| |
| |||||||
Log-Analyse und Auswertung: EXP/CVE-2013-0422 gefundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
26.03.2013, 19:48
| #1 |
 |  EXP/CVE-2013-0422 gefunden Hallo Ich glaube ich brauche einen fachkundigen Rat. Habe gestern einen unerwüschten Gast mit dem Namen EXP/CVE-2013-0422 mit avira gefunden und gelöscht. War mir aber sicher, dass da nicht alles beseitigt wurde was Schaden anrichten kann.  Daher habe ich mir heute euren Defogger geholt. Und nach Anleitung laufen lassen. Ich bekam ein defogger disable log: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:15 on 26/03/2013 (Ralf)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Danke im Voraus  Hein Bagaluth PS: Anbei das log von avscan: Code:
ATTFilter Avira Free Antivirus
Erstellungsdatum der Reportdatei: Montag, 25. März 2013 08:26
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Professional
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : BAGALUTH01
Versionsinformationen:
BUILD.DAT : 13.0.0.3185 47702 Bytes 30.01.2013 10:05:00
AVSCAN.EXE : 13.6.0.584 640224 Bytes 12.02.2013 12:46:16
AVSCANRC.DLL : 13.4.0.360 64800 Bytes 28.11.2012 14:09:15
LUKE.DLL : 13.6.0.602 67808 Bytes 12.02.2013 12:46:38
AVSCPLR.DLL : 13.6.0.986 94944 Bytes 21.03.2013 17:12:36
AVREG.DLL : 13.6.0.940 250592 Bytes 21.03.2013 17:12:35
avlode.dll : 13.6.2.624 434912 Bytes 07.02.2013 06:40:42
avlode.rdf : 13.0.0.44 15591 Bytes 21.03.2013 17:12:36
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 13:50:29
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 13:50:31
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 13:50:34
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 13:50:36
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 13:50:37
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 13:42:40
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 13:42:40
VBASE007.VDF : 7.11.50.230 3904512 Bytes 22.11.2012 12:43:11
VBASE008.VDF : 7.11.65.172 9122816 Bytes 21.03.2013 17:12:29
VBASE009.VDF : 7.11.65.173 2048 Bytes 21.03.2013 17:12:29
VBASE010.VDF : 7.11.65.174 2048 Bytes 21.03.2013 17:12:29
VBASE011.VDF : 7.11.65.175 2048 Bytes 21.03.2013 17:12:30
VBASE012.VDF : 7.11.65.176 2048 Bytes 21.03.2013 17:12:30
VBASE013.VDF : 7.11.66.48 120832 Bytes 22.03.2013 19:42:46
VBASE014.VDF : 7.11.66.133 339456 Bytes 24.03.2013 17:32:21
VBASE015.VDF : 7.11.66.134 2048 Bytes 24.03.2013 17:32:21
VBASE016.VDF : 7.11.66.135 2048 Bytes 24.03.2013 17:32:21
VBASE017.VDF : 7.11.66.136 2048 Bytes 24.03.2013 17:32:21
VBASE018.VDF : 7.11.66.137 2048 Bytes 24.03.2013 17:32:21
VBASE019.VDF : 7.11.66.138 2048 Bytes 24.03.2013 17:32:21
VBASE020.VDF : 7.11.66.139 2048 Bytes 24.03.2013 17:32:21
VBASE021.VDF : 7.11.66.140 2048 Bytes 24.03.2013 17:32:21
VBASE022.VDF : 7.11.66.141 2048 Bytes 24.03.2013 17:32:21
VBASE023.VDF : 7.11.66.142 2048 Bytes 24.03.2013 17:32:21
VBASE024.VDF : 7.11.66.143 2048 Bytes 24.03.2013 17:32:21
VBASE025.VDF : 7.11.66.144 2048 Bytes 24.03.2013 17:32:21
VBASE026.VDF : 7.11.66.145 2048 Bytes 24.03.2013 17:32:21
VBASE027.VDF : 7.11.66.146 2048 Bytes 24.03.2013 17:32:21
VBASE028.VDF : 7.11.66.147 2048 Bytes 24.03.2013 17:32:22
VBASE029.VDF : 7.11.66.148 2048 Bytes 24.03.2013 17:32:23
VBASE030.VDF : 7.11.66.149 2048 Bytes 24.03.2013 17:32:23
VBASE031.VDF : 7.11.66.198 132608 Bytes 25.03.2013 06:56:22
Engineversion : 8.2.12.18
AEVDF.DLL : 8.1.2.10 102772 Bytes 19.09.2012 13:42:55
AESCRIPT.DLL : 8.1.4.100 475517 Bytes 21.03.2013 17:12:35
AESCN.DLL : 8.1.10.0 131445 Bytes 22.12.2012 15:06:55
AESBX.DLL : 8.2.5.12 606578 Bytes 28.08.2012 15:58:06
AERDL.DLL : 8.2.0.88 643444 Bytes 10.01.2013 20:07:52
AEPACK.DLL : 8.3.2.2 827767 Bytes 14.03.2013 15:57:39
AEOFFICE.DLL : 8.1.2.56 205180 Bytes 08.03.2013 16:46:37
AEHEUR.DLL : 8.1.4.258 5853561 Bytes 21.03.2013 17:12:34
AEHELP.DLL : 8.1.25.2 258423 Bytes 12.10.2012 14:52:32
AEGEN.DLL : 8.1.6.16 434549 Bytes 25.01.2013 06:39:19
AEEXP.DLL : 8.4.0.14 192886 Bytes 21.03.2013 17:12:35
AEEMU.DLL : 8.1.3.2 393587 Bytes 19.09.2012 13:42:55
AECORE.DLL : 8.1.31.2 201080 Bytes 19.02.2013 18:48:19
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 14:00:38
AVWINLL.DLL : 13.6.0.480 26480 Bytes 12.02.2013 12:45:38
AVPREF.DLL : 13.6.0.480 51056 Bytes 12.02.2013 12:46:15
AVREP.DLL : 13.6.0.480 178544 Bytes 07.02.2013 06:40:42
AVARKT.DLL : 13.6.0.624 260832 Bytes 12.02.2013 12:45:53
AVEVTLOG.DLL : 13.6.0.600 167648 Bytes 12.02.2013 12:46:07
SQLITE3.DLL : 3.7.0.1 397088 Bytes 19.09.2012 17:17:40
AVSMTP.DLL : 13.6.0.480 62832 Bytes 12.02.2013 12:46:17
NETNT.DLL : 13.6.0.480 16240 Bytes 12.02.2013 12:46:38
RCIMAGE.DLL : 13.4.0.360 4780832 Bytes 28.11.2012 14:09:40
RCTEXT.DLL : 13.6.0.480 68976 Bytes 12.02.2013 12:45:38
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: ein
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +PCK,+SPR,
Beginn des Suchlaufs: Montag, 25. März 2013 08:26
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'SearchProtocolHost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_5_502_149.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_5_502_149.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '122' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '119' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '102' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '129' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxsrvc.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxext.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'WHSTrayApp.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'TdmNotify.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'BtStackServer.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'DCPSysMgr.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTTray.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'qttask.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxtray.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '91' Modul(e) wurden durchsucht
Durchsuche Prozess 'acrotray.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'ZuneLauncher.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'PDVDDXSrv.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'BcmDeviceAndTaskStatusService.exe' - '135' Modul(e) wurden durchsucht
Durchsuche Prozess 'WavXDocMgr.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dell.UCM.exe' - '112' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dell.ControlPoint.exe' - '118' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAAnotif.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'sttray.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'softLCP.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '205' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'Microsoft.HomeServer.Archive.TransferService.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'WHSConnector.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'TdmService.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'softOSD.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'RegSrvc.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAANTMon.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'EvtEng.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'esClient.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'DCPSysMgrSvc.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'DCPButtonSvc.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'btwdins.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'SeaPort.EXE' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'SMManager.exe' - '109' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '102' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLANExt.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'STacSV.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '163' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '90' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '131' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '99' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'AtService.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Untersuchung der Systemdateien wird begonnen:
Signiert -> 'C:\Windows\system32\svchost.exe'
Signiert -> 'C:\Windows\system32\winlogon.exe'
Signiert -> 'C:\Windows\system32\smss.exe'
Signiert -> 'C:\Windows\system32\wininet.DLL'
Signiert -> 'C:\Windows\system32\wsock32.DLL'
Signiert -> 'C:\Windows\system32\ws2_32.DLL'
Signiert -> 'C:\Windows\system32\services.exe'
Signiert -> 'C:\Windows\system32\lsass.exe'
Signiert -> 'C:\Windows\system32\csrss.exe'
Signiert -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signiert -> 'C:\Windows\system32\spoolsv.exe'
Signiert -> 'C:\Windows\system32\alg.exe'
Signiert -> 'C:\Windows\system32\wuauclt.exe'
Signiert -> 'C:\Windows\system32\advapi32.DLL'
Signiert -> 'C:\Windows\system32\user32.DLL'
Signiert -> 'C:\Windows\system32\gdi32.DLL'
Signiert -> 'C:\Windows\system32\kernel32.DLL'
Signiert -> 'C:\Windows\system32\ntdll.DLL'
Signiert -> 'C:\Windows\system32\ntoskrnl.exe'
Signiert -> 'C:\Windows\system32\ctfmon.exe'
Die Systemdateien wurden durchsucht ('20' Dateien)
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '3196' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <OS>
[0] Archivtyp: OVL
--> C:\$Recycle.Bin\S-1-5-21-1790561669-2274727820-2957284719-1001\$R2KJJVI.exe
[1] Archivtyp: Runtime Packed
--> C:\Program Files\Zune\Drivers\Zune\WUDFUpdate_01009.dll
[2] Archivtyp: RSRC
--> C:\Users\Ralf\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\45OQ3JGJ\X10_GB_Signed_All_1.00.002[1].cab
[3] Archivtyp: CAB (Microsoft)
--> amd64\WUDFUpdate_01007.dll
[4] Archivtyp: RSRC
--> C:\Users\Ralf\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0P4PPZ6\ed6.0_Signed_All_1.00.001[1].cab
[5] Archivtyp: CAB (Microsoft)
--> amd64\winusbcoinstaller2.dll
[6] Archivtyp: RSRC
--> amd64\WUDFUpdate_01009.dll
[7] Archivtyp: RSRC
--> i386\winusbcoinstaller2.dll
[8] Archivtyp: RSRC
--> C:\Users\Ralf\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZSRWD9AH\ed4.0.1_Signed_All_1.00.001[1].cab
[9] Archivtyp: CAB (Microsoft)
--> amd64\WUDFUpdate_01007.dll
[10] Archivtyp: RSRC
--> C:\Users\Ralf\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe
[11] Archivtyp: Runtime Packed
--> C:\Users\Ralf\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
[12] Archivtyp: Runtime Packed
--> C:\Users\Ralf\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
[13] Archivtyp: Runtime Packed
--> C:\Users\Ralf\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
[14] Archivtyp: Runtime Packed
--> C:\Users\Ralf\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
[15] Archivtyp: Runtime Packed
--> C:\Users\Ralf\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
[16] Archivtyp: Runtime Packed
--> C:\Users\Ralf\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
[17] Archivtyp: Runtime Packed
--> C:\Users\Ralf\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
[18] Archivtyp: Runtime Packed
--> C:\Users\Ralf\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
[19] Archivtyp: Runtime Packed
--> C:\Users\Ralf\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
[20] Archivtyp: Runtime Packed
--> C:\Users\Ralf\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
[21] Archivtyp: Runtime Packed
--> C:\Users\Ralf\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe
[22] Archivtyp: Runtime Packed
--> C:\Users\Ralf\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
[23] Archivtyp: Runtime Packed
--> C:\Users\Ralf\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\6bdbb498-103e3aa1
[24] Archivtyp: ZIP
--> Baalonm.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Strex.AV
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> Badalon.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2013-0422.I
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> Fonra.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.QV.2
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> Lizixk.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Treams.IW.2
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> MNoovae.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.RW
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> Valox.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2013-0422.J
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> Zend.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2013-0422
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Ralf\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\6bdbb498-103e3aa1
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2013-0422
Beginne mit der Suche in 'D:\' <Daten>
Beginne mit der Desinfektion:
C:\Users\Ralf\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\6bdbb498-103e3aa1
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2013-0422
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5fa23408.qua' verschoben!
Ende des Suchlaufs: Montag, 25. März 2013 19:41
Benötigte Zeit: 1:31:01 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
25240 Verzeichnisse wurden überprüft
895849 Dateien wurden geprüft
8 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
895841 Dateien ohne Befall
8243 Archive wurden durchsucht
7 Warnungen
1 Hinweise
637157 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
|
|
26.03.2013, 23:25
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | EXP/CVE-2013-0422 gefunden Hallo und
__________________ Zitat:
Warum hast du eine Professional-Edition von Windows, brauchst du das als Heimanwender? Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner? Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
27.03.2013, 07:25
| #3 |
| | EXP/CVE-2013-0422 gefunden Außer der folgenden Ereignismeldung nix mehr.
__________________Der Scan 3 Tage vorher hatte keinen Schadcode gefunden. Avira Ereignismeldung: Code:
ATTFilter Exportierte Ereignisse:
25.03.2013 19:41 [System-Scanner] Malware gefunden
Die Datei
'C:\Users\Ralf\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\6bdbb498-103e3a
a1'
enthielt einen Virus oder unerwünschtes Programm 'EXP/CVE-2013-0422' [exploit].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5fa23408.qua'
verschoben!
Router geht über Wanddose ins eigene LAN auf eine Netgear Prosafe Firewall und der Restr der Dosen in der Wohnung werden über den Switch der Firewall verbunden. Der unerwüschte Gast ist bei mir der erste in 3 Jahren. Aber meine Frau (Sparkle01) hatte sich vor ca. 3 Monaten einen Virus gefangen und dank Deiner Hilfe wieder gekillt. Ach ja Grüße auch von sparkle01 Ralf Alias Hein Bagaluth Geändert von Bagaluth (27.03.2013 um 07:33 Uhr) |
|
27.03.2013, 13:00
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | EXP/CVE-2013-0422 gefundenZitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
27.03.2013, 19:22
| #5 |
| | EXP/CVE-2013-0422 gefunden Rein private Nutzung OK ab und an als Softwaretester für Wirtschaftssimmulationsspiele der Firma ASCARON die jetzt pleite ist. Aber meine Lieblingsserie "Patrizier" hatte gaming-minds unter dem Dach von Kalypso weiter geführt. Da ich für das Spieletesten keinen cent bekomme, fällt das auch unter rein Privat. |
|
28.03.2013, 12:07
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | EXP/CVE-2013-0422 gefunden Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Erstmal eine Kontrolle mit OTL bitte:
__________________ --> EXP/CVE-2013-0422 gefunden |
|
28.03.2013, 18:40
| #7 |
| | EXP/CVE-2013-0422 gefunden THX 1. OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 28.03.2013 18:23:32 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ralf\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16521) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,46 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 67,37% Memory free 6,91 Gb Paging File | 5,57 Gb Available in Paging File | 80,61% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 94,67 Gb Total Space | 59,78 Gb Free Space | 63,14% Space Free | Partition Type: NTFS Drive D: | 123,52 Gb Total Space | 75,60 Gb Free Space | 61,20% Space Free | Partition Type: NTFS Drive F: | 7,38 Gb Total Space | 7,20 Gb Free Space | 97,52% Space Free | Partition Type: FAT32 Computer Name: BAGALUTH01 | User Name: Ralf | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Ralf\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Programme\Zune\ZuneLauncher.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe (Microsoft Corporation) PRC - C:\Programme\Windows Home Server\WHSTrayApp.exe (Microsoft Corporation) PRC - C:\Programme\Windows Home Server\WHSConnector.exe (Microsoft Corporation) PRC - C:\Programme\Windows Home Server\esClient.exe (Microsoft Corporation) PRC - C:\Windows\System32\softLCP.exe (EnTech Taiwan) PRC - C:\Programme\softOSD\softOSD.exe (EnTech Taiwan) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation) PRC - C:\Programme\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.) PRC - C:\Programme\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe (Smith Micro Software, Inc.) PRC - C:\Programme\Dell\Dell ControlPoint\Connection Manager\SMManager.exe (Smith Micro Software, Inc.) PRC - C:\Programme\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.) PRC - c:\Programme\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe (Dell Inc.) PRC - C:\Programme\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.) PRC - C:\Programme\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.) PRC - C:\Programme\Dell\Dell ControlPoint\DCPButtonSvc.exe (Dell Inc.) PRC - C:\Programme\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.) PRC - c:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - c:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\stacsv.exe (IDT, Inc.) PRC - C:\Programme\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) PRC - C:\Programme\Fingerprint Sensor\AtService.exe (AuthenTec, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\Status Lib\1.6.453.27565__f25c74fcad379103\Status Lib.dll () MOD - C:\Windows\assembly\GAC_MSIL\StatusInterfaces\1.6.453.27562__4ca2a925deedf37d\StatusInterfaces.dll () MOD - C:\Programme\Dell\Dell ControlPoint\Connection Manager\SmithMicro.Message.XmlSerializers.dll () MOD - C:\Programme\Wave Systems Corp\Services Manager\DocMgr\bin\ContextMenuItem.dll () MOD - C:\Windows\System32\wxvault.dll () MOD - C:\Windows\System32\Wavx_ESC_Logging.dll () MOD - C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll () MOD - C:\Programme\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_DEU.dll () MOD - C:\Programme\WinZip\WZSHLEXT.DLL () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (BBUpdate) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (ZuneWlanCfgSvc) -- C:\Programme\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation) SRV - (WMZuneComm) -- C:\Programme\Zune\WMZuneComm.exe (Microsoft Corporation) SRV - (ZuneNetworkSvc) -- C:\Programme\Zune\ZuneNss.exe (Microsoft Corporation) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (arXfrSvc) -- C:\Programme\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe (Microsoft Corporation) SRV - (WHSConnector) -- C:\Programme\Windows Home Server\WHSConnector.exe (Microsoft Corporation) SRV - (esClient) -- C:\Programme\Windows Home Server\esClient.exe (Microsoft Corporation) SRV - (softOSD) -- C:\Programme\softOSD\softOSD.exe (EnTech Taiwan) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (SMManager) -- C:\Programme\Dell\Dell ControlPoint\Connection Manager\SMManager.exe (Smith Micro Software, Inc.) SRV - (dcpsysmgrsvc) -- c:\Programme\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe (Dell Inc.) SRV - (TdmService) -- C:\Programme\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.) SRV - (buttonsvc32) -- C:\Programme\Dell\Dell ControlPoint\DCPButtonSvc.exe (Dell Inc.) SRV - (SecureStorageService) -- C:\Programme\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.) SRV - (EvtEng) -- c:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) -- c:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\stacsv.exe (IDT, Inc.) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ATService) -- C:\Programme\Fingerprint Sensor\AtService.exe (AuthenTec, Inc.) SRV - (tcsd_win32.exe) -- C:\Programme\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe () ========== Driver Services (SafeList) ========== DRV - (NvtSp50) -- System32\Drivers\NvtSp50.sys File not found DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (HssDRV6) -- C:\Windows\System32\drivers\hssdrv6.sys (AnchorFree Inc.) DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (hwpsgt) -- C:\Windows\System32\drivers\hwpsgt.sys () DRV - (lemsgt) -- C:\Windows\System32\drivers\lemsgt.sys () DRV - (pwdrvio) -- C:\Windows\System32\pwdrvio.sys () DRV - (pwdspio) -- C:\Windows\System32\pwdspio.sys () DRV - (IntcHdmiAddService) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation) DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (WavxDMgr) -- C:\Windows\System32\drivers\WavxDMgr.sys (Wave Systems Corp.) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (NETw5s32) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (rixdpcie) -- C:\Windows\System32\drivers\rixdpe86.sys (REDC) DRV - (rimspci) -- C:\Windows\System32\drivers\rimspe86.sys (REDC) DRV - (risdpcie) -- C:\Windows\System32\drivers\risdpe86.sys (REDC) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (Blfp) -- C:\Windows\System32\drivers\basp.sys (Broadcom Corporation) DRV - (KMWDFILTERx86) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider) DRV - (PBADRV) -- C:\Windows\System32\drivers\PBADRV.sys (Dell Inc) DRV - (se32) -- C:\Windows\System32\drivers\se32.sys (EnTech Taiwan) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {9B7E30B1-98A4-41EC-8D65-3EE9EC23072E} IE - HKLM\..\SearchScopes\{9B7E30B1-98A4-41EC-8D65-3EE9EC23072E}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1790561669-2274727820-2957284719-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USREL/8 IE - HKU\S-1-5-21-1790561669-2274727820-2957284719-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USREL/8 IE - HKU\S-1-5-21-1790561669-2274727820-2957284719-1001\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - No CLSID value found IE - HKU\S-1-5-21-1790561669-2274727820-2957284719-1001\..\SearchScopes,DefaultScope = {9B7E30B1-98A4-41EC-8D65-3EE9EC23072E} IE - HKU\S-1-5-21-1790561669-2274727820-2957284719-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013.01.10 21:05:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 12:04:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.08 12:03:59 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 12:04:01 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.08 12:03:59 | 000,000,000 | ---D | M] [2010.05.06 11:33:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ralf\AppData\Roaming\mozilla\Extensions [2012.12.04 20:25:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ralf\AppData\Roaming\mozilla\Firefox\Profiles\g0id3223.default\extensions [2012.12.04 20:25:02 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Ralf\AppData\Roaming\mozilla\Firefox\Profiles\g0id3223.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013.03.08 12:03:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.03.08 12:04:01 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013.03.07 13:57:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.03.07 13:57:44 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.03.07 13:57:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.03.07 13:57:44 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.07 13:57:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.03.07 13:57:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (BrowserHelper Class) - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Programme\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Programme\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-1790561669-2274727820-2957284719-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-1790561669-2274727820-2957284719-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DellConnectionManager] C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe (Smith Micro Software, Inc.) O4 - HKLM..\Run: [DellControlPoint] C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.) O4 - HKLM..\Run: [FLMMEDIONMOUSE] C:\Program Files\Browser mouse\1.3\mouse32a.exe File not found O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [USCService] C:\Programme\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation) O4 - HKLM..\Run: [WavXMgr] C:\Programme\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.) O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Anexar em PDF existente - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Bild in &Microsoft PhotoDraw öffnen - D:\Program Files\Microsoft Office\Office\1031\PHDINTL.DLL (Microsoft Corporation) O8 - Extra context menu item: Converter destino de link em Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html File not found O8 - Extra context menu item: Converter destino de link em PDF existente - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html File not found O8 - Extra context menu item: Converter links selecionados em PDF existente - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88BFC201-D051-49D0-9D8B-0A43DBBD3ED5}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.28 18:19:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ralf\Desktop\OTL.exe [2013.03.25 00:59:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\(RECOVERY) [2013.03.22 03:01:08 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.03.22 03:01:08 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.03.22 03:01:08 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe [2013.03.22 03:01:08 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.03.22 03:01:08 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.03.22 03:01:08 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll [2013.03.22 03:01:08 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2013.03.22 03:01:08 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2013.03.22 03:01:08 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2013.03.22 03:01:08 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2013.03.22 03:01:08 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.03.22 03:01:08 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2013.03.22 03:01:08 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2013.03.22 03:01:08 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013.03.22 03:01:08 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2013.03.22 03:01:08 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2013.03.22 03:01:08 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013.03.22 03:01:08 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2013.03.22 03:01:08 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2013.03.22 03:01:08 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2013.03.22 03:01:08 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.03.22 03:01:08 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2013.03.22 03:01:08 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2013.03.22 03:01:07 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.03.22 03:01:07 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2013.03.22 03:01:07 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll [2013.03.22 03:01:07 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2013.03.22 03:01:07 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2013.03.22 03:01:07 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2013.03.22 03:01:07 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2013.03.22 03:01:07 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.03.22 03:01:07 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2013.03.22 03:01:07 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013.03.22 03:01:07 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013.03.22 03:01:07 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013.03.22 03:01:07 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2013.03.21 16:57:38 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys [2013.03.08 12:03:57 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.03.08 11:43:33 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013.03.08 11:43:25 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.03.08 11:43:25 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.03.08 11:43:25 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.03.08 11:43:19 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.02.27 03:00:27 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll [2013.02.27 03:00:24 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2013.02.27 03:00:22 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll [2013.02.27 03:00:22 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2013.02.27 03:00:22 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2013.02.27 03:00:22 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.27 03:00:22 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.27 03:00:22 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.27 03:00:22 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.27 03:00:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.27 03:00:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.27 03:00:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.27 03:00:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.27 03:00:22 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.27 03:00:21 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2013.02.27 03:00:21 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2013.02.27 03:00:21 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2013.02.27 03:00:21 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2013.02.27 03:00:21 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2013.02.27 03:00:21 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2013.02.27 03:00:21 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2013.02.27 03:00:21 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2013.02.27 03:00:21 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2013.02.27 03:00:21 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2013.02.27 03:00:20 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll ========== Files - Modified Within 30 Days ========== [2013.03.28 18:14:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.28 07:50:01 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.28 07:50:01 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.28 07:47:23 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.03.28 07:47:23 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.03.28 07:47:23 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.03.28 07:47:23 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.03.28 07:43:08 | 000,000,000 | ---- | M] () -- C:\Users\Ralf\AppData\Local\WavXMapDrive.bat [2013.03.28 07:42:49 | 000,001,024 | ---- | M] () -- C:\.rnd [2013.03.28 07:42:26 | 2783,313,920 | -HS- | M] () -- C:\hiberfil.sys [2013.03.26 19:15:51 | 000,000,000 | ---- | M] () -- C:\Users\Ralf\defogger_reenable [2013.03.25 20:30:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ralf\Desktop\OTL.exe [2013.03.25 20:30:05 | 000,050,477 | ---- | M] () -- C:\Users\Ralf\Desktop\Defogger.exe [2013.03.22 03:01:08 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.03.22 03:01:08 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.03.22 03:01:08 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe [2013.03.22 03:01:08 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.03.22 03:01:08 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.03.22 03:01:08 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll [2013.03.22 03:01:08 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2013.03.22 03:01:08 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2013.03.22 03:01:08 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2013.03.22 03:01:08 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2013.03.22 03:01:08 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.03.22 03:01:08 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2013.03.22 03:01:08 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2013.03.22 03:01:08 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013.03.22 03:01:08 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2013.03.22 03:01:08 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2013.03.22 03:01:08 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013.03.22 03:01:08 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2013.03.22 03:01:08 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2013.03.22 03:01:08 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2013.03.22 03:01:08 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.03.22 03:01:08 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2013.03.22 03:01:08 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2013.03.22 03:01:07 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.03.22 03:01:07 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2013.03.22 03:01:07 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll [2013.03.22 03:01:07 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2013.03.22 03:01:07 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2013.03.22 03:01:07 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2013.03.22 03:01:07 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2013.03.22 03:01:07 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.03.22 03:01:07 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2013.03.22 03:01:07 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013.03.22 03:01:07 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013.03.22 03:01:07 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013.03.22 03:01:07 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2013.03.22 03:01:07 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2013.03.14 17:25:53 | 000,597,315 | ---- | M] () -- C:\Users\Ralf\Desktop\VC-13-0025.pdf [2013.03.14 17:25:34 | 000,068,188 | ---- | M] () -- C:\Users\Ralf\Desktop\HS_IN-13-0058_1.pdf [2013.03.08 11:43:20 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2013.03.08 11:43:20 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2013.03.08 11:43:20 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013.03.08 11:43:20 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.03.08 11:43:20 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.03.08 11:43:20 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll ========== Files Created - No Company Name ========== [2013.03.28 07:42:49 | 000,001,024 | ---- | C] () -- C:\.rnd [2013.03.26 19:15:51 | 000,000,000 | ---- | C] () -- C:\Users\Ralf\defogger_reenable [2013.03.26 19:12:02 | 000,050,477 | ---- | C] () -- C:\Users\Ralf\Desktop\Defogger.exe [2013.03.22 03:01:07 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2013.03.14 17:25:52 | 000,597,315 | ---- | C] () -- C:\Users\Ralf\Desktop\VC-13-0025.pdf [2013.03.14 17:25:34 | 000,068,188 | ---- | C] () -- C:\Users\Ralf\Desktop\HS_IN-13-0058_1.pdf [2012.06.23 16:36:26 | 000,000,336 | ---- | C] () -- C:\Windows\BRCALIB.INI [2011.05.19 13:03:08 | 000,013,824 | ---- | C] () -- C:\Users\Ralf\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.28 19:37:47 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.01.11 21:34:11 | 000,000,036 | ---- | C] () -- C:\Users\Ralf\AppData\Local\housecall.guid.cache [2010.05.03 15:24:57 | 000,000,000 | ---- | C] () -- C:\Users\Ralf\AppData\Local\WavXMapDrive.bat ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 183 bytes -> C:\ProgramData\TEMP:C5760A8B < End of report > 2. Extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 28.03.2013 18:23:32 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ralf\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,46 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 67,37% Memory free
6,91 Gb Paging File | 5,57 Gb Available in Paging File | 80,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 94,67 Gb Total Space | 59,78 Gb Free Space | 63,14% Space Free | Partition Type: NTFS
Drive D: | 123,52 Gb Total Space | 75,60 Gb Free Space | 61,20% Space Free | Partition Type: NTFS
Drive F: | 7,38 Gb Total Space | 7,20 Gb Free Space | 97,52% Space Free | Partition Type: FAT32
Computer Name: BAGALUTH01 | User Name: Ralf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1790561669-2274727820-2957284719-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{010EE015-B97F-4B7C-8B9A-EBE2EF863491}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{10CA47EC-FD70-41E2-9792-418B84163DD2}" = lport=8912 | protocol=6 | dir=in | name=acer hsra tcp |
"{29195B44-2B00-48D5-8664-A7FB7700977D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{316601B2-81D6-46BA-AB9D-FC7203BBA50E}" = lport=8912 | protocol=17 | dir=in | name=acer hsra udp |
"{39A01995-0168-407B-B923-B7D66EC517C8}" = lport=137 | protocol=17 | dir=in | app=system |
"{3E332641-BA89-46A5-B02D-770C026A86CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{44AEF9BF-DF06-47BC-B63E-42F5C6EBA13E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{738FD48D-40B8-41DE-9459-0C6D1A0634AE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7421D66A-1EE0-4A70-806D-448E94BB781F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{793093C3-0A6E-49C5-94BE-620956DED256}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7F80B7FC-0D97-4E2C-8345-7D284633F27B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{818F1166-DD70-4DC9-8DCD-F6A687365360}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{82AF4CE7-FA1F-4801-BB80-C9561CD1A26F}" = rport=445 | protocol=6 | dir=out | app=system |
"{867659FE-6C97-4FA8-A424-650404043594}" = lport=445 | protocol=6 | dir=in | app=system |
"{9526B846-BB57-43C2-923D-90514C9776D4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{989F2FD6-F59A-40DB-BEF9-1A992F7A699C}" = rport=139 | protocol=6 | dir=out | app=system |
"{9A3FCE6C-74E4-4C44-A3AC-9FBF4810F814}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9FB34FD5-DF92-4E58-BA0D-D86CEE8232FE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A81FA514-E292-4515-BAAB-7A7D585C1E7F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B6145DDC-E2DD-428F-BEFA-8ED2E45F2793}" = rport=138 | protocol=17 | dir=out | app=system |
"{D0226D4B-D9BE-404D-8932-A0BD6DDE4C40}" = lport=138 | protocol=17 | dir=in | app=system |
"{D1748121-7C60-44A5-B563-5E26BF449481}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DFE4D1F6-0D2D-40C0-8B71-218C0E45BE21}" = rport=137 | protocol=17 | dir=out | app=system |
"{E5ED69D1-5724-4E93-BCF7-9E44B66B8F07}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EC86621B-89DB-4F2D-84EB-6C280D70337D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F243C2C3-0A2C-4FCF-BC97-FA737D6BEBBE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F46201A9-FB33-4CFF-83D6-1778B69CDC0E}" = lport=139 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1564D455-FF1F-4554-B552-BECCBA919C3E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{17D0DCA9-6BE3-4B66-9297-E7EE23D2AA8B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{24FBAB3E-9A8E-41BF-8218-16153DBB1653}" = protocol=6 | dir=in | app=c:\program files\nsasoft\productkeyexplorer\productkeyexplorer.exe |
"{2721F45B-D807-45FE-BFFC-3B2A9FB085A1}" = protocol=17 | dir=in | app=c:\program files\windows home server\discovery.exe |
"{295B2636-F2B2-4012-8C87-AD45B6198A43}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{3147B7AB-9760-447B-98B4-D21C57F39C6B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3B727ED7-E7AD-4BCE-A27E-E6DC8BAC68DF}" = protocol=6 | dir=in | app=e:\acer_serverrecovery_utility.exe |
"{4121886A-DA51-45AC-8A6E-80031D9C4A41}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{4184BCA0-A255-4D10-B21A-805D445A7E7B}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{4565662C-7401-47EC-9069-B5A17D54765B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{51A5BE02-43CB-46F1-BF2C-70726D96AA3D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6C5D6885-214E-4AE0-8EFC-DE4E63F3076A}" = protocol=6 | dir=in | app=d:\spiele\gamespy arcade\aphex.exe |
"{6DE597E5-428E-48A6-9497-4346A2FE0233}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{707C1E62-409E-4CDF-8A17-856FAFF158D9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7385C1BB-B5D4-4ACC-8BAD-7890709DC0F0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{81A6ED96-DB3E-48FD-8D85-EB9114CE9E45}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{88F7B3CC-44F1-4A6E-BF13-529416CB9A6F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9DFB6766-CD96-4B8F-9D8B-B0932517076C}" = protocol=6 | dir=out | app=system |
"{9F7298EE-7B99-4AE7-B6D1-4F9463CDB5D5}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{A96863EA-8BFE-4888-BE88-69E997A4EB0C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AAE4CAC5-3B96-4EB0-AD18-1BF8724E3158}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{AFC236BD-7306-445C-82DE-4FB1B2ECA1FB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B288BF7D-8A1F-43BC-9B4E-3C8D569B8997}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B77A0ECF-9B00-467A-9589-7FDED3E8852D}" = protocol=17 | dir=in | app=e:\acer_serverrecovery_utility.exe |
"{BAFAE865-412B-4B99-B053-71BACB45A21A}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{BCB9A3DE-27CA-4E60-8180-4C2A1AA650B0}" = protocol=58 | dir=in | app=system |
"{CE6670F2-7CAA-4507-82B8-A8EF05946F6A}" = protocol=17 | dir=in | app=c:\program files\nsasoft\productkeyexplorer\productkeyexplorer.exe |
"{CEDB9E44-B081-436E-A83A-45AC67836297}" = protocol=6 | dir=in | app=c:\program files\windows home server\discovery.exe |
"{D28D29F3-54D6-484F-9999-C758B958C6E8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D4EC1174-13FD-4F88-A878-3484A7069BB4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DD156CFC-7FD4-4A36-B41E-8CF1C93D5193}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E1154E06-6731-49EA-887C-C145EF4944D1}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{F8595C5E-46AB-4528-AF70-408C985AB58E}" = protocol=17 | dir=in | app=d:\spiele\gamespy arcade\aphex.exe |
"TCP Query User{1B646262-3C02-4770-953A-6E08476497B1}D:\spiele\kalypso media\patrizier 4\patrician4_addon.exe" = protocol=6 | dir=in | app=d:\spiele\kalypso media\patrizier 4\patrician4_addon.exe |
"TCP Query User{51B447F6-0F2D-47C6-80F8-CD0EA336D63A}D:\spiele\kalypso media\patrizier 4\patrician4_addon.exe" = protocol=6 | dir=in | app=d:\spiele\kalypso media\patrizier 4\patrician4_addon.exe |
"UDP Query User{13B1FAE0-A07C-4375-8B49-841171B9A1CD}D:\spiele\kalypso media\patrizier 4\patrician4_addon.exe" = protocol=17 | dir=in | app=d:\spiele\kalypso media\patrizier 4\patrician4_addon.exe |
"UDP Query User{4F0E8C36-FACE-48D0-B599-5891F20DDF9A}D:\spiele\kalypso media\patrizier 4\patrician4_addon.exe" = protocol=17 | dir=in | app=d:\spiele\kalypso media\patrizier 4\patrician4_addon.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0003C1E0-E0E7-49BB-A0F6-4AE6D2B09202}" = UPEK TouchChip Fingerprint Reader
"{057159C5-3B94-4E36-9271-11615618CACE}" = Dell ControlPoint System Manager
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{083CE5FA-E750-4594-B8D1-13994B297A02}" = Wave Infrastructure Installer
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21E49794-7C13-4E84-8659-55BD378267D5}" = Windows Home Server-Connector
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25B473C3-2C62-482B-858F-94ED76880F79}" = Patrizier 4
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{284D3B99-E8F5-4411-A7DD-7072EFCF3A46}" = Dell ControlPoint Connection Manager
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War - Gold Edition
"{2E98C5B7-D64C-4D7E-BFC3-A7D078569F28}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{39A6407B-DD99-410D-8EA2-280788F8423B}" = Dell Control Point
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3C5EA394-1031-11D2-A2CB-00C04F72F31D}" = Microsoft PhotoDraw 2000 V2
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{42B25560-8709-4DB1-8950-B7234C5FA2A6}" = Pat4Tool
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B21AAD6-6AB1-465A-A4AE-5CC1B7A0FCC9}" = Informaticus
"{4B4E8814-F682-4197-8F4B-E9FFC6F08977}" = System Requirements Lab for Intel
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{59333B51-EA3C-4D7B-9AFE-96AD51B3C266}" = AuthenTec Fingerprint Software
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8B45608A-DC45-4F3B-921F-61CDA22C9A83}" = Intel(R) PROSet/Wireless WiFi-Software
"{8EB29D71-DE8D-4B49-8833-F508ECF0BE59}" = DCP32MMWrapper
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98AAE759-09CD-4428-BE93-1AFA79D9F7CA}" = Intel(R) PROSet/Wireless WiFi-Software
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{AA468551-1794-42FE-B504-C41D75EEBDF2}_is1" = Partition Wizard Home Edition 5.0
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-1033-F400-BA7E-000000000005}" = Adobe Acrobat X Standard - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BB93D30B-B395-44BB-A9ED-A0E057F07E53}" = NTRU TCG Software Stack
"{BC52E419-B185-488F-9973-049A88E5DCBE}" = Gemalto
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{D227E95D-C9E6-4B09-BC4C-F5A96D08A1CE}" = Patrizier IV Demo
"{D55F88FD-4263-4DCF-B0DF-3149D04DB034}" = Patrizier IV - Aufstieg einer Dynastie
"{D657DFB4-5DD9-4A2B-AEC9-3BBE25541EE7}" = SO32MMWrapper
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{DDD6BE8C-9AFA-48F1-A6AE-3BD596E2EB0B}" = Trusted Drive Manager
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows-Treiberpaket - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Browser mouse 1.3" = Browser mouse 1.3
"D3F88C3864C8C031A7C5D5E63A76571EC1B047DF" = Windows-Treiberpaket - AuthenTec Inc. (ATSwpWDF) Biometric (05/13/2009 8.4.2.0)
"GameSpy Arcade" = GameSpy Arcade
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"IrfanView" = IrfanView (remove only)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Patrizier II Gold_is1" = Patrizier II Gold
"PATRIZIER II_is1" = PATRIZIER II
"Product Key Explorer_is1" = Product Key Explorer 3.1.3
"ProInst" = Intel PROSet Wireless
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"QuickTime" = QuickTime
"softOSD Client" = softOSD Client (Build 1445)
"Sven - Die ersten 10 Jahre" = Sven - Die ersten 10 Jahre
"The Mystery of Scoggins" = Puzzle Agent - The Mystery of Scoggins
"TVWiz" = Intel(R) TV Wizard
"Vermeer 2_is1" = Vermeer 2 - Patch 1.1.0
"VLC media player" = VLC media player 1.1.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WinZip" = WinZip
"Youda Legend" = Youda Legend
"YTdetect" = Yahoo! Detect
"Zune" = Zune
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 17.02.2012 14:14:22 | Computer Name = Bagaluth01 | Source = System Restore | ID = 8193
Description =
Error - 17.02.2012 14:56:23 | Computer Name = Bagaluth01 | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 17.02.2012 15:25:13 | Computer Name = Bagaluth01 | Source = System Restore | ID = 8193
Description =
Error - 18.02.2012 05:24:12 | Computer Name = Bagaluth01 | Source = System Restore | ID = 8193
Description =
Error - 18.02.2012 08:38:04 | Computer Name = Bagaluth01 | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 19.02.2012 04:15:27 | Computer Name = Bagaluth01 | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 20.02.2012 02:28:12 | Computer Name = Bagaluth01 | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 21.02.2012 02:47:09 | Computer Name = Bagaluth01 | Source = System Restore | ID = 8193
Description =
Error - 21.02.2012 03:09:49 | Computer Name = Bagaluth01 | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 21.02.2012 12:26:45 | Computer Name = Bagaluth01 | Source = Customer Experience Improvement Program | ID = 1008
Description =
[ Media Center Events ]
Error - 12.04.2012 17:23:26 | Computer Name = Bagaluth01 | Source = MCUpdate | ID = 0
Description = 23:23:26 - Fehler beim Herstellen der Internetverbindung. 23:23:26
- Serververbindung konnte nicht hergestellt werden..
Error - 12.04.2012 17:23:33 | Computer Name = Bagaluth01 | Source = MCUpdate | ID = 0
Description = 23:23:32 - Fehler beim Herstellen der Internetverbindung. 23:23:32
- Serververbindung konnte nicht hergestellt werden..
Error - 15.04.2012 06:38:33 | Computer Name = Bagaluth01 | Source = MCUpdate | ID = 0
Description = 12:38:33 - Fehler beim Herstellen der Internetverbindung. 12:38:33
- Serververbindung konnte nicht hergestellt werden..
Error - 15.04.2012 06:38:42 | Computer Name = Bagaluth01 | Source = MCUpdate | ID = 0
Description = 12:38:38 - Fehler beim Herstellen der Internetverbindung. 12:38:38
- Serververbindung konnte nicht hergestellt werden..
Error - 15.04.2012 07:38:47 | Computer Name = Bagaluth01 | Source = MCUpdate | ID = 0
Description = 13:38:47 - Fehler beim Herstellen der Internetverbindung. 13:38:47
- Serververbindung konnte nicht hergestellt werden..
Error - 15.04.2012 07:38:53 | Computer Name = Bagaluth01 | Source = MCUpdate | ID = 0
Description = 13:38:52 - Fehler beim Herstellen der Internetverbindung. 13:38:52
- Serververbindung konnte nicht hergestellt werden..
Error - 15.04.2012 08:39:00 | Computer Name = Bagaluth01 | Source = MCUpdate | ID = 0
Description = 14:39:00 - Fehler beim Herstellen der Internetverbindung. 14:39:00
- Serververbindung konnte nicht hergestellt werden..
Error - 15.04.2012 08:39:07 | Computer Name = Bagaluth01 | Source = MCUpdate | ID = 0
Description = 14:39:05 - Fehler beim Herstellen der Internetverbindung. 14:39:05
- Serververbindung konnte nicht hergestellt werden..
Error - 15.04.2012 10:28:17 | Computer Name = Bagaluth01 | Source = MCUpdate | ID = 0
Description = 16:28:17 - Fehler beim Herstellen der Internetverbindung. 16:28:17
- Serververbindung konnte nicht hergestellt werden..
Error - 15.04.2012 10:28:53 | Computer Name = Bagaluth01 | Source = MCUpdate | ID = 0
Description = 16:28:46 - Fehler beim Herstellen der Internetverbindung. 16:28:46
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 26.03.2013 11:08:58 | Computer Name = Bagaluth01 | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 26.03.2013 14:03:15 | Computer Name = Bagaluth01 | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 27.03.2013 02:09:33 | Computer Name = Bagaluth01 | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 27.03.2013 12:53:13 | Computer Name = Bagaluth01 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NTRU TSS v1.2.1.29 TCS" ist vom Dienst "TPM-Basisdienste"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%0
Error - 27.03.2013 12:54:19 | Computer Name = Bagaluth01 | Source = DCOM | ID = 10016
Description =
Error - 27.03.2013 13:48:50 | Computer Name = Bagaluth01 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NTRU TSS v1.2.1.29 TCS" ist vom Dienst "TPM-Basisdienste"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%0
Error - 27.03.2013 13:49:57 | Computer Name = Bagaluth01 | Source = DCOM | ID = 10016
Description =
Error - 28.03.2013 02:42:52 | Computer Name = Bagaluth01 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NTRU TSS v1.2.1.29 TCS" ist vom Dienst "TPM-Basisdienste"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%0
Error - 28.03.2013 02:43:58 | Computer Name = Bagaluth01 | Source = DCOM | ID = 10016
Description =
Error - 28.03.2013 13:14:41 | Computer Name = Bagaluth01 | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
< End of report >
greetings Ralf  |
|
29.03.2013, 00:59
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | EXP/CVE-2013-0422 gefunden Rootkitscan mit GMER Bitte lade dir  GMER herunter: (Dateiname zufällig)
Tauchen Probleme auf?
Anschließend bitte MBAR ausführen: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.03.2013, 19:48
| #9 |
| | EXP/CVE-2013-0422 gefunden Hallo cosinus GMER geht hier das Log: Code:
ATTFilter GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-30 19:35:16
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD25 rev.11.0 232,89GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Ralf\AppData\Local\Temp\kfrcapow.sys
---- System - GMER 2.1 ----
SSDT 90C53076 ZwCreateSection
SSDT 90C53080 ZwRequestWaitReplyPort
SSDT 90C5307B ZwSetContextThread
SSDT 90C53085 ZwSetSecurityObject
SSDT 90C5308A ZwSystemDebugControl
SSDT 90C53017 ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C539E9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C8D1C2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82C9430C 4 Bytes [76, 30, C5, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82C94668 4 Bytes [80, 30, C5, 90] {XOR BYTE [EAX], 0xc5; NOP }
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82C946AC 4 Bytes [7B, 30, C5, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82C94728 4 Bytes [85, 30, C5, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82C9477C 4 Bytes JMP C5308A82
.text ...
.vmp2 C:\Windows\system32\drivers\acedrv11.sys entry point in ".vmp2" section [0x9C8BE69D]
---- Devices - GMER 2.1 ----
Device \Driver\BTHUSB \Device\00000094 bthport.sys
Device \Driver\BTHUSB \Device\00000096 bthport.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f1a109efc1
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f1a109efc1 (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{E077A6D8-5903-11DF-8ADF-806E6F6E6963} 2404888928
---- EOF - GMER 2.1 ----
 Es wird mir angeboten eine freewareversion oder eine 14 Tage gültige test PROversion herunter zu laden.  Bitte kurze Info ob die "free" reicht oder ich die "test PROversion" benötige Danke Ralf |
|
30.03.2013, 19:55
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | EXP/CVE-2013-0422 gefunden Versuch bitte direkt von hier zu laden => Malwarebytes : Malwarebytes Anti-Rootkit
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.03.2013, 15:12
| #11 |
| | EXP/CVE-2013-0422 gefunden THX für den Link das hat geklappt. LOG von MBAR: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1022
www.malwarebytes.org
Database version: v2013.03.31.02
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16521
Ralf :: BAGALUTH01 [administrator]
31.03.2013 16:00:58
mbar-log-2013-03-31 (16-00-58).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27583
Time elapsed: 10 minute(s), 1 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Hmm kann ich jetzt sicher sein, dass alles gefunden und gelöscht wurde? Ralf |
|
01.04.2013, 12:19
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | EXP/CVE-2013-0422 gefunden aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.04.2013, 14:28
| #13 |
| | EXP/CVE-2013-0422 gefunden Moin Habe ein Problem mit aswMBR. Der Scan steigt mit einem Programmabsturz an der Stelle: C:/Windows/assembly/GAC_MSIL/Microsoft.visualstudio.Tools.Applications. ... (mehr bekomme ich nicht angezeigt) aus.  TDSSKILLER hat 5 Bedrohungen gefunden. Das LOG von tdsskiller hänge ich an: Code:
ATTFilter 15:19:44.0479 1176 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:19:44.0651 1176 ============================================================
15:19:44.0651 1176 Current date / time: 2013/04/01 15:19:44.0651
15:19:44.0651 1176 SystemInfo:
15:19:44.0651 1176
15:19:44.0651 1176 OS Version: 6.1.7601 ServicePack: 1.0
15:19:44.0651 1176 Product type: Workstation
15:19:44.0651 1176 ComputerName: BAGALUTH01
15:19:44.0651 1176 UserName: Ralf
15:19:44.0651 1176 Windows directory: C:\Windows
15:19:44.0651 1176 System windows directory: C:\Windows
15:19:44.0651 1176 Processor architecture: Intel x86
15:19:44.0651 1176 Number of processors: 2
15:19:44.0651 1176 Page size: 0x1000
15:19:44.0651 1176 Boot type: Normal boot
15:19:44.0651 1176 ============================================================
15:19:45.0275 1176 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:19:45.0275 1176 Drive \Device\Harddisk1\DR2 - Size: 0x1D9C00000 (7.40 Gb), SectorSize: 0x200, Cylinders: 0x3C6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:19:45.0275 1176 ============================================================
15:19:45.0275 1176 \Device\Harddisk0\DR0:
15:19:45.0275 1176 MBR partitions:
15:19:45.0275 1176 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
15:19:45.0275 1176 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0xBD582C4
15:19:45.0291 1176 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xDAB8303, BlocksNum 0xF70C27E
15:19:45.0291 1176 \Device\Harddisk1\DR2:
15:19:45.0291 1176 MBR partitions:
15:19:45.0291 1176 \Device\Harddisk1\DR2\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0xECC000
15:19:45.0291 1176 ============================================================
15:19:45.0337 1176 C: <-> \Device\Harddisk0\DR0\Partition2
15:19:45.0353 1176 D: <-> \Device\Harddisk0\DR0\Partition3
15:19:45.0353 1176 ============================================================
15:19:45.0353 1176 Initialize success
15:19:45.0353 1176 ============================================================
15:20:05.0149 5856 ============================================================
15:20:05.0149 5856 Scan started
15:20:05.0149 5856 Mode: Manual; SigCheck; TDLFS;
15:20:05.0149 5856 ============================================================
15:20:05.0399 5856 ================ Scan system memory ========================
15:20:05.0399 5856 System memory - ok
15:20:05.0399 5856 ================ Scan services =============================
15:20:05.0602 5856 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:20:05.0742 5856 1394ohci - ok
15:20:05.0805 5856 [ E6F53D6C0DEA3D375362265E175CA638 ] acedrv11 C:\Windows\system32\drivers\acedrv11.sys
15:20:05.0851 5856 acedrv11 - ok
15:20:05.0929 5856 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:20:05.0992 5856 ACPI - ok
15:20:06.0039 5856 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:20:06.0132 5856 AcpiPmi - ok
15:20:06.0241 5856 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
15:20:06.0257 5856 AdobeARMservice - ok
15:20:06.0304 5856 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
15:20:06.0351 5856 adp94xx - ok
15:20:06.0366 5856 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
15:20:06.0382 5856 adpahci - ok
15:20:06.0397 5856 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
15:20:06.0429 5856 adpu320 - ok
15:20:06.0444 5856 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:20:06.0491 5856 AeLookupSvc - ok
15:20:06.0538 5856 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
15:20:06.0585 5856 AFD - ok
15:20:06.0647 5856 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
15:20:06.0694 5856 agp440 - ok
15:20:06.0709 5856 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
15:20:06.0725 5856 aic78xx - ok
15:20:06.0741 5856 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
15:20:06.0803 5856 ALG - ok
15:20:06.0819 5856 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
15:20:06.0834 5856 aliide - ok
15:20:06.0865 5856 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
15:20:06.0881 5856 amdagp - ok
15:20:06.0897 5856 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
15:20:06.0912 5856 amdide - ok
15:20:06.0928 5856 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
15:20:06.0990 5856 AmdK8 - ok
15:20:07.0021 5856 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
15:20:07.0084 5856 AmdPPM - ok
15:20:07.0115 5856 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:20:07.0162 5856 amdsata - ok
15:20:07.0177 5856 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
15:20:07.0193 5856 amdsbs - ok
15:20:07.0209 5856 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:20:07.0224 5856 amdxata - ok
15:20:07.0302 5856 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
15:20:07.0349 5856 AntiVirSchedulerService - ok
15:20:07.0380 5856 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
15:20:07.0411 5856 AntiVirService - ok
15:20:07.0458 5856 [ C51EC0615EF781B00B7389521F397132 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
15:20:07.0505 5856 ApfiltrService - ok
15:20:07.0552 5856 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
15:20:07.0630 5856 AppID - ok
15:20:07.0661 5856 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:20:07.0708 5856 AppIDSvc - ok
15:20:07.0739 5856 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
15:20:07.0801 5856 Appinfo - ok
15:20:07.0833 5856 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
15:20:07.0879 5856 AppMgmt - ok
15:20:07.0911 5856 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
15:20:07.0942 5856 arc - ok
15:20:07.0957 5856 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
15:20:07.0973 5856 arcsas - ok
15:20:08.0067 5856 [ 62893926092AD61C8839ED73D1DFE338 ] arXfrSvc C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
15:20:08.0098 5856 arXfrSvc - ok
15:20:08.0129 5856 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:20:08.0160 5856 AsyncMac - ok
15:20:08.0207 5856 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
15:20:08.0238 5856 atapi - ok
15:20:08.0316 5856 [ F6E8CCF14B84507497D3108518DBB4CC ] ATService C:\Program Files\Fingerprint Sensor\AtService.exe
15:20:08.0394 5856 ATService - ok
15:20:08.0441 5856 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:20:08.0550 5856 AudioEndpointBuilder - ok
15:20:08.0581 5856 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
15:20:08.0613 5856 Audiosrv - ok
15:20:08.0659 5856 [ 87425709A251386064C99B684BF96F72 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
15:20:08.0691 5856 avgntflt - ok
15:20:08.0737 5856 [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
15:20:08.0784 5856 avipbb - ok
15:20:08.0784 5856 [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
15:20:08.0800 5856 avkmgr - ok
15:20:08.0847 5856 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:20:08.0940 5856 AxInstSV - ok
15:20:08.0971 5856 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
15:20:09.0049 5856 b06bdrv - ok
15:20:09.0081 5856 [ 6F41A4C5745BB99F89406F57164F099E ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
15:20:09.0096 5856 b57nd60x - ok
15:20:09.0143 5856 [ 01A24B415926BB5F772DBE12459D97DE ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
15:20:09.0205 5856 BBSvc - ok
15:20:09.0252 5856 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files\Microsoft\BingBar\SeaPort.EXE
15:20:09.0299 5856 BBUpdate - ok
15:20:09.0315 5856 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
15:20:09.0377 5856 BDESVC - ok
15:20:09.0377 5856 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
15:20:09.0408 5856 Beep - ok
15:20:09.0455 5856 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
15:20:09.0533 5856 BFE - ok
15:20:09.0580 5856 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
15:20:09.0642 5856 BITS - ok
15:20:09.0658 5856 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:20:09.0705 5856 blbdrive - ok
15:20:09.0736 5856 [ D2F8D15F4852920E1F6B769E982414AD ] Blfp C:\Windows\system32\DRIVERS\basp.sys
15:20:09.0798 5856 Blfp - ok
15:20:09.0829 5856 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:20:09.0907 5856 bowser - ok
15:20:09.0923 5856 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:20:09.0985 5856 BrFiltLo - ok
15:20:10.0017 5856 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:20:10.0048 5856 BrFiltUp - ok
15:20:10.0063 5856 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
15:20:10.0126 5856 Browser - ok
15:20:10.0157 5856 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:20:10.0251 5856 Brserid - ok
15:20:10.0251 5856 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:20:10.0282 5856 BrSerWdm - ok
15:20:10.0282 5856 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:20:10.0329 5856 BrUsbMdm - ok
15:20:10.0344 5856 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:20:10.0360 5856 BrUsbSer - ok
15:20:10.0407 5856 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
15:20:10.0485 5856 BthEnum - ok
15:20:10.0500 5856 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
15:20:10.0547 5856 BTHMODEM - ok
15:20:10.0578 5856 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
15:20:10.0609 5856 BthPan - ok
15:20:10.0625 5856 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
15:20:10.0687 5856 BTHPORT - ok
15:20:10.0734 5856 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
15:20:10.0797 5856 bthserv - ok
15:20:10.0812 5856 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
15:20:10.0843 5856 BTHUSB - ok
15:20:10.0875 5856 [ D57D29132EFE13A83133D9BD449E0CF1 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
15:20:10.0921 5856 btwaudio - ok
15:20:10.0937 5856 [ D282C14A69357D0E1BAFAECC2CA98C3A ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
15:20:10.0984 5856 btwavdt - ok
15:20:11.0015 5856 [ 7CAA4410C25026B9BEE85F6C7F86B19B ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
15:20:11.0062 5856 btwdins - ok
15:20:11.0062 5856 [ AAFD7CB76BA61FBB08E302DA208C974A ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
15:20:11.0077 5856 btwl2cap - ok
15:20:11.0093 5856 [ 02EB4D2B05967DF2D32F29C84AB1FB17 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
15:20:11.0109 5856 btwrchid - ok
15:20:11.0140 5856 [ D9846A19208E76604E1074BB30228AC8 ] buttonsvc32 C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
15:20:11.0187 5856 buttonsvc32 - ok
15:20:11.0202 5856 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:20:11.0249 5856 cdfs - ok
15:20:11.0296 5856 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
15:20:11.0343 5856 cdrom - ok
15:20:11.0374 5856 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
15:20:11.0436 5856 CertPropSvc - ok
15:20:11.0452 5856 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
15:20:11.0483 5856 circlass - ok
15:20:11.0514 5856 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
15:20:11.0561 5856 CLFS - ok
15:20:11.0639 5856 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:20:11.0686 5856 clr_optimization_v2.0.50727_32 - ok
15:20:11.0764 5856 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:20:11.0811 5856 clr_optimization_v4.0.30319_32 - ok
15:20:11.0826 5856 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:20:11.0842 5856 CmBatt - ok
15:20:11.0842 5856 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:20:11.0857 5856 cmdide - ok
15:20:11.0889 5856 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys
15:20:11.0967 5856 CNG - ok
15:20:11.0982 5856 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:20:11.0998 5856 Compbatt - ok
15:20:12.0013 5856 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
15:20:12.0045 5856 CompositeBus - ok
15:20:12.0045 5856 COMSysApp - ok
15:20:12.0060 5856 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
15:20:12.0076 5856 crcdisk - ok
15:20:12.0107 5856 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:20:12.0154 5856 CryptSvc - ok
15:20:12.0201 5856 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
15:20:12.0279 5856 CSC - ok
15:20:12.0325 5856 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
15:20:12.0372 5856 CscService - ok
15:20:12.0403 5856 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
15:20:12.0435 5856 DcomLaunch - ok
15:20:12.0497 5856 [ 1F145EA867F4A28B168AB253C28DAA7D ] dcpsysmgrsvc c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
15:20:12.0528 5856 dcpsysmgrsvc - ok
15:20:12.0559 5856 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
15:20:12.0591 5856 defragsvc - ok
15:20:12.0622 5856 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:20:12.0684 5856 DfsC - ok
15:20:12.0731 5856 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
15:20:12.0793 5856 Dhcp - ok
15:20:12.0809 5856 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
15:20:12.0871 5856 discache - ok
15:20:12.0887 5856 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
15:20:12.0903 5856 Disk - ok
15:20:12.0934 5856 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:20:12.0996 5856 Dnscache - ok
15:20:13.0012 5856 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
15:20:13.0074 5856 dot3svc - ok
15:20:13.0105 5856 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
15:20:13.0168 5856 DPS - ok
15:20:13.0199 5856 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:20:13.0246 5856 drmkaud - ok
15:20:13.0293 5856 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:20:13.0355 5856 DXGKrnl - ok
15:20:13.0386 5856 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
15:20:13.0433 5856 EapHost - ok
15:20:13.0542 5856 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
15:20:13.0667 5856 ebdrv - ok
15:20:13.0698 5856 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
15:20:13.0761 5856 EFS - ok
15:20:13.0807 5856 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:20:13.0917 5856 ehRecvr - ok
15:20:13.0932 5856 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
15:20:13.0995 5856 ehSched - ok
15:20:14.0026 5856 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
15:20:14.0088 5856 elxstor - ok
15:20:14.0119 5856 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:20:14.0166 5856 ErrDev - ok
15:20:14.0229 5856 [ E91AB748B9EE327A8EE130F7E9C900F7 ] esClient C:\Program Files\Windows Home Server\esClient.exe
15:20:14.0275 5856 esClient - ok
15:20:14.0322 5856 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
15:20:14.0400 5856 EventSystem - ok
15:20:14.0478 5856 [ A57BE3307ADA2FC086B5B43135735283 ] EvtEng c:\Program Files\Intel\WiFi\bin\EvtEng.exe
15:20:14.0556 5856 EvtEng - ok
15:20:14.0572 5856 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
15:20:14.0634 5856 exfat - ok
15:20:14.0665 5856 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:20:14.0697 5856 fastfat - ok
15:20:14.0743 5856 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
15:20:14.0821 5856 Fax - ok
15:20:14.0853 5856 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:20:14.0899 5856 fdc - ok
15:20:14.0915 5856 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
15:20:14.0962 5856 fdPHost - ok
15:20:14.0977 5856 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
15:20:15.0024 5856 FDResPub - ok
15:20:15.0820 5856 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:20:15.0867 5856 FileInfo - ok
15:20:15.0867 5856 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:20:15.0898 5856 Filetrace - ok
15:20:15.0913 5856 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:20:15.0929 5856 flpydisk - ok
15:20:15.0945 5856 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:20:15.0976 5856 FltMgr - ok
15:20:16.0023 5856 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
15:20:16.0132 5856 FontCache - ok
15:20:16.0163 5856 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:20:16.0179 5856 FontCache3.0.0.0 - ok
15:20:16.0194 5856 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:20:16.0210 5856 FsDepends - ok
15:20:16.0225 5856 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:20:16.0241 5856 Fs_Rec - ok
15:20:16.0288 5856 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:20:16.0319 5856 fvevol - ok
15:20:16.0335 5856 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
15:20:16.0350 5856 gagp30kx - ok
15:20:16.0381 5856 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
15:20:16.0491 5856 gpsvc - ok
15:20:16.0506 5856 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:20:16.0537 5856 hcw85cir - ok
15:20:16.0569 5856 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
15:20:16.0615 5856 HDAudBus - ok
15:20:16.0615 5856 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
15:20:16.0631 5856 HidBatt - ok
15:20:16.0662 5856 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
15:20:16.0725 5856 HidBth - ok
15:20:16.0756 5856 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
15:20:16.0787 5856 HidIr - ok
15:20:16.0803 5856 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
15:20:16.0865 5856 hidserv - ok
15:20:16.0896 5856 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:20:16.0912 5856 HidUsb - ok
15:20:16.0943 5856 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:20:17.0037 5856 hkmsvc - ok
15:20:17.0052 5856 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:20:17.0146 5856 HomeGroupListener - ok
15:20:17.0177 5856 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:20:17.0239 5856 HomeGroupProvider - ok
15:20:17.0271 5856 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:20:17.0317 5856 HpSAMD - ok
15:20:17.0364 5856 [ DD1E0A26D0F60A7EA65A1BEEC7D44EAB ] HssDRV6 C:\Windows\system32\DRIVERS\hssdrv6.sys
15:20:17.0411 5856 HssDRV6 - ok
15:20:17.0458 5856 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:20:17.0505 5856 HTTP - ok
15:20:17.0536 5856 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:20:17.0551 5856 hwpolicy - ok
15:20:17.0598 5856 [ A439EBD90AFDB1F516C875B9B317832F ] hwpsgt C:\Windows\system32\DRIVERS\hwpsgt.sys
15:20:17.0629 5856 hwpsgt ( UnsignedFile.Multi.Generic ) - warning
15:20:17.0629 5856 hwpsgt - detected UnsignedFile.Multi.Generic (1)
15:20:17.0645 5856 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
15:20:17.0692 5856 i8042prt - ok
15:20:17.0754 5856 [ 0E899D0DB39617AA0B2F992E7E95B5EB ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
15:20:17.0801 5856 IAANTMON - ok
15:20:17.0832 5856 [ 01446278D4563B3013C92830AE6CBB26 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
15:20:17.0848 5856 iaStor - ok
15:20:17.0879 5856 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:20:17.0941 5856 iaStorV - ok
15:20:18.0004 5856 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:20:18.0097 5856 idsvc - ok
15:20:18.0300 5856 [ DCE0B53570703CCE580D066F89EF58CD ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
15:20:18.0706 5856 igfx - ok
15:20:18.0737 5856 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
15:20:18.0753 5856 iirsp - ok
15:20:18.0799 5856 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
15:20:18.0924 5856 IKEEXT - ok
15:20:18.0955 5856 [ 81486F0EB4238B65C317F97DE246C4AC ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
15:20:19.0018 5856 IntcHdmiAddService - ok
15:20:19.0049 5856 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
15:20:19.0065 5856 intelide - ok
15:20:19.0080 5856 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:20:19.0096 5856 intelppm - ok
15:20:19.0127 5856 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:20:19.0189 5856 IPBusEnum - ok
15:20:19.0205 5856 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:20:19.0252 5856 IpFilterDriver - ok
15:20:19.0283 5856 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:20:19.0408 5856 iphlpsvc - ok
15:20:19.0455 5856 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:20:19.0486 5856 IPMIDRV - ok
15:20:19.0501 5856 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:20:19.0564 5856 IPNAT - ok
15:20:19.0579 5856 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:20:19.0657 5856 IRENUM - ok
15:20:19.0673 5856 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:20:19.0689 5856 isapnp - ok
15:20:19.0720 5856 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:20:19.0767 5856 iScsiPrt - ok
15:20:19.0782 5856 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:20:19.0829 5856 kbdclass - ok
15:20:19.0860 5856 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:20:19.0907 5856 kbdhid - ok
15:20:19.0938 5856 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
15:20:19.0954 5856 KeyIso - ok
15:20:19.0969 5856 [ 4476FE98AAF505ACDCD3EE6360AABEC1 ] KMWDFILTERx86 C:\Windows\system32\DRIVERS\KMWDFILTER.sys
15:20:19.0985 5856 KMWDFILTERx86 - ok
15:20:20.0001 5856 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:20:20.0032 5856 KSecDD - ok
15:20:20.0032 5856 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:20:20.0047 5856 KSecPkg - ok
15:20:20.0079 5856 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
15:20:20.0141 5856 KtmRm - ok
15:20:20.0157 5856 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
15:20:20.0219 5856 LanmanServer - ok
15:20:20.0235 5856 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:20:20.0281 5856 LanmanWorkstation - ok
15:20:20.0328 5856 [ 057DA656166893842DD401C25A058C4E ] lemsgt C:\Windows\system32\DRIVERS\lemsgt.sys
15:20:20.0344 5856 lemsgt ( UnsignedFile.Multi.Generic ) - warning
15:20:20.0344 5856 lemsgt - detected UnsignedFile.Multi.Generic (1)
15:20:20.0391 5856 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:20:20.0437 5856 lltdio - ok
15:20:20.0469 5856 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:20:20.0547 5856 lltdsvc - ok
15:20:20.0562 5856 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
15:20:20.0593 5856 lmhosts - ok
15:20:20.0640 5856 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
15:20:20.0671 5856 LSI_FC - ok
15:20:20.0687 5856 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
15:20:20.0703 5856 LSI_SAS - ok
15:20:20.0718 5856 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:20:20.0734 5856 LSI_SAS2 - ok
15:20:20.0749 5856 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:20:20.0765 5856 LSI_SCSI - ok
15:20:20.0765 5856 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
15:20:20.0796 5856 luafv - ok
15:20:20.0843 5856 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:20:20.0874 5856 Mcx2Svc - ok
15:20:20.0890 5856 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
15:20:20.0905 5856 megasas - ok
15:20:20.0921 5856 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
15:20:20.0937 5856 MegaSR - ok
15:20:20.0968 5856 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
15:20:21.0030 5856 MMCSS - ok
15:20:21.0046 5856 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
15:20:21.0093 5856 Modem - ok
15:20:21.0108 5856 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:20:21.0139 5856 monitor - ok
15:20:21.0171 5856 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:20:21.0202 5856 mouclass - ok
15:20:21.0217 5856 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:20:21.0264 5856 mouhid - ok
15:20:21.0295 5856 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:20:21.0342 5856 mountmgr - ok
15:20:21.0405 5856 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:20:21.0436 5856 MozillaMaintenance - ok
15:20:21.0451 5856 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
15:20:21.0498 5856 mpio - ok
15:20:21.0514 5856 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:20:21.0545 5856 mpsdrv - ok
15:20:21.0576 5856 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:20:21.0670 5856 MpsSvc - ok
15:20:21.0701 5856 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:20:21.0732 5856 MRxDAV - ok
15:20:21.0763 5856 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:20:21.0841 5856 mrxsmb - ok
15:20:21.0888 5856 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:20:21.0935 5856 mrxsmb10 - ok
15:20:21.0951 5856 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:20:21.0997 5856 mrxsmb20 - ok
15:20:22.0013 5856 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
15:20:22.0029 5856 msahci - ok
15:20:22.0060 5856 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:20:22.0091 5856 msdsm - ok
15:20:22.0122 5856 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
15:20:22.0169 5856 MSDTC - ok
15:20:22.0185 5856 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:20:22.0247 5856 Msfs - ok
15:20:22.0278 5856 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:20:22.0309 5856 mshidkmdf - ok
15:20:22.0325 5856 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:20:22.0341 5856 msisadrv - ok
15:20:22.0372 5856 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:20:22.0419 5856 MSiSCSI - ok
15:20:22.0434 5856 msiserver - ok
15:20:22.0450 5856 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:20:22.0497 5856 MSKSSRV - ok
15:20:22.0528 5856 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:20:22.0559 5856 MSPCLOCK - ok
15:20:22.0575 5856 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:20:22.0606 5856 MSPQM - ok
15:20:22.0621 5856 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:20:22.0668 5856 MsRPC - ok
15:20:22.0684 5856 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
15:20:22.0699 5856 mssmbios - ok
15:20:22.0715 5856 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:20:22.0731 5856 MSTEE - ok
15:20:22.0746 5856 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
15:20:22.0762 5856 MTConfig - ok
15:20:22.0777 5856 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
15:20:22.0793 5856 Mup - ok
15:20:22.0840 5856 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
15:20:22.0918 5856 napagent - ok
15:20:22.0949 5856 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:20:22.0965 5856 NativeWifiP - ok
15:20:23.0027 5856 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:20:23.0089 5856 NDIS - ok
15:20:23.0105 5856 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:20:23.0152 5856 NdisCap - ok
15:20:23.0167 5856 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:20:23.0214 5856 NdisTapi - ok
15:20:23.0245 5856 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:20:23.0308 5856 Ndisuio - ok
15:20:23.0339 5856 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:20:23.0370 5856 NdisWan - ok
15:20:23.0386 5856 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:20:23.0417 5856 NDProxy - ok
15:20:23.0417 5856 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:20:23.0464 5856 NetBIOS - ok
15:20:23.0495 5856 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:20:23.0526 5856 NetBT - ok
15:20:23.0542 5856 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
15:20:23.0557 5856 Netlogon - ok
15:20:23.0589 5856 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
15:20:23.0667 5856 Netman - ok
15:20:23.0698 5856 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
15:20:23.0791 5856 netprofm - ok
15:20:23.0823 5856 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:20:23.0869 5856 NetTcpPortSharing - ok
15:20:24.0025 5856 [ EF51B405AD8ACAAE6F0231290D20F516 ] NETw5s32 C:\Windows\system32\DRIVERS\NETw5s32.sys
15:20:24.0244 5856 NETw5s32 - ok
15:20:24.0259 5856 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
15:20:24.0275 5856 nfrd960 - ok
15:20:24.0306 5856 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
15:20:24.0369 5856 NlaSvc - ok
15:20:24.0384 5856 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:20:24.0415 5856 Npfs - ok
15:20:24.0447 5856 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
15:20:24.0478 5856 nsi - ok
15:20:24.0478 5856 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:20:24.0525 5856 nsiproxy - ok
15:20:24.0587 5856 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:20:24.0665 5856 Ntfs - ok
15:20:24.0681 5856 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
15:20:24.0712 5856 Null - ok
15:20:24.0743 5856 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:20:24.0759 5856 nvraid - ok
15:20:24.0790 5856 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:20:24.0837 5856 nvstor - ok
15:20:24.0852 5856 NvtSp50 - ok
15:20:24.0868 5856 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:20:24.0883 5856 nv_agp - ok
15:20:24.0899 5856 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:20:24.0961 5856 ohci1394 - ok
15:20:25.0008 5856 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:20:25.0055 5856 ose - ok
15:20:25.0227 5856 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:20:25.0383 5856 osppsvc - ok
15:20:25.0414 5856 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:20:25.0461 5856 p2pimsvc - ok
15:20:25.0492 5856 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
15:20:25.0523 5856 p2psvc - ok
15:20:25.0539 5856 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
15:20:25.0570 5856 Parport - ok
15:20:25.0585 5856 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:20:25.0601 5856 partmgr - ok
15:20:25.0617 5856 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
15:20:25.0632 5856 Parvdm - ok
15:20:25.0648 5856 [ 4088C1ECD1F54281A92FA663B0FDC36F ] PBADRV C:\Windows\system32\DRIVERS\PBADRV.sys
15:20:25.0663 5856 PBADRV - ok
15:20:25.0695 5856 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:20:25.0757 5856 PcaSvc - ok
15:20:25.0757 5856 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
15:20:25.0788 5856 pci - ok
15:20:25.0804 5856 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
15:20:25.0819 5856 pciide - ok
15:20:26.0615 5856 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
15:20:26.0646 5856 pcmcia - ok
15:20:26.0662 5856 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
15:20:26.0677 5856 pcw - ok
15:20:26.0709 5856 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:20:26.0755 5856 PEAUTH - ok
15:20:26.0802 5856 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
15:20:26.0927 5856 PeerDistSvc - ok
15:20:26.0974 5856 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
15:20:27.0083 5856 pla - ok
15:20:27.0130 5856 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:20:27.0177 5856 PlugPlay - ok
15:20:27.0208 5856 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:20:27.0223 5856 PNRPAutoReg - ok
15:20:27.0255 5856 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:20:27.0270 5856 PNRPsvc - ok
15:20:27.0286 5856 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:20:27.0348 5856 PolicyAgent - ok
15:20:27.0379 5856 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
15:20:27.0411 5856 Power - ok
15:20:27.0442 5856 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:20:27.0489 5856 PptpMiniport - ok
15:20:27.0504 5856 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
15:20:27.0520 5856 Processor - ok
15:20:27.0551 5856 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
15:20:27.0629 5856 ProfSvc - ok
15:20:27.0645 5856 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:20:27.0660 5856 ProtectedStorage - ok
15:20:27.0676 5856 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:20:27.0707 5856 Psched - ok
15:20:27.0723 5856 [ 297E2746DF41528A0950F3AF80CEDB2D ] pwdrvio C:\Windows\system32\pwdrvio.sys
15:20:27.0738 5856 pwdrvio - ok
15:20:27.0754 5856 [ BC7D54CDBE3BBFE52F09CB7B20C3D365 ] pwdspio C:\Windows\system32\pwdspio.sys
15:20:27.0769 5856 pwdspio - ok
15:20:27.0801 5856 [ 40FEDD328F98245AD201CF5F9F311724 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
15:20:27.0816 5856 PxHelp20 - ok
15:20:27.0863 5856 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
15:20:27.0957 5856 ql2300 - ok
15:20:27.0972 5856 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
15:20:27.0988 5856 ql40xx - ok
15:20:28.0003 5856 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
15:20:28.0050 5856 QWAVE - ok
15:20:28.0050 5856 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:20:28.0081 5856 QWAVEdrv - ok
15:20:28.0081 5856 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:20:28.0128 5856 RasAcd - ok
15:20:28.0159 5856 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:20:28.0206 5856 RasAgileVpn - ok
15:20:28.0206 5856 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
15:20:28.0237 5856 RasAuto - ok
15:20:28.0269 5856 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:20:28.0315 5856 Rasl2tp - ok
15:20:28.0347 5856 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
15:20:28.0425 5856 RasMan - ok
15:20:28.0440 5856 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:20:28.0487 5856 RasPppoe - ok
15:20:28.0503 5856 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:20:28.0549 5856 RasSstp - ok
15:20:28.0565 5856 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:20:28.0643 5856 rdbss - ok
15:20:28.0659 5856 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:20:28.0674 5856 rdpbus - ok
15:20:28.0705 5856 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:20:28.0768 5856 RDPCDD - ok
15:20:28.0815 5856 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
15:20:28.0846 5856 RDPDR - ok
15:20:28.0877 5856 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:20:28.0939 5856 RDPENCDD - ok
15:20:28.0955 5856 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:20:28.0986 5856 RDPREFMP - ok
15:20:29.0049 5856 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:20:29.0127 5856 RdpVideoMiniport - ok
15:20:29.0173 5856 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:20:29.0205 5856 RDPWD - ok
15:20:29.0251 5856 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:20:29.0298 5856 rdyboost - ok
15:20:29.0345 5856 [ A171029D6B6C2D93C22861A347F43C2A ] RegSrvc c:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
15:20:29.0392 5856 RegSrvc - ok
15:20:29.0423 5856 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
15:20:29.0485 5856 RemoteAccess - ok
15:20:29.0517 5856 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:20:29.0579 5856 RemoteRegistry - ok
15:20:29.0610 5856 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
15:20:29.0626 5856 RFCOMM - ok
15:20:29.0657 5856 [ DF672613FBBCD58C38BB0BC2694BCFB0 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
15:20:29.0719 5856 rimmptsk - ok
15:20:29.0735 5856 [ AF213955C4D952C914620E8DB0CD0CF7 ] rimspci C:\Windows\system32\DRIVERS\rimspe86.sys
15:20:29.0782 5856 rimspci - ok
15:20:29.0782 5856 [ 9BFB54D3559F2FF7301271D29D383564 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
15:20:29.0829 5856 rimsptsk - ok
15:20:29.0844 5856 [ 6978DECC2C38C5CE10A8B0F2B12F4451 ] risdpcie C:\Windows\system32\DRIVERS\risdpe86.sys
15:20:29.0891 5856 risdpcie - ok
15:20:29.0907 5856 [ DCB87DA83CC1010CBC9FC4DC9E395BBC ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
15:20:29.0953 5856 rismxdp - ok
15:20:29.0985 5856 [ 764C1F3453E779724BA647327DE7DDD4 ] rixdpcie C:\Windows\system32\DRIVERS\rixdpe86.sys
15:20:30.0031 5856 rixdpcie - ok
15:20:30.0047 5856 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:20:30.0094 5856 RpcEptMapper - ok
15:20:30.0125 5856 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
15:20:30.0172 5856 RpcLocator - ok
15:20:30.0187 5856 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
15:20:30.0219 5856 RpcSs - ok
15:20:30.0250 5856 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:20:30.0281 5856 rspndr - ok
15:20:30.0312 5856 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
15:20:30.0359 5856 s3cap - ok
15:20:30.0375 5856 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
15:20:30.0390 5856 SamSs - ok
15:20:30.0437 5856 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:20:30.0484 5856 sbp2port - ok
15:20:30.0515 5856 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:20:30.0546 5856 SCardSvr - ok
15:20:30.0577 5856 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:20:30.0624 5856 scfilter - ok
15:20:30.0671 5856 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
15:20:30.0780 5856 Schedule - ok
15:20:30.0796 5856 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:20:30.0827 5856 SCPolicySvc - ok
15:20:30.0843 5856 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:\Windows\system32\drivers\sdbus.sys
15:20:30.0874 5856 sdbus - ok
15:20:30.0889 5856 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:20:30.0952 5856 SDRSVC - ok
15:20:31.0014 5856 [ 695745CCE49C346DAB9620519B3E1970 ] se32 C:\Windows\system32\Drivers\se32.sys
15:20:31.0045 5856 se32 - ok
15:20:31.0061 5856 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:20:31.0139 5856 secdrv - ok
15:20:31.0155 5856 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
15:20:31.0186 5856 seclogon - ok
15:20:31.0264 5856 [ F6A6DBD275EC9EF7B573E48B3FD8D3DF ] SecureStorageService C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
15:20:31.0373 5856 SecureStorageService ( UnsignedFile.Multi.Generic ) - warning
15:20:31.0373 5856 SecureStorageService - detected UnsignedFile.Multi.Generic (1)
15:20:31.0389 5856 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
15:20:31.0467 5856 SENS - ok
15:20:31.0482 5856 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:20:31.0560 5856 SensrSvc - ok
15:20:31.0576 5856 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:20:31.0607 5856 Serenum - ok
15:20:31.0623 5856 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:20:31.0685 5856 Serial - ok
15:20:31.0716 5856 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
15:20:31.0747 5856 sermouse - ok
15:20:31.0779 5856 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
15:20:31.0825 5856 SessionEnv - ok
15:20:31.0841 5856 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:20:31.0903 5856 sffdisk - ok
15:20:31.0919 5856 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:20:31.0935 5856 sffp_mmc - ok
15:20:31.0950 5856 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:20:31.0966 5856 sffp_sd - ok
15:20:31.0981 5856 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
15:20:31.0997 5856 sfloppy - ok
15:20:32.0044 5856 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:20:32.0153 5856 SharedAccess - ok
15:20:32.0184 5856 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:20:32.0247 5856 ShellHWDetection - ok
15:20:32.0262 5856 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
15:20:32.0278 5856 sisagp - ok
15:20:32.0309 5856 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:20:32.0325 5856 SiSRaid2 - ok
15:20:32.0340 5856 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
15:20:32.0356 5856 SiSRaid4 - ok
15:20:32.0387 5856 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:20:32.0434 5856 Smb - ok
15:20:32.0465 5856 [ 8FEA8F9939BA29E750310FC1F32CCF8F ] SMManager C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
15:20:32.0481 5856 SMManager ( UnsignedFile.Multi.Generic ) - warning
15:20:32.0481 5856 SMManager - detected UnsignedFile.Multi.Generic (1)
15:20:32.0543 5856 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:20:32.0559 5856 SNMPTRAP - ok
15:20:32.0621 5856 [ CAFD8337F594F341A18BD82545122469 ] softOSD C:\Program Files\softOSD\softOSD.exe
15:20:32.0715 5856 softOSD - ok
15:20:32.0730 5856 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
15:20:32.0746 5856 spldr - ok
15:20:32.0777 5856 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
15:20:32.0871 5856 Spooler - ok
15:20:32.0964 5856 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
15:20:33.0089 5856 sppsvc - ok
15:20:33.0120 5856 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:20:33.0151 5856 sppuinotify - ok
15:20:33.0183 5856 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
15:20:33.0261 5856 srv - ok
15:20:33.0292 5856 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:20:33.0354 5856 srv2 - ok
15:20:33.0385 5856 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:20:33.0401 5856 srvnet - ok
15:20:33.0417 5856 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:20:33.0448 5856 SSDPSRV - ok
15:20:33.0479 5856 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
15:20:33.0526 5856 ssmdrv - ok
15:20:33.0541 5856 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:20:33.0573 5856 SstpSvc - ok
15:20:33.0651 5856 [ 977AFBA86E9BAC4FC670A76D53FC379B ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\STacSV.exe
15:20:33.0697 5856 STacSV - ok
15:20:33.0729 5856 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
15:20:33.0760 5856 stexstor - ok
15:20:33.0807 5856 [ 674BE634B14A6C773D2F4F46B7A1628B ] STHDA C:\Windows\system32\DRIVERS\stwrt.sys
15:20:33.0869 5856 STHDA - ok
15:20:33.0916 5856 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
15:20:34.0009 5856 StiSvc - ok
15:20:34.0041 5856 [ E476C66713C842F58E61A95826ED1D57 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
15:20:34.0072 5856 stllssvr - ok
15:20:34.0087 5856 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
15:20:34.0134 5856 storflt - ok
15:20:34.0150 5856 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
15:20:34.0197 5856 StorSvc - ok
15:20:34.0212 5856 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
15:20:34.0228 5856 storvsc - ok
15:20:34.0259 5856 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
15:20:34.0275 5856 swenum - ok
15:20:34.0306 5856 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
15:20:34.0337 5856 swprv - ok
15:20:34.0384 5856 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
15:20:34.0477 5856 SysMain - ok
15:20:34.0509 5856 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:20:34.0540 5856 TabletInputService - ok
15:20:34.0587 5856 [ FD90A16CEB10D4FDAA00AAF39B8FF58F ] taphss C:\Windows\system32\DRIVERS\taphss.sys
15:20:34.0618 5856 taphss - ok
15:20:34.0649 5856 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
15:20:34.0711 5856 TapiSrv - ok
15:20:34.0727 5856 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
15:20:34.0789 5856 TBS - ok
15:20:34.0836 5856 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:20:34.0930 5856 Tcpip - ok
15:20:34.0977 5856 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:20:35.0023 5856 TCPIP6 - ok
15:20:35.0055 5856 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:20:35.0101 5856 tcpipreg - ok
15:20:35.0164 5856 [ 69F1A38A6DBFE682491CB61A596662E3 ] tcsd_win32.exe C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
15:20:35.0289 5856 tcsd_win32.exe ( UnsignedFile.Multi.Generic ) - warning
15:20:35.0289 5856 tcsd_win32.exe - detected UnsignedFile.Multi.Generic (1)
15:20:35.0351 5856 [ 55FF1B851D685C928807DFA84529BE9F ] TdmService C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
15:20:35.0413 5856 TdmService - ok
15:20:35.0445 5856 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:20:35.0491 5856 TDPIPE - ok
15:20:35.0538 5856 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:20:35.0585 5856 TDTCP - ok
15:20:35.0616 5856 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:20:35.0679 5856 tdx - ok
15:20:35.0694 5856 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
15:20:35.0710 5856 TermDD - ok
15:20:35.0741 5856 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
15:20:35.0803 5856 TermService - ok
15:20:35.0819 5856 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
15:20:35.0866 5856 Themes - ok
15:20:35.0897 5856 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
15:20:35.0944 5856 THREADORDER - ok
15:20:35.0959 5856 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
15:20:36.0053 5856 TrkWks - ok
15:20:36.0100 5856 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:20:36.0147 5856 TrustedInstaller - ok
15:20:36.0178 5856 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:20:36.0240 5856 tssecsrv - ok
15:20:36.0271 5856 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:20:36.0334 5856 TsUsbFlt - ok
15:20:36.0381 5856 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:20:36.0443 5856 tunnel - ok
15:20:36.0459 5856 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
15:20:36.0505 5856 uagp35 - ok
15:20:36.0537 5856 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:20:36.0630 5856 udfs - ok
15:20:36.0646 5856 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:20:37.0488 5856 UI0Detect - ok
15:20:37.0519 5856 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:20:37.0535 5856 uliagpkx - ok
15:20:37.0566 5856 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:20:37.0582 5856 umbus - ok
15:20:37.0613 5856 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
15:20:37.0629 5856 UmPass - ok
15:20:37.0660 5856 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
15:20:37.0707 5856 UmRdpService - ok
15:20:37.0722 5856 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
15:20:37.0800 5856 upnphost - ok
15:20:37.0816 5856 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:20:37.0847 5856 usbccgp - ok
15:20:37.0878 5856 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:20:37.0925 5856 usbcir - ok
15:20:37.0956 5856 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:20:38.0003 5856 usbehci - ok
15:20:38.0019 5856 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:20:38.0050 5856 usbhub - ok
15:20:38.0065 5856 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
15:20:38.0128 5856 usbohci - ok
15:20:38.0159 5856 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:20:38.0175 5856 usbprint - ok
15:20:38.0190 5856 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:20:38.0206 5856 USBSTOR - ok
15:20:38.0237 5856 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
15:20:38.0284 5856 usbuhci - ok
15:20:38.0299 5856 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
15:20:38.0331 5856 UxSms - ok
15:20:38.0346 5856 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
15:20:38.0346 5856 VaultSvc - ok
15:20:38.0377 5856 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:20:38.0409 5856 vdrvroot - ok
15:20:38.0440 5856 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
15:20:38.0533 5856 vds - ok
15:20:38.0549 5856 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:20:38.0565 5856 vga - ok
15:20:38.0580 5856 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
15:20:38.0611 5856 VgaSave - ok
15:20:38.0627 5856 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:20:38.0643 5856 vhdmp - ok
15:20:38.0674 5856 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
15:20:38.0689 5856 viaagp - ok
15:20:38.0689 5856 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
15:20:38.0721 5856 ViaC7 - ok
15:20:38.0736 5856 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
15:20:38.0752 5856 viaide - ok
15:20:38.0799 5856 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
15:20:38.0845 5856 vmbus - ok
15:20:38.0877 5856 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
15:20:38.0923 5856 VMBusHID - ok
15:20:38.0939 5856 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:20:38.0970 5856 volmgr - ok
15:20:38.0970 5856 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:20:39.0001 5856 volmgrx - ok
15:20:39.0017 5856 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:20:39.0033 5856 volsnap - ok
15:20:39.0064 5856 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
15:20:39.0079 5856 vsmraid - ok
15:20:39.0126 5856 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
15:20:39.0189 5856 VSS - ok
15:20:39.0189 5856 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
15:20:39.0220 5856 vwifibus - ok
15:20:39.0251 5856 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
15:20:39.0298 5856 vwififlt - ok
15:20:39.0345 5856 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
15:20:39.0423 5856 W32Time - ok
15:20:39.0438 5856 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
15:20:39.0469 5856 WacomPen - ok
15:20:39.0501 5856 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:20:39.0563 5856 WANARP - ok
15:20:39.0563 5856 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:20:39.0579 5856 Wanarpv6 - ok
15:20:39.0703 5856 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
15:20:39.0781 5856 WatAdminSvc - ok
15:20:39.0813 5856 [ 52ABD9E0E6F37EAAE78097D9E2772208 ] WavxDMgr C:\Windows\system32\DRIVERS\WavxDMgr.sys
15:20:39.0859 5856 WavxDMgr - ok
15:20:39.0906 5856 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
15:20:40.0031 5856 wbengine - ok
15:20:40.0047 5856 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:20:40.0093 5856 WbioSrvc - ok
15:20:40.0125 5856 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:20:40.0203 5856 wcncsvc - ok
15:20:40.0218 5856 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:20:40.0281 5856 WcsPlugInService - ok
15:20:40.0296 5856 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
15:20:40.0343 5856 Wd - ok
15:20:40.0390 5856 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:20:40.0468 5856 Wdf01000 - ok
15:20:40.0483 5856 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:20:40.0577 5856 WdiServiceHost - ok
15:20:40.0577 5856 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:20:40.0593 5856 WdiSystemHost - ok
15:20:40.0624 5856 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
15:20:40.0671 5856 WebClient - ok
15:20:40.0686 5856 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:20:40.0717 5856 Wecsvc - ok
15:20:40.0733 5856 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:20:40.0764 5856 wercplsupport - ok
15:20:40.0764 5856 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
15:20:40.0811 5856 WerSvc - ok
15:20:40.0842 5856 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:20:40.0889 5856 WfpLwf - ok
15:20:40.0983 5856 [ 78CFA1A99D68E2E1CC5AA1F8BA2F4C26 ] WHSConnector C:\Program Files\Windows Home Server\WHSConnector.exe
15:20:41.0029 5856 WHSConnector - ok
15:20:41.0045 5856 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:20:41.0061 5856 WIMMount - ok
15:20:41.0107 5856 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
15:20:41.0170 5856 WinDefend - ok
15:20:41.0185 5856 WinHttpAutoProxySvc - ok
15:20:41.0232 5856 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:20:41.0310 5856 Winmgmt - ok
15:20:41.0357 5856 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
15:20:41.0482 5856 WinRM - ok
15:20:41.0513 5856 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
15:20:41.0575 5856 WinUsb - ok
15:20:41.0607 5856 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
15:20:41.0685 5856 Wlansvc - ok
15:20:41.0700 5856 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:20:41.0747 5856 WmiAcpi - ok
15:20:41.0763 5856 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:20:41.0794 5856 wmiApSrv - ok
15:20:41.0856 5856 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
15:20:41.0919 5856 WMPNetworkSvc - ok
15:20:41.0981 5856 [ 017695393AFFFED8DE58ABD1B085BE6D ] WMZuneComm C:\Program Files\Zune\WMZuneComm.exe
15:20:42.0028 5856 WMZuneComm - ok
15:20:42.0043 5856 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:20:42.0075 5856 WPCSvc - ok
15:20:42.0090 5856 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:20:42.0153 5856 WPDBusEnum - ok
15:20:42.0184 5856 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:20:42.0262 5856 ws2ifsl - ok
15:20:42.0277 5856 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
15:20:42.0324 5856 wscsvc - ok
15:20:42.0340 5856 [ 553F6CCD7C58EB98D4A8FBDAF283D7A9 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
15:20:42.0387 5856 WSDPrintDevice - ok
15:20:42.0387 5856 WSearch - ok
15:20:42.0465 5856 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
15:20:42.0543 5856 wuauserv - ok
15:20:42.0574 5856 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:20:42.0621 5856 WudfPf - ok
15:20:42.0652 5856 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:20:42.0730 5856 WUDFRd - ok
15:20:42.0761 5856 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:20:42.0808 5856 wudfsvc - ok
15:20:42.0823 5856 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
15:20:42.0855 5856 WwanSvc - ok
15:20:43.0011 5856 [ 1076DF9ADE4E13EA3BF39D2165AEB903 ] ZuneNetworkSvc C:\Program Files\Zune\ZuneNss.exe
15:20:43.0307 5856 ZuneNetworkSvc - ok
15:20:43.0401 5856 [ DE1CDB333A402B279F04D627122FA08E ] ZuneWlanCfgSvc C:\Program Files\Zune\ZuneWlanCfgSvc.exe
15:20:43.0447 5856 ZuneWlanCfgSvc - ok
15:20:43.0463 5856 ================ Scan global ===============================
15:20:43.0494 5856 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
15:20:43.0541 5856 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
15:20:43.0588 5856 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
15:20:43.0603 5856 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
15:20:43.0650 5856 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
15:20:43.0666 5856 [Global] - ok
15:20:43.0666 5856 ================ Scan MBR ==================================
15:20:43.0681 5856 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
15:20:44.0165 5856 \Device\Harddisk0\DR0 - ok
15:20:44.0165 5856 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR2
15:20:44.0430 5856 \Device\Harddisk1\DR2 - ok
15:20:44.0430 5856 ================ Scan VBR ==================================
15:20:44.0430 5856 [ E20E2AC410BAE127AC53B3AE61A4C419 ] \Device\Harddisk0\DR0\Partition1
15:20:44.0446 5856 \Device\Harddisk0\DR0\Partition1 - ok
15:20:44.0461 5856 [ F63B638BC8E709DF4A1737135E7B4E10 ] \Device\Harddisk0\DR0\Partition2
15:20:44.0461 5856 \Device\Harddisk0\DR0\Partition2 - ok
15:20:44.0461 5856 [ 2DC7A6A52CB16141710F986BAD680C2B ] \Device\Harddisk0\DR0\Partition3
15:20:44.0461 5856 \Device\Harddisk0\DR0\Partition3 - ok
15:20:44.0461 5856 [ 52EEB48CAFD908DDD334E971E44EF5F5 ] \Device\Harddisk1\DR2\Partition1
15:20:44.0477 5856 \Device\Harddisk1\DR2\Partition1 - ok
15:20:44.0477 5856 ============================================================
15:20:44.0477 5856 Scan finished
15:20:44.0477 5856 ============================================================
15:20:44.0477 5476 Detected object count: 5
15:20:44.0477 5476 Actual detected object count: 5
15:21:13.0010 5476 hwpsgt ( UnsignedFile.Multi.Generic ) - skipped by user
15:21:13.0010 5476 hwpsgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:21:13.0010 5476 lemsgt ( UnsignedFile.Multi.Generic ) - skipped by user
15:21:13.0010 5476 lemsgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:21:13.0010 5476 SecureStorageService ( UnsignedFile.Multi.Generic ) - skipped by user
15:21:13.0010 5476 SecureStorageService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:21:13.0010 5476 SMManager ( UnsignedFile.Multi.Generic ) - skipped by user
15:21:13.0010 5476 SMManager ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:21:13.0010 5476 tcsd_win32.exe ( UnsignedFile.Multi.Generic ) - skipped by user
15:21:13.0010 5476 tcsd_win32.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip
Ralf |
|
01.04.2013, 20:48
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | EXP/CVE-2013-0422 gefunden Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.04.2013, 21:15
| #15 |
| | EXP/CVE-2013-0422 gefunden OK so klappt es.  aswMBR Log: Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-01 22:07:29
-----------------------------
22:07:29.865 OS Version: Windows 6.1.7601 Service Pack 1
22:07:29.865 Number of processors: 2 586 0x170A
22:07:29.865 ComputerName: BAGALUTH01 UserName: Ralf
22:07:30.614 Initialize success
22:07:41.409 AVAST engine defs: 13040100
22:07:54.560 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:07:54.560 Disk 0 Vendor: WDC_WD25 11.0 Size: 238475MB BusType: 3
22:07:54.685 Disk 0 MBR read successfully
22:07:54.685 Disk 0 MBR scan
22:07:54.700 Disk 0 Windows VISTA default MBR code
22:07:54.716 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
22:07:54.732 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
22:07:54.763 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 96944 MB offset 30801920
22:07:54.778 Disk 0 Partition - 00 0F Extended LBA 126488 MB offset 229343940
22:07:54.794 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 126488 MB offset 229344003
22:07:54.825 Disk 0 scanning sectors +488392065
22:07:54.903 Disk 0 scanning C:\Windows\system32\drivers
22:08:05.839 Service scanning
22:08:28.802 Modules scanning
22:08:37.320 Disk 0 trace - called modules:
22:08:37.335 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
22:08:37.335 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87054ac8]
22:08:37.335 3 CLASSPNP.SYS[8c9af59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8666a028]
22:08:37.351 Scan finished successfully
22:10:46.784 Disk 0 MBR has been saved successfully to "C:\Users\Ralf\Desktop\MBR.dat"
22:10:46.800 The log file has been saved successfully to "C:\Users\Ralf\Desktop\aswMBR.txt"
|
|
| Themen zu EXP/CVE-2013-0422 gefunden |
| anleitung, autostart, avira, beseitigt, brauche, code, defogger, disable, euren, exp/cve-2013-0422, gefunde, gestern, glaube, heute, laufe, laufen, leitung, log, namen, ntdll.dll, recycle.bin, schaden, sttray.exe, taskhost.exe |
Linear-Darstellung
