| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Spy.Banker.Gen8Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.11.2012, 20:03
| #1 |
 |  TR/Spy.Banker.Gen8 Hi zusammen, leider habe ich mir den TR/Spy.Banker.Gen8 eingefangen. Ich hoffe mir kann geholfen werden, den Dreck von meinem Laptop sicher und rückstandslos zu entfernen. Die Meldung kam über AVIRA, trotz erfolgtem Entfernen natürlich immer wieder. Mittels Malwarebytes habe ich die Trojaner wie empfohlen bereits in den Quarantäne Ordner verschoben. Die weiteren Schritte habe ich hoffentlich auch alle korrekt durchgeführt. Meine Daten: ASUS Notebook M50Vn/M50Vm/M50Vc Series Intel(R) Core(TM)2 Duo CPU T9400 @ 2,53 GHz 2,53 GHz Arbeitsspeicher 4,00 GB 32 Bit-System Pfad aus Quarantäneordner AVIRA: C:\Users\Matthias\AppData\Roaming\BAcroIEHelpe231.dll EXTRAS.TXTOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 15.11.2012 19:44:01 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Matthias\Desktop\Downloads\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,75 Gb Available Physical Memory | 58,40% Memory free
6,20 Gb Paging File | 4,89 Gb Available in Paging File | 78,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454,04 Gb Total Space | 309,37 Gb Free Space | 68,14% Space Free | Partition Type: NTFS
Drive D: | 6,07 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: ASUS | User Name: Matthias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office 2010\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office 2010\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04078877-F5BE-49DD-9BDF-B9315132F802}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{09AD532A-F7EC-4E6F-AEB4-F6781B66AAA7}" = rport=445 | protocol=6 | dir=out | app=system |
"{14F58B5B-4986-4E53-B5CD-A4742344D3C7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{393F852D-8E6C-42BF-AFF9-411FB111E29F}" = lport=137 | protocol=17 | dir=in | app=system |
"{537FCEA0-F486-4A43-A717-793673726859}" = rport=139 | protocol=6 | dir=out | app=system |
"{5534C1B2-CBDC-4763-8CA6-BFC02F375102}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{5E4D1627-5508-422F-93A9-BDB72F52FE74}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8143224F-0E93-499D-BAFC-1E002DA635F5}" = lport=139 | protocol=6 | dir=in | app=system |
"{9E25230E-1AF7-4CC7-8903-8067D0354022}" = lport=138 | protocol=17 | dir=in | app=system |
"{9E523F24-81BE-42C5-9EB1-3069EDD64AD8}" = lport=445 | protocol=6 | dir=in | app=system |
"{A531754D-DAA9-4A74-B7B3-22DFC0DC0857}" = rport=137 | protocol=17 | dir=out | app=system |
"{EDAB9B74-9BFB-4D27-B69E-3EB08B95B646}" = rport=138 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A5F9D15-2C26-4D6F-A0FB-B0E142759E94}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{2032790A-ED30-44D2-A0AA-C05C0C9F5660}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{285FD47C-449E-4AC4-B0FC-217F481CF715}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{331F0D39-28A8-46D9-930B-3E1DE9A58BFF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{344DE76B-18D0-4691-9EFC-C1C8CA6B6973}" = protocol=17 | dir=in | app=c:\users\matthias\appdata\roaming\dropbox\bin\dropbox.exe |
"{3ED69CEA-693E-4350-881F-05C0FB6C0056}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{4DCEDE9F-2D53-42B9-84C4-2AFABAF319E7}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{50B5FB6C-E96C-4F83-A22E-D4BD583EAEAC}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{5639AC6B-7999-4446-AA42-95F03D72F5ED}" = protocol=6 | dir=in | app=c:\program files\microsoft office 2010\office14\groove.exe |
"{79921021-1A30-479D-814A-E2EC7C8D38C2}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{7E2E3297-1C3C-4AC0-88D4-54B5EF9C35BF}" = protocol=17 | dir=in | app=c:\program files\microsoft office 2010\office14\groove.exe |
"{987ED4CC-1B4F-45A2-9F7E-BD2C09F918CE}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{B3A551DB-E1C9-456F-87EC-B4AB69B53336}" = protocol=6 | dir=in | app=c:\users\matthias\appdata\roaming\dropbox\bin\dropbox.exe |
"{B69F190B-21DD-4D0D-B9AB-88F6F9F79D97}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{CF8359D0-3D32-4E86-A493-2B6B9C0EF24D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D3CA8C25-ABD2-49E8-913B-0A28FC2D0F71}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{DD9FF5F9-DFAB-4AB7-8171-E963F3BEDB45}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{E15C28A9-98E9-4C7E-BE41-EFD75CA3C03E}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"TCP Query User{002D993B-38DC-4B9E-AB25-3E6FD84D127D}C:\program files\konami\pro evolution soccer 2013\pes2013.exe" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2013\pes2013.exe |
"TCP Query User{1F27EDA3-0F8B-4EEF-9803-3871A0A1A0A5}C:\games\pes2012.exe" = protocol=6 | dir=in | app=c:\games\pes2012.exe |
"TCP Query User{E92E9DBA-9CB3-475A-9BBF-2E562DB970FE}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{24A920A2-5B5E-498E-9E09-F545BF456F01}C:\games\pes2012.exe" = protocol=17 | dir=in | app=c:\games\pes2012.exe |
"UDP Query User{A53E2580-579B-4471-8314-0BF87B97A03D}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{B0E180BB-74E6-44DF-8555-CFD12C7BCDA0}C:\program files\konami\pro evolution soccer 2013\pes2013.exe" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2013\pes2013.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.6.4.6052
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2862A3C1-0CD9-4D8B-A28C-8C337D4DD5EB}" = Express Gate
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{3B418709-D688-4E3A-BE0E-7D71FA84C948}" = Nero 11 PiP Effects 1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40580068-9B10-40B5-9548-536CE88AB23C}" = ITECIR
"{4382FC76-8100-4951-8658-31834E625E88}" = Nero 11 Video Transitions 1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.03
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5E98FDD6-3672-4DBE-AB8B-2C9A0BED1382}" = Nero 11 Disc Menus 3
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{7DF2B5EE-2C16-4E86-9C71-8678068AD805}" = Nero 11 Disc Menus 2
"{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear eXtreme
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FC86590-AC98-4845-80D4-3EB37B51947B}" = Nero 11
"{A0F34849-D9AB-46DD-B1BE-BB0DB60B1FE8}" = Nero 11 Disc Menus 1
"{A2CDC001-F8B3-4C64-9E74-2E3FA0FAC9D9}" = Nero 11 Video Samples
"{A4F6BE36-4826-45BA-A396-04F265A3B61D}" = Nero 11 Kwik Themes 2
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACD6B383-EC5B-4000-A455-CCB308B447FE}" = Nero 11 Kwik Themes 4
"{B160A672-F326-4414-9BB0-A056C61B357C}" = Nero 11 Cliparts
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B1F69AF3-B5B5-4CA5-ADC5-8A738EB6E574}" = Nero 11 Kwik Themes 1
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BA499CC0-12C0-4BA5-9007-76844B721158}" = Nero 11 Kwik Themes 3
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C2523AE6-F335-4D0B-BC15-1C07E4ACE629}" = Pro Evolution Soccer 2013
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{DE66EFAD-B9CC-4FD4-9157-6C18E5100161}" = Dolby Control Center
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{F69FB940-5031-4FE8-AFAD-085802D0BF63}" = Nero Recode 11
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}" = Nero Backup Drivers
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
"1&1 Mail & Media GmbH Toolbar FF" = WEB.DE MailCheck für Mozilla Firefox
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"Digital Editions" = Adobe Digital Editions
"EPSON SX510W Series" = Druckerdeinstallation für EPSON SX510W Series
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"SopCast" = SopCast 3.5.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USB2.0 UVC 1.3M WebCam" = USB2.0 UVC 1.3M WebCam
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 29.10.2012 13:16:16 | Computer Name = ASUS | Source = WinMgmt | ID = 10
Description =
Error - 31.10.2012 14:57:56 | Computer Name = ASUS | Source = WinMgmt | ID = 10
Description =
Error - 08.11.2012 16:49:06 | Computer Name = ASUS | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16450, Zeitstempel
0x503723f6, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x0de70c50, Prozess-ID 0x1174, Anwendungsstartzeit
01cdbdf1cabca8b0.
Error - 14.11.2012 15:43:53 | Computer Name = ASUS | Source = WinMgmt | ID = 10
Description =
Error - 14.11.2012 15:49:28 | Computer Name = ASUS | Source = WinMgmt | ID = 10
Description =
Error - 14.11.2012 15:57:19 | Computer Name = ASUS | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DllHost.exe, Version 6.0.6000.16386, Zeitstempel
0x4549b14e, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5,
Ausnahmecode 0xc0000005, Fehleroffset 0x000641f4, Prozess-ID 0x1090, Anwendungsstartzeit
01cdc2a240f7752e.
Error - 14.11.2012 16:20:33 | Computer Name = ASUS | Source = WinMgmt | ID = 10
Description =
Error - 14.11.2012 17:33:47 | Computer Name = ASUS | Source = EventSystem | ID = 4609
Description =
Error - 14.11.2012 17:34:37 | Computer Name = ASUS | Source = WinMgmt | ID = 10
Description =
Error - 14.11.2012 17:37:40 | Computer Name = ASUS | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 14.11.2012 17:38:13 | Computer Name = ASUS | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 15.11.2012 13:13:31 | Computer Name = ASUS | Source = DCOM | ID = 10016
Description =
Error - 15.11.2012 13:13:32 | Computer Name = ASUS | Source = DCOM | ID = 10016
Description =
Error - 15.11.2012 13:13:45 | Computer Name = ASUS | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 15.11.2012 13:26:05 | Computer Name = ASUS | Source = DCOM | ID = 10016
Description =
Error - 15.11.2012 13:26:06 | Computer Name = ASUS | Source = DCOM | ID = 10016
Description =
Error - 15.11.2012 13:27:13 | Computer Name = ASUS | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 15.11.2012 14:08:57 | Computer Name = ASUS | Source = DCOM | ID = 10016
Description =
Error - 15.11.2012 14:09:00 | Computer Name = ASUS | Source = DCOM | ID = 10016
Description =
Error - 15.11.2012 14:10:12 | Computer Name = ASUS | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
< End of report >
OTL.TXTOTL Logfile: Code:
ATTFilter OTL logfile created on: 15.11.2012 19:44:01 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Matthias\Desktop\Downloads\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,75 Gb Available Physical Memory | 58,40% Memory free 6,20 Gb Paging File | 4,89 Gb Available in Paging File | 78,96% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 454,04 Gb Total Space | 309,37 Gb Free Space | 68,14% Space Free | Partition Type: NTFS Drive D: | 6,07 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: ASUS | User Name: Matthias | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.15 19:34:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matthias\Desktop\Downloads\Downloads\OTL.exe PRC - [2012.10.28 13:12:36 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2012.09.29 19:54:26 | 000,981,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe PRC - [2012.09.25 11:00:45 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012.09.25 10:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012.09.25 10:52:48 | 000,386,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.09.19 19:20:40 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.04.11 10:54:20 | 002,607,424 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe PRC - [2011.09.23 17:37:42 | 000,641,832 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.11.20 07:00:00 | 000,199,680 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFIE.EXE PRC - [2008.07.29 16:34:34 | 001,845,800 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe PRC - [2008.07.29 16:34:34 | 000,752,168 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2008.07.15 10:29:00 | 007,651,328 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe PRC - [2008.07.15 10:22:46 | 000,217,088 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControl.exe PRC - [2008.07.09 16:09:26 | 000,191,032 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe PRC - [2008.06.23 19:16:24 | 002,482,176 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe PRC - [2008.06.13 06:52:52 | 006,183,456 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.01.23 09:51:28 | 000,151,552 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\WDC.exe PRC - [2008.01.11 21:40:10 | 000,098,304 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe PRC - [2007.12.17 05:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE PRC - [2007.11.30 10:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe PRC - [2007.11.04 18:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe PRC - [2007.10.02 20:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe PRC - [2007.08.15 10:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe PRC - [2007.08.07 23:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe PRC - [2007.07.05 15:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe PRC - [2007.01.11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE ========== Modules (No Company Name) ========== MOD - [2012.10.28 13:12:36 | 002,295,264 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2011.03.16 23:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf MOD - [2008.07.29 16:27:20 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll MOD - [2008.01.11 21:40:10 | 000,098,304 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe MOD - [2007.11.30 10:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe MOD - [2007.11.12 14:41:50 | 000,106,496 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\MsgTran.dll ========== Services (SafeList) ========== SRV - [2012.10.28 13:12:36 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.11 18:20:21 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.25 11:00:45 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.09.25 10:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.09.20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office 2010\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.09.23 17:37:42 | 000,641,832 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007.12.17 05:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) SRV - [2007.10.02 20:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2007.08.07 23:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2007.01.11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- D:\I386\AsProcOb.sys -- (ASUSProcObsrv) DRV - [2012.11.15 19:15:40 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2012.10.01 17:14:23 | 000,134,184 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.09.24 09:58:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.09.13 10:58:17 | 000,083,792 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2012.05.01 17:57:01 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2011.07.13 12:39:10 | 000,056,496 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NBVol.sys -- (NBVol) DRV - [2011.07.13 12:39:10 | 000,012,464 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NBVolUp.sys -- (NBVolUp) DRV - [2011.06.02 06:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011.06.02 06:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) DRV - [2011.06.02 06:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) DRV - [2009.05.28 21:41:28 | 004,233,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2009.04.11 06:06:26 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan) DRV - [2008.07.25 09:31:00 | 007,547,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.06.25 06:05:06 | 000,044,064 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008.06.24 14:55:12 | 000,047,104 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2008.06.03 22:41:52 | 000,015,928 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2008.05.13 07:35:24 | 001,772,544 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) DRV - [2008.02.14 22:56:02 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008.01.21 03:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2007.12.18 16:12:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir) DRV - [2007.07.30 10:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007.07.30 09:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2007.07.24 10:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP) DRV - [2006.12.14 23:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2006.11.02 08:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.asus.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: DivXWebPlayer@divx.com:2.0.2.039 FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.11 FF - prefs.js..extensions.enabledAddons: toolbar@web.de:2.3.3 FF - prefs.js..extensions.enabledAddons: {33044118-6597-4D2F-ABEA-7974BB185379}:1.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.28 13:12:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{33044118-6597-4D2F-ABEA-7974BB185379}: C:\Users\Matthias\AppData\Roaming\16001.010 [2012.11.15 17:58:01 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.28 13:12:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.29 10:44:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\Extensions [2012.11.14 20:42:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\8wrvuf1v.default\extensions [2012.10.31 22:38:20 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\8wrvuf1v.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.09.22 17:34:55 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\firefox\profiles\8wrvuf1v.default\extensions\DivXWebPlayer@divx.com.xpi [2012.11.14 20:42:58 | 000,565,762 | ---- | M] () (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\firefox\profiles\8wrvuf1v.default\extensions\toolbar@web.de.xpi [2012.07.27 16:27:22 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\firefox\profiles\8wrvuf1v.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.11.14 20:43:05 | 000,000,911 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\mozilla\firefox\profiles\8wrvuf1v.default\searchplugins\11-suche.xml [2012.11.14 20:43:05 | 000,002,273 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\mozilla\firefox\profiles\8wrvuf1v.default\searchplugins\englische-ergebnisse.xml [2012.11.14 20:43:05 | 000,010,563 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\mozilla\firefox\profiles\8wrvuf1v.default\searchplugins\gmx-suche.xml [2012.11.14 20:43:05 | 000,002,432 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\mozilla\firefox\profiles\8wrvuf1v.default\searchplugins\lastminute.xml [2012.11.14 20:43:05 | 000,005,545 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\mozilla\firefox\profiles\8wrvuf1v.default\searchplugins\webde-suche.xml [2012.10.28 13:12:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012.11.15 17:58:01 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\MATTHIAS\APPDATA\ROAMING\16001.010 [2012.10.28 13:12:36 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.04.21 02:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.28 10:33:05 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.04.21 02:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.04.21 02:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.21 02:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.21 02:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe () O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [EPSON] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFIE.EXE (SEIKO EPSON CORPORATION) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL File not found O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9215ADB6-5E01-4E39-A131-6199B19897DE}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BF83EC1F-8E10-4E5C-9187-E3EACC26DD97}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\ASUS\wallpapers\ASUS.jpg O24 - Desktop BackupWallPaper: C:\Windows\ASUS\wallpapers\ASUS.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2012.08.13 19:01:35 | 000,348,080 | R--- | M] (Konami Digital Entertainment Co., Ltd.) - D:\autorun.exe -- [ UDF ] O32 - AutoRun File - [2012.08.13 19:01:35 | 000,000,047 | R--- | M] () - D:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{7bc36753-90c2-11e1-8dad-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{7bc36753-90c2-11e1-8dad-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe -- [2012.08.13 19:01:35 | 000,348,080 | R--- | M] (Konami Digital Entertainment Co., Ltd.) O33 - MountPoints2\{a317bcb1-9380-11e1-966e-002243a2dc1e}\Shell - "" = AutoRun O33 - MountPoints2\{a317bcb1-9380-11e1-966e-002243a2dc1e}\Shell\AutoRun\command - "" = E:\SETUP.EXE O33 - MountPoints2\{a317bcb1-9380-11e1-966e-002243a2dc1e}\Shell\configure\command - "" = E:\SETUP.EXE O33 - MountPoints2\{a317bcb1-9380-11e1-966e-002243a2dc1e}\Shell\install\command - "" = E:\SETUP.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.15 19:15:40 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.11.15 18:39:53 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\Malwarebytes [2012.11.15 18:39:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.15 18:39:38 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.11.15 18:39:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.11.15 18:30:48 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\Avira [2012.11.15 18:14:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.11.15 18:14:12 | 000,134,184 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2012.11.15 18:14:12 | 000,083,792 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2012.11.15 18:14:12 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2012.11.15 18:14:12 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012.11.15 18:14:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.11.15 18:14:03 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012.11.15 17:58:01 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\16001.010 [2012.11.14 22:28:16 | 000,000,000 | ---D | C] -- C:\ProgramData\qlquqeaxzjyjgnv [2012.11.12 00:53:03 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\UAs [2012.11.09 15:39:54 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\16001.009 [2012.11.09 15:39:31 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\xmldm [2012.11.09 15:39:25 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\kock [2012.11.04 23:06:18 | 000,000,000 | ---D | C] -- C:\Users\Matthias\Documents\My Digital Editions [2012.11.04 22:54:03 | 000,000,000 | ---D | C] -- C:\Program Files\WEB.DE MailCheck [2012.11.01 17:21:50 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\{D189FE92-C8F3-4072-8A9F-92BD6EA1CBD6} [2012.10.31 23:29:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.10.31 23:29:42 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2012.10.29 18:17:17 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\{972C01DF-9F01-4A56-A85B-6BDE1BBC6043} [2012.10.28 21:54:01 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\{542AE0FF-F127-43E8-9153-C0F5F62DA466} [2012.10.28 14:08:35 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\Media Player Classic [2012.10.28 14:07:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC [2012.10.28 14:07:43 | 000,000,000 | ---D | C] -- C:\Program Files\MPC-HC [2012.10.28 13:12:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.10.27 19:06:12 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\{E94F5910-A87C-41EB-A181-8D35A4406D29} [2012.10.27 13:51:15 | 000,000,000 | ---D | C] -- C:\Users\Matthias\dwhelper [2012.10.25 21:48:45 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\{7FE135B6-DB31-44A3-9037-3B73CBD0E488} [2012.10.19 19:13:18 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\{4619A3EB-725F-4A20-9130-858A91EC08CE} [2 C:\Users\Matthias\AppData\Roaming\*.tmp files -> C:\Users\Matthias\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.15 19:33:55 | 000,000,000 | ---- | M] () -- C:\Users\Matthias\defogger_reenable [2012.11.15 19:20:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.15 19:15:40 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.11.15 19:14:11 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.15 19:14:11 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.15 19:14:11 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.15 19:14:11 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.15 19:08:40 | 000,028,124 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.11.15 19:07:57 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.15 19:07:57 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.15 19:07:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.15 19:07:46 | 3220,295,680 | -HS- | M] () -- C:\hiberfil.sys [2012.11.15 19:00:45 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.11.15 18:39:41 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.15 18:28:29 | 000,000,016 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\blckdom.res [2012.11.15 18:20:52 | 000,065,536 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\8wrvuf1v.default.dat [2012.11.15 18:14:20 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.11.14 22:28:16 | 000,076,348 | ---- | M] () -- C:\ProgramData\xlyzzfsifuliryl [2012.11.14 21:45:09 | 000,028,124 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.11.14 21:20:03 | 000,251,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.14 16:25:46 | 000,000,680 | ---- | M] () -- C:\Users\Matthias\AppData\Local\d3d9caps.dat [2012.10.28 14:07:45 | 000,001,677 | ---- | M] () -- C:\Users\Matthias\Desktop\MPC-HC.lnk [2 C:\Users\Matthias\AppData\Roaming\*.tmp files -> C:\Users\Matthias\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.15 19:33:55 | 000,000,000 | ---- | C] () -- C:\Users\Matthias\defogger_reenable [2012.11.15 18:39:41 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.15 18:14:20 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.11.14 22:35:59 | 3220,295,680 | -HS- | C] () -- C:\hiberfil.sys [2012.11.14 22:28:13 | 000,076,348 | ---- | C] () -- C:\ProgramData\xlyzzfsifuliryl [2012.11.09 15:39:43 | 000,000,016 | ---- | C] () -- C:\Users\Matthias\AppData\Roaming\blckdom.res [2012.11.09 15:39:35 | 000,065,536 | ---- | C] () -- C:\Users\Matthias\AppData\Roaming\8wrvuf1v.default.dat [2012.10.28 14:07:45 | 000,001,677 | ---- | C] () -- C:\Users\Matthias\Desktop\MPC-HC.lnk [2012.09.05 19:44:39 | 000,004,608 | ---- | C] () -- C:\Users\Matthias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.05.01 19:00:04 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2012.05.01 11:58:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2012.05.01 11:58:43 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2012.04.28 15:48:15 | 000,028,124 | ---- | C] () -- C:\ProgramData\nvModes.001 [2012.04.28 15:41:42 | 000,028,124 | ---- | C] () -- C:\ProgramData\nvModes.dat [2012.04.28 08:48:22 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2012.04.28 01:05:46 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys [2012.04.28 00:19:37 | 000,001,076 | ---- | C] () -- C:\Windows\bthservsdp.dat [2012.04.27 21:48:05 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2012.04.27 21:32:23 | 001,772,544 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2012.04.27 21:32:23 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [2012.04.27 21:32:23 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2012.04.27 21:32:23 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2012.04.27 15:47:06 | 000,000,680 | ---- | C] () -- C:\Users\Matthias\AppData\Local\d3d9caps.dat [2012.03.28 21:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.03.28 21:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2012.03.28 21:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2012.03.28 21:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2012.03.28 21:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.11.09 15:39:55 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\16001.009 [2012.11.15 17:58:01 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\16001.010 [2012.05.01 18:38:06 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\DAEMON Tools Lite [2012.11.14 20:43:57 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Dropbox [2012.11.04 23:12:55 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\ICQ [2012.11.09 15:39:25 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\kock [2012.09.24 18:47:11 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Samsung [2012.11.12 01:33:43 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\UAs [2012.11.15 18:28:30 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\xmldm ========== Purity Check ========== < End of report > LEIDER FUNKTIONIERT BEI MIR GMER nicht. Aufgrund eines Problems muss das Programm abgebrochen werden. Woran könnte das liegen? Vielen Dank für den Support! Geändert von fandingo (15.11.2012 um 20:43 Uhr) |
|
18.11.2012, 23:09
| #3 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | TR/Spy.Banker.Gen8 Hallo und
__________________ Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Zitat:
 Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520 Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
18.11.2012, 23:34
| #4 |
| | TR/Spy.Banker.Gen8Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.15.07 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Matthias :: ASUS [Administrator] 15.11.2012 18:41:18 mbam-log-2012-11-15 (18-41-18).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 192773 Laufzeit: 16 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 4 HKCR\CLSID\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Userinit (Backdoor.Agent) -> Daten: C:\Users\Matthias\AppData\Roaming\appConf32.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\Matthias\AppData\Roaming\AcroIEHelpe231.dll (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Matthias\AppData\Roaming\appConf32.exe (Backdoor.Agent) -> Löschen bei Neustart. (Ende) Code:
ATTFilter Avira Free Antivirus
Erstellungsdatum der Reportdatei: Donnerstag, 15. November 2012 18:54
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows Vista (TM) Home Premium
Windowsversion : (Service Pack 2) [6.0.6002]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : ASUS
Versionsinformationen:
BUILD.DAT : 13.0.0.2693 48279 Bytes 01.10.2012 17:25:00
AVSCAN.EXE : 13.4.0.200 625952 Bytes 01.10.2012 14:15:49
AVSCANRC.DLL : 13.4.0.163 64800 Bytes 19.09.2012 18:20:53
LUKE.DLL : 13.4.0.184 66848 Bytes 25.09.2012 10:00:15
AVSCPLR.DLL : 13.4.0.262 93984 Bytes 15.11.2012 17:15:54
AVREG.DLL : 13.4.0.244 245536 Bytes 15.11.2012 17:15:54
avlode.dll : 13.4.0.255 426272 Bytes 15.11.2012 17:15:55
avlode.rdf : 13.0.0.24 7196 Bytes 27.09.2012 10:30:38
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 14:50:29
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 14:50:31
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 14:50:34
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 14:50:36
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 14:50:37
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 14:42:40
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 14:42:40
VBASE007.VDF : 7.11.45.207 2363904 Bytes 11.10.2012 17:15:40
VBASE008.VDF : 7.11.45.208 2048 Bytes 11.10.2012 17:15:40
VBASE009.VDF : 7.11.45.209 2048 Bytes 11.10.2012 17:15:40
VBASE010.VDF : 7.11.45.210 2048 Bytes 11.10.2012 17:15:40
VBASE011.VDF : 7.11.45.211 2048 Bytes 11.10.2012 17:15:40
VBASE012.VDF : 7.11.45.212 2048 Bytes 11.10.2012 17:15:40
VBASE013.VDF : 7.11.45.213 2048 Bytes 11.10.2012 17:15:40
VBASE014.VDF : 7.11.46.65 220160 Bytes 16.10.2012 17:15:41
VBASE015.VDF : 7.11.46.153 173568 Bytes 18.10.2012 17:15:41
VBASE016.VDF : 7.11.46.223 162304 Bytes 19.10.2012 17:15:42
VBASE017.VDF : 7.11.47.35 126464 Bytes 22.10.2012 17:15:42
VBASE018.VDF : 7.11.47.95 175616 Bytes 24.10.2012 17:15:43
VBASE019.VDF : 7.11.47.177 164352 Bytes 26.10.2012 17:15:43
VBASE020.VDF : 7.11.47.229 143360 Bytes 28.10.2012 17:15:43
VBASE021.VDF : 7.11.48.47 138240 Bytes 30.10.2012 17:15:43
VBASE022.VDF : 7.11.48.135 122880 Bytes 01.11.2012 17:15:44
VBASE023.VDF : 7.11.48.209 142848 Bytes 05.11.2012 17:15:45
VBASE024.VDF : 7.11.48.243 119296 Bytes 05.11.2012 17:15:45
VBASE025.VDF : 7.11.49.47 136704 Bytes 07.11.2012 17:15:45
VBASE026.VDF : 7.11.49.135 194560 Bytes 09.11.2012 17:15:46
VBASE027.VDF : 7.11.49.209 188416 Bytes 12.11.2012 17:15:46
VBASE028.VDF : 7.11.50.27 212992 Bytes 14.11.2012 17:15:46
VBASE029.VDF : 7.11.50.28 2048 Bytes 14.11.2012 17:15:46
VBASE030.VDF : 7.11.50.29 2048 Bytes 14.11.2012 17:15:46
VBASE031.VDF : 7.11.50.48 70656 Bytes 15.11.2012 17:15:46
Engineversion : 8.2.10.202
AEVDF.DLL : 8.1.2.10 102772 Bytes 19.09.2012 14:42:55
AESCRIPT.DLL : 8.1.4.66 463227 Bytes 15.11.2012 17:15:54
AESCN.DLL : 8.1.9.4 131445 Bytes 15.11.2012 17:15:53
AESBX.DLL : 8.2.5.12 606578 Bytes 28.08.2012 16:58:06
AERDL.DLL : 8.2.0.74 643445 Bytes 15.11.2012 17:15:53
AEPACK.DLL : 8.3.0.40 815479 Bytes 15.11.2012 17:15:52
AEOFFICE.DLL : 8.1.2.50 201084 Bytes 15.11.2012 17:15:52
AEHEUR.DLL : 8.1.4.138 5542265 Bytes 15.11.2012 17:15:51
AEHELP.DLL : 8.1.25.2 258423 Bytes 15.11.2012 17:15:48
AEGEN.DLL : 8.1.6.10 438646 Bytes 15.11.2012 17:15:48
AEEXP.DLL : 8.2.0.10 119158 Bytes 15.11.2012 17:15:54
AEEMU.DLL : 8.1.3.2 393587 Bytes 19.09.2012 14:42:55
AECORE.DLL : 8.1.29.2 201079 Bytes 15.11.2012 17:15:47
AEBB.DLL : 8.1.1.4 53619 Bytes 15.11.2012 17:15:47
AVWINLL.DLL : 13.4.0.163 25888 Bytes 19.09.2012 18:09:30
AVPREF.DLL : 13.4.0.163 50464 Bytes 19.09.2012 18:07:51
AVREP.DLL : 13.4.0.244 177952 Bytes 15.11.2012 17:15:54
AVARKT.DLL : 13.4.0.184 260384 Bytes 25.09.2012 09:51:51
AVEVTLOG.DLL : 13.4.0.185 167200 Bytes 25.09.2012 09:52:37
SQLITE3.DLL : 3.7.0.1 397088 Bytes 19.09.2012 18:17:40
AVSMTP.DLL : 13.4.0.163 62240 Bytes 19.09.2012 18:08:54
NETNT.DLL : 13.4.0.163 15648 Bytes 19.09.2012 18:16:26
RCIMAGE.DLL : 13.4.0.163 4780832 Bytes 19.09.2012 18:21:16
RCTEXT.DLL : 13.4.0.163 68384 Bytes 19.09.2012 18:21:16
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_50a52572\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Beginn des Suchlaufs: Donnerstag, 15. November 2012 18:54
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '94' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbam.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '108' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '138' Modul(e) wurden durchsucht
Durchsuche Prozess 'mscorsvw.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'DTShellHlp.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPHelper.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'BtStackServer.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '97' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTTray.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'WDC.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'KBFiltr.exe' - '13' Modul(e) wurden durchsucht
Durchsuche Prozess 'ATKOSD.exe' - '13' Modul(e) wurden durchsucht
Durchsuche Prozess 'E_FATIFIE.EXE' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '104' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '90' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'ATKOSD2.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'HControlUser.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'BatteryLife.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'wcourier.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'HControl.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'MsgTranAgt.exe' - '13' Modul(e) wurden durchsucht
Durchsuche Prozess 'ALU.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '136' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '9' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'NASvc.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'E_S40RP7.EXE' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'E_S40ST7.EXE' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'btwdins.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'GFNEXSrv.exe' - '12' Modul(e) wurden durchsucht
Durchsuche Prozess 'ASLDRSrv.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '149' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '108' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\Users\Matthias\AppData\Roaming\16001.010\components\AcroFF010.dll'
C:\Users\Matthias\AppData\Roaming\16001.010\components\AcroFF010.dll
[FUND] Ist das Trojanische Pferd TR/Spy.Banker.Gen8
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '563fb265.qua' verschoben!
Ende des Suchlaufs: Donnerstag, 15. November 2012 18:54
Benötigte Zeit: 00:12 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
599 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
598 Dateien ohne Befall
3 Archive wurden durchsucht
0 Warnungen
1 Hinweise
|
|
19.11.2012, 10:23
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Spy.Banker.Gen8 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
19.11.2012, 21:20
| #6 |
| | TR/Spy.Banker.Gen8Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-19 20:56:54
-----------------------------
20:56:54.186 OS Version: Windows 6.0.6002 Service Pack 2
20:56:54.186 Number of processors: 2 586 0x1706
20:56:54.186 ComputerName: ASUS UserName:
20:56:57.477 Initialize success
20:59:33.498 AVAST engine defs: 12111900
20:59:41.111 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:59:41.111 Disk 0 Vendor: ST950032 0001 Size: 476940MB BusType: 3
20:59:41.127 Disk 0 MBR read successfully
20:59:41.142 Disk 0 MBR scan
20:59:41.142 Disk 0 unknown MBR code
20:59:41.158 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 12001 MB offset 63
20:59:41.173 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 464937 MB offset 24580096
20:59:41.173 Disk 0 scanning sectors +976771072
20:59:41.298 Disk 0 scanning C:\Windows\system32\drivers
20:59:59.659 Service scanning
21:00:37.255 Modules scanning
21:00:45.508 Disk 0 trace - called modules:
21:00:45.539 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
21:00:46.038 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x860b14e8]
21:00:46.054 3 CLASSPNP.SYS[8a9b18b3] -> nt!IofCallDriver -> [0x84b90f08]
21:00:46.069 5 acpi.sys[8069a6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85590028]
21:00:52.325 AVAST engine scan C:\Windows
21:00:56.506 AVAST engine scan C:\Windows\system32
21:07:40.187 AVAST engine scan C:\Windows\system32\drivers
21:08:07.799 AVAST engine scan C:\Users\Matthias
21:11:33.781 File: C:\Users\Matthias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\565e8ce0-28a35793 **INFECTED** Win32:Banker-JYD [Trj]
21:14:05.601 AVAST engine scan C:\ProgramData
21:15:06.425 Scan finished successfully
21:15:24.193 Disk 0 MBR has been saved successfully to "C:\Users\Matthias\Desktop\MBR.dat"
21:15:24.209 The log file has been saved successfully to "C:\Users\Matthias\Desktop\aswMBR.txt"
Code:
ATTFilter 21:18:43.0004 5308 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:18:43.0207 5308 ============================================================
21:18:43.0207 5308 Current date / time: 2012/11/19 21:18:43.0207
21:18:43.0207 5308 SystemInfo:
21:18:43.0207 5308
21:18:43.0207 5308 OS Version: 6.0.6002 ServicePack: 2.0
21:18:43.0207 5308 Product type: Workstation
21:18:43.0207 5308 ComputerName: ASUS
21:18:43.0207 5308 UserName: Matthias
21:18:43.0207 5308 Windows directory: C:\Windows
21:18:43.0207 5308 System windows directory: C:\Windows
21:18:43.0207 5308 Processor architecture: Intel x86
21:18:43.0207 5308 Number of processors: 2
21:18:43.0207 5308 Page size: 0x1000
21:18:43.0207 5308 Boot type: Normal boot
21:18:43.0207 5308 ============================================================
21:18:44.0346 5308 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:18:44.0346 5308 ============================================================
21:18:44.0346 5308 \Device\Harddisk0\DR0:
21:18:44.0362 5308 MBR partitions:
21:18:44.0362 5308 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1771000, BlocksNum 0x38C14800
21:18:44.0362 5308 ============================================================
21:18:44.0393 5308 C: <-> \Device\Harddisk0\DR0\Partition1
21:18:44.0393 5308 ============================================================
21:18:44.0393 5308 Initialize success
21:18:44.0393 5308 ============================================================
21:19:26.0622 1124 ============================================================
21:19:26.0622 1124 Scan started
21:19:26.0622 1124 Mode: Manual; SigCheck; TDLFS;
21:19:26.0622 1124 ============================================================
21:19:27.0246 1124 ================ Scan system memory ========================
21:19:27.0246 1124 System memory - ok
21:19:27.0246 1124 ================ Scan services =============================
21:19:27.0386 1124 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
21:19:27.0464 1124 ACPI - ok
21:19:27.0574 1124 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:19:27.0574 1124 AdobeARMservice - ok
21:19:27.0636 1124 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:19:27.0652 1124 AdobeFlashPlayerUpdateSvc - ok
21:19:27.0698 1124 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:19:27.0714 1124 adp94xx - ok
21:19:27.0761 1124 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:19:27.0776 1124 adpahci - ok
21:19:27.0792 1124 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
21:19:27.0808 1124 adpu160m - ok
21:19:27.0839 1124 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:19:27.0854 1124 adpu320 - ok
21:19:27.0886 1124 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:19:28.0010 1124 AeLookupSvc - ok
21:19:28.0042 1124 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
21:19:28.0073 1124 AFD - ok
21:19:28.0135 1124 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:19:28.0135 1124 agp440 - ok
21:19:28.0198 1124 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
21:19:28.0213 1124 aic78xx - ok
21:19:28.0229 1124 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
21:19:28.0260 1124 ALG - ok
21:19:28.0307 1124 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
21:19:28.0307 1124 aliide - ok
21:19:28.0338 1124 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
21:19:28.0354 1124 amdagp - ok
21:19:28.0369 1124 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
21:19:28.0385 1124 amdide - ok
21:19:28.0385 1124 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
21:19:28.0447 1124 AmdK7 - ok
21:19:28.0463 1124 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
21:19:28.0494 1124 AmdK8 - ok
21:19:28.0666 1124 [ A5569C4429D1C5494049FBFE2B2D20FF ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
21:19:28.0666 1124 AntiVirSchedulerService - ok
21:19:28.0697 1124 [ CB7EA00A4E70DF6828EBB68633D000D2 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
21:19:28.0697 1124 AntiVirService - ok
21:19:28.0728 1124 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
21:19:28.0775 1124 Appinfo - ok
21:19:28.0790 1124 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
21:19:28.0806 1124 arc - ok
21:19:28.0837 1124 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:19:28.0853 1124 arcsas - ok
21:19:28.0884 1124 [ 5A055A4777CBBC8845DD598CB2EEBF69 ] ASLDRService C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
21:19:28.0915 1124 ASLDRService ( UnsignedFile.Multi.Generic ) - warning
21:19:28.0915 1124 ASLDRService - detected UnsignedFile.Multi.Generic (1)
21:19:28.0962 1124 [ 7B4D08D2017AC06689D422E06C43F0AA ] ASMMAP C:\Program Files\ATKGFNEX\ASMMAP.sys
21:19:28.0962 1124 ASMMAP - ok
21:19:28.0993 1124 ASUSProcObsrv - ok
21:19:29.0024 1124 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:19:29.0056 1124 AsyncMac - ok
21:19:29.0087 1124 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
21:19:29.0087 1124 atapi - ok
21:19:29.0118 1124 [ 7C157574A181B19B9DCF5F339E25337E ] ATKGFNEXSrv C:\Program Files\ATKGFNEX\GFNEXSrv.exe
21:19:29.0134 1124 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - warning
21:19:29.0134 1124 ATKGFNEXSrv - detected UnsignedFile.Multi.Generic (1)
21:19:29.0180 1124 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:19:29.0196 1124 AudioEndpointBuilder - ok
21:19:29.0212 1124 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
21:19:29.0227 1124 Audiosrv - ok
21:19:29.0258 1124 [ 680B3A1BE559B5D5AAC04C7949469DD6 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
21:19:29.0258 1124 avgntflt - ok
21:19:29.0274 1124 [ 6B289080B9752DAD39C1C2B98B479DCE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
21:19:29.0274 1124 avipbb - ok
21:19:29.0290 1124 [ FFB78D74E1EA5F811341A6E7AC547A46 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
21:19:29.0305 1124 avkmgr - ok
21:19:29.0336 1124 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
21:19:29.0383 1124 Beep - ok
21:19:29.0430 1124 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
21:19:29.0461 1124 BFE - ok
21:19:29.0508 1124 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
21:19:29.0555 1124 BITS - ok
21:19:29.0586 1124 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
21:19:29.0617 1124 blbdrive - ok
21:19:29.0633 1124 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:19:29.0711 1124 bowser - ok
21:19:29.0742 1124 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
21:19:29.0773 1124 BrFiltLo - ok
21:19:29.0836 1124 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
21:19:29.0882 1124 BrFiltUp - ok
21:19:29.0914 1124 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
21:19:29.0960 1124 Browser - ok
21:19:30.0007 1124 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
21:19:30.0163 1124 Brserid - ok
21:19:30.0179 1124 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
21:19:30.0226 1124 BrSerWdm - ok
21:19:30.0241 1124 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
21:19:30.0272 1124 BrUsbMdm - ok
21:19:30.0288 1124 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
21:19:30.0335 1124 BrUsbSer - ok
21:19:30.0350 1124 [ 6D39C954799B63BA866910234CF7D726 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
21:19:30.0382 1124 BthEnum - ok
21:19:30.0397 1124 [ 9A966A8E86D1771911AE34A20D11BFF3 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:19:30.0444 1124 BTHMODEM - ok
21:19:30.0491 1124 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
21:19:30.0522 1124 BthPan - ok
21:19:30.0553 1124 [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
21:19:30.0678 1124 BTHPORT - ok
21:19:30.0694 1124 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll
21:19:30.0725 1124 BthServ - ok
21:19:30.0740 1124 [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
21:19:30.0772 1124 BTHUSB - ok
21:19:30.0818 1124 [ 463483285B2D2D345443AAEE7B9391E7 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
21:19:30.0834 1124 btwaudio - ok
21:19:30.0850 1124 [ 4F82B6173EF8637CB26CF4E73B90F172 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
21:19:30.0865 1124 btwavdt - ok
21:19:30.0912 1124 [ B78D1ACA1BBD0077848D9F87C8207AB1 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
21:19:30.0943 1124 btwdins - ok
21:19:30.0990 1124 [ ECB98391C756A7B9CFBAE89D9D1235E1 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
21:19:30.0990 1124 btwl2cap - ok
21:19:31.0006 1124 [ F771034F5B59A4A5054A2FA6F4E9F28B ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
21:19:31.0006 1124 btwrchid - ok
21:19:31.0037 1124 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:19:31.0084 1124 cdfs - ok
21:19:31.0115 1124 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:19:31.0146 1124 cdrom - ok
21:19:31.0162 1124 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
21:19:31.0177 1124 CertPropSvc - ok
21:19:31.0208 1124 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:19:31.0240 1124 circlass - ok
21:19:31.0271 1124 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
21:19:31.0286 1124 CLFS - ok
21:19:31.0364 1124 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:19:31.0364 1124 clr_optimization_v2.0.50727_32 - ok
21:19:31.0474 1124 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:19:31.0474 1124 clr_optimization_v4.0.30319_32 - ok
21:19:31.0505 1124 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:19:31.0536 1124 CmBatt - ok
21:19:31.0567 1124 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:19:31.0567 1124 cmdide - ok
21:19:31.0598 1124 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:19:31.0614 1124 Compbatt - ok
21:19:31.0614 1124 COMSysApp - ok
21:19:31.0630 1124 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:19:31.0645 1124 crcdisk - ok
21:19:31.0645 1124 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
21:19:31.0692 1124 Crusoe - ok
21:19:31.0770 1124 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:19:31.0801 1124 CryptSvc - ok
21:19:31.0848 1124 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:19:31.0879 1124 DcomLaunch - ok
21:19:31.0910 1124 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:19:31.0973 1124 DfsC - ok
21:19:32.0051 1124 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
21:19:32.0191 1124 DFSR - ok
21:19:32.0222 1124 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
21:19:32.0254 1124 Dhcp - ok
21:19:32.0285 1124 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
21:19:32.0300 1124 disk - ok
21:19:32.0347 1124 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:19:32.0441 1124 Dnscache - ok
21:19:32.0488 1124 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:19:32.0503 1124 dot3svc - ok
21:19:32.0534 1124 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
21:19:32.0581 1124 DPS - ok
21:19:32.0628 1124 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:19:32.0659 1124 drmkaud - ok
21:19:32.0690 1124 [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
21:19:32.0690 1124 dtsoftbus01 - ok
21:19:32.0737 1124 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:19:32.0753 1124 DXGKrnl - ok
21:19:32.0831 1124 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
21:19:32.0909 1124 E1G60 - ok
21:19:32.0956 1124 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
21:19:32.0971 1124 EapHost - ok
21:19:33.0002 1124 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
21:19:33.0018 1124 Ecache - ok
21:19:33.0065 1124 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:19:33.0112 1124 ehRecvr - ok
21:19:33.0127 1124 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
21:19:33.0174 1124 ehSched - ok
21:19:33.0174 1124 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
21:19:33.0205 1124 ehstart - ok
21:19:33.0236 1124 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:19:33.0252 1124 elxstor - ok
21:19:33.0283 1124 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
21:19:33.0330 1124 EMDMgmt - ok
21:19:33.0392 1124 [ EC6A73CD8413F68655E5E0B99C415A21 ] EPSON_EB_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
21:19:33.0408 1124 EPSON_EB_RPCV4_01 - ok
21:19:33.0424 1124 [ 8FE6AB59CAB8F2C038FEA9522A5EEBA7 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
21:19:33.0439 1124 EPSON_PM_RPCV4_01 - ok
21:19:33.0470 1124 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:19:33.0486 1124 ErrDev - ok
21:19:33.0517 1124 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
21:19:33.0580 1124 EventSystem - ok
21:19:33.0642 1124 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
21:19:33.0704 1124 exfat - ok
21:19:33.0720 1124 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:19:33.0751 1124 fastfat - ok
21:19:33.0782 1124 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:19:33.0814 1124 fdc - ok
21:19:33.0829 1124 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
21:19:33.0845 1124 fdPHost - ok
21:19:33.0860 1124 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
21:19:33.0892 1124 FDResPub - ok
21:19:33.0954 1124 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:19:33.0970 1124 FileInfo - ok
21:19:33.0985 1124 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:19:34.0016 1124 Filetrace - ok
21:19:34.0016 1124 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:19:34.0048 1124 flpydisk - ok
21:19:34.0079 1124 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:19:34.0094 1124 FltMgr - ok
21:19:34.0141 1124 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
21:19:34.0235 1124 FontCache - ok
21:19:34.0297 1124 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:19:34.0297 1124 FontCache3.0.0.0 - ok
21:19:34.0313 1124 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:19:34.0360 1124 Fs_Rec - ok
21:19:34.0391 1124 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:19:34.0406 1124 gagp30kx - ok
21:19:34.0453 1124 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
21:19:34.0484 1124 gpsvc - ok
21:19:34.0531 1124 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:19:34.0594 1124 HdAudAddService - ok
21:19:34.0672 1124 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:19:34.0718 1124 HDAudBus - ok
21:19:34.0765 1124 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
21:19:34.0796 1124 HidBth - ok
21:19:34.0812 1124 [ D8DF3722D5E961BAA1292AA2F12827E2 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:19:34.0843 1124 HidIr - ok
21:19:34.0874 1124 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
21:19:34.0906 1124 hidserv - ok
21:19:34.0906 1124 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:19:34.0921 1124 HidUsb - ok
21:19:34.0937 1124 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:19:34.0984 1124 hkmsvc - ok
21:19:34.0999 1124 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
21:19:35.0015 1124 HpCISSs - ok
21:19:35.0046 1124 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:19:35.0077 1124 HTTP - ok
21:19:35.0093 1124 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
21:19:35.0108 1124 i2omp - ok
21:19:35.0140 1124 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:19:35.0155 1124 i8042prt - ok
21:19:35.0233 1124 [ 707C1692214B1C290271067197F075F6 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
21:19:35.0249 1124 iaStor - ok
21:19:35.0342 1124 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
21:19:35.0420 1124 iaStorV - ok
21:19:35.0608 1124 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:19:35.0670 1124 idsvc - ok
21:19:35.0686 1124 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:19:35.0701 1124 iirsp - ok
21:19:35.0732 1124 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
21:19:35.0764 1124 IKEEXT - ok
21:19:35.0920 1124 [ 23EBCEE9AAA4D6C88728791FAB462456 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
21:19:36.0060 1124 IntcAzAudAddService - ok
21:19:36.0138 1124 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
21:19:36.0138 1124 intelide - ok
21:19:36.0154 1124 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:19:36.0185 1124 intelppm - ok
21:19:36.0216 1124 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:19:36.0263 1124 IPBusEnum - ok
21:19:36.0263 1124 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:19:36.0294 1124 IpFilterDriver - ok
21:19:36.0325 1124 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:19:36.0341 1124 iphlpsvc - ok
21:19:36.0356 1124 IpInIp - ok
21:19:36.0388 1124 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
21:19:36.0419 1124 IPMIDRV - ok
21:19:36.0450 1124 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
21:19:36.0466 1124 IPNAT - ok
21:19:36.0497 1124 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:19:36.0512 1124 IRENUM - ok
21:19:36.0512 1124 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:19:36.0528 1124 isapnp - ok
21:19:36.0575 1124 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
21:19:36.0575 1124 iScsiPrt - ok
21:19:36.0606 1124 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
21:19:36.0622 1124 iteatapi - ok
21:19:36.0637 1124 [ 8BCD857C7932AD005D5F9C89329DA2E1 ] itecir C:\Windows\system32\DRIVERS\itecir.sys
21:19:36.0668 1124 itecir - ok
21:19:36.0684 1124 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
21:19:36.0684 1124 iteraid - ok
21:19:36.0715 1124 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:19:36.0731 1124 kbdclass - ok
21:19:36.0762 1124 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:19:36.0840 1124 kbdhid - ok
21:19:36.0871 1124 [ 27BD4AC228EF6C0D490617C32E86A672 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
21:19:36.0871 1124 kbfiltr - ok
21:19:36.0902 1124 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
21:19:36.0980 1124 KeyIso - ok
21:19:36.0996 1124 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:19:37.0012 1124 KSecDD - ok
21:19:37.0058 1124 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
21:19:37.0090 1124 KtmRm - ok
21:19:37.0121 1124 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
21:19:37.0183 1124 LanmanServer - ok
21:19:37.0199 1124 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:19:37.0277 1124 LanmanWorkstation - ok
21:19:37.0308 1124 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:19:37.0324 1124 lltdio - ok
21:19:37.0386 1124 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:19:37.0433 1124 lltdsvc - ok
21:19:37.0448 1124 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:19:37.0480 1124 lmhosts - ok
21:19:37.0558 1124 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:19:37.0573 1124 LSI_FC - ok
21:19:37.0589 1124 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:19:37.0604 1124 LSI_SAS - ok
21:19:37.0651 1124 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:19:37.0651 1124 LSI_SCSI - ok
21:19:37.0682 1124 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
21:19:37.0714 1124 luafv - ok
21:19:37.0745 1124 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:19:37.0807 1124 Mcx2Svc - ok
21:19:37.0838 1124 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
21:19:37.0854 1124 megasas - ok
21:19:37.0885 1124 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
21:19:37.0901 1124 MegaSR - ok
21:19:37.0948 1124 Microsoft SharePoint Workspace Audit Service - ok
21:19:37.0979 1124 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
21:19:38.0010 1124 MMCSS - ok
21:19:38.0010 1124 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
21:19:38.0057 1124 Modem - ok
21:19:38.0088 1124 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:19:38.0135 1124 monitor - ok
21:19:38.0182 1124 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:19:38.0182 1124 mouclass - ok
21:19:38.0197 1124 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:19:38.0228 1124 mouhid - ok
21:19:38.0244 1124 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
21:19:38.0244 1124 MountMgr - ok
21:19:38.0291 1124 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:19:38.0306 1124 MozillaMaintenance - ok
21:19:38.0338 1124 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
21:19:38.0353 1124 mpio - ok
21:19:38.0384 1124 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:19:38.0416 1124 mpsdrv - ok
21:19:38.0447 1124 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
21:19:38.0462 1124 MpsSvc - ok
21:19:38.0494 1124 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
21:19:38.0509 1124 Mraid35x - ok
21:19:38.0525 1124 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:19:38.0540 1124 MRxDAV - ok
21:19:38.0572 1124 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:19:38.0587 1124 mrxsmb - ok
21:19:38.0603 1124 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:19:38.0618 1124 mrxsmb10 - ok
21:19:38.0618 1124 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:19:38.0650 1124 mrxsmb20 - ok
21:19:38.0696 1124 [ DE77526BDE93142BDC90CFA9F5CEAD36 ] msahci C:\Windows\system32\drivers\msahci.sys
21:19:38.0712 1124 msahci - ok
21:19:38.0743 1124 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:19:38.0759 1124 msdsm - ok
21:19:38.0790 1124 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
21:19:38.0821 1124 MSDTC - ok
21:19:38.0868 1124 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:19:38.0899 1124 Msfs - ok
21:19:38.0915 1124 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:19:38.0915 1124 msisadrv - ok
21:19:38.0962 1124 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:19:38.0977 1124 MSiSCSI - ok
21:19:38.0977 1124 msiserver - ok
21:19:39.0008 1124 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:19:39.0040 1124 MSKSSRV - ok
21:19:39.0055 1124 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:19:39.0071 1124 MSPCLOCK - ok
21:19:39.0102 1124 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:19:39.0118 1124 MSPQM - ok
21:19:39.0180 1124 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:19:39.0196 1124 MsRPC - ok
21:19:39.0211 1124 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:19:39.0227 1124 mssmbios - ok
21:19:39.0227 1124 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:19:39.0258 1124 MSTEE - ok
21:19:39.0289 1124 [ 97AFFA9D95FFE20EEE6229BC6BE166CF ] MTsensor C:\Windows\system32\DRIVERS\ATKACPI.sys
21:19:39.0320 1124 MTsensor - ok
21:19:39.0352 1124 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
21:19:39.0352 1124 Mup - ok
21:19:39.0383 1124 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
21:19:39.0414 1124 napagent - ok
21:19:39.0461 1124 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:19:39.0508 1124 NativeWifiP - ok
21:19:39.0617 1124 [ 1BBBF640BC0E0B750537BAECE8D66C18 ] NAUpdate C:\Program Files\Nero\Update\NASvc.exe
21:19:39.0632 1124 NAUpdate - ok
21:19:39.0648 1124 [ E240F3204E86B7B6CCF266B2A2AD32B4 ] NBVol C:\Windows\system32\DRIVERS\NBVol.sys
21:19:39.0648 1124 NBVol - ok
21:19:39.0664 1124 [ C0CF3CCCCE3C75F7280C89029AB47866 ] NBVolUp C:\Windows\system32\DRIVERS\NBVolUp.sys
21:19:39.0664 1124 NBVolUp - ok
21:19:39.0695 1124 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:19:39.0726 1124 NDIS - ok
21:19:39.0742 1124 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:19:39.0773 1124 NdisTapi - ok
21:19:39.0788 1124 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:19:39.0820 1124 Ndisuio - ok
21:19:39.0851 1124 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:19:39.0882 1124 NdisWan - ok
21:19:39.0898 1124 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:19:39.0913 1124 NDProxy - ok
21:19:39.0929 1124 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:19:39.0944 1124 NetBIOS - ok
21:19:39.0976 1124 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
21:19:39.0991 1124 netbt - ok
21:19:39.0991 1124 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
21:19:40.0007 1124 Netlogon - ok
21:19:40.0038 1124 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
21:19:40.0069 1124 Netman - ok
21:19:40.0085 1124 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
21:19:40.0132 1124 netprofm - ok
21:19:40.0194 1124 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:19:40.0194 1124 NetTcpPortSharing - ok
21:19:40.0303 1124 [ F0C42E0CDCE558D658FA53A222B4CCB1 ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
21:19:40.0490 1124 NETw5v32 - ok
21:19:40.0522 1124 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:19:40.0522 1124 nfrd960 - ok
21:19:40.0553 1124 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:19:40.0584 1124 NlaSvc - ok
21:19:40.0615 1124 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:19:40.0646 1124 Npfs - ok
21:19:40.0662 1124 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
21:19:40.0693 1124 nsi - ok
21:19:40.0709 1124 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:19:40.0740 1124 nsiproxy - ok
21:19:40.0771 1124 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:19:40.0802 1124 Ntfs - ok
21:19:40.0849 1124 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
21:19:40.0896 1124 ntrigdigi - ok
21:19:40.0943 1124 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
21:19:40.0974 1124 Null - ok
21:19:41.0005 1124 [ 2C7AC27710E8D41C1EB7D1599187D237 ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
21:19:41.0021 1124 NVHDA - ok
21:19:41.0177 1124 [ B5D2B15D3EBA77BEF9392FBEFB3DDDA0 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:19:41.0426 1124 nvlddmkm - ok
21:19:41.0473 1124 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:19:41.0489 1124 nvraid - ok
21:19:41.0504 1124 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:19:41.0520 1124 nvstor - ok
21:19:41.0567 1124 [ C7D36F2077360216D1DB16B1B8F5AEA3 ] nvsvc C:\Windows\system32\nvvsvc.exe
21:19:41.0598 1124 nvsvc - ok
21:19:41.0629 1124 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:19:41.0629 1124 nv_agp - ok
21:19:41.0645 1124 NwlnkFlt - ok
21:19:41.0645 1124 NwlnkFwd - ok
21:19:41.0676 1124 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
21:19:41.0707 1124 ohci1394 - ok
21:19:41.0770 1124 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:19:41.0770 1124 ose - ok
21:19:41.0894 1124 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:19:42.0082 1124 osppsvc - ok
21:19:42.0144 1124 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
21:19:42.0191 1124 p2pimsvc - ok
21:19:42.0206 1124 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
21:19:42.0222 1124 p2psvc - ok
21:19:42.0300 1124 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
21:19:42.0347 1124 Parport - ok
21:19:42.0394 1124 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:19:42.0394 1124 partmgr - ok
21:19:42.0409 1124 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
21:19:42.0440 1124 Parvdm - ok
21:19:42.0472 1124 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
21:19:42.0518 1124 PcaSvc - ok
21:19:42.0534 1124 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
21:19:42.0550 1124 pci - ok
21:19:42.0581 1124 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
21:19:42.0596 1124 pciide - ok
21:19:42.0612 1124 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
21:19:42.0628 1124 pcmcia - ok
21:19:42.0674 1124 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:19:42.0737 1124 PEAUTH - ok
21:19:42.0815 1124 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
21:19:42.0877 1124 pla - ok
21:19:42.0908 1124 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:19:42.0940 1124 PlugPlay - ok
21:19:43.0002 1124 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
21:19:43.0018 1124 PNRPAutoReg - ok
21:19:43.0049 1124 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
21:19:43.0111 1124 PNRPsvc - ok
21:19:43.0158 1124 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:19:43.0205 1124 PolicyAgent - ok
21:19:43.0220 1124 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:19:43.0252 1124 PptpMiniport - ok
21:19:43.0298 1124 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
21:19:43.0345 1124 Processor - ok
21:19:43.0439 1124 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
21:19:43.0454 1124 ProfSvc - ok
21:19:43.0454 1124 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
21:19:43.0470 1124 ProtectedStorage - ok
21:19:43.0486 1124 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
21:19:43.0517 1124 PSched - ok
21:19:43.0579 1124 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:19:43.0642 1124 ql2300 - ok
21:19:43.0673 1124 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:19:43.0673 1124 ql40xx - ok
21:19:43.0720 1124 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
21:19:43.0735 1124 QWAVE - ok
21:19:43.0751 1124 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:19:43.0782 1124 QWAVEdrv - ok
21:19:43.0813 1124 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:19:43.0844 1124 RasAcd - ok
21:19:43.0860 1124 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
21:19:43.0891 1124 RasAuto - ok
21:19:43.0891 1124 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:19:43.0922 1124 Rasl2tp - ok
21:19:43.0938 1124 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
21:19:43.0985 1124 RasMan - ok
21:19:44.0000 1124 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:19:44.0016 1124 RasPppoe - ok
21:19:44.0032 1124 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:19:44.0047 1124 RasSstp - ok
21:19:44.0063 1124 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:19:44.0094 1124 rdbss - ok
21:19:44.0110 1124 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:19:44.0156 1124 RDPCDD - ok
21:19:44.0219 1124 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
21:19:44.0234 1124 rdpdr - ok
21:19:44.0234 1124 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:19:44.0281 1124 RDPENCDD - ok
21:19:44.0328 1124 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:19:44.0390 1124 RDPWD - ok
21:19:44.0422 1124 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:19:44.0437 1124 RemoteAccess - ok
21:19:44.0453 1124 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:19:44.0500 1124 RemoteRegistry - ok
21:19:44.0546 1124 [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
21:19:44.0593 1124 RFCOMM - ok
21:19:44.0624 1124 [ DED01A389926A89540B82373E4C550EE ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
21:19:44.0656 1124 rimmptsk - ok
21:19:44.0671 1124 [ C398BCA91216755B098679A8DA8A2300 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
21:19:44.0702 1124 rimsptsk - ok
21:19:44.0718 1124 [ 2A2554CB24506E0A0508FC395C4A1B42 ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
21:19:44.0765 1124 rismxdp - ok
21:19:44.0780 1124 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
21:19:44.0812 1124 RpcLocator - ok
21:19:44.0827 1124 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
21:19:44.0858 1124 RpcSs - ok
21:19:44.0874 1124 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:19:44.0890 1124 rspndr - ok
21:19:44.0905 1124 [ ABBE0F54BA3A378262C9CB86CF7D91F8 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
21:19:44.0936 1124 RTL8169 - ok
21:19:44.0952 1124 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
21:19:44.0968 1124 SamSs - ok
21:19:44.0983 1124 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:19:44.0999 1124 sbp2port - ok
21:19:45.0014 1124 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:19:45.0030 1124 SCardSvr - ok
21:19:45.0061 1124 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
21:19:45.0108 1124 Schedule - ok
21:19:45.0124 1124 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
21:19:45.0139 1124 SCPolicySvc - ok
21:19:45.0186 1124 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
21:19:45.0202 1124 sdbus - ok
21:19:45.0233 1124 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:19:45.0248 1124 SDRSVC - ok
21:19:45.0264 1124 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:19:45.0326 1124 secdrv - ok
21:19:45.0342 1124 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
21:19:45.0373 1124 seclogon - ok
21:19:45.0389 1124 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
21:19:45.0420 1124 SENS - ok
21:19:45.0436 1124 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
21:19:45.0482 1124 Serenum - ok
21:19:45.0514 1124 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
21:19:45.0560 1124 Serial - ok
21:19:45.0576 1124 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
21:19:45.0607 1124 sermouse - ok
21:19:45.0638 1124 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
21:19:45.0670 1124 SessionEnv - ok
21:19:45.0670 1124 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:19:45.0685 1124 sffdisk - ok
21:19:45.0716 1124 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:19:45.0763 1124 sffp_mmc - ok
21:19:45.0779 1124 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:19:45.0794 1124 sffp_sd - ok
21:19:45.0794 1124 [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:19:45.0826 1124 sfloppy - ok
21:19:45.0857 1124 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:19:45.0888 1124 SharedAccess - ok
21:19:45.0935 1124 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:19:45.0950 1124 ShellHWDetection - ok
21:19:45.0982 1124 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
21:19:45.0997 1124 sisagp - ok
21:19:46.0044 1124 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
21:19:46.0060 1124 SiSRaid2 - ok
21:19:46.0075 1124 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:19:46.0091 1124 SiSRaid4 - ok
21:19:46.0184 1124 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
21:19:46.0387 1124 slsvc - ok
21:19:46.0418 1124 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
21:19:46.0450 1124 SLUINotify - ok
21:19:46.0481 1124 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:19:46.0496 1124 Smb - ok
21:19:46.0559 1124 [ C8A58FC905C9184FA70E37F71060C64D ] smserial C:\Windows\system32\DRIVERS\smserial.sys
21:19:46.0652 1124 smserial - ok
21:19:46.0684 1124 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:19:46.0715 1124 SNMPTRAP - ok
21:19:46.0762 1124 [ A709DFA1674C1ED61EF7B5F29B38EEB1 ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
21:19:46.0871 1124 SNP2UVC - ok
21:19:46.0886 1124 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
21:19:46.0902 1124 spldr - ok
21:19:46.0918 1124 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
21:19:46.0949 1124 Spooler - ok
21:19:46.0980 1124 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:19:47.0011 1124 srv - ok
21:19:47.0042 1124 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:19:47.0089 1124 srv2 - ok
21:19:47.0120 1124 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:19:47.0152 1124 srvnet - ok
21:19:47.0183 1124 [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
21:19:47.0230 1124 ssadbus - ok
21:19:47.0276 1124 [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
21:19:47.0292 1124 ssadmdfl - ok
21:19:47.0370 1124 [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
21:19:47.0386 1124 ssadmdm - ok
21:19:47.0417 1124 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:19:47.0448 1124 SSDPSRV - ok
21:19:47.0479 1124 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
21:19:47.0495 1124 ssmdrv - ok
21:19:47.0495 1124 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:19:47.0510 1124 SstpSvc - ok
21:19:47.0557 1124 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
21:19:47.0573 1124 stisvc - ok
21:19:47.0604 1124 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
21:19:47.0620 1124 swenum - ok
21:19:47.0651 1124 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
21:19:47.0666 1124 swprv - ok
21:19:47.0698 1124 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
21:19:47.0713 1124 Symc8xx - ok
21:19:47.0729 1124 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
21:19:47.0744 1124 Sym_hi - ok
21:19:47.0760 1124 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
21:19:47.0760 1124 Sym_u3 - ok
21:19:47.0791 1124 [ BE78198C69135EF1FA157E08FD5C90FF ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
21:19:47.0807 1124 SynTP - ok
21:19:47.0838 1124 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
21:19:47.0885 1124 SysMain - ok
21:19:47.0900 1124 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:19:47.0916 1124 TabletInputService - ok
21:19:47.0932 1124 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:19:47.0963 1124 TapiSrv - ok
21:19:47.0978 1124 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
21:19:48.0010 1124 TBS - ok
21:19:48.0041 1124 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:19:48.0072 1124 Tcpip - ok
21:19:48.0103 1124 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
21:19:48.0134 1124 Tcpip6 - ok
21:19:48.0166 1124 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:19:48.0212 1124 tcpipreg - ok
21:19:48.0259 1124 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:19:48.0290 1124 TDPIPE - ok
21:19:48.0306 1124 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:19:48.0322 1124 TDTCP - ok
21:19:48.0337 1124 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:19:48.0384 1124 tdx - ok
21:19:48.0415 1124 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
21:19:48.0431 1124 TermDD - ok
21:19:48.0462 1124 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
21:19:48.0493 1124 TermService - ok
21:19:48.0509 1124 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
21:19:48.0524 1124 Themes - ok
21:19:48.0540 1124 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
21:19:48.0571 1124 THREADORDER - ok
21:19:48.0618 1124 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
21:19:48.0649 1124 TrkWks - ok
21:19:48.0696 1124 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:19:48.0727 1124 TrustedInstaller - ok
21:19:48.0758 1124 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:19:48.0774 1124 tssecsrv - ok
21:19:48.0805 1124 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
21:19:48.0821 1124 tunmp - ok
21:19:48.0836 1124 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:19:48.0868 1124 tunnel - ok
21:19:48.0883 1124 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:19:48.0899 1124 uagp35 - ok
21:19:48.0930 1124 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:19:48.0946 1124 udfs - ok
21:19:48.0992 1124 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:19:49.0008 1124 UI0Detect - ok
21:19:49.0039 1124 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:19:49.0055 1124 uliagpkx - ok
21:19:49.0070 1124 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
21:19:49.0086 1124 uliahci - ok
21:19:49.0102 1124 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
21:19:49.0117 1124 UlSata - ok
21:19:49.0133 1124 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
21:19:49.0148 1124 ulsata2 - ok
21:19:49.0180 1124 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:19:49.0195 1124 umbus - ok
21:19:49.0211 1124 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
21:19:49.0242 1124 upnphost - ok
21:19:49.0273 1124 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:19:49.0320 1124 usbccgp - ok
21:19:49.0382 1124 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:19:49.0445 1124 usbcir - ok
21:19:49.0476 1124 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:19:49.0523 1124 usbehci - ok
21:19:49.0554 1124 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:19:49.0585 1124 usbhub - ok
21:19:49.0616 1124 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:19:49.0648 1124 usbohci - ok
21:19:49.0663 1124 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
21:19:49.0726 1124 usbprint - ok
21:19:49.0757 1124 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:19:49.0804 1124 USBSTOR - ok
21:19:49.0819 1124 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
21:19:49.0850 1124 usbuhci - ok
21:19:49.0897 1124 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
21:19:49.0928 1124 usbvideo - ok
21:19:49.0960 1124 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
21:19:49.0975 1124 UxSms - ok
21:19:50.0006 1124 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
21:19:50.0038 1124 vds - ok
21:19:50.0069 1124 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:19:50.0116 1124 vga - ok
21:19:50.0162 1124 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
21:19:50.0178 1124 VgaSave - ok
21:19:50.0194 1124 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
21:19:50.0209 1124 viaagp - ok
21:19:50.0225 1124 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
21:19:50.0240 1124 ViaC7 - ok
21:19:50.0272 1124 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
21:19:50.0287 1124 viaide - ok
21:19:50.0303 1124 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:19:50.0303 1124 volmgr - ok
21:19:50.0334 1124 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:19:50.0350 1124 volmgrx - ok
21:19:50.0365 1124 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:19:50.0365 1124 volsnap - ok
21:19:50.0381 1124 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:19:50.0396 1124 vsmraid - ok
21:19:50.0443 1124 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
21:19:50.0506 1124 VSS - ok
21:19:50.0568 1124 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
21:19:50.0599 1124 W32Time - ok
21:19:50.0615 1124 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
21:19:50.0646 1124 WacomPen - ok
21:19:50.0677 1124 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
21:19:50.0708 1124 Wanarp - ok
21:19:50.0708 1124 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:19:50.0724 1124 Wanarpv6 - ok
21:19:50.0755 1124 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:19:50.0786 1124 wcncsvc - ok
21:19:50.0802 1124 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:19:50.0818 1124 WcsPlugInService - ok
21:19:50.0849 1124 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
21:19:50.0864 1124 Wd - ok
21:19:50.0896 1124 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:19:50.0911 1124 Wdf01000 - ok
21:19:50.0927 1124 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:19:50.0942 1124 WdiServiceHost - ok
21:19:50.0942 1124 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:19:50.0974 1124 WdiSystemHost - ok
21:19:50.0989 1124 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
21:19:51.0020 1124 WebClient - ok
21:19:51.0036 1124 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:19:51.0052 1124 Wecsvc - ok
21:19:51.0083 1124 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:19:51.0098 1124 wercplsupport - ok
21:19:51.0130 1124 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
21:19:51.0145 1124 WerSvc - ok
21:19:51.0192 1124 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
21:19:51.0208 1124 WinDefend - ok
21:19:51.0208 1124 WinHttpAutoProxySvc - ok
21:19:51.0254 1124 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:19:51.0270 1124 Winmgmt - ok
21:19:51.0317 1124 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
21:19:51.0442 1124 WinRM - ok
21:19:51.0473 1124 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:19:51.0551 1124 Wlansvc - ok
21:19:51.0613 1124 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:19:51.0676 1124 wlidsvc - ok
21:19:51.0754 1124 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
21:19:51.0785 1124 WmiAcpi - ok
21:19:51.0800 1124 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:19:51.0832 1124 wmiApSrv - ok
21:19:51.0894 1124 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
21:19:51.0941 1124 WMPNetworkSvc - ok
21:19:51.0972 1124 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:19:52.0019 1124 WPCSvc - ok
21:19:52.0050 1124 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:19:52.0081 1124 WPDBusEnum - ok
21:19:52.0159 1124 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
21:19:52.0175 1124 WpdUsb - ok
21:19:52.0268 1124 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:19:52.0300 1124 WPFFontCache_v0400 - ok
21:19:52.0300 1124 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:19:52.0331 1124 ws2ifsl - ok
21:19:52.0362 1124 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
21:19:52.0378 1124 wscsvc - ok
21:19:52.0424 1124 [ 4422AC5ED8D4C2F0DB63E71D4C069DD7 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
21:19:52.0456 1124 WSDPrintDevice - ok
21:19:52.0502 1124 [ 65D1FF8AAFF4A7D8F787A290E5087816 ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
21:19:52.0518 1124 WSDScan - ok
21:19:52.0534 1124 WSearch - ok
21:19:52.0612 1124 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
21:19:52.0705 1124 wuauserv - ok
21:19:52.0752 1124 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:19:52.0768 1124 WUDFRd - ok
21:19:52.0814 1124 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:19:52.0846 1124 wudfsvc - ok
21:19:52.0877 1124 [ A640C90B007762939507C28A021BE3B3 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
21:19:52.0892 1124 xusb21 - ok
21:19:52.0924 1124 [ 7D1F3B131D503EF43EE594B5A2B9B427 ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
21:19:52.0970 1124 yukonwlh - ok
21:19:52.0986 1124 ================ Scan global ===============================
21:19:53.0017 1124 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
21:19:53.0064 1124 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
21:19:53.0064 1124 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
21:19:53.0095 1124 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
21:19:53.0095 1124 [Global] - ok
21:19:53.0095 1124 ================ Scan MBR ==================================
21:19:53.0111 1124 [ 64B1E91C5C6C2157642651010728F90F ] \Device\Harddisk0\DR0
21:19:53.0579 1124 \Device\Harddisk0\DR0 - ok
21:19:53.0579 1124 ================ Scan VBR ==================================
21:19:53.0579 1124 [ EFAE6A1E8BA3080A2E6C34DD74E8C517 ] \Device\Harddisk0\DR0\Partition1
21:19:53.0579 1124 \Device\Harddisk0\DR0\Partition1 - ok
21:19:53.0579 1124 ============================================================
21:19:53.0579 1124 Scan finished
21:19:53.0579 1124 ============================================================
21:19:53.0579 9608 Detected object count: 2
21:19:53.0579 9608 Actual detected object count: 2
21:20:06.0324 9608 ASLDRService ( UnsignedFile.Multi.Generic ) - skipped by user
21:20:06.0324 9608 ASLDRService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:20:06.0324 9608 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - skipped by user
21:20:06.0324 9608 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
19.11.2012, 21:55
| #7 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Spy.Banker.Gen8 Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.11.2012, 19:55
| #8 |
| | TR/Spy.Banker.Gen8 Combofix Logfile: Code:
ATTFilter ComboFix 12-11-20.02 - Matthias 20.11.2012 19:34:37.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3070.1900 [GMT 1:00]
ausgeführt von:: c:\users\Matthias\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Matthias\AppData\Roaming\8wrvuf1v.default.tmp
c:\users\Matthias\AppData\Roaming\AcroIEHelpe.txt
c:\users\Matthias\AppData\Roaming\srvblck5.tmp
c:\windows\system32\muzapp.exe
c:\windows\system32\System32\MASetupCleaner.exe
c:\windows\system32\System32\muzapp.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-10-20 bis 2012-11-20 ))))))))))))))))))))))))))))))
.
.
2012-11-20 18:45 . 2012-11-20 18:45 -------- d-----w- c:\users\Matthias\AppData\Local\temp
2012-11-20 18:45 . 2012-11-20 18:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-15 17:39 . 2012-11-15 17:39 -------- d-----w- c:\users\Matthias\AppData\Roaming\Malwarebytes
2012-11-15 17:39 . 2012-11-15 17:39 -------- d-----w- c:\programdata\Malwarebytes
2012-11-15 17:39 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-15 17:39 . 2012-11-15 17:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-15 17:30 . 2012-11-15 17:30 -------- d-----w- c:\users\Matthias\AppData\Roaming\Avira
2012-11-15 17:14 . 2012-11-16 15:49 83432 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-11-15 17:14 . 2012-11-16 15:49 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-11-15 17:14 . 2012-11-16 15:49 133824 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-11-15 17:14 . 2012-11-15 17:14 -------- d-----w- c:\programdata\Avira
2012-11-15 17:14 . 2012-11-15 17:14 -------- d-----w- c:\program files\Avira
2012-11-15 16:58 . 2012-11-15 16:58 -------- d-----w- c:\users\Matthias\AppData\Roaming\16001.010
2012-11-14 21:28 . 2012-11-14 21:28 -------- d-----w- c:\programdata\qlquqeaxzjyjgnv
2012-11-14 20:03 . 2012-10-12 14:29 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-11-14 20:03 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll
2012-11-14 15:28 . 2012-10-17 00:32 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{22B4ED7C-7C35-4A97-A15A-99156D1E6FDF}\mpengine.dll
2012-11-11 23:53 . 2012-11-12 00:33 -------- d-----w- c:\users\Matthias\AppData\Roaming\UAs
2012-11-09 14:39 . 2012-11-09 14:39 -------- d-----w- c:\users\Matthias\AppData\Roaming\16001.009
2012-11-09 14:39 . 2012-11-15 17:28 -------- d-----w- c:\users\Matthias\AppData\Roaming\xmldm
2012-11-09 14:39 . 2012-11-09 14:39 -------- d-----w- c:\users\Matthias\AppData\Roaming\kock
2012-11-04 21:54 . 2012-11-04 21:54 -------- d-----w- c:\program files\WEB.DE MailCheck
2012-10-31 22:29 . 2012-10-31 22:29 -------- d-----w- c:\program files\7-Zip
2012-10-28 13:08 . 2012-10-28 13:08 -------- d-----w- c:\users\Matthias\AppData\Roaming\Media Player Classic
2012-10-28 13:07 . 2012-10-28 13:07 -------- d-----w- c:\program files\MPC-HC
2012-10-27 12:51 . 2012-10-27 12:51 -------- d-----w- c:\users\Matthias\dwhelper
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 17:20 . 2012-04-28 06:38 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-11 17:20 . 2012-04-28 06:38 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-13 13:28 . 2012-10-09 19:13 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-31 06:00 . 2012-08-31 06:00 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-31 06:00 . 2012-08-26 13:26 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-31 06:00 . 2012-04-30 17:01 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-29 11:27 . 2012-10-09 19:13 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-29 11:27 . 2012-10-09 19:13 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-24 15:53 . 2012-10-09 19:13 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-28 12:12 . 2012-10-28 12:12 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-01-11 98304]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2008-07-15 7651328]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-25 13548064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-25 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1328424]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"NBAgent"="c:\program files\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-09-20 1493288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-11-16 384800]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-29 752168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^Matthias^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-04-11 09:54 3672384 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2012-05-01 16:35 127040 ----a-w- c:\program files\ICQ7.7\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2012-08-31 00:52 21432 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
2012-08-31 00:52 964024 ----a-w- c:\program files\Samsung\Kies\Kies.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2012-08-31 00:52 3524536 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2012-03-08 16:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 51704162
*NewlyCreated* - ASWMBR
*Deregistered* - 51704162
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 17:20]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.asus.com/
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\8wrvuf1v.default\
FF - ExtSQL: 2012-09-22 18:34; DivXWebPlayer@divx.com; c:\users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\8wrvuf1v.default\extensions\DivXWebPlayer@divx.com.xpi
FF - ExtSQL: 2012-10-27 14:49; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\8wrvuf1v.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - ExtSQL: 2012-11-04 22:54; toolbar@web.de; c:\users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\8wrvuf1v.default\extensions\toolbar@web.de.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-pgooyjgfzahsvvw - c:\programdata\pgooyjgf.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-11-20 19:45
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
c:\users\Matthias\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-11-20 19:53:03
ComboFix-quarantined-files.txt 2012-11-20 18:52
.
Vor Suchlauf: 8 Verzeichnis(se), 331.455.557.632 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 345.622.274.048 Bytes frei
.
- - End Of File - - 2DF719D40A3E53EE49CCBF3D3AE23D8C
|
|
20.11.2012, 19:59
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Spy.Banker.Gen8 Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Folder::
c:\users\Matthias\AppData\Roaming\16001.010
c:\programdata\qlquqeaxzjyjgnv
c:\users\Matthias\AppData\Roaming\UAs
c:\users\Matthias\AppData\Roaming\16001.009
c:\users\Matthias\AppData\Roaming\xmldm
c:\users\Matthias\AppData\Roaming\kock
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.11.2012, 23:15
| #10 |
| | TR/Spy.Banker.Gen8 [code] Combofix Logfile: Code:
ATTFilter ComboFix 12-11-20.02 - Matthias 20.11.2012 23:05:16.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3070.2017 [GMT 1:00]
ausgeführt von:: c:\users\Matthias\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Matthias\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\qlquqeaxzjyjgnv
c:\programdata\qlquqeaxzjyjgnv\btn-green.png
c:\programdata\qlquqeaxzjyjgnv\corners-btn.png
c:\programdata\qlquqeaxzjyjgnv\corners1.png
c:\programdata\qlquqeaxzjyjgnv\corners2.png
c:\programdata\qlquqeaxzjyjgnv\corners3.png
c:\programdata\qlquqeaxzjyjgnv\corners4.png
c:\programdata\qlquqeaxzjyjgnv\de-flag.png
c:\programdata\qlquqeaxzjyjgnv\de-image.png
c:\programdata\qlquqeaxzjyjgnv\ie6-7.css
c:\programdata\qlquqeaxzjyjgnv\jquery.main.js
c:\programdata\qlquqeaxzjyjgnv\main.html
c:\programdata\qlquqeaxzjyjgnv\McAfee.png
c:\programdata\qlquqeaxzjyjgnv\pays-de.png
c:\programdata\qlquqeaxzjyjgnv\steps-de.png
c:\programdata\qlquqeaxzjyjgnv\steps-en.png
c:\programdata\qlquqeaxzjyjgnv\style.css
c:\programdata\qlquqeaxzjyjgnv\tabs.png
c:\programdata\qlquqeaxzjyjgnv\wait.html
c:\users\Matthias\AppData\Roaming\16001.009
c:\users\Matthias\AppData\Roaming\16001.009\chrome.manifest
c:\users\Matthias\AppData\Roaming\16001.009\components\AcroFF.txt
c:\users\Matthias\AppData\Roaming\16001.009\install.rdf
c:\users\Matthias\AppData\Roaming\16001.010
c:\users\Matthias\AppData\Roaming\16001.010\chrome.manifest
c:\users\Matthias\AppData\Roaming\16001.010\components\AcroFF.txt
c:\users\Matthias\AppData\Roaming\16001.010\install.rdf
c:\users\Matthias\AppData\Roaming\kock
c:\users\Matthias\AppData\Roaming\UAs
c:\users\Matthias\AppData\Roaming\UAs\As_UAs001.dat
c:\users\Matthias\AppData\Roaming\UAs\As_UAs002.dat
c:\users\Matthias\AppData\Roaming\UAs\As_UAs003.dat
c:\users\Matthias\AppData\Roaming\xmldm
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-10-20 bis 2012-11-20 ))))))))))))))))))))))))))))))
.
.
2012-11-20 22:11 . 2012-11-20 22:11 -------- d-----w- c:\users\Matthias\AppData\Local\temp
2012-11-20 22:11 . 2012-11-20 22:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-15 17:39 . 2012-11-15 17:39 -------- d-----w- c:\users\Matthias\AppData\Roaming\Malwarebytes
2012-11-15 17:39 . 2012-11-15 17:39 -------- d-----w- c:\programdata\Malwarebytes
2012-11-15 17:39 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-15 17:39 . 2012-11-15 17:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-15 17:30 . 2012-11-15 17:30 -------- d-----w- c:\users\Matthias\AppData\Roaming\Avira
2012-11-15 17:14 . 2012-11-16 15:49 83432 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-11-15 17:14 . 2012-11-16 15:49 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-11-15 17:14 . 2012-11-16 15:49 133824 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-11-15 17:14 . 2012-11-15 17:14 -------- d-----w- c:\programdata\Avira
2012-11-15 17:14 . 2012-11-15 17:14 -------- d-----w- c:\program files\Avira
2012-11-14 20:03 . 2012-10-12 14:29 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-11-14 20:03 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll
2012-11-14 15:28 . 2012-10-17 00:32 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{22B4ED7C-7C35-4A97-A15A-99156D1E6FDF}\mpengine.dll
2012-11-04 21:54 . 2012-11-04 21:54 -------- d-----w- c:\program files\WEB.DE MailCheck
2012-10-31 22:29 . 2012-10-31 22:29 -------- d-----w- c:\program files\7-Zip
2012-10-28 13:08 . 2012-10-28 13:08 -------- d-----w- c:\users\Matthias\AppData\Roaming\Media Player Classic
2012-10-28 13:07 . 2012-10-28 13:07 -------- d-----w- c:\program files\MPC-HC
2012-10-27 12:51 . 2012-10-27 12:51 -------- d-----w- c:\users\Matthias\dwhelper
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 17:20 . 2012-04-28 06:38 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-11 17:20 . 2012-04-28 06:38 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-13 13:28 . 2012-10-09 19:13 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-31 06:00 . 2012-08-31 06:00 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-31 06:00 . 2012-08-26 13:26 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-31 06:00 . 2012-04-30 17:01 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-29 11:27 . 2012-10-09 19:13 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-29 11:27 . 2012-10-09 19:13 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-24 15:53 . 2012-10-09 19:13 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-28 12:12 . 2012-10-28 12:12 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-01-11 98304]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2008-07-15 7651328]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-25 13548064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-25 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1328424]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"NBAgent"="c:\program files\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-09-20 1493288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-11-16 384800]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-29 752168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^Matthias^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-04-11 09:54 3672384 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2012-05-01 16:35 127040 ----a-w- c:\program files\ICQ7.7\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2012-08-31 00:52 21432 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
2012-08-31 00:52 964024 ----a-w- c:\program files\Samsung\Kies\Kies.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2012-08-31 00:52 3524536 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2012-03-08 16:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 17:20]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.asus.com/
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\8wrvuf1v.default\
FF - ExtSQL: 2012-09-22 18:34; DivXWebPlayer@divx.com; c:\users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\8wrvuf1v.default\extensions\DivXWebPlayer@divx.com.xpi
FF - ExtSQL: 2012-10-27 14:49; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\8wrvuf1v.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - ExtSQL: 2012-11-04 22:54; toolbar@web.de; c:\users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\8wrvuf1v.default\extensions\toolbar@web.de.xpi
.
.
**************************************************************************
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien:
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-11-20 23:13:57
ComboFix-quarantined-files.txt 2012-11-20 22:13
ComboFix2.txt 2012-11-20 18:53
.
Vor Suchlauf: 13 Verzeichnis(se), 346.093.780.992 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 346.065.240.064 Bytes frei
.
- - End Of File - - 43EF351188EAF9D5BEBED3B42FB7617C
|
|
21.11.2012, 11:27
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Spy.Banker.Gen8 adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.11.2012, 19:16
| #12 |
| | TR/Spy.Banker.Gen8Code:
ATTFilter
# AdwCleaner v2.008 - Datei am 22/11/2012 um 19:18:23 erstellt
# Aktualisiert am 17/11/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Matthias - ASUS
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Matthias\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\8wrvuf1v.default\searchplugins\11-suche.xml
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v16.0.2 (de)
Profilname : default
Datei : C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\8wrvuf1v.default\prefs.js
Gefunden : user_pref("extensions.enabledAddons", "DivXWebPlayer@divx.com:2.0.2.039,{b9db16a4-6edc-47ec-a1f4-b86[...]
*************************
AdwCleaner[R1].txt - [1202 octets] - [22/11/2012 19:18:23]
########## EOF - C:\AdwCleaner[R1].txt - [1262 octets] ##########
Geändert von fandingo (22.11.2012 um 19:21 Uhr) |
|
22.11.2012, 20:22
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Spy.Banker.Gen8 adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.11.2012, 21:00
| #14 |
| | TR/Spy.Banker.Gen8Code:
ATTFilter # AdwCleaner v2.008 - Datei am 22/11/2012 um 20:56:40 erstellt
# Aktualisiert am 17/11/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Matthias - ASUS
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Matthias\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\8wrvuf1v.default\searchplugins\11-suche.xml
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v16.0.2 (de)
Profilname : default
Datei : C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\8wrvuf1v.default\prefs.js
Gelöscht : user_pref("extensions.enabledAddons", "DivXWebPlayer@divx.com:2.0.2.039,{b9db16a4-6edc-47ec-a1f4-b86[...]
*************************
AdwCleaner[R1].txt - [1331 octets] - [22/11/2012 19:18:23]
AdwCleaner[S1].txt - [1264 octets] - [22/11/2012 20:56:40]
########## EOF - C:\AdwCleaner[S1].txt - [1324 octets] ##########
OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 22.11.2012 21:06:07 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = c:\Users\Matthias\Desktop\Downloads\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,66 Gb Available Physical Memory | 55,42% Memory free
6,19 Gb Paging File | 4,91 Gb Available in Paging File | 79,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454,04 Gb Total Space | 322,08 Gb Free Space | 70,94% Space Free | Partition Type: NTFS
Drive D: | 6,07 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: ASUS | User Name: Matthias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3828175926-1959102714-3155801051-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office 2010\Office14\msohtmed.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04078877-F5BE-49DD-9BDF-B9315132F802}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{09AD532A-F7EC-4E6F-AEB4-F6781B66AAA7}" = rport=445 | protocol=6 | dir=out | app=system |
"{14F58B5B-4986-4E53-B5CD-A4742344D3C7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{393F852D-8E6C-42BF-AFF9-411FB111E29F}" = lport=137 | protocol=17 | dir=in | app=system |
"{537FCEA0-F486-4A43-A717-793673726859}" = rport=139 | protocol=6 | dir=out | app=system |
"{5534C1B2-CBDC-4763-8CA6-BFC02F375102}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{5E4D1627-5508-422F-93A9-BDB72F52FE74}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8143224F-0E93-499D-BAFC-1E002DA635F5}" = lport=139 | protocol=6 | dir=in | app=system |
"{9E25230E-1AF7-4CC7-8903-8067D0354022}" = lport=138 | protocol=17 | dir=in | app=system |
"{9E523F24-81BE-42C5-9EB1-3069EDD64AD8}" = lport=445 | protocol=6 | dir=in | app=system |
"{A531754D-DAA9-4A74-B7B3-22DFC0DC0857}" = rport=137 | protocol=17 | dir=out | app=system |
"{EDAB9B74-9BFB-4D27-B69E-3EB08B95B646}" = rport=138 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A5F9D15-2C26-4D6F-A0FB-B0E142759E94}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{2032790A-ED30-44D2-A0AA-C05C0C9F5660}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{285FD47C-449E-4AC4-B0FC-217F481CF715}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{331F0D39-28A8-46D9-930B-3E1DE9A58BFF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{344DE76B-18D0-4691-9EFC-C1C8CA6B6973}" = protocol=17 | dir=in | app=c:\users\matthias\appdata\roaming\dropbox\bin\dropbox.exe |
"{3ED69CEA-693E-4350-881F-05C0FB6C0056}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{4DCEDE9F-2D53-42B9-84C4-2AFABAF319E7}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{50B5FB6C-E96C-4F83-A22E-D4BD583EAEAC}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{5639AC6B-7999-4446-AA42-95F03D72F5ED}" = protocol=6 | dir=in | app=c:\program files\microsoft office 2010\office14\groove.exe |
"{79921021-1A30-479D-814A-E2EC7C8D38C2}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{7E2E3297-1C3C-4AC0-88D4-54B5EF9C35BF}" = protocol=17 | dir=in | app=c:\program files\microsoft office 2010\office14\groove.exe |
"{987ED4CC-1B4F-45A2-9F7E-BD2C09F918CE}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{B3A551DB-E1C9-456F-87EC-B4AB69B53336}" = protocol=6 | dir=in | app=c:\users\matthias\appdata\roaming\dropbox\bin\dropbox.exe |
"{B69F190B-21DD-4D0D-B9AB-88F6F9F79D97}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{CF8359D0-3D32-4E86-A493-2B6B9C0EF24D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D3CA8C25-ABD2-49E8-913B-0A28FC2D0F71}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{DD9FF5F9-DFAB-4AB7-8171-E963F3BEDB45}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{E15C28A9-98E9-4C7E-BE41-EFD75CA3C03E}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"TCP Query User{002D993B-38DC-4B9E-AB25-3E6FD84D127D}C:\program files\konami\pro evolution soccer 2013\pes2013.exe" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2013\pes2013.exe |
"TCP Query User{1F27EDA3-0F8B-4EEF-9803-3871A0A1A0A5}C:\games\pes2012.exe" = protocol=6 | dir=in | app=c:\games\pes2012.exe |
"TCP Query User{E92E9DBA-9CB3-475A-9BBF-2E562DB970FE}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{24A920A2-5B5E-498E-9E09-F545BF456F01}C:\games\pes2012.exe" = protocol=17 | dir=in | app=c:\games\pes2012.exe |
"UDP Query User{A53E2580-579B-4471-8314-0BF87B97A03D}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{B0E180BB-74E6-44DF-8555-CFD12C7BCDA0}C:\program files\konami\pro evolution soccer 2013\pes2013.exe" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2013\pes2013.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.6.4.6052
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2862A3C1-0CD9-4D8B-A28C-8C337D4DD5EB}" = Express Gate
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{3B418709-D688-4E3A-BE0E-7D71FA84C948}" = Nero 11 PiP Effects 1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40580068-9B10-40B5-9548-536CE88AB23C}" = ITECIR
"{4382FC76-8100-4951-8658-31834E625E88}" = Nero 11 Video Transitions 1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.03
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5E98FDD6-3672-4DBE-AB8B-2C9A0BED1382}" = Nero 11 Disc Menus 3
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{7DF2B5EE-2C16-4E86-9C71-8678068AD805}" = Nero 11 Disc Menus 2
"{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear eXtreme
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FC86590-AC98-4845-80D4-3EB37B51947B}" = Nero 11
"{A0F34849-D9AB-46DD-B1BE-BB0DB60B1FE8}" = Nero 11 Disc Menus 1
"{A2CDC001-F8B3-4C64-9E74-2E3FA0FAC9D9}" = Nero 11 Video Samples
"{A4F6BE36-4826-45BA-A396-04F265A3B61D}" = Nero 11 Kwik Themes 2
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACD6B383-EC5B-4000-A455-CCB308B447FE}" = Nero 11 Kwik Themes 4
"{B160A672-F326-4414-9BB0-A056C61B357C}" = Nero 11 Cliparts
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B1F69AF3-B5B5-4CA5-ADC5-8A738EB6E574}" = Nero 11 Kwik Themes 1
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BA499CC0-12C0-4BA5-9007-76844B721158}" = Nero 11 Kwik Themes 3
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C2523AE6-F335-4D0B-BC15-1C07E4ACE629}" = Pro Evolution Soccer 2013
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{DE66EFAD-B9CC-4FD4-9157-6C18E5100161}" = Dolby Control Center
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{F69FB940-5031-4FE8-AFAD-085802D0BF63}" = Nero Recode 11
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}" = Nero Backup Drivers
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
"1&1 Mail & Media GmbH Toolbar FF" = WEB.DE MailCheck für Mozilla Firefox
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"Digital Editions" = Adobe Digital Editions
"EPSON SX510W Series" = Druckerdeinstallation für EPSON SX510W Series
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"SopCast" = SopCast 3.5.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USB2.0 UVC 1.3M WebCam" = USB2.0 UVC 1.3M WebCam
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3828175926-1959102714-3155801051-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 15.11.2012 13:20:28 | Computer Name = ASUS | Source = VSS | ID = 12289
Description =
Error - 15.11.2012 13:20:29 | Computer Name = ASUS | Source = VSS | ID = 12289
Description =
Error - 15.11.2012 13:26:32 | Computer Name = ASUS | Source = WinMgmt | ID = 10
Description =
Error - 15.11.2012 14:09:27 | Computer Name = ASUS | Source = WinMgmt | ID = 10
Description =
Error - 15.11.2012 15:17:36 | Computer Name = ASUS | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung dqvfnd8d.exe, Version 1.0.15.15641, Zeitstempel
0x4e21f2b1, fehlerhaftes Modul dqvfnd8d.exe, Version 1.0.15.15641, Zeitstempel
0x4e21f2b1, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c676, Prozess-ID 0xc50, Anwendungsstartzeit
01cdc36547f2cc4d.
Error - 15.11.2012 15:21:03 | Computer Name = ASUS | Source = WinMgmt | ID = 10
Description =
Error - 15.11.2012 15:29:30 | Computer Name = ASUS | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung wv05wrbt.exe, Version 1.0.15.15641, Zeitstempel
0x4e21f2b1, fehlerhaftes Modul wv05wrbt.exe, Version 1.0.15.15641, Zeitstempel
0x4e21f2b1, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c676, Prozess-ID 0x132c,
Anwendungsstartzeit 01cdc3667e81f8f3.
Error - 15.11.2012 15:34:52 | Computer Name = ASUS | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung wv05wrbt.exe, Version 1.0.15.15641, Zeitstempel
0x4e21f2b1, fehlerhaftes Modul wv05wrbt.exe, Version 1.0.15.15641, Zeitstempel
0x4e21f2b1, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c676, Prozess-ID 0x1300,
Anwendungsstartzeit 01cdc367a2973a13.
Error - 15.11.2012 15:39:17 | Computer Name = ASUS | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung wv05wrbt.exe, Version 1.0.15.15641, Zeitstempel
0x4e21f2b1, fehlerhaftes Modul wv05wrbt.exe, Version 1.0.15.15641, Zeitstempel
0x4e21f2b1, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c676, Prozess-ID 0x16cc,
Anwendungsstartzeit 01cdc36872069703.
Error - 15.11.2012 15:51:45 | Computer Name = ASUS | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung gmer.exe, Version 1.0.15.15641, Zeitstempel
0x4e21f2b1, fehlerhaftes Modul gmer.exe, Version 1.0.15.15641, Zeitstempel 0x4e21f2b1,
Ausnahmecode 0xc0000005, Fehleroffset 0x0000c676, Prozess-ID 0x1794, Anwendungsstartzeit
01cdc369ecd61593.
[ System Events ]
Error - 20.11.2012 18:03:44 | Computer Name = ASUS | Source = Service Control Manager | ID = 7030
Description =
Error - 20.11.2012 18:08:15 | Computer Name = ASUS | Source = Service Control Manager | ID = 7030
Description =
Error - 20.11.2012 18:11:44 | Computer Name = ASUS | Source = Service Control Manager | ID = 7030
Description =
Error - 21.11.2012 05:23:33 | Computer Name = ASUS | Source = DCOM | ID = 10016
Description =
Error - 21.11.2012 05:23:34 | Computer Name = ASUS | Source = DCOM | ID = 10016
Description =
Error - 21.11.2012 05:23:58 | Computer Name = ASUS | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 21.11.2012 07:54:37 | Computer Name = ASUS | Source = Service Control Manager | ID = 7011
Description =
Error - 22.11.2012 15:59:35 | Computer Name = ASUS | Source = DCOM | ID = 10016
Description =
Error - 22.11.2012 15:59:36 | Computer Name = ASUS | Source = DCOM | ID = 10016
Description =
Error - 22.11.2012 16:00:14 | Computer Name = ASUS | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
< End of report >
OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.11.2012 21:06:07 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = c:\Users\Matthias\Desktop\Downloads\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,66 Gb Available Physical Memory | 55,42% Memory free 6,19 Gb Paging File | 4,91 Gb Available in Paging File | 79,32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 454,04 Gb Total Space | 322,08 Gb Free Space | 70,94% Space Free | Partition Type: NTFS Drive D: | 6,07 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: ASUS | User Name: Matthias | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - c:\Users\Matthias\Desktop\Downloads\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe (DT Soft Ltd) PRC - C:\Program Files\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFIE.EXE (SEIKO EPSON CORPORATION) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe (Broadcom Corporation.) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) PRC - C:\Program Files\ASUS\ATK Hotkey\HControl.exe (ASUS) PRC - C:\Program Files\P4G\BatteryLife.exe (ATK) PRC - C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe (ASUS) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\ASUS\ATK Hotkey\WDC.exe () PRC - C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe () PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION) PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe () PRC - C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe () PRC - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe () PRC - C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe () PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe () PRC - C:\Program Files\Wireless Console 2\wcourier.exe () PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf () MOD - C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll () MOD - C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe () MOD - C:\Program Files\ASUS\ASUS Live Update\ALU.exe () MOD - C:\Program Files\ASUS\ATK Hotkey\MsgTran.dll () ========== Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office 2010\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation) SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (EPSON_EB_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION) SRV - (ASLDRService) -- C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe () SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe () SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (catchme) -- C:\Users\Matthias\AppData\Local\Temp\catchme.sys File not found DRV - (ASUSProcObsrv) -- D:\I386\AsProcOb.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (NBVol) -- C:\Windows\System32\drivers\NBVol.sys (Nero AG) DRV - (NBVolUp) -- C:\Windows\System32\drivers\NBVolUp.sys (Nero AG) DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation) DRV - (ssadbus) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation) DRV - (ssadmdfl) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation) DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( ) DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (ITE Tech. Inc. ) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys () DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3828175926-1959102714-3155801051-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.asus.com/ IE - HKU\S-1-5-21-3828175926-1959102714-3155801051-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3828175926-1959102714-3155801051-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3828175926-1959102714-3155801051-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3828175926-1959102714-3155801051-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.28 13:12:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{33044118-6597-4D2F-ABEA-7974BB185379}: C:\Users\Matthias\AppData\Roaming\16001.010 FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.28 13:12:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.29 10:44:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\Extensions [2012.11.14 20:42:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\8wrvuf1v.default\extensions [2012.10.31 22:38:20 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\8wrvuf1v.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.09.22 17:34:55 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\firefox\profiles\8wrvuf1v.default\extensions\DivXWebPlayer@divx.com.xpi [2012.11.14 20:42:58 | 000,565,762 | ---- | M] () (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\firefox\profiles\8wrvuf1v.default\extensions\toolbar@web.de.xpi [2012.07.27 16:27:22 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\firefox\profiles\8wrvuf1v.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.11.14 20:43:05 | 000,002,273 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\mozilla\firefox\profiles\8wrvuf1v.default\searchplugins\englische-ergebnisse.xml [2012.11.14 20:43:05 | 000,010,563 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\mozilla\firefox\profiles\8wrvuf1v.default\searchplugins\gmx-suche.xml [2012.11.14 20:43:05 | 000,002,432 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\mozilla\firefox\profiles\8wrvuf1v.default\searchplugins\lastminute.xml [2012.11.14 20:43:05 | 000,005,545 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\mozilla\firefox\profiles\8wrvuf1v.default\searchplugins\webde-suche.xml [2012.10.28 13:12:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012.10.28 13:12:36 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.04.21 02:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.28 10:33:05 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.04.21 02:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.04.21 02:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.21 02:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.21 02:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.11.20 23:11:41 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe () O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKU\S-1-5-21-3828175926-1959102714-3155801051-1000..\Run: [EPSON] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFIE.EXE (SEIKO EPSON CORPORATION) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3828175926-1959102714-3155801051-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3828175926-1959102714-3155801051-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL File not found O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9215ADB6-5E01-4E39-A131-6199B19897DE}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BF83EC1F-8E10-4E5C-9187-E3EACC26DD97}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\ASUS\wallpapers\ASUS.jpg O24 - Desktop BackupWallPaper: C:\Windows\ASUS\wallpapers\ASUS.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2012.08.13 19:01:35 | 000,348,080 | R--- | M] (Konami Digital Entertainment Co., Ltd.) - D:\autorun.exe -- [ UDF ] O32 - AutoRun File - [2012.08.13 19:01:35 | 000,000,047 | R--- | M] () - D:\Autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.20 23:14:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.11.20 23:13:59 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.11.20 23:13:59 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\temp [2012.11.20 23:02:40 | 000,000,000 | ---D | C] -- C:\ComboFix [2012.11.20 19:32:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.11.20 19:32:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.11.20 19:32:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.11.20 19:32:38 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.11.20 19:32:11 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.11.20 19:29:44 | 005,004,421 | R--- | C] (Swearware) -- C:\Users\Matthias\Desktop\ComboFix.exe [2012.11.19 21:16:53 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Matthias\Desktop\tdsskiller.exe [2012.11.19 20:55:35 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Matthias\Desktop\aswMBR.exe [2012.11.15 18:39:53 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\Malwarebytes [2012.11.15 18:39:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.15 18:39:38 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.11.15 18:39:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.11.15 18:30:48 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\Avira [2012.11.15 18:14:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.11.15 18:14:12 | 000,133,824 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2012.11.15 18:14:12 | 000,083,432 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2012.11.15 18:14:12 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2012.11.15 18:14:12 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012.11.15 18:14:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.11.15 18:14:03 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012.11.14 21:06:24 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.11.14 21:06:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.11.14 21:06:24 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.11.14 21:06:24 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.11.14 21:06:23 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.11.14 21:06:23 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.11.14 21:06:23 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.11.14 21:06:22 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.11.14 21:03:10 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.11.14 21:03:10 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll [2012.11.04 23:06:18 | 000,000,000 | ---D | C] -- C:\Users\Matthias\Documents\My Digital Editions [2012.11.04 22:54:03 | 000,000,000 | ---D | C] -- C:\Program Files\WEB.DE MailCheck [2012.11.01 17:21:50 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\{D189FE92-C8F3-4072-8A9F-92BD6EA1CBD6} [2012.10.31 23:29:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.10.31 23:29:42 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2012.10.29 18:17:17 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\{972C01DF-9F01-4A56-A85B-6BDE1BBC6043} [2012.10.28 21:54:01 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\{542AE0FF-F127-43E8-9153-C0F5F62DA466} [2012.10.28 14:08:35 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\Media Player Classic [2012.10.28 14:07:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC [2012.10.28 14:07:43 | 000,000,000 | ---D | C] -- C:\Program Files\MPC-HC [2012.10.28 13:12:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.10.27 19:06:12 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\{E94F5910-A87C-41EB-A181-8D35A4406D29} [2012.10.27 13:51:15 | 000,000,000 | ---D | C] -- C:\Users\Matthias\dwhelper [2012.10.25 21:48:45 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\{7FE135B6-DB31-44A3-9037-3B73CBD0E488} ========== Files - Modified Within 30 Days ========== [2012.11.22 21:04:18 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.22 21:04:18 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.22 21:04:18 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.22 21:04:18 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.22 20:58:45 | 000,028,124 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.11.22 20:58:35 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.22 20:58:35 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.22 20:58:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.22 20:58:25 | 3220,295,680 | -HS- | M] () -- C:\hiberfil.sys [2012.11.22 20:57:18 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.11.22 20:54:37 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.22 19:17:59 | 000,543,531 | ---- | M] () -- C:\Users\Matthias\Desktop\adwcleaner.exe [2012.11.21 17:22:45 | 000,028,124 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.11.20 23:11:41 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.11.20 19:30:06 | 005,004,421 | R--- | M] (Swearware) -- C:\Users\Matthias\Desktop\ComboFix.exe [2012.11.19 21:16:56 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Matthias\Desktop\tdsskiller.exe [2012.11.19 21:15:24 | 000,000,512 | ---- | M] () -- C:\Users\Matthias\Desktop\MBR.dat [2012.11.19 20:56:08 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Matthias\Desktop\aswMBR.exe [2012.11.16 16:49:34 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2012.11.16 16:49:34 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2012.11.16 16:49:34 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2012.11.15 21:48:29 | 000,037,186 | ---- | M] () -- C:\Users\Matthias\Desktop\gmer.7z [2012.11.15 21:47:57 | 000,352,680 | ---- | M] () -- C:\Users\Matthias\Desktop\gmer.zip [2012.11.15 19:33:55 | 000,000,000 | ---- | M] () -- C:\Users\Matthias\defogger_reenable [2012.11.15 18:39:41 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.15 18:28:29 | 000,000,016 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\blckdom.res [2012.11.15 18:20:52 | 000,065,536 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\8wrvuf1v.default.dat [2012.11.15 18:14:20 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.11.14 22:28:16 | 000,076,348 | ---- | M] () -- C:\ProgramData\xlyzzfsifuliryl [2012.11.14 21:20:03 | 000,251,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.14 16:25:46 | 000,000,680 | ---- | M] () -- C:\Users\Matthias\AppData\Local\d3d9caps.dat [2012.10.28 14:07:45 | 000,001,677 | ---- | M] () -- C:\Users\Matthias\Desktop\MPC-HC.lnk ========== Files Created - No Company Name ========== [2012.11.22 19:17:58 | 000,543,531 | ---- | C] () -- C:\Users\Matthias\Desktop\adwcleaner.exe [2012.11.20 19:32:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.11.20 19:32:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.11.20 19:32:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.11.20 19:32:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.11.20 19:32:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.11.19 21:15:24 | 000,000,512 | ---- | C] () -- C:\Users\Matthias\Desktop\MBR.dat [2012.11.15 21:48:28 | 000,037,186 | ---- | C] () -- C:\Users\Matthias\Desktop\gmer.7z [2012.11.15 20:46:26 | 000,302,592 | ---- | C] () -- C:\Users\Matthias\Desktop\gmer.exe [2012.11.15 20:45:06 | 000,352,680 | ---- | C] () -- C:\Users\Matthias\Desktop\gmer.zip [2012.11.15 19:33:55 | 000,000,000 | ---- | C] () -- C:\Users\Matthias\defogger_reenable [2012.11.15 18:39:41 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.15 18:14:20 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.11.14 22:35:59 | 3220,295,680 | -HS- | C] () -- C:\hiberfil.sys [2012.11.14 22:28:13 | 000,076,348 | ---- | C] () -- C:\ProgramData\xlyzzfsifuliryl [2012.11.09 15:39:43 | 000,000,016 | ---- | C] () -- C:\Users\Matthias\AppData\Roaming\blckdom.res [2012.11.09 15:39:35 | 000,065,536 | ---- | C] () -- C:\Users\Matthias\AppData\Roaming\8wrvuf1v.default.dat [2012.10.28 14:07:45 | 000,001,677 | ---- | C] () -- C:\Users\Matthias\Desktop\MPC-HC.lnk [2012.09.05 19:44:39 | 000,004,608 | ---- | C] () -- C:\Users\Matthias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.05.01 19:00:04 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2012.05.01 11:58:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2012.05.01 11:58:43 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2012.04.28 15:48:15 | 000,028,124 | ---- | C] () -- C:\ProgramData\nvModes.001 [2012.04.28 15:41:42 | 000,028,124 | ---- | C] () -- C:\ProgramData\nvModes.dat [2012.04.28 08:48:22 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2012.04.28 01:05:46 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys [2012.04.28 00:19:37 | 000,001,076 | ---- | C] () -- C:\Windows\bthservsdp.dat [2012.04.27 21:48:05 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2012.04.27 21:32:23 | 001,772,544 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2012.04.27 21:32:23 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [2012.04.27 21:32:23 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2012.04.27 21:32:23 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2012.04.27 15:47:06 | 000,000,680 | ---- | C] () -- C:\Users\Matthias\AppData\Local\d3d9caps.dat [2012.03.28 21:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.03.28 21:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2012.03.28 21:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2012.03.28 21:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2012.03.28 21:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > |
|
22.11.2012, 21:21
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Spy.Banker.Gen8Fixen mit OTL
Code:
ATTFilter :Files
C:\ProgramData\xlyzzfsifuliryl
C:\Users\Matthias\AppData\Roaming\blckdom.res
C:\Users\Matthias\AppData\Roaming\8wrvuf1v.default.dat
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu TR/Spy.Banker.Gen8 |
| 7-zip, adobe, autorun, avira, backdoor.agent, defender, desktop, dllhost.exe, error, excel, flash player, format, home, iexplore.exe, install.exe, logfile, mozilla, ntdll.dll, plug-in, realtek, registry, rundll, scan, security, software, trojan.banker, udp, usb, vista, wallpapers |
Textbox. 
Linear-Darstellung
