.0.1017 [2013.02.06 19:52:32 | 000,000,000 | ---D | C] -- C:\Users\Hauptbenutzer\Desktop\board [2013.02.06 12:35:15 | 000,000,000 | ---D | C] -- C:\Users\Hauptbenutzer\Desktop\Logfiles [2013.02.06 11:14:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.02.06 10:53:32 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013.02.06 09:07:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hauptbenutzer\Desktop\OTL.exe [2013.02.05 18:09:10 | 078,991,448 | ---- | C] (Microsoft Corporation) -- C:\Users\Hauptbenutzer\Desktop\mserta.exe [2013.02.05 18:04:56 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013.02.05 18:04:43 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.02.05 18:04:43 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.02.05 18:04:43 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.02.05 17:58:50 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll [2013.02.05 17:58:06 | 000,000,000 | ---D | C] -- C:\Users\Hauptbenutzer\AppData\Local\Windows Live [2013.01.28 17:33:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2010.03.19 15:42:54 | 024,791,032 | ---- | C] (SiSoftware ) -- C:\Users\Hauptbenutzer\san2010-1626-BQR.exe [2005.07.04 16:35:43 | 000,155,648 | ---- | C] (Illustrate) -- C:\Program Files\WMA8Connect.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.09 09:47:48 | 000,628,918 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.02.09 09:47:48 | 000,596,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.02.09 09:47:48 | 000,126,692 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.02.09 09:47:48 | 000,104,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.02.09 09:42:20 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2013.02.09 09:42:10 | 000,006,836 | ---- | M] () -- C:\Users\Hauptbenutzer\AppData\Local\d3d9caps.dat [2013.02.09 09:42:03 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.09 09:42:03 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.09 09:42:02 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\klkmpnrxv.job [2013.02.09 09:41:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.09 09:38:46 | 000,582,209 | ---- | M] () -- C:\Users\Hauptbenutzer\Desktop\adwcleaner.exe [2013.02.08 11:03:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.07 19:39:40 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2013.02.07 19:30:06 | 005,031,093 | R--- | M] (Swearware) -- C:\Users\Hauptbenutzer\Desktop\ComboFix.exe [2013.02.07 12:03:35 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Hauptbenutzer\Desktop\tdsskiller.exe [2013.02.07 12:00:57 | 000,000,512 | ---- | M] () -- C:\Users\Hauptbenutzer\Desktop\MBR.dat [2013.02.07 11:36:22 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Hauptbenutzer\Desktop\aswMBR.exe [2013.02.06 20:04:49 | 013,562,257 | ---- | M] () -- C:\Users\Hauptbenutzer\Desktop\mbar-1.01.0.1017.zip [2013.02.06 10:53:26 | 247,245,430 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.02.06 10:30:31 | 000,365,568 | ---- | M] () -- C:\Users\Hauptbenutzer\Desktop\gmer_2.0.18454.exe [2013.02.06 09:07:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hauptbenutzer\Desktop\OTL.exe [2013.02.06 09:05:28 | 000,000,000 | ---- | M] () -- C:\Users\Hauptbenutzer\defogger_reenable [2013.02.06 09:04:23 | 000,050,477 | ---- | M] () -- C:\Users\Hauptbenutzer\Desktop\Defogger.exe [2013.02.05 18:10:06 | 078,991,448 | ---- | M] (Microsoft Corporation) -- C:\Users\Hauptbenutzer\Desktop\mserta.exe [2013.02.05 18:08:07 | 000,610,364 | ---- | M] () -- C:\Users\Hauptbenutzer\Desktop\msert.exe [2013.02.05 18:04:34 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.02.05 18:04:28 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013.02.05 18:04:28 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.02.05 18:04:27 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.02.05 18:04:26 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2013.02.05 18:04:26 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2013.02.05 14:28:05 | 000,098,304 | RHS- | M] () -- C:\Windows\System32\tquery8.dll [2013.01.30 11:53:21 | 000,232,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2013.01.28 17:33:46 | 000,001,915 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013.01.28 17:33:46 | 000,001,915 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013.01.26 08:59:29 | 000,024,064 | ---- | M] () -- C:\Users\Hauptbenutzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.01.23 19:09:14 | 000,479,924 | ---- | M] () -- C:\Users\Hauptbenutzer\Desktop\Fahrkarte Kornwestheim.pdf [2013.01.11 10:02:32 | 000,339,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.09 09:38:45 | 000,582,209 | ---- | C] () -- C:\Users\Hauptbenutzer\Desktop\adwcleaner.exe [2013.02.07 19:40:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.02.07 19:40:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.02.07 19:40:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.02.07 19:40:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.02.07 19:40:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.02.07 12:00:57 | 000,000,512 | ---- | C] () -- C:\Users\Hauptbenutzer\Desktop\MBR.dat [2013.02.06 20:04:27 | 013,562,257 | ---- | C] () -- C:\Users\Hauptbenutzer\Desktop\mbar-1.01.0.1017.zip [2013.02.06 10:53:26 | 247,245,430 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.02.06 10:30:29 | 000,365,568 | ---- | C] () -- C:\Users\Hauptbenutzer\Desktop\gmer_2.0.18454.exe [2013.02.06 09:05:28 | 000,000,000 | ---- | C] () -- C:\Users\Hauptbenutzer\defogger_reenable [2013.02.06 09:04:22 | 000,050,477 | ---- | C] () -- C:\Users\Hauptbenutzer\Desktop\Defogger.exe [2013.02.05 18:08:07 | 000,610,364 | ---- | C] () -- C:\Users\Hauptbenutzer\Desktop\msert.exe [2013.02.05 14:28:05 | 000,098,304 | RHS- | C] () -- C:\Windows\System32\tquery8.dll [2013.02.05 14:28:05 | 000,000,330 | ---- | C] () -- C:\Windows\tasks\klkmpnrxv.job [2013.01.28 17:33:46 | 000,001,915 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2012.08.13 10:08:08 | 000,014,217 | ---- | C] () -- C:\Program Files\readme.html [2012.05.08 13:15:36 | 000,000,005 | ---- | C] () -- C:\Program Files\basis-link [2011.10.30 12:16:47 | 000,000,931 | ---- | C] () -- C:\Windows\wiso.ini [2011.07.25 16:12:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.07.19 18:41:06 | 000,024,064 | ---- | C] () -- C:\Users\Hauptbenutzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.07.12 16:58:02 | 000,006,836 | ---- | C] () -- C:\Users\Hauptbenutzer\AppData\Local\d3d9caps.dat [2011.07.01 15:27:21 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2011.06.29 17:08:31 | 000,000,000 | ---- | C] () -- C:\ProgramData\PKP_DLdu.DAT [2011.05.26 22:40:17 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2011.05.26 22:40:17 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011.05.26 22:40:17 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2011.05.26 22:40:17 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe [2011.05.26 22:40:13 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2011.05.26 22:26:47 | 000,021,532 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat [2011.05.26 21:51:52 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.07.20 19:48:46 | 000,000,268 | RH-- | C] () -- C:\Users\Hauptbenutzer\AppData\Roaming\Sounds [2009.07.20 19:43:23 | 000,000,268 | RH-- | C] () -- C:\Users\Hauptbenutzer\AppData\Roaming\Solid Colors [2005.07.04 16:35:43 | 001,309,668 | ---- | C] () -- C:\Program Files\Line-In.pdf [2005.07.04 16:35:43 | 000,044,863 | ---- | C] () -- C:\Program Files\German.lng [2005.07.04 16:35:43 | 000,043,771 | ---- | C] () -- C:\Program Files\Italian.lng [2005.07.04 16:35:43 | 000,042,533 | ---- | C] () -- C:\Program Files\Spanish.lng [2005.07.04 16:35:42 | 000,899,072 | ---- | C] () -- C:\Program Files\audiograbber.exe [2005.07.04 16:35:42 | 000,178,412 | ---- | C] () -- C:\Program Files\Erste_Schritte.pdf [2005.07.04 16:35:42 | 000,046,092 | ---- | C] () -- C:\Program Files\French.lng [2005.07.04 16:35:42 | 000,036,352 | ---- | C] () -- C:\Program Files\ag12full.dll [2005.07.04 16:35:42 | 000,004,774 | ---- | C] () -- C:\Program Files\audiograbber.ini [2005.07.04 16:35:42 | 000,000,760 | ---- | C] () -- C:\Program Files\audiograbber.apr [2005.07.04 16:35:42 | 000,000,386 | ---- | C] () -- C:\Program Files\Auto.Nam ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 14:18:30 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 14:18:20 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 09.02.2013 09:49:29 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hauptbenutzer\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,75 Gb Total Physical Memory | 1,71 Gb Available Physical Memory | 62,14% Memory free
5,72 Gb Paging File | 4,66 Gb Available in Paging File | 81,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,17 Gb Total Space | 80,91 Gb Free Space | 56,12% Space Free | Partition Type: NTFS
Drive D: | 144,15 Gb Total Space | 102,05 Gb Free Space | 70,79% Space Free | Partition Type: NTFS
Computer Name: NOTEBOOK | User Name: Hauptbenutzer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3536314564-2519316015-1050042000-1000\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\fotobuch.de AG\Designer 2.0\Designer.exe" = C:\Program Files\fotobuch.de AG\Designer 2.0\Designer.exe:*:Designer.exe -- ()
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0290A9D5-CAD0-4407-B390-D2AF0AC9775E}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=c:\windows\system32\svchost.exe |
"{12A89E7C-C931-47E2-B6D2-93A1F16BA6F5}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=c:\windows\system32\svchost.exe |
"{1FFE0232-C298-4822-8958-18450E11D425}" = rport=2869 | protocol=6 | dir=out | app=system |
"{4018B5C4-5096-451D-B7D4-F0B49C4EE255}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{4964F629-1B19-441E-B74B-435856AE721F}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010c\wnt500x86\rpcsandrasrv.exe |
"{91077A8F-1CCD-4B67-9B76-541E03141F2C}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=c:\windows\system32\svchost.exe |
"{A428CC9E-B935-417B-AFBF-1EE3A909DE5B}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010c\wnt500x86\rpcsandrasrv.exe |
"{C5AB4ED1-B78A-4D4E-82BA-1561E77E9BBA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D80FEEDC-BE20-43A3-B319-B38F8385466D}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010c\wnt500x86\rpcsandrasrv.exe |
"{FB19F89E-42E3-495D-9B50-E6D393C559E2}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=c:\windows\system32\svchost.exe |
"{FD78CB7B-94F8-420B-8A29-02FFF9401500}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{062DDF7A-384F-40CD-8BB8-5F6E097F9CB3}" = dir=out | svc=sharedaccess | app=c:\windows\system32\svchost.exe |
"{29E790C3-5498-47B3-BCC6-21451B194C9B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{329FCCDF-B3F8-4CC7-A027-BE0536084AAB}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{4BEC6E19-6D0D-495D-98F2-BAD257870999}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010c\wnt500x86\rpcsandrasrv.exe |
"{5D481E14-DDB9-4ABD-B9ED-93A0920E9814}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{66CCA87C-61D0-4BC9-9BCB-F09A6602EAA5}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{702EFD6A-4AB8-4332-8998-50DBFBB66BE8}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010c\wnt500x86\rpcsandrasrv.exe |
"{74736D51-9D1C-4671-8899-A913BAE55D85}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{7A6DA532-0EA2-4DCF-98F2-E8464B824450}" = protocol=58 | dir=in | name=gemeinsame nutzung der internetverbindung (routeranfrage, eingehend) |
"{C8F282B3-B9F0-4B58-8498-B8DBA729EE76}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{C99FB232-79B2-4C58-80D4-5781C44CA1E9}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010c\wnt500x86\rpcsandrasrv.exe |
"{CF7B4E43-B2E8-418B-A8CC-5C530A767C97}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{F2FD1F76-5057-4A6B-B196-BEFA0F4A3DCD}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"TCP Query User{10906A7A-A1D1-4091-B7C1-3EE8A851ED34}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{2B6DDC35-FE18-4855-8026-9BC7854965AC}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06396923-449E-4881-DB30-9677EBFBE5ED}" = Catalyst Control Center Localization Dutch
"{0AD7E761-CDD9-79AD-6C0F-2CE53F7277DB}" = Catalyst Control Center Localization Japanese
"{0CAA0BF0-293D-32E7-BF40-99C26947B3B6}" = CCC Help Greek
"{0D0256AB-54EF-414E-A6D9-896610EBAB70}" = Catalyst Control Center Localization Thai
"{0E806605-5B82-4A4F-BC31-AA4FADA03C42}" = t@x 2012
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{16A31107-6828-ED37-8551-37888EA51D85}" = Catalyst Control Center Localization Chinese Standard
"{18855F72-E9B6-74C7-67DC-86CA6D775554}" = CCC Help Swedish
"{1D801B9D-9473-2001-2FB4-875F75C5CFFA}" = Catalyst Control Center Localization French
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{265B1C1D-9BD0-A416-D5FE-0710AC0A9592}" = CCC Help Italian
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java(TM) 6 Update 16
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{27C9470C-2077-F4AD-8921-9504D1B9BC83}" = Catalyst Control Center Graphics Light
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3066F7B1-5918-4E18-292B-1153283E2CC3}" = ATI Catalyst Install Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}" = Steuer-Spar-Erklärung 2009
"{33D8205B-9118-D20E-F94A-4B467BB46289}" = Catalyst Control Center Localization Chinese Traditional
"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis*True*Image*Home
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45CEBDDE-AD94-4C5A-999D-0D35CE61405B}_is1" = 1.5
"{4684B4D7-A90A-028E-F300-7C96761B1287}" = CCC Help Chinese Traditional
"{468789CE-4A7C-F9C8-9DB9-6F32827F1721}" = CCC Help Danish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{5122D45F-16C5-6E6C-4509-4EE321E8A45F}" = Catalyst Control Center Localization Finnish
"{5735B860-F404-20E5-2C4A-2108AFDF7DAB}" = CCC Help Polish
"{573CE82D-3BA8-1D84-9F59-87DD11EAFB79}" = CCC Help Norwegian
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{591137F5-39FD-BFEF-FA09-181F0FA9B9EF}" = CCC Help Hungarian
"{5AB587B5-8FAE-55F2-DB26-5A83234E3FDC}" = CCC Help Japanese
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{60C85C96-8D91-58AF-E5D0-4C53A0ACEE78}" = Catalyst Control Center Localization Polish
"{613D098B-93C6-A2DE-5319-FF7D2229DB2B}" = CCC Help German
"{67DEBF39-8470-344D-6332-969307D41805}" = CCC Help Chinese Standard
"{687BD5FD-DC50-A653-9022-A7113D50B331}" = CCC Help Korean
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73B5C7D2-30E4-5522-52BC-89677DFD8E32}" = Catalyst Control Center InstallProxy
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{781B8114-9EFF-BFF5-B7F7-7DCFE5571218}" = Catalyst Control Center Localization German
"{78D7D7CD-A06B-4514-ACBD-8055BF945A8E}" = InfoBibliothek 2
"{79866648-18CB-4C93-F124-31AFE54F9A9D}" = Catalyst Control Center Core Implementation
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7CAE5047-9916-477F-283A-8E994DFAAD21}" = Catalyst Control Center Localization Spanish
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{802F0F4E-A0A5-4E4D-9D7B-1933913EF7B6}" = Catalyst Control Center - Branding
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{849C1158-7421-893E-8E33-4312F49C1ADF}" = Catalyst Control Center Localization Greek
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EA318FC-D486-57D6-2A25-6BD247FA99DB}" = Catalyst Control Center Localization Norwegian
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90C26DA5-6780-0E5F-BC97-CAA7B5727E86}" = Catalyst Control Center Graphics Full Existing
"{925150D7-0CC2-D6DF-6066-3784CE22CEE7}" = Catalyst Control Center Localization Korean
"{946BA398-5A53-454E-8D39-1C02959C1727}" = AAVUpdateManager
"{966DE944-348D-01B7-F9B7-0F0D696F4076}" = Catalyst Control Center Localization Swedish
"{99F8744D-211D-42D9-CA25-1029F8E0912B}" = Catalyst Control Center Localization Portuguese
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C3FA7FD-9B70-C526-FA63-162783E1060D}" = CCC Help Portuguese
"{9D6271F2-6F0A-A259-085B-5BBD4F05A33E}" = Catalyst Control Center Localization Hungarian
"{A2694396-5508-3DB0-5308-7E6768DD7896}" = Catalyst Control Center Localization Turkish
"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A5FDB0FC-8DD0-E5D4-E031-922AE876403A}" = CCC Help Turkish
"{A64A5576-D862-44F8-89DC-2B17FCC9B86E}" = Broadcom Gigabit Integrated Controller
"{A79E4110-0087-E8AE-BD4F-A1883B2FD357}" = CCC Help French
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{B0414A3B-3AE3-47B8-8FC0-2129781FF425}" = t@x 2011
"{B316A8CE-F7F6-C99A-C41D-369A7CD33FC6}" = Catalyst Control Center Localization Danish
"{B44695F8-959E-95EC-F3AC-F734C9DC6DAE}" = Catalyst Control Center Localization Italian
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C08A4D67-6837-5097-CC0C-B5DFD60630B9}" = ccc-core-static
"{C0A1C9D6-9AC7-5B5A-6C25-B8FBC478BA8A}" = CCC Help Russian
"{C34686CD-A03B-1B48-8085-341CD632C0BC}" = Catalyst Control Center Graphics Full New
"{C83127E6-697A-7EEC-D53D-C089610D7F4A}" = CCC Help Dutch
"{C91E74DA-8852-D2BB-B3A2-60A9202E1732}" = CCC Help Thai
"{CAC9E80B-7515-0DB9-40BB-09B3703D90BB}" = Catalyst Control Center Localization Russian
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CD4D90B4-CC18-C176-B261-8BA8D5F644AB}" = CCC Help Czech
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DCD2B7EA-5452-DD3E-D008-2320C06862DB}" = CCC Help Finnish
"{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer Crystal Eye Webcam
"{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E7E36B90-24D7-E382-CEFB-6F293A2302F6}" = CCC Help English
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3E29994-EE0A-C417-7FDE-902B1D722460}" = Catalyst Control Center Localization Czech
"{F420F5B3-677A-779E-AEEC-81A00ED373FE}" = ccc-utility
"{F42D4CA6-E811-C8DA-D607-4F8A510D7953}" = CCC Help Spanish
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"ABC Amber Audio Converter" = ABC Amber Audio Converter
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Any Video Converter_is1" = Any Video Converter 3.3.5
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"Designer 2.0_is1" = Designer 2.0
"GridVista" = Acer GridVista
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InterActual Player" = InterActual Player
"LManager" = Launch Manager
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"RealPlayer 12.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3536314564-2519316015-1050042000-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 14.10.2012 12:53:35 | Computer Name = Notebook | Source = EventSystem | ID = 4621
Description =
Error - 16.10.2012 02:53:37 | Computer Name = Notebook | Source = WinMgmt | ID = 10
Description =
Error - 23.10.2012 01:46:54 | Computer Name = Notebook | Source = WinMgmt | ID = 10
Description =
Error - 23.10.2012 02:00:01 | Computer Name = Notebook | Source = EventSystem | ID = 4621
Description =
Error - 23.10.2012 08:37:01 | Computer Name = Notebook | Source = WinMgmt | ID = 10
Description =
Error - 23.10.2012 13:42:07 | Computer Name = Notebook | Source = WinMgmt | ID = 10
Description =
Error - 24.10.2012 02:30:22 | Computer Name = Notebook | Source = WinMgmt | ID = 10
Description =
Error - 24.10.2012 05:41:50 | Computer Name = Notebook | Source = WinMgmt | ID = 10
Description =
Error - 26.10.2012 04:15:30 | Computer Name = Notebook | Source = WinMgmt | ID = 10
Description =
Error - 26.10.2012 10:30:46 | Computer Name = Notebook | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 08.02.2013 11:46:44 | Computer Name = Notebook | Source = Service Control Manager | ID = 7000
Description =
Error - 08.02.2013 11:46:50 | Computer Name = Notebook | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
Error - 08.02.2013 11:46:50 | Computer Name = Notebook | Source = ipnathlp | ID = 30013
Description = Die DHCP-Zuweisung wurde für IP-Adresse 81.210.220.80 deaktiviert,
da die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der
die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die
IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb
dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.
Error - 09.02.2013 04:30:09 | Computer Name = Notebook | Source = Service Control Manager | ID = 7000
Description =
Error - 09.02.2013 04:30:17 | Computer Name = Notebook | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
Error - 09.02.2013 04:30:17 | Computer Name = Notebook | Source = ipnathlp | ID = 30013
Description = Die DHCP-Zuweisung wurde für IP-Adresse 176.198.104.203 deaktiviert,
da die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der
die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die
IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb
dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.
Error - 09.02.2013 04:42:17 | Computer Name = Notebook | Source = Service Control Manager | ID = 7000
Description =
Error - 09.02.2013 04:42:22 | Computer Name = Notebook | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
Error - 09.02.2013 04:42:22 | Computer Name = Notebook | Source = ipnathlp | ID = 30013
Description = Die DHCP-Zuweisung wurde für IP-Adresse 176.198.104.203 deaktiviert,
da die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der
die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die
IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb
dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.
Error - 09.02.2013 04:42:51 | Computer Name = Notebook | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
< End of report >
Grüße Regine |
|
| Themen zu Sicherheitscenter bei Windows Vista lässt sich nicht starten |
| adobe, adobe flash player, autorun, bho, defender, error, explorer, firefox, flash player, frage, helper, home, launch, logfile, monitor, mozilla, notebook, plug-in, popup, programme, registry, scan, security, starten, vista, windows, wma |
Linear-Darstellung
