| |
| |||||||
Log-Analyse und Auswertung: 14 Funde bei AntiVir nach erscheinen des JAVA Logos (EXP/2008-5353.AR,EXP/CVE-2011-3544.CF)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
25.06.2012, 23:30
| #1 |
 |  14 Funde bei AntiVir nach erscheinen des JAVA Logos (EXP/2008-5353.AR,EXP/CVE-2011-3544.CF) Hallo liebes Trojaner-Board Team! Ich habe vor etwa 2 Wochen beim Surfen bemerkt, dass das kleine Java Symbol unten rechts in der Symbolleiste neben der Uhrzeit eingeblendet war. Ich war mir aber nicht bewusst, das ich irgendwas mit Java geöffnet habe. Vorsichtshalber habe ich einen Scan mit Avira Free Antivirus gemacht. Dieser hat als einzigen "Fund" im Log folgendes Ergebnis ausgespuckt: Code:
ATTFilter
Der Suchlauf nach versteckten Objekten wird begonnen.
Versteckter Treiber
[HINWEIS] Eine Speicherveränderung wurde entdeckt, die möglicherweise zur versteckten Dateizugriffen missbraucht werden könnte.
hxxp://www.avira.com/de/support-for-home-knowledgebase-detail/kbid/1221 hxxp://www.avira.com/de/support-for-home-knowledgebase-detail/kbid/267 und die Avira Rescue CD wie auf der zweiten Seite beschrieben angewendet (vom USB Stick aus). Das hat gar nichts gebracht, es wurde nichts gefunden oder getan. Daraufhin nochmal den Scan mit Antivir: Gleiches Problem. Dann hab ich das ganze ein wenig schlüren lassen, weil ich wenig Zeit hatte. Eine Veränderung ist mir aufgefallen: Ich musste meine Logitech Wireless Maus neu mit dem Empfänger verbinden. Das hatte ich davor noch nie. Und danach auch nicht wieder. Heute haben sich die Ergebnisse dann etwas überschlagen. Heute morgen wollte Firfox, dass ich das Plugin "Java Console 6.0.33" installiere. Ich habe das bereits seit langem drauf, allerdings deaktiviert. Dem habe ich dann nicht so ganz getraut und heute morgen nochmal einen Scan gemacht mit Antivir und hatte das gleiche Ergebnis wieder. Allerdings meinte er, er hat was reparieren müssen, was aber nicht im Log auftaucht. Daraufhin hat er automatisch den Laptop heruntergefahren und neu gestartet und wie angekündigt einen weiteren Scan versucht durchzuführen. Beim Hochfahren kam das Windows Konfigurationsfenster. Das hat mich gewundert. Als er den Scan starten wollte, hat sich Avira aufgehängt. Ich habe dann den Laptop ein weiteres Mal neu gestartet. Konnte dann manuell den Scan starten. Diesmal drei Funde, und folgende Hinweise: Code:
ATTFilter Der Suchlauf nach versteckten Objekten wird begonnen.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0011\Linkage\UpperBind
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{DEA2D59A-5A61-466E-9B61-4FBBA362A5D6}\Connection\Name
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage\Bind
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage\Route
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage\Export
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
Versteckter Treiber
[HINWEIS] Eine Speicherveränderung wurde entdeckt, die möglicherweise zur versteckten Dateizugriffen missbraucht werden könnte.
Code:
ATTFilter C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\4d6fa51a-3c0feba3
[0] Archivtyp: ZIP
--> ruea/ruea.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2012-0507.CB.2
--> ruea/rueb.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-0507.BO
--> ruea/ruec.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2008-5353.AR
Als ich dann einige Zeit später nach dem Lesen in Erfahrung gebracht habe, dass die ruhig in Quarantäne sein können, habe ich erneut einen Suchlauf gemacht, da ich mich mit dem Wissen um Schadsoftware auf dem System nicht wohl gefühlt habe. Dieser Scan hat deutlich mehr hervorgeschleudert: Avira Free Antivirus Log: Code:
ATTFilter Avira Free Antivirus
Erstellungsdatum der Reportdatei: Montag, 25. Juni 2012 21:09
Es wird nach 3869434 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 000014****-ADJIE-0000001
Plattform : Windows 7 Professional
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : ****
Versionsinformationen:
BUILD.DAT : 12.0.0.1125 41829 Bytes 02.05.2012 16:34:00
AVSCAN.EXE : 12.3.0.15 466896 Bytes 08.05.2012 21:10:25
AVSCAN.DLL : 12.3.0.15 66256 Bytes 08.05.2012 21:10:25
LUKE.DLL : 12.3.0.15 68304 Bytes 08.05.2012 21:10:25
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 08.05.2012 21:10:25
AVREG.DLL : 12.3.0.17 232200 Bytes 11.05.2012 06:34:33
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 19:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 10:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 17:27:21
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 22:07:36
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 15:48:09
VBASE005.VDF : 7.11.29.136 2166272 Bytes 10.05.2012 06:34:25
VBASE006.VDF : 7.11.29.137 2048 Bytes 10.05.2012 06:34:25
VBASE007.VDF : 7.11.29.138 2048 Bytes 10.05.2012 06:34:25
VBASE008.VDF : 7.11.29.139 2048 Bytes 10.05.2012 06:34:25
VBASE009.VDF : 7.11.29.140 2048 Bytes 10.05.2012 06:34:25
VBASE010.VDF : 7.11.29.141 2048 Bytes 10.05.2012 06:34:25
VBASE011.VDF : 7.11.29.142 2048 Bytes 10.05.2012 06:34:25
VBASE012.VDF : 7.11.29.143 2048 Bytes 10.05.2012 06:34:25
VBASE013.VDF : 7.11.29.144 2048 Bytes 10.05.2012 06:34:25
VBASE014.VDF : 7.11.30.3 198144 Bytes 14.05.2012 15:55:30
VBASE015.VDF : 7.11.30.69 186368 Bytes 17.05.2012 19:57:14
VBASE016.VDF : 7.11.30.143 223744 Bytes 21.05.2012 05:50:20
VBASE017.VDF : 7.11.30.207 287744 Bytes 23.05.2012 05:48:30
VBASE018.VDF : 7.11.31.57 188416 Bytes 28.05.2012 17:55:42
VBASE019.VDF : 7.11.31.111 214528 Bytes 30.05.2012 18:48:45
VBASE020.VDF : 7.11.31.151 116736 Bytes 31.05.2012 18:48:49
VBASE021.VDF : 7.11.31.205 134144 Bytes 03.06.2012 13:43:30
VBASE022.VDF : 7.11.32.9 169472 Bytes 05.06.2012 16:45:45
VBASE023.VDF : 7.11.32.85 155648 Bytes 08.06.2012 12:13:07
VBASE024.VDF : 7.11.32.133 127488 Bytes 11.06.2012 17:23:48
VBASE025.VDF : 7.11.32.171 182784 Bytes 12.06.2012 17:23:44
VBASE026.VDF : 7.11.32.251 119296 Bytes 14.06.2012 21:07:00
VBASE027.VDF : 7.11.33.83 159232 Bytes 18.06.2012 09:28:38
VBASE028.VDF : 7.11.33.195 200192 Bytes 22.06.2012 14:32:14
VBASE029.VDF : 7.11.33.196 2048 Bytes 22.06.2012 14:32:14
VBASE030.VDF : 7.11.33.197 2048 Bytes 22.06.2012 14:32:26
VBASE031.VDF : 7.11.33.252 105472 Bytes 25.06.2012 17:08:13
Engineversion : 8.2.10.96
AEVDF.DLL : 8.1.2.8 106867 Bytes 01.06.2012 18:46:23
AESCRIPT.DLL : 8.1.4.28 455035 Bytes 21.06.2012 14:24:44
AESCN.DLL : 8.1.8.2 131444 Bytes 27.01.2012 16:21:54
AESBX.DLL : 8.2.5.12 606578 Bytes 14.06.2012 17:28:28
AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 22:16:06
AEPACK.DLL : 8.2.16.22 807288 Bytes 21.06.2012 14:24:43
AEOFFICE.DLL : 8.1.2.38 201083 Bytes 21.06.2012 14:24:42
AEHEUR.DLL : 8.1.4.52 4923767 Bytes 21.06.2012 14:24:42
AEHELP.DLL : 8.1.21.0 254326 Bytes 11.05.2012 06:34:26
AEGEN.DLL : 8.1.5.30 422261 Bytes 14.06.2012 17:25:17
AEEXP.DLL : 8.1.0.54 82293 Bytes 21.06.2012 14:24:48
AEEMU.DLL : 8.1.3.0 393589 Bytes 01.09.2011 22:46:01
AECORE.DLL : 8.1.25.10 201080 Bytes 31.05.2012 18:48:54
AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 22:46:01
AVWINLL.DLL : 12.3.0.15 27344 Bytes 08.05.2012 21:10:24
AVPREF.DLL : 12.3.0.15 51920 Bytes 08.05.2012 21:10:25
AVREP.DLL : 12.3.0.15 179208 Bytes 08.05.2012 21:10:25
AVARKT.DLL : 12.3.0.15 211408 Bytes 08.05.2012 21:10:25
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 08.05.2012 21:10:25
SQLITE3.DLL : 3.7.0.1 398288 Bytes 08.05.2012 21:10:25
AVSMTP.DLL : 12.3.0.15 63440 Bytes 08.05.2012 21:10:25
NETNT.DLL : 12.3.0.15 17104 Bytes 08.05.2012 21:10:25
RCIMAGE.DLL : 12.3.0.15 4447952 Bytes 08.05.2012 21:10:25
RCTEXT.DLL : 12.3.0.15 98512 Bytes 08.05.2012 21:10:25
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Montag, 25. Juni 2012 21:09
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Fehler in der ARK Library
Versteckter Treiber
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'daemonu.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'hasplms.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'cvpnd.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'vpnagent.exe' - '58' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
C:\Program Files (x86)\SecureW2\Uninstall.exe
[WARNUNG] Unerwartetes Dateiende erreicht
Die Registry wurde durchsucht ( '2484' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\'
C:\Program Files\MATLAB\R2011b\bin\win64\ziparchiver.dll
[WARNUNG] Der Archivheader ist defekt
C:\Program Files (x86)\Free PDF to Word Doc Converter\Emerald.ssk
[WARNUNG] Der Archivheader ist defekt
C:\Program Files (x86)\SecureW2\Uninstall.exe
[WARNUNG] Unerwartetes Dateiende erreicht
C:\Users\***\AppData\Local\Temp\tmp2AA1.tmp
[WARNUNG] Unerwartetes Dateiende erreicht
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\4d6fa51a-3c0feba3
[0] Archivtyp: ZIP
--> ruea/ruea.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2012-0507.CB.2
--> ruea/rueb.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-0507.BO
--> ruea/ruec.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2008-5353.AR
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\525b53e8-4b4934de
[0] Archivtyp: ZIP
--> ER.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2010-0840.CM
--> Inc.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen
--> c.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen
--> a.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.HE
--> t.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544.CF
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\4dbc8f9-5fc387c4
[0] Archivtyp: ZIP
--> ER.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2010-0840.CM
--> Inc.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen
--> c.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544.CB
--> b.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/Java.Ternub.6335
--> a.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2011-3544.CU.2
--> t.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544.CF
C:\Users\***\Downloads\RSTAB7-DE\RSTAB_DE\Author\HASP\HASP_Treiber_Windows\hdd32.zip
[WARNUNG] Die Datei ist kennwortgeschützt
Beginne mit der Suche in 'D:\'
D:\Bilder\Fotos\sortieren\altes\USB temp\Neuer Ordner\Julchen\Musik.zip
[WARNUNG] Die Datei ist kennwortgeschützt
Beginne mit der Desinfektion:
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\4dbc8f9-5fc387c4
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544.CF
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '56837ed1.qua' verschoben!
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\525b53e8-4b4934de
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544.CF
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4e435144.qua' verschoben!
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\4d6fa51a-3c0feba3
[FUND] Enthält Erkennungsmuster des Exploits EXP/2008-5353.AR
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1c1f0b9e.qua' verschoben!
Ende des Suchlaufs: Montag, 25. Juni 2012 22:55
Benötigte Zeit: 1:32:42 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
37796 Verzeichnisse wurden überprüft
955259 Dateien wurden geprüft
14 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
3 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
955245 Dateien ohne Befall
7807 Archive wurden durchsucht
7 Warnungen
3 Hinweise
729734 Objekte wurden beim Rootkitscan durchsucht
1 Versteckte Objekte wurden gefunden
Anschließend habe ich die Schritte eurer Checkliste durchgeführt. 1. Regeln lesen und befolgen: gemacht 2.1 Defogger: gemacht 2.2 OTL: gemacht OTL.txt Log: Code:
ATTFilter OTL logfile created on: 25.06.2012 23:24:41 - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\***\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,78 Gb Available Physical Memory | 69,62% Memory free 8,00 Gb Paging File | 6,78 Gb Available in Paging File | 84,82% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 146,48 Gb Total Space | 81,94 Gb Free Space | 55,94% Space Free | Partition Type: NTFS Drive D: | 319,18 Gb Total Space | 270,48 Gb Free Space | 84,74% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2012.06.25 23:00:12 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.05.08 23:10:25 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 23:10:25 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 23:10:25 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.09.09 18:08:54 | 000,475,088 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe PRC - [2011.06.06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009.04.21 12:59:08 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms) SRV - [2012.05.08 23:10:25 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.08 23:10:25 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.04.30 18:20:20 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.02.15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.09.09 18:08:54 | 000,475,088 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent) SRV - [2011.06.06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.08 23:10:25 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 23:10:25 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.11.22 19:41:02 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.10.19 17:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.09.09 18:00:05 | 000,026,536 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva) DRV:64bit: - [2011.09.09 17:59:19 | 000,106,408 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock) DRV:64bit: - [2011.09.08 08:23:30 | 000,057,088 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akshhl.sys -- (akshhl) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.21 07:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm) DRV:64bit: - [2010.12.21 07:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV:64bit: - [2010.12.21 07:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.03.23 14:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:64bit: - [2010.02.08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2009.09.17 21:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.08.26 07:48:44 | 000,071,040 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.25 18:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk) DRV:64bit: - [2009.06.25 17:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp) DRV:64bit: - [2009.06.25 17:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk) DRV:64bit: - [2009.06.24 15:03:24 | 000,048,128 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuvotoncir.sys -- (nuvotoncir) DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.13 11:55:38 | 000,318,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock) DRV:64bit: - [2009.03.13 11:55:38 | 000,053,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akshasp.sys -- (akshasp) DRV:64bit: - [2009.03.13 11:55:38 | 000,025,344 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aksusb.sys -- (aksusb) DRV:64bit: - [2009.01.08 11:55:04 | 000,129,280 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge) DRV:64bit: - [2008.11.16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV:64bit: - [2007.04.27 08:40:00 | 000,142,120 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64) DRV:64bit: - [2007.03.28 08:50:18 | 000,046,592 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winbondcir.sys -- (winbondcir) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FC 18 D0 B6 E6 4B CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.30 18:20:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.23 11:56:25 | 000,000,000 | ---D | M] [2011.11.09 21:40:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.06.14 15:38:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\epj6lbtx.default\extensions [2012.06.14 15:38:54 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\epj6lbtx.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2012.05.18 10:54:22 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\epj6lbtx.default\extensions\ich@maltegoetz.de [2011.11.11 16:40:32 | 000,001,689 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\epj6lbtx.default\searchplugins\moviemaze-suche.xml [2011.11.17 19:18:15 | 000,002,057 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\epj6lbtx.default\searchplugins\youtube-videosuche.xml [2012.06.23 11:56:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.06.23 11:56:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2011.11.15 21:33:54 | 007,704,298 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EPJ6LBTX.DEFAULT\EXTENSIONS\{7BDB48D1-CD94-4B99-A5A4-E418B9EE6532}.XPI [2012.01.08 15:01:08 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EPJ6LBTX.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.11.15 21:33:54 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EPJ6LBTX.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI [2012.06.08 12:53:22 | 000,057,439 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EPJ6LBTX.DEFAULT\EXTENSIONS\TABSCOPE@XULDEV.ORG.XPI [2012.04.30 18:20:20 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.13 09:48:22 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.13 09:48:22 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.13 09:48:22 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.13 09:48:22 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.13 09:48:22 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.13 09:48:22 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0ED86950-1512-4D79-83CB-751C7CBB0338}: NameServer = 193.194.148.20 193.194.149.101 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.25 23:00:07 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.06.24 15:18:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ElevatedDiagnostics [2012.06.23 11:56:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012.06.19 17:51:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [2012.06.19 17:51:57 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd [2012.06.19 17:51:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd [2012.06.15 07:32:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Macromedia [2012.06.12 08:37:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Aladdin Shared [2012.06.12 08:37:55 | 002,869,760 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\hasplms.exe [2012.06.12 08:36:57 | 000,318,464 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\drivers\hardlock.sys [2012.06.12 08:36:57 | 000,071,168 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\aksusb3.dll [2012.06.12 08:36:57 | 000,071,040 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\drivers\aksdf.sys [2012.06.12 08:36:57 | 000,053,760 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\drivers\akshasp.sys [2012.06.12 08:36:57 | 000,033,792 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\akshhl27.dll [2012.06.12 08:36:57 | 000,025,344 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\drivers\aksusb.sys [2012.06.12 08:36:57 | 000,014,848 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\drivers\aksclass.sys [2012.06.12 08:36:57 | 000,011,776 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\akshsp51.dll [2012.06.12 08:36:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dlubal [2012.06.12 08:35:37 | 000,205,608 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\Windows\SysWow64\THREED32.OCX [2012.06.12 08:35:00 | 000,308,008 | ---- | C] (SommyTech®) -- C:\Windows\SysWow64\BlnDialog.ocx [2012.06.12 08:35:00 | 000,303,104 | ---- | C] (Ing.-Software DLUBAL GmbH) -- C:\Windows\SysWow64\DL_Bmpbtn.ocx [2012.06.12 08:35:00 | 000,149,288 | ---- | C] (Desaware) -- C:\Windows\SysWow64\ANIBTN32.OCX [2012.06.12 08:35:00 | 000,093,888 | ---- | C] (Ing.-Software DLUBAL) -- C:\Windows\SysWow64\DL_HtmlButton.ocx [2012.06.12 08:35:00 | 000,085,696 | ---- | C] (Ing.-Software DLUBAL) -- C:\Windows\SysWow64\DL_HtmlStatic.ocx [2012.06.12 08:35:00 | 000,077,504 | ---- | C] (Ing.-Software DLUBAL GmbH) -- C:\Windows\SysWow64\DL_Caption.ocx [2012.06.12 08:35:00 | 000,036,544 | ---- | C] (Dlubal) -- C:\Windows\SysWow64\DL_Static.ocx [2012.06.12 08:34:29 | 000,274,432 | ---- | C] (Ing. Dlubal s.r.o.) -- C:\Windows\SysWow64\ThmShellEx.dll [2012.06.12 08:34:29 | 000,111,104 | ---- | C] (ing. Dlubal s.r.o.) -- C:\Windows\SysWow64\PropShellEx.dll [2012.06.12 08:33:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Dlubal [2012.06.12 08:33:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dlubal [2012.06.12 08:33:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Dlubal [2012.06.06 07:13:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2012.06.06 07:13:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\pdfforge [2012.06.06 07:13:41 | 000,094,208 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll [2012.06.06 07:13:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator [2012.06.03 16:09:21 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Silberhochzeit Dörte und Wilfried, 02.06.2012, Drentwede [2012.06.02 16:56:58 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\sd temp 02.06.22012 [2012.06.01 19:23:33 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Kopenhagen, Schweden, Nuttlar, Nijmegen, Elphi [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.25 23:00:12 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.06.25 22:59:42 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.06.25 21:17:00 | 000,021,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.25 21:17:00 | 000,021,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.25 21:14:14 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.25 21:14:14 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.25 21:14:14 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.25 21:14:14 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.25 21:14:14 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.25 21:07:25 | 000,000,554 | ---- | M] () -- C:\Windows\tasks\MATLAB R2011b Startup Accelerator.job [2012.06.25 21:05:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.25 21:05:52 | 3219,988,480 | -HS- | M] () -- C:\hiberfil.sys [2012.06.25 11:32:03 | 000,118,784 | ---- | M] () -- C:\Users\***\Desktop\Hausübung Teil 2.rs7 [2012.06.19 19:17:25 | 000,017,408 | ---- | M] () -- C:\Users\***\AppData\Local\WebpageIcons.db [2012.06.19 07:50:05 | 000,418,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.12 20:23:56 | 002,788,117 | ---- | M] () -- C:\Users\***\Desktop\mutti_plakate_0512_groß.jpg [2012.06.06 15:52:48 | 000,226,602 | ---- | M] () -- C:\Users\***\Desktop\Screenshot Trikot 52,80 €.jpg [2012.06.06 12:22:59 | 000,246,998 | ---- | M] () -- C:\Users\***\Desktop\Screenshot Trikot.jpg [2012.06.06 07:13:45 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2012.05.29 19:38:26 | 000,766,270 | ---- | M] () -- C:\Users\***\Desktop\Foto436.jpg [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.25 22:59:42 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.06.12 20:39:45 | 000,118,784 | ---- | C] () -- C:\Users\***\Desktop\Hausübung Teil 2.rs7 [2012.06.12 20:23:46 | 002,788,117 | ---- | C] () -- C:\Users\***\Desktop\mutti_plakate_0512_groß.jpg [2012.06.12 08:34:27 | 000,000,819 | ---- | C] () -- C:\Windows\SysWow64\_nethasp.ini [2012.06.06 15:52:48 | 000,226,602 | ---- | C] () -- C:\Users\***\Desktop\Screenshot Trikot 52,80 €.jpg [2012.06.06 12:22:59 | 000,246,998 | ---- | C] () -- C:\Users\***\Desktop\Screenshot Trikot.jpg [2012.06.06 07:13:45 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2012.05.29 22:29:27 | 000,766,270 | ---- | C] () -- C:\Users\***\Desktop\Foto436.jpg [2011.12.05 20:13:02 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2011.12.05 20:05:11 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2011.11.15 20:37:31 | 000,017,408 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db [2011.11.09 21:34:45 | 000,000,054 | ---- | C] () -- C:\Users\***\pc-client.properties ========== LOP Check ========== [2012.01.21 16:44:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AnvSoft [2012.01.21 16:30:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo [2011.11.28 09:54:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\cadwork [2011.11.15 20:31:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited [2012.01.28 23:16:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2012.04.12 19:10:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView [2012.03.03 15:18:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAP&GUIDE [2012.06.25 18:51:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MediaMonkey [2012.05.02 19:28:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Miranda [2011.12.17 02:25:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MOBILedit [2012.06.06 07:15:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge [2011.12.13 17:19:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung [2012.06.25 21:07:25 | 000,000,554 | ---- | M] () -- C:\Windows\Tasks\MATLAB R2011b Startup Accelerator.job [2012.01.13 09:42:00 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Und hier die Extra.txt Log: Code:
ATTFilter OTL Extras logfile created on: 25.06.2012 23:24:41 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\***\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,78 Gb Available Physical Memory | 69,62% Memory free
8,00 Gb Paging File | 6,78 Gb Available in Paging File | 84,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,48 Gb Total Space | 81,94 Gb Free Space | 55,94% Space Free | Partition Type: NTFS
Drive D: | 319,18 Gb Total Space | 270,48 Gb Free Space | 84,74% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B23B623-A6B9-4EB5-AC4C-4FA524AD187A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1FEE10AF-1A9D-480F-B465-063785262E2F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{24A9A979-9FC5-48B3-91BA-C4D62C2F1CAA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{321D28A0-04AB-455C-8EE4-AADC39F6BDC7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{45BF0DBC-0062-4FCC-B51A-DCDE28453850}" = lport=139 | protocol=6 | dir=in | app=system |
"{79A94A31-09AC-4582-8E6F-B2CA6E4EAA44}" = lport=445 | protocol=6 | dir=in | app=system |
"{9E7BD74F-2D2A-4A89-B880-02C13E9034E0}" = rport=137 | protocol=17 | dir=out | app=system |
"{A233D45D-E4A8-4F80-BEC7-BA0368A519E8}" = rport=138 | protocol=17 | dir=out | app=system |
"{A8D32659-0B8A-42D9-8F1A-3DF322E349EE}" = lport=137 | protocol=17 | dir=in | app=system |
"{C94FDC0D-BBB7-4CC6-8091-81151C0E95EF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CDBD801D-1779-4A5E-BA23-E356304560F2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DAF0A5CF-014B-43E8-A040-A092D766B4CC}" = rport=445 | protocol=6 | dir=out | app=system |
"{E8DEE582-3098-4491-B801-9F1E30D90E68}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F2CC6CA0-5AB1-4779-A5D7-FA9ECB3A963D}" = lport=138 | protocol=17 | dir=in | app=system |
"{F4802363-2651-49AA-8927-31A0F7BCA90C}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0056F4F2-200A-4F81-816F-F3349965D785}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0269F5C7-E013-4480-A4AD-18885DA3902A}" = protocol=6 | dir=in | app=c:\windows\system32\hasplms.exe |
"{041E2EC9-4918-4E3E-970F-0678049F5191}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1DB4747E-2B09-464D-BAAF-8758A4F2FBDE}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung pc studio 3\liveupdate.exe |
"{1FE336E9-FD81-4D88-BB3D-D77AEC30BC8D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{2EF008D5-9351-4F83-96EF-16C0E80C708B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3CFA4AC8-311D-4D59-B60D-B1CCE1CB9B2D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4996775F-4EAB-4060-ABC3-86B37D7D36CC}" = protocol=17 | dir=in | app=c:\windows\system32\hasplms.exe |
"{4CFB29D9-2BFF-4488-BF08-1E3C36B0A21B}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung pc studio 3\liveupdate.exe |
"{5C53BED7-4B69-4C4B-A05A-1E9CE6C4FD72}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{64915AC6-B9F7-4B4E-BDF0-6B9B492FDCA2}" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"{78C0D544-0BC2-4508-BDEF-F48A74F4F53F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9AEC4761-D12C-48B3-A649-1B8F08690D08}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AC36F7EF-8F57-4482-B0C5-66B17F94EAA1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B32E8FEB-7D39-4011-BA83-3EC8025512D9}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung pc studio 3\launcher.exe |
"{B58B1A41-AAF1-4D99-AD92-6B4BB3005DFF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{BA960CD4-7EDD-4937-8D8C-EB2919659389}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CEA0768C-1D0F-497F-9F01-D3E61D9F6F4C}" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"{D289BFE6-00E7-4331-9CBE-869A281D980A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DA585043-3AE7-4434-A622-AC489691071A}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung pc studio 3\launcher.exe |
"{E971E29D-9997-4835-BE2D-8FA1F961D8BB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{9AA87A68-3ED2-4EBA-84AD-F35A7E7F8E2D}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"TCP Query User{B3770BB0-BFD0-45DA-93D8-5E487A072DEB}C:\users\***\downloads\miranda-im-v0.9.34-x64\miranda64.exe" = protocol=6 | dir=in | app=c:\users\***\downloads\miranda-im-v0.9.34-x64\miranda64.exe |
"UDP Query User{2867FA46-4F9B-42FD-B799-23F0AF2A4447}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"UDP Query User{EC4D17E3-2237-4340-A390-E5DA97B62C3C}C:\users\***\downloads\miranda-im-v0.9.34-x64\miranda64.exe" = protocol=17 | dir=in | app=c:\users\***\downloads\miranda-im-v0.9.34-x64\miranda64.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{3DCF00F5-04A5-4543-A088-70548081120E}_is1" = Compiled Driver Disc (Full) 1.0
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Logitech Unifying" = Logitech Unifying-Software 2.00
"Matlab R2011b" = MATLAB R2011b
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{1A834332-A9EE-440C-9505-2D07F445F05A}" = MOBILedit! Support Libraries
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22E6139B-4D29-4107-8005-152A5EE6D0B3}" = RSTAB
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{2766B331-2A22-4B87-94EE-EC93EE267EA0}" = map&guide professional 2008
"{2B290EE2-5576-4A00-918B-FEC299103FBD}" = Dlubal RSTAB 7
"{2D3858B1-226A-420D-9C9D-B51864E85429}" = Nuvoton CIR Device Driver
"{32DF2EBA-00B2-44E9-A91B-50ACC8607468}" = map&guide Kartendaten Europa Release 2008.3x (C:\Program Files (x86)\map&guide professional 2008\maps\EuropePremium.geo)
"{3A32A44A-81B2-4415-B0CF-1884D54FFD66}_is1" = cadwork cataloge version 17.0
"{47DA7D2E-408C-4050-B75F-95F6D2E6A332}_is1" = MOBILedit! ver. 5.5.0.1148
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.62.02
"{62B74257-2E1B-48FB-843C-0FBA43FE1327}" = Sentinel System Driver Installer 7.4.0
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A62B2A-50D6-4886-8AFA-7FC4DE273C61}" = RSTAB
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{ADB1DE83-FC42-4C3F-B64B-2AF2215EF88B}" = Cisco AnyConnect Secure Mobility Client
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{DBBCF7F1-2AD2-48A3-8408-A9279857D832}" = Samsung PC Studio 3
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Any Video Converter_is1" = Any Video Converter 3.3.2
"Ashampoo Burning Studio Elements_is1" = Ashampoo Burning Studio Elements 10.0.9
"Avira AntiVir Desktop" = Avira Free Antivirus
"cadwork 17.0_is1" = cadwork 17.0
"Cadwork.dir" = Cadwork
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"DAEMON Tools Lite" = DAEMON Tools Lite
"ESET Online Scanner" = ESET Online Scanner v3
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"IrfanView" = IrfanView (remove only)
"MediaMonkey_is1" = MediaMonkey 4.0
"Miranda IM" = Miranda IM 0.9.48
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Professional 2010
"PaperCut NG Client_is1" = PaperCut NG Client 9.8
"RuckZuck 4.0 Studentenversion" = RuckZuck 4.0 Studentenversion
"SecureW2 EAP Suite" = SecureW2 EAP Suite 2.0.2 for Windows
"SystemRequirementsLab" = System Requirements Lab
"Tunatic" = Tunatic
"VLC media player" = VLC media player 2.0.1
"Zattoo4" = Zattoo4 4.0.5
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 20.06.2012 13:47:45 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Skype.exe, Version: 5.8.0.156, Zeitstempel:
0x4f3bb389 Name des fehlerhaften Moduls: Skype.exe, Version: 5.8.0.156, Zeitstempel:
0x4f3bb389 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00006048 ID des fehlerhaften Prozesses:
0x660 Startzeit der fehlerhaften Anwendung: 0x01cd4e341f0d2ed8 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Skype\Phone\Skype.exe Pfad des fehlerhaften Moduls:
C:\Program Files (x86)\Skype\Phone\Skype.exe Berichtskennung: 0a5f9838-bb00-11e1-b394-001b2457b0ed
Error - 21.06.2012 02:27:08 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 12.0.0.4493,
Zeitstempel: 0x4f920759 Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll_unloaded,
Version: 0.0.0.0, Zeitstempel: 0x4fc821fc Ausnahmecode: 0xc0000005 Fehleroffset:
0x70c29903 ID des fehlerhaften Prozesses: 0xf5c Startzeit der fehlerhaften Anwendung:
0x01cd4e318efbf86f Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla
Firefox\plugin-container.exe Pfad des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll
Berichtskennung:
200a96fe-bb6a-11e1-b394-001b2457b0ed
Error - 22.06.2012 03:41:23 | Computer Name = ***-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
(x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 24.06.2012 17:15:26 | Computer Name = ***-PC | Source = RasClient | ID = 20227
Description =
Error - 25.06.2012 12:54:09 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 25.06.2012 13:10:18 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm avscan.exe, Version 12.3.0.15 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: f9c Startzeit:
01cd52f3ad20d0ff Endzeit: 60000 Anwendungspfad: C:\Program Files (x86)\Avira\AntiVir
Desktop\avscan.exe Berichts-ID: 4edf556e-bee8-11e1-8ea3-001b2457b0ed
Error - 25.06.2012 13:15:31 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 25.06.2012 14:50:46 | Computer Name = ***-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\***\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 25.06.2012 15:07:45 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 25.06.2012 15:16:25 | Computer Name = ***-PC | Source = VSS | ID = 12310
Description =
Error - 25.06.2012 15:16:25 | Computer Name = ***-PC | Source = VSS | ID = 12298
Description =
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 25.06.2012 15:09:13 | Computer Name = ***-PC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
648 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196
(0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 25.06.2012 15:09:18 | Computer Name = ***-PC | Source = acvpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2626 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 25.06.2012 15:09:18 | Computer Name = ***-PC | Source = acvpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2211 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 25.06.2012 15:09:18 | Computer Name = ***-PC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
648 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196
(0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 25.06.2012 15:09:23 | Computer Name = ***-PC | Source = acvpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2626 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 25.06.2012 15:09:23 | Computer Name = ***-PC | Source = acvpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2211 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 25.06.2012 15:09:23 | Computer Name = ***-PC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
648 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196
(0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 25.06.2012 15:09:28 | Computer Name = ***-PC | Source = acvpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2626 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 25.06.2012 15:09:28 | Computer Name = ***-PC | Source = acvpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2211 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 25.06.2012 15:09:28 | Computer Name = ***-PC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
648 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196
(0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
[ System Events ]
Error - 23.05.2012 05:42:27 | Computer Name = ***-PC | Source = BugCheck | ID = 1001
Description =
Error - 23.05.2012 05:42:59 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst vpnagent erreicht.
Error - 23.05.2012 05:43:05 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
StarOpen
Error - 28.05.2012 16:54:11 | Computer Name = ***-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error - 31.05.2012 15:38:29 | Computer Name = ***-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 31.05.2012 15:38:42 | Computer Name = ***-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error - 31.05.2012 15:39:03 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
StarOpen
Error - 01.06.2012 14:05:48 | Computer Name = ***-PC | Source = bowser | ID = 8003
Description =
Error - 01.06.2012 15:16:59 | Computer Name = ***-PC | Source = bowser | ID = 8003
Description =
Error - 08.06.2012 13:52:37 | Computer Name = ***-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
< End of report >
Den Schritt 2.3 habe ich nicht mehr ausgeführt, da ich ein Win 7 64 Bit System habe. So, leider ist es etwas länger geworden, aber ich hoffe, es nimmt sich trotzdem einer dieses Problems an. Vielleicht muss man es 2 mal lesen, aber ich wollte euch so viele Informationen wie möglich über den Hergang geben. Ich weiß leider nicht, an welcher Stelle ich hätte filtern können, um unwichtiges raus zu lassen. Ich ertwarte auch keine sofortige Antwort, lieber eine mit Bedacht. Falls ich noch etwas vergessen haben sollte, so bitte ich um Nachsicht, ich werde es natürlich schnellstmöglich nachreichen. Auch jeden Fall möchte ich mich schonmal recht herzlich bedanken. Viele Grüße, Rumpel |
|
29.06.2012, 15:46
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | 14 Funde bei AntiVir nach erscheinen des JAVA Logos (EXP/2008-5353.AR,EXP/CVE-2011-3544.CF)Zitat:
Wenn du Java nicht aktualisierst werden diesde Funde erst gefährlich! Exploits nutzen Lücken in alter Software Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen! Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
30.06.2012, 01:11
| #3 |
| | 14 Funde bei AntiVir nach erscheinen des JAVA Logos (EXP/2008-5353.AR,EXP/CVE-2011-3544.CF) Hallo Arne!
__________________Erstmal vielen Dank, dass du dich meines Problems annimmst. Wie du mir gesagt hast, habe ich die fehlenden Informationen zusammen getragen. Ich habe Malwarebytes durchlaufen lassen. Beim Scan fiel mir folgendes auf: Avira hat einen Fund gemeldet. Die Datei hab ich dann in die Quarantäne schieben lassen. Hier der entsprechende Log: Avira AniVir Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Freitag, 29. Juni 2012 21:27
Es wird nach 3874966 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 000014****-ADJIE-0000001
Plattform : Windows 7 Professional
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : ***-PC
Versionsinformationen:
BUILD.DAT : 12.0.0.1125 41829 Bytes 02.05.2012 16:34:00
AVSCAN.EXE : 12.3.0.15 466896 Bytes 08.05.2012 21:10:25
AVSCAN.DLL : 12.3.0.15 66256 Bytes 08.05.2012 21:10:25
LUKE.DLL : 12.3.0.15 68304 Bytes 08.05.2012 21:10:25
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 08.05.2012 21:10:25
AVREG.DLL : 12.3.0.17 232200 Bytes 11.05.2012 06:34:33
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 19:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 10:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 17:27:21
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 22:07:36
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 15:48:09
VBASE005.VDF : 7.11.29.136 2166272 Bytes 10.05.2012 06:34:25
VBASE006.VDF : 7.11.29.137 2048 Bytes 10.05.2012 06:34:25
VBASE007.VDF : 7.11.29.138 2048 Bytes 10.05.2012 06:34:25
VBASE008.VDF : 7.11.29.139 2048 Bytes 10.05.2012 06:34:25
VBASE009.VDF : 7.11.29.140 2048 Bytes 10.05.2012 06:34:25
VBASE010.VDF : 7.11.29.141 2048 Bytes 10.05.2012 06:34:25
VBASE011.VDF : 7.11.29.142 2048 Bytes 10.05.2012 06:34:25
VBASE012.VDF : 7.11.29.143 2048 Bytes 10.05.2012 06:34:25
VBASE013.VDF : 7.11.29.144 2048 Bytes 10.05.2012 06:34:25
VBASE014.VDF : 7.11.30.3 198144 Bytes 14.05.2012 15:55:30
VBASE015.VDF : 7.11.30.69 186368 Bytes 17.05.2012 19:57:14
VBASE016.VDF : 7.11.30.143 223744 Bytes 21.05.2012 05:50:20
VBASE017.VDF : 7.11.30.207 287744 Bytes 23.05.2012 05:48:30
VBASE018.VDF : 7.11.31.57 188416 Bytes 28.05.2012 17:55:42
VBASE019.VDF : 7.11.31.111 214528 Bytes 30.05.2012 18:48:45
VBASE020.VDF : 7.11.31.151 116736 Bytes 31.05.2012 18:48:49
VBASE021.VDF : 7.11.31.205 134144 Bytes 03.06.2012 13:43:30
VBASE022.VDF : 7.11.32.9 169472 Bytes 05.06.2012 16:45:45
VBASE023.VDF : 7.11.32.85 155648 Bytes 08.06.2012 12:13:07
VBASE024.VDF : 7.11.32.133 127488 Bytes 11.06.2012 17:23:48
VBASE025.VDF : 7.11.32.171 182784 Bytes 12.06.2012 17:23:44
VBASE026.VDF : 7.11.32.251 119296 Bytes 14.06.2012 21:07:00
VBASE027.VDF : 7.11.33.83 159232 Bytes 18.06.2012 09:28:38
VBASE028.VDF : 7.11.33.195 200192 Bytes 22.06.2012 14:32:14
VBASE029.VDF : 7.11.34.57 187904 Bytes 27.06.2012 01:22:34
VBASE030.VDF : 7.11.34.58 2048 Bytes 27.06.2012 01:22:34
VBASE031.VDF : 7.11.34.60 2048 Bytes 27.06.2012 01:22:34
Engineversion : 8.2.10.96
AEVDF.DLL : 8.1.2.8 106867 Bytes 01.06.2012 18:46:23
AESCRIPT.DLL : 8.1.4.28 455035 Bytes 21.06.2012 14:24:44
AESCN.DLL : 8.1.8.2 131444 Bytes 27.01.2012 16:21:54
AESBX.DLL : 8.2.5.12 606578 Bytes 14.06.2012 17:28:28
AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 22:16:06
AEPACK.DLL : 8.2.16.22 807288 Bytes 21.06.2012 14:24:43
AEOFFICE.DLL : 8.1.2.38 201083 Bytes 21.06.2012 14:24:42
AEHEUR.DLL : 8.1.4.52 4923767 Bytes 21.06.2012 14:24:42
AEHELP.DLL : 8.1.21.0 254326 Bytes 11.05.2012 06:34:26
AEGEN.DLL : 8.1.5.30 422261 Bytes 14.06.2012 17:25:17
AEEXP.DLL : 8.1.0.54 82293 Bytes 21.06.2012 14:24:48
AEEMU.DLL : 8.1.3.0 393589 Bytes 01.09.2011 22:46:01
AECORE.DLL : 8.1.25.10 201080 Bytes 31.05.2012 18:48:54
AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 22:46:01
AVWINLL.DLL : 12.3.0.15 27344 Bytes 08.05.2012 21:10:24
AVPREF.DLL : 12.3.0.15 51920 Bytes 08.05.2012 21:10:25
AVREP.DLL : 12.3.0.15 179208 Bytes 08.05.2012 21:10:25
AVARKT.DLL : 12.3.0.15 211408 Bytes 08.05.2012 21:10:25
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 08.05.2012 21:10:25
SQLITE3.DLL : 3.7.0.1 398288 Bytes 08.05.2012 21:10:25
AVSMTP.DLL : 12.3.0.15 63440 Bytes 08.05.2012 21:10:25
NETNT.DLL : 12.3.0.15 17104 Bytes 08.05.2012 21:10:25
RCIMAGE.DLL : 12.3.0.15 4447952 Bytes 08.05.2012 21:10:25
RCTEXT.DLL : 12.3.0.15 98512 Bytes 08.05.2012 21:10:25
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4fe8b6d9\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Beginn des Suchlaufs: Freitag, 29. Juni 2012 21:27
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamgui.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbam.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Skype.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'miranda32.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_3_300_257.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_3_300_257.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemonu.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hasplms.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'cvpnd.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'vpnagent.exe' - '1' Modul(e) wurden durchsucht
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'H:\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1187ad0c-72e5675f'
H:\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1187ad0c-72e5675f
[FUND] Ist das Trojanische Pferd TR/Expl.Java.CVE.2010.4452.g.1
Beginne mit der Desinfektion:
H:\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1187ad0c-72e5675f
[FUND] Ist das Trojanische Pferd TR/Expl.Java.CVE.2010.4452.g.1
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5641ac02.qua' verschoben!
Ende des Suchlaufs: Freitag, 29. Juni 2012 21:29
Benötigte Zeit: 00:11 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
22 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
21 Dateien ohne Befall
0 Archive wurden durchsucht
0 Warnungen
1 Hinweise
Die Suchergebnisse werden an den Guard übermittelt.
Hier nun der Log aus Malwarebytes: Malwarebytes Anti Malware Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.29.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 *** :: ***-PC [Administrator] Schutz: Aktiviert 29.06.2012 19:13:22 mbam-log-2012-06-29 (19-13-22).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 571823 Laufzeit: 2 Stunde(n), 29 Minute(n), 49 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Malwarebytes hat also keinen Fund gemeldet. Anschließend habe ich Malwarebytes, Avira AntiVir, Windows Firewall, Windows Defender und die Firefox Add-Ons Adblock Plus und ProxTube deaktiviert. Die "Java Console" in Firefox wer eh schon immer deaktiviert. Danach habe ich dann den Scan mit ESET durchlaufen lassen. Hier der ESET Log: ESET Online Scan Log: Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=94abfc122d30f349b209b515eb4c19cf
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-29 10:39:21
# local_time=2012-06-30 12:39:21 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 19986458 19986458 0 0
# compatibility_mode=5893 16776573 100 94 33222 92630613 0 0
# compatibility_mode=8192 67108863 100 0 7851595 7851595 0 0
# scanned=344503
# found=2
# cleaned=0
# scan_time=8797
C:\Users\***\AppData\Local\Temp\ICReinstall\cnet_produkey-x64_zip.exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 I
G:\Datensicherung 08.11.11\***\AppData\Local\Temp\ICReinstall\cnet_produkey-x64_zip.exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 I
Außerdem hat mich dieses hier gewundert: ESET hat laut Angabe 230 000 Dateien weniger untersucht, obwohl bei beiden Programmen beide externe Festplatten mit durchsucht werden (sollten). Der Fund, den ESET meldet stammt auch von einer neueren Datensicherung eines verseuchten Systems. Das muss ich so erklären: Ich hatte mir im Sommer 2011 den BKA Trojaner eingefangen und habe daraufhin den Laptop von einem Bekannten neu aufsetzen lassen. Ich selber kannte mich damit halt nicht gut aus. Leider hat sich dann herausgestellt, dass er mir nicht die richtige Windows Version installiert hat und anscheinend der Computer nicht richtig geschützt war, denn ich hatte wieder ein Problem damit und habe nach der Datensicherung im November 2011 mit Hilfe des IT-Service meiner Uni den Laptop komplett neu aufgesetzt. Daher existieren 2 alte, verseuchte Datensicherungen. Ich hoffe, dass ich mir nichts von mir selber eingefangen habe. In einem Computer-Laden hat man mir gesagt, dass beim reinen anstecken einer externen Festplatte das System nicht infiziert werden kann. Stimmt diese Information so nicht? Ich habe im Avira AntiVir eine Einstellung gesehen, die Autostarts unterbindet. Und die ist auch angehakt. Soviel dazu. Ich denke, ich hab deinen Eintrag jetzt komplett bearbeitet. Vielen Dank nochmal für die Hilfe. Kannst du, wenn du dir die Sachen anguckst, mit wenigen Worten einmal sagen, was die Viren/Würmer/Malware-irgendeiner-Art auf meinem jetzigen System angestellt haben? Ob die irgendwelche Dateien geändert haben, oder mich ausspionieren, oder irgendwelche anderen Sachen auf meinem Laptop veranstalten. Das wäre sehr nett. Jetzt werde ich die Echtzeit-Systeme von Malwarebytes, Avira AntiVir, Windows Firewall, Windows Defender sowie die Firefox Add-Ons Adblock Plus und ProxTube wieder anschalten. Kann ich für die Zeit, in der wir mein Problem beheben AntiVir und Malwarebytes parallel laufen lassen? Kannst du mir anschließend helfen, das System einmal richtig abzusichern? Anscheinend wird hier irgendwas nicht automatisch aktualisiert. Viel Grüße, Rumpel Geändert von Rumpel2 (30.06.2012 um 01:32 Uhr) Grund: FireFox Add-Ons vergessen anzugeben/Installationsmeldung ESET |
|
01.07.2012, 15:12
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 14 Funde bei AntiVir nach erscheinen des JAVA Logos (EXP/2008-5353.AR,EXP/CVE-2011-3544.CF) Dass ESET ein wenig hysterisch sein kann hab ich ja schon angedeutet. Besonders gerne meckert es setups an, wenn darin Toolbars enthalten sind und vom Installer normalerweise mit installiert werden wenn man es denn nicht abwählt Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
01.07.2012, 16:23
| #5 |
| | 14 Funde bei AntiVir nach erscheinen des JAVA Logos (EXP/2008-5353.AR,EXP/CVE-2011-3544.CF) Hallo Arne! Danke für die Antwort! Ich habe den OTL Scan planmäßig ausgeführt und es gab keine Meldungen. Zumindest keine Fehlermeldungen. Die OTL.txt kam am Ende natürlich raus. Und hier ist sie: OTL.txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 01.07.2012 16:31:43 - Run 2 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\***\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 75,13% Memory free 8,00 Gb Paging File | 6,57 Gb Available in Paging File | 82,23% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 146,48 Gb Total Space | 85,18 Gb Free Space | 58,15% Space Free | Partition Type: NTFS Drive D: | 319,18 Gb Total Space | 270,48 Gb Free Space | 84,74% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2012.07.01 16:29:56 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.05.08 23:10:25 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 23:10:25 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 23:10:25 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.09.09 18:08:54 | 000,475,088 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe PRC - [2011.06.06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009.04.21 12:59:08 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms) SRV - [2012.05.08 23:10:25 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.08 23:10:25 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.04.30 18:20:20 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.02.15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.09.09 18:08:54 | 000,475,088 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent) SRV - [2011.06.06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.08 23:10:25 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 23:10:25 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.11.22 19:41:02 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.10.19 17:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.09.09 18:00:05 | 000,026,536 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva) DRV:64bit: - [2011.09.09 17:59:19 | 000,106,408 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock) DRV:64bit: - [2011.09.08 08:23:30 | 000,057,088 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akshhl.sys -- (akshhl) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.21 07:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm) DRV:64bit: - [2010.12.21 07:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV:64bit: - [2010.12.21 07:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.03.23 14:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:64bit: - [2010.02.08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2009.09.17 21:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.08.26 07:48:44 | 000,071,040 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.25 18:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk) DRV:64bit: - [2009.06.25 17:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp) DRV:64bit: - [2009.06.25 17:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk) DRV:64bit: - [2009.06.24 15:03:24 | 000,048,128 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuvotoncir.sys -- (nuvotoncir) DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.13 11:55:38 | 000,318,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock) DRV:64bit: - [2009.03.13 11:55:38 | 000,053,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akshasp.sys -- (akshasp) DRV:64bit: - [2009.03.13 11:55:38 | 000,025,344 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aksusb.sys -- (aksusb) DRV:64bit: - [2009.01.08 11:55:04 | 000,129,280 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge) DRV:64bit: - [2008.11.16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV:64bit: - [2007.04.27 08:40:00 | 000,142,120 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64) DRV:64bit: - [2007.03.28 08:50:18 | 000,046,592 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winbondcir.sys -- (winbondcir) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 51 31 3F F4 37 55 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.30 18:20:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.23 11:56:25 | 000,000,000 | ---D | M] [2011.11.09 21:40:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.06.29 22:01:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\epj6lbtx.default\extensions [2012.06.14 15:38:54 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\epj6lbtx.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2012.05.18 10:54:22 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\epj6lbtx.default\extensions\ich@maltegoetz.de [2012.06.29 22:01:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\epj6lbtx.default\extensions\trash [2011.11.11 16:40:32 | 000,001,689 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\epj6lbtx.default\searchplugins\moviemaze-suche.xml [2011.11.17 19:18:15 | 000,002,057 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\epj6lbtx.default\searchplugins\youtube-videosuche.xml [2012.06.23 11:56:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.06.23 11:56:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2011.11.15 21:33:54 | 007,704,298 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EPJ6LBTX.DEFAULT\EXTENSIONS\{7BDB48D1-CD94-4B99-A5A4-E418B9EE6532}.XPI [2011.11.15 21:33:54 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EPJ6LBTX.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI [2012.06.08 12:53:22 | 000,057,439 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EPJ6LBTX.DEFAULT\EXTENSIONS\TABSCOPE@XULDEV.ORG.XPI [2012.04.30 18:20:20 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.13 09:48:22 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.13 09:48:22 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.13 09:48:22 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.13 09:48:22 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.13 09:48:22 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.13 09:48:22 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2DB4B57-33AA-467A-A134-CCE468DC5457}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpReg: Cisco AnyConnect Secure Mobility Agent for Windows - hkey= - key= - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) MsConfig:64bit - StartUpReg: Logitech Download Assistant - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: PaperCut NG Client - hkey= - key= - C:\Program Files (x86)\PaperCut NG Client\pc-client.exe () MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.06.29 22:06:10 | 002,322,184 | ---- | C] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe [2012.06.29 19:07:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.06.29 19:07:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.29 19:07:01 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.29 19:07:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.29 19:07:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.29 19:04:56 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\***\Desktop\mbam-setup-1.61.0.1400.exe [2012.06.25 23:00:07 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.06.24 15:18:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ElevatedDiagnostics [2012.06.23 11:56:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012.06.19 17:51:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [2012.06.19 17:51:57 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd [2012.06.19 17:51:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd [2012.06.15 07:32:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Macromedia [2012.06.12 08:37:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Aladdin Shared [2012.06.12 08:37:55 | 002,869,760 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\hasplms.exe [2012.06.12 08:36:57 | 000,318,464 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\drivers\hardlock.sys [2012.06.12 08:36:57 | 000,071,168 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\aksusb3.dll [2012.06.12 08:36:57 | 000,071,040 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\drivers\aksdf.sys [2012.06.12 08:36:57 | 000,053,760 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\drivers\akshasp.sys [2012.06.12 08:36:57 | 000,033,792 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\akshhl27.dll [2012.06.12 08:36:57 | 000,025,344 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\drivers\aksusb.sys [2012.06.12 08:36:57 | 000,014,848 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\drivers\aksclass.sys [2012.06.12 08:36:57 | 000,011,776 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\akshsp51.dll [2012.06.12 08:36:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dlubal [2012.06.12 08:35:37 | 000,205,608 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\Windows\SysWow64\THREED32.OCX [2012.06.12 08:35:00 | 000,308,008 | ---- | C] (SommyTech®) -- C:\Windows\SysWow64\BlnDialog.ocx [2012.06.12 08:35:00 | 000,303,104 | ---- | C] (Ing.-Software DLUBAL GmbH) -- C:\Windows\SysWow64\DL_Bmpbtn.ocx [2012.06.12 08:35:00 | 000,149,288 | ---- | C] (Desaware) -- C:\Windows\SysWow64\ANIBTN32.OCX [2012.06.12 08:35:00 | 000,093,888 | ---- | C] (Ing.-Software DLUBAL) -- C:\Windows\SysWow64\DL_HtmlButton.ocx [2012.06.12 08:35:00 | 000,085,696 | ---- | C] (Ing.-Software DLUBAL) -- C:\Windows\SysWow64\DL_HtmlStatic.ocx [2012.06.12 08:35:00 | 000,077,504 | ---- | C] (Ing.-Software DLUBAL GmbH) -- C:\Windows\SysWow64\DL_Caption.ocx [2012.06.12 08:35:00 | 000,036,544 | ---- | C] (Dlubal) -- C:\Windows\SysWow64\DL_Static.ocx [2012.06.12 08:34:29 | 000,274,432 | ---- | C] (Ing. Dlubal s.r.o.) -- C:\Windows\SysWow64\ThmShellEx.dll [2012.06.12 08:34:29 | 000,111,104 | ---- | C] (ing. Dlubal s.r.o.) -- C:\Windows\SysWow64\PropShellEx.dll [2012.06.12 08:33:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Dlubal [2012.06.12 08:33:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dlubal [2012.06.12 08:33:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Dlubal [2012.06.06 07:13:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2012.06.06 07:13:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\pdfforge [2012.06.06 07:13:41 | 000,094,208 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll [2012.06.06 07:13:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator [2012.06.03 16:09:21 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Silberhochzeit Dörte und Wilfried, 02.06.2012, Drentwede [2012.06.02 16:56:58 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\sd temp 02.06.22012 [2012.06.01 19:23:33 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Kopenhagen, Schweden, Nuttlar, Nijmegen, Elphi [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.01 16:29:56 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.07.01 13:00:06 | 000,000,554 | ---- | M] () -- C:\Windows\tasks\MATLAB R2011b Startup Accelerator.job [2012.07.01 03:39:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.30 08:39:19 | 000,021,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.30 08:39:19 | 000,021,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.30 08:36:54 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.30 08:36:54 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.30 08:36:54 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.30 08:36:54 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.30 08:36:54 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.30 08:31:31 | 3219,988,480 | -HS- | M] () -- C:\hiberfil.sys [2012.06.30 02:26:38 | 000,039,736 | ---- | M] () -- C:\Users\***\Desktop\Meldung ESET.png [2012.06.29 22:06:20 | 002,322,184 | ---- | M] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe [2012.06.29 19:07:02 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.29 19:05:29 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\***\Desktop\mbam-setup-1.61.0.1400.exe [2012.06.27 18:08:18 | 000,000,000 | ---- | M] () -- C:\Users\***\Desktop\CIMG7011.JPG [2012.06.27 18:08:12 | 002,214,283 | ---- | M] () -- C:\Users\***\Desktop\CIMG7010.JPG [2012.06.27 18:08:04 | 002,457,695 | ---- | M] () -- C:\Users\***\Desktop\CIMG7009.JPG [2012.06.27 18:07:34 | 003,544,551 | ---- | M] () -- C:\Users\***\Desktop\CIMG7008.JPG [2012.06.25 22:59:42 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.06.25 11:32:03 | 000,118,784 | ---- | M] () -- C:\Users\***\Desktop\Hausübung Teil 2.rs7 [2012.06.19 19:17:25 | 000,017,408 | ---- | M] () -- C:\Users\***\AppData\Local\WebpageIcons.db [2012.06.19 07:50:05 | 000,418,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.12 20:23:56 | 002,788,117 | ---- | M] () -- C:\Users\***\Desktop\mutti_plakate_0512_groß.jpg [2012.06.06 15:52:48 | 000,226,602 | ---- | M] () -- C:\Users\***\Desktop\Screenshot Trikot 52,80 €.jpg [2012.06.06 12:22:59 | 000,246,998 | ---- | M] () -- C:\Users\***\Desktop\Screenshot Trikot.jpg [2012.06.06 07:13:45 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.30 02:26:38 | 000,039,736 | ---- | C] () -- C:\Users\***\Desktop\Meldung ESET.png [2012.06.29 19:07:02 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.27 18:07:26 | 003,544,551 | ---- | C] () -- C:\Users\***\Desktop\CIMG7008.JPG [2012.06.27 18:07:26 | 002,457,695 | ---- | C] () -- C:\Users\***\Desktop\CIMG7009.JPG [2012.06.27 18:07:26 | 002,214,283 | ---- | C] () -- C:\Users\***\Desktop\CIMG7010.JPG [2012.06.27 18:07:26 | 000,000,000 | ---- | C] () -- C:\Users\***\Desktop\CIMG7011.JPG [2012.06.25 22:59:42 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.06.12 20:39:45 | 000,118,784 | ---- | C] () -- C:\Users\***\Desktop\Hausübung Teil 2.rs7 [2012.06.12 20:23:46 | 002,788,117 | ---- | C] () -- C:\Users\***\Desktop\mutti_plakate_0512_groß.jpg [2012.06.12 08:34:27 | 000,000,819 | ---- | C] () -- C:\Windows\SysWow64\_nethasp.ini [2012.06.06 15:52:48 | 000,226,602 | ---- | C] () -- C:\Users\***\Desktop\Screenshot Trikot 52,80 €.jpg [2012.06.06 12:22:59 | 000,246,998 | ---- | C] () -- C:\Users\***\Desktop\Screenshot Trikot.jpg [2012.06.06 07:13:45 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2011.12.05 20:13:02 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2011.12.05 20:05:11 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2011.11.15 20:37:31 | 000,017,408 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db [2011.11.09 21:34:45 | 000,000,054 | ---- | C] () -- C:\Users\***\pc-client.properties ========== LOP Check ========== [2012.01.21 16:44:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AnvSoft [2012.01.21 16:30:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo [2011.11.28 09:54:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\cadwork [2011.11.15 20:31:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited [2012.01.28 23:16:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2012.04.12 19:10:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView [2012.03.03 15:18:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAP&GUIDE [2012.06.25 18:51:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MediaMonkey [2012.05.02 19:28:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Miranda [2011.12.17 02:25:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MOBILedit [2012.06.06 07:15:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge [2011.12.13 17:19:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung [2012.07.01 13:00:06 | 000,000,554 | ---- | M] () -- C:\Windows\Tasks\MATLAB R2011b Startup Accelerator.job [2012.01.13 09:42:00 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.11.09 21:47:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe [2012.01.21 16:44:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AnvSoft [2012.01.21 16:30:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo [2011.11.11 16:04:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avira [2011.11.28 09:54:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\cadwork [2011.11.15 20:31:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited [2012.01.28 23:16:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2012.05.24 17:43:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dvdcss [2011.11.09 20:19:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities [2012.03.03 13:05:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield [2012.04.12 19:10:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView [2012.01.31 22:04:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia [2012.06.29 19:07:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.03.03 15:18:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAP&GUIDE [2012.01.18 20:22:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MathWorks [2010.11.21 09:00:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs [2012.06.25 18:51:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MediaMonkey [2012.05.14 14:55:04 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft [2012.05.02 19:28:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Miranda [2011.12.17 02:25:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MOBILedit [2011.11.09 21:40:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla [2011.11.18 17:19:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NVIDIA [2012.06.06 07:15:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge [2011.12.13 17:19:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung [2012.07.01 16:23:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype [2012.05.24 18:10:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2010.01.27 00:29:28 | 000,028,797 | ---- | M] () MD5=4571E750E4A920D773511F50A2E62A20 -- C:\Program Files\MATLAB\R2011b\sys\perl\win32\lib\auto\Win32\EventLog\EventLog.dll < MD5 for: IASTORV.SYS > [2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > < End of report > [/code] Hast du einen Verdacht, was auf meinem Laptop schief läuft? Ich hab zwar keine Einschränkungen, alles scheint normal zu laufen. Aber ich weiß ja nicht, was noch alles im Hintergrund läuft. Aber das ist wahrscheinlich das, worum du dich kümmerst. Einzig ist mir aufgefallen, dass ich beim Videotelefonieren über Skype teilweise Verbindungsprobleme habe und unplanmäßige Geräusche. Ich schiebe aber gerade die Geräusche auf die Hardware (Lüfter). Achja, und Skype lässt sich nicht automatisch (nach der Erinnerung des Programms selber) aktualisieren. Aber das ist wahrscheinlich ein späterer Schritt. Kann ich weiterhin daran arbeiten? Online Banking lass ich vorsichtshalber noch, bis ich das ok von dir bekomme. Wie sieht es aus mit Instant Messaging? Nutze ICQ über Miranda und Skype. So ruhig wie du bleibst, hoffe ich mal, dass ich mir nicht die ganz schlimmen Dinger eingefangen habe. Wenn wir irgendwann fertig sind mit dem Bereinigen, würde ich gerne wissen, ob es gescheite Software gibt, die automatisch (!) täglich (?) oder so ähnlich guckt, ob die entsprechenden Programme etc. aktuell sind. Bis dahin mache ich hier an dem Laptop nichts ohne Absprache mit dir, außer den täglichen notwendigen Arbeiten (E-Mail, Office, Statik-Software,...). Viele Grüße, Rumpel P.S.: Grad als ich die Antwort hier schreibe, meldet Firefox, dass es eine neue Version gibt. Kann/Soll ich den schon direkt updaten? |
|
01.07.2012, 16:33
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 14 Funde bei AntiVir nach erscheinen des JAVA Logos (EXP/2008-5353.AR,EXP/CVE-2011-3544.CF)Zitat:
__________________ --> 14 Funde bei AntiVir nach erscheinen des JAVA Logos (EXP/2008-5353.AR,EXP/CVE-2011-3544.CF) |
|
01.07.2012, 17:00
| #7 |
| | 14 Funde bei AntiVir nach erscheinen des JAVA Logos (EXP/2008-5353.AR,EXP/CVE-2011-3544.CF) Hallo Arne! Tut mir leid. Kommt nicht wieder vor. Hatte das Programm ein zweites Mal gestartet, weil ich erst die Datei aus dem Downloads Ordner genommen habe. Habe also nochmal auf den Desktop runtergeladen und den Haken vergessen. Jetzt habe ich alles genau so gemacht, wie du gesagt hast. Hier der log: OTL.txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 01.07.2012 17:37:43 - Run 3 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\***\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,78 Gb Available Physical Memory | 69,63% Memory free 8,00 Gb Paging File | 6,50 Gb Available in Paging File | 81,28% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 146,48 Gb Total Space | 85,03 Gb Free Space | 58,05% Space Free | Partition Type: NTFS Drive D: | 319,18 Gb Total Space | 270,48 Gb Free Space | 84,74% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2012.07.01 16:29:56 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.05.08 23:10:25 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 23:10:25 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 23:10:25 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.09.09 18:08:54 | 000,475,088 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe PRC - [2011.06.06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009.04.21 12:59:08 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms) SRV - [2012.05.08 23:10:25 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.08 23:10:25 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.04.30 18:20:20 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.02.15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.09.09 18:08:54 | 000,475,088 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent) SRV - [2011.06.06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.08 23:10:25 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 23:10:25 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.11.22 19:41:02 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.10.19 17:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.09.09 18:00:05 | 000,026,536 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva) DRV:64bit: - [2011.09.09 17:59:19 | 000,106,408 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock) DRV:64bit: - [2011.09.08 08:23:30 | 000,057,088 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akshhl.sys -- (akshhl) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.21 07:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm) DRV:64bit: - [2010.12.21 07:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV:64bit: - [2010.12.21 07:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.03.23 14:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:64bit: - [2010.02.08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2009.09.17 21:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.08.26 07:48:44 | 000,071,040 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.25 18:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk) DRV:64bit: - [2009.06.25 17:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp) DRV:64bit: - [2009.06.25 17:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk) DRV:64bit: - [2009.06.24 15:03:24 | 000,048,128 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuvotoncir.sys -- (nuvotoncir) DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.13 11:55:38 | 000,318,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock) DRV:64bit: - [2009.03.13 11:55:38 | 000,053,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akshasp.sys -- (akshasp) DRV:64bit: - [2009.03.13 11:55:38 | 000,025,344 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aksusb.sys -- (aksusb) DRV:64bit: - [2009.01.08 11:55:04 | 000,129,280 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge) DRV:64bit: - [2008.11.16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV:64bit: - [2007.04.27 08:40:00 | 000,142,120 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64) DRV:64bit: - [2007.03.28 08:50:18 | 000,046,592 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winbondcir.sys -- (winbondcir) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2016649859-1300321083-3386470498-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2016649859-1300321083-3386470498-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-2016649859-1300321083-3386470498-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 51 31 3F F4 37 55 CD 01 [binary data] IE - HKU\S-1-5-21-2016649859-1300321083-3386470498-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2016649859-1300321083-3386470498-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2016649859-1300321083-3386470498-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.30 18:20:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.23 11:56:25 | 000,000,000 | ---D | M] [2011.11.09 21:40:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.06.29 22:01:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\epj6lbtx.default\extensions [2012.06.14 15:38:54 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\epj6lbtx.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2012.05.18 10:54:22 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\epj6lbtx.default\extensions\ich@maltegoetz.de [2012.06.29 22:01:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\epj6lbtx.default\extensions\trash [2011.11.11 16:40:32 | 000,001,689 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\epj6lbtx.default\searchplugins\moviemaze-suche.xml [2011.11.17 19:18:15 | 000,002,057 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\epj6lbtx.default\searchplugins\youtube-videosuche.xml [2012.06.23 11:56:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.06.23 11:56:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2011.11.15 21:33:54 | 007,704,298 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EPJ6LBTX.DEFAULT\EXTENSIONS\{7BDB48D1-CD94-4B99-A5A4-E418B9EE6532}.XPI [2011.11.15 21:33:54 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EPJ6LBTX.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI [2012.06.08 12:53:22 | 000,057,439 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EPJ6LBTX.DEFAULT\EXTENSIONS\TABSCOPE@XULDEV.ORG.XPI [2012.04.30 18:20:20 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.13 09:48:22 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.13 09:48:22 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.13 09:48:22 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.13 09:48:22 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.13 09:48:22 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.13 09:48:22 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2016649859-1300321083-3386470498-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2016649859-1300321083-3386470498-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2DB4B57-33AA-467A-A134-CCE468DC5457}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpReg: Cisco AnyConnect Secure Mobility Agent for Windows - hkey= - key= - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) MsConfig:64bit - StartUpReg: Logitech Download Assistant - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: PaperCut NG Client - hkey= - key= - C:\Program Files (x86)\PaperCut NG Client\pc-client.exe () MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.06.29 22:06:10 | 002,322,184 | ---- | C] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe [2012.06.29 19:07:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.06.29 19:07:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.29 19:07:01 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.29 19:07:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.29 19:07:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.29 19:04:56 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\***\Desktop\mbam-setup-1.61.0.1400.exe [2012.06.25 23:00:07 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.06.24 15:18:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ElevatedDiagnostics [2012.06.23 11:56:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012.06.19 17:51:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [2012.06.19 17:51:57 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd [2012.06.19 17:51:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd [2012.06.15 07:32:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Macromedia [2012.06.12 08:37:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Aladdin Shared [2012.06.12 08:37:55 | 002,869,760 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\hasplms.exe [2012.06.12 08:36:57 | 000,318,464 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\drivers\hardlock.sys [2012.06.12 08:36:57 | 000,071,168 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\aksusb3.dll [2012.06.12 08:36:57 | 000,071,040 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\drivers\aksdf.sys [2012.06.12 08:36:57 | 000,053,760 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\drivers\akshasp.sys [2012.06.12 08:36:57 | 000,033,792 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\akshhl27.dll [2012.06.12 08:36:57 | 000,025,344 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\drivers\aksusb.sys [2012.06.12 08:36:57 | 000,014,848 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\drivers\aksclass.sys [2012.06.12 08:36:57 | 000,011,776 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\akshsp51.dll [2012.06.12 08:36:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dlubal [2012.06.12 08:35:37 | 000,205,608 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\Windows\SysWow64\THREED32.OCX [2012.06.12 08:35:00 | 000,308,008 | ---- | C] (SommyTech®) -- C:\Windows\SysWow64\BlnDialog.ocx [2012.06.12 08:35:00 | 000,303,104 | ---- | C] (Ing.-Software DLUBAL GmbH) -- C:\Windows\SysWow64\DL_Bmpbtn.ocx [2012.06.12 08:35:00 | 000,149,288 | ---- | C] (Desaware) -- C:\Windows\SysWow64\ANIBTN32.OCX [2012.06.12 08:35:00 | 000,093,888 | ---- | C] (Ing.-Software DLUBAL) -- C:\Windows\SysWow64\DL_HtmlButton.ocx [2012.06.12 08:35:00 | 000,085,696 | ---- | C] (Ing.-Software DLUBAL) -- C:\Windows\SysWow64\DL_HtmlStatic.ocx [2012.06.12 08:35:00 | 000,077,504 | ---- | C] (Ing.-Software DLUBAL GmbH) -- C:\Windows\SysWow64\DL_Caption.ocx [2012.06.12 08:35:00 | 000,036,544 | ---- | C] (Dlubal) -- C:\Windows\SysWow64\DL_Static.ocx [2012.06.12 08:34:29 | 000,274,432 | ---- | C] (Ing. Dlubal s.r.o.) -- C:\Windows\SysWow64\ThmShellEx.dll [2012.06.12 08:34:29 | 000,111,104 | ---- | C] (ing. Dlubal s.r.o.) -- C:\Windows\SysWow64\PropShellEx.dll [2012.06.12 08:33:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Dlubal [2012.06.12 08:33:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dlubal [2012.06.12 08:33:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Dlubal [2012.06.06 07:13:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2012.06.06 07:13:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\pdfforge [2012.06.06 07:13:41 | 000,094,208 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll [2012.06.06 07:13:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator [2012.06.03 16:09:21 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Silberhochzeit Dörte und Wilfried, 02.06.2012, Drentwede [2012.06.02 16:56:58 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\sd temp 02.06.22012 [2012.06.01 19:23:33 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Kopenhagen, Schweden, Nuttlar, Nijmegen, Elphi [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.01 16:29:56 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.07.01 13:00:06 | 000,000,554 | ---- | M] () -- C:\Windows\tasks\MATLAB R2011b Startup Accelerator.job [2012.07.01 03:39:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.30 08:39:19 | 000,021,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.30 08:39:19 | 000,021,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.30 08:36:54 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.30 08:36:54 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.30 08:36:54 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.30 08:36:54 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.30 08:36:54 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.30 08:31:31 | 3219,988,480 | -HS- | M] () -- C:\hiberfil.sys [2012.06.30 02:26:38 | 000,039,736 | ---- | M] () -- C:\Users\***\Desktop\Meldung ESET.png [2012.06.29 22:06:20 | 002,322,184 | ---- | M] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe [2012.06.29 19:07:02 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.29 19:05:29 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\***\Desktop\mbam-setup-1.61.0.1400.exe [2012.06.27 18:08:18 | 000,000,000 | ---- | M] () -- C:\Users\***\Desktop\CIMG7011.JPG [2012.06.27 18:08:12 | 002,214,283 | ---- | M] () -- C:\Users\***\Desktop\CIMG7010.JPG [2012.06.27 18:08:04 | 002,457,695 | ---- | M] () -- C:\Users\***\Desktop\CIMG7009.JPG [2012.06.27 18:07:34 | 003,544,551 | ---- | M] () -- C:\Users\***\Desktop\CIMG7008.JPG [2012.06.25 22:59:42 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.06.25 11:32:03 | 000,118,784 | ---- | M] () -- C:\Users\***\Desktop\Hausübung Teil 2.rs7 [2012.06.19 19:17:25 | 000,017,408 | ---- | M] () -- C:\Users\***\AppData\Local\WebpageIcons.db [2012.06.19 07:50:05 | 000,418,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.12 20:23:56 | 002,788,117 | ---- | M] () -- C:\Users\***\Desktop\mutti_plakate_0512_groß.jpg [2012.06.06 15:52:48 | 000,226,602 | ---- | M] () -- C:\Users\***\Desktop\Screenshot Trikot 52,80 €.jpg [2012.06.06 12:22:59 | 000,246,998 | ---- | M] () -- C:\Users\***\Desktop\Screenshot Trikot.jpg [2012.06.06 07:13:45 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.30 02:26:38 | 000,039,736 | ---- | C] () -- C:\Users\***\Desktop\Meldung ESET.png [2012.06.29 19:07:02 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.27 18:07:26 | 003,544,551 | ---- | C] () -- C:\Users\***\Desktop\CIMG7008.JPG [2012.06.27 18:07:26 | 002,457,695 | ---- | C] () -- C:\Users\***\Desktop\CIMG7009.JPG [2012.06.27 18:07:26 | 002,214,283 | ---- | C] () -- C:\Users\***\Desktop\CIMG7010.JPG [2012.06.27 18:07:26 | 000,000,000 | ---- | C] () -- C:\Users\***\Desktop\CIMG7011.JPG [2012.06.25 22:59:42 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.06.12 20:39:45 | 000,118,784 | ---- | C] () -- C:\Users\***\Desktop\Hausübung Teil 2.rs7 [2012.06.12 20:23:46 | 002,788,117 | ---- | C] () -- C:\Users\***\Desktop\mutti_plakate_0512_groß.jpg [2012.06.12 08:34:27 | 000,000,819 | ---- | C] () -- C:\Windows\SysWow64\_nethasp.ini [2012.06.06 15:52:48 | 000,226,602 | ---- | C] () -- C:\Users\***\Desktop\Screenshot Trikot 52,80 €.jpg [2012.06.06 12:22:59 | 000,246,998 | ---- | C] () -- C:\Users\***\Desktop\Screenshot Trikot.jpg [2012.06.06 07:13:45 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2011.12.05 20:13:02 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2011.12.05 20:05:11 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2011.11.15 20:37:31 | 000,017,408 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db [2011.11.09 21:34:45 | 000,000,054 | ---- | C] () -- C:\Users\***\pc-client.properties ========== LOP Check ========== [2012.01.21 16:44:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AnvSoft [2012.01.21 16:30:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo [2011.11.28 09:54:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\cadwork [2011.11.15 20:31:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited [2012.01.28 23:16:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2012.04.12 19:10:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView [2012.03.03 15:18:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAP&GUIDE [2012.06.25 18:51:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MediaMonkey [2012.05.02 19:28:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Miranda [2011.12.17 02:25:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MOBILedit [2012.06.06 07:15:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge [2011.12.13 17:19:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung [2012.07.01 13:00:06 | 000,000,554 | ---- | M] () -- C:\Windows\Tasks\MATLAB R2011b Startup Accelerator.job [2012.01.13 09:42:00 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.11.09 21:47:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe [2012.01.21 16:44:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AnvSoft [2012.01.21 16:30:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo [2011.11.11 16:04:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avira [2011.11.28 09:54:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\cadwork [2011.11.15 20:31:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited [2012.01.28 23:16:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2012.05.24 17:43:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dvdcss [2011.11.09 20:19:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities [2012.03.03 13:05:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield [2012.04.12 19:10:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView [2012.01.31 22:04:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia [2012.06.29 19:07:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.03.03 15:18:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAP&GUIDE [2012.01.18 20:22:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MathWorks [2010.11.21 09:00:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs [2012.06.25 18:51:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MediaMonkey [2012.05.14 14:55:04 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft [2012.05.02 19:28:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Miranda [2011.12.17 02:25:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MOBILedit [2011.11.09 21:40:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla [2011.11.18 17:19:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NVIDIA [2012.06.06 07:15:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge [2011.12.13 17:19:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung [2012.07.01 16:23:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype [2012.05.24 18:10:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2010.01.27 00:29:28 | 000,028,797 | ---- | M] () MD5=4571E750E4A920D773511F50A2E62A20 -- C:\Program Files\MATLAB\R2011b\sys\perl\win32\lib\auto\Win32\EventLog\EventLog.dll < MD5 for: IASTORV.SYS > [2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > < > < End of report > [/code] Übrigens hat sich das Frage mit dem Firefox update erledigt. Als ich Firefox nach dem Scan neu gestartet habe, hat er sich von alleine aktualisiert und ich hatte keine Möglichkeit zum Eingreifen. Irgendwie versteh ich eure Seite grad nicht richtig. Fügt der automatisch code-Tags ein??? Hat der bisher noch nicht gemacht. Da hat das immer flüssig geklappt. Viel Grüße, Rumpel |
|
02.07.2012, 09:53
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 14 Funde bei AntiVir nach erscheinen des JAVA Logos (EXP/2008-5353.AR,EXP/CVE-2011-3544.CF) Ja, bei vielen Logs werden die CODE-Tags inzwischen automatisch eingefügt Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2016649859-1300321083-3386470498-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.07.2012, 14:10
| #9 |
| | 14 Funde bei AntiVir nach erscheinen des JAVA Logos (EXP/2008-5353.AR,EXP/CVE-2011-3544.CF) Hallo! Ich habe, bevor ich den Fix mache, noch 2 Fragen: 1) OTL wieder neu runterladen? Und als Admin öffnen (Win 7)? 2) Wie schon bei ESET auch alle Firewalls und so weiter abschalten? Ich würde also Avira, Malwarebytes, Windows Defender, Windows Firewall abschalten. Und alles was an "normalen" Programmen läuft sowieso. Ich bin unsicher, einfach selber darüber irgendwelche Entscheidungen zu treffen. Wollte der Sicherheit halber nur einmal nachgefragt haben. Viele Grüße, Rumpel |
|
02.07.2012, 14:33
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 14 Funde bei AntiVir nach erscheinen des JAVA Logos (EXP/2008-5353.AR,EXP/CVE-2011-3544.CF) Ja OTL kannst du ruhig neu runterladen aber du musst es wieder als Admin öffnen Firewall ist beiim OTL-Fix egal, aber Virenscanner bitte ALLE abstellen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.07.2012, 14:54
| #11 |
| | 14 Funde bei AntiVir nach erscheinen des JAVA Logos (EXP/2008-5353.AR,EXP/CVE-2011-3544.CF) Hallo Arne! Ich habe den OTL Fix gemacht. Ist alles so eingetreten, wie du es gesagt hast. Erst dachte ich, es funktioniert nicht, weil unten in OTL keine Texte durch die Zeile laufen, aber dann hab ich das kurze grüne Zucken im Balken gesehen. OTL hat einen Neustart verlangt. Hat ihn auch bekommen. Beim Starten von Windows blieb erst der Bildschirm schwarz, dann sollte ich das Starten von C:\...\Desktop\otl.exe bestätigen. Hab ich auch gemacht. Dann kam folgendes Log, das jetzt NICHT otl.txt heißt: 07022012_153927.txt: Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2016649859-1300321083-3386470498-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: ***
->Temp folder emptied: 2152594043 bytes
->Temporary Internet Files folder emptied: 49138885 bytes
->Java cache emptied: 688940 bytes
->FireFox cache emptied: 1091900564 bytes
->Flash cache emptied: 41590 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 300822112 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes
RecycleBin emptied: 1521850 bytes
Total Files Cleaned = 3.430,00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default
User: Default User
User: ***
->Flash cache emptied: 0 bytes
User: Public
User: UpdatusUser
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.53.1 log created on 07022012_153927
Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\***\AppData\Local\Temp\RtkBtMnt.exe moved successfully.
File move failed. C:\Windows\temp\TmpFile1 scheduled to be moved on reboot.
PendingFileRenameOperations files...
File C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\***\AppData\Local\Temp\RtkBtMnt.exe not found!
[2012.07.02 15:43:10 | 008,405,015 | ---- | M] () C:\Windows\temp\TmpFile1 : Unable to obtain MD5
Registry entries deleted on Reboot...
Bleibt eine Frage: Wer ist auf meinem System der User "UpdatusUser"? Und wer sind die ganzen anderen User? Angelegt habe ich nur "***" (also meinen Accout) und auch nur dieser wird beim Anmelden angezeigt.  Viele Grüße, Christoph |
|
02.07.2012, 16:19
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 14 Funde bei AntiVir nach erscheinen des JAVA Logos (EXP/2008-5353.AR,EXP/CVE-2011-3544.CF)Zitat:
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.07.2012, 19:33
| #13 |
| | 14 Funde bei AntiVir nach erscheinen des JAVA Logos (EXP/2008-5353.AR,EXP/CVE-2011-3544.CF) Hallo Arne! Tut mir leid, dass ich so eine "Kleinigkeit" nicht selber gesucht habe. Ich musste nach dem Scan dringend zur Uni und wollte dir unbedingt vorher noch antworten. Mit dem TDSS-Killer hat alles geklappt. Hab es mit der Anleitung aus dem Link ausgeführt und vorher mit deinen Angaben eingestellt. Es gab keine Funde. Windows wurde nicht automatisch neu gestartet. Das Programm war offensichtlich ohne Neustart abgeschlossen. Den Report habe ich gespeichert. Habe dann trotzdem einen manuellen Neustart gemacht. Anschließend Avira, Malwarebytes und den Windows Defender wieder eingeschaltet. Hier ist der Log, den der TDSS-Killer geschrieben hat: Report: Code:
ATTFilter
20:00:47.0619 4176 TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
20:00:47.0759 4176 ============================================================
20:00:47.0759 4176 Current date / time: 2012/07/02 20:00:47.0759
20:00:47.0759 4176 SystemInfo:
20:00:47.0759 4176
20:00:47.0759 4176 OS Version: 6.1.7601 ServicePack: 1.0
20:00:47.0759 4176 Product type: Workstation
20:00:47.0759 4176 ComputerName: ***-PC
20:00:47.0759 4176 UserName: ***
20:00:47.0759 4176 Windows directory: C:\Windows
20:00:47.0759 4176 System windows directory: C:\Windows
20:00:47.0759 4176 Running under WOW64
20:00:47.0759 4176 Processor architecture: Intel x64
20:00:47.0759 4176 Number of processors: 2
20:00:47.0759 4176 Page size: 0x1000
20:00:47.0759 4176 Boot type: Normal boot
20:00:47.0759 4176 ============================================================
20:00:48.0820 4176 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:00:48.0836 4176 ============================================================
20:00:48.0836 4176 \Device\Harddisk0\DR0:
20:00:48.0836 4176 MBR partitions:
20:00:48.0836 4176 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:00:48.0836 4176 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x124F8000
20:00:48.0836 4176 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1252A800, BlocksNum 0x27E5B000
20:00:48.0836 4176 ============================================================
20:00:48.0867 4176 C: <-> \Device\Harddisk0\DR0\Partition1
20:00:48.0898 4176 D: <-> \Device\Harddisk0\DR0\Partition2
20:00:48.0898 4176 ============================================================
20:00:48.0898 4176 Initialize success
20:00:48.0898 4176 ============================================================
20:01:01.0862 4376 ============================================================
20:01:01.0862 4376 Scan started
20:01:01.0862 4376 Mode: Manual; SigCheck; TDLFS;
20:01:01.0862 4376 ============================================================
20:01:02.0611 4376 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
20:01:02.0673 4376 1394ohci - ok
20:01:02.0689 4376 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:01:02.0720 4376 ACPI - ok
20:01:02.0735 4376 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:01:02.0782 4376 AcpiPmi - ok
20:01:02.0845 4376 acsock (e42f90b27bdddd611fa7040afd256fda) C:\Windows\system32\DRIVERS\acsock64.sys
20:01:02.0860 4376 acsock - ok
20:01:02.0938 4376 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:01:02.0954 4376 AdobeARMservice - ok
20:01:03.0016 4376 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
20:01:03.0032 4376 adp94xx - ok
20:01:03.0079 4376 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
20:01:03.0110 4376 adpahci - ok
20:01:03.0125 4376 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
20:01:03.0141 4376 adpu320 - ok
20:01:03.0172 4376 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:01:03.0219 4376 AeLookupSvc - ok
20:01:03.0297 4376 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:01:03.0344 4376 AFD - ok
20:01:03.0391 4376 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:01:03.0406 4376 agp440 - ok
20:01:03.0469 4376 aksdf (89cd44c10d9b4d87725ff07f18a5702f) C:\Windows\system32\drivers\aksdf.sys
20:01:03.0500 4376 aksdf - ok
20:01:03.0531 4376 aksfridge (ba0b6fd78ae88d39b9d3d984f295a137) C:\Windows\system32\DRIVERS\aksfridge.sys
20:01:03.0547 4376 aksfridge - ok
20:01:03.0578 4376 akshasp (a56f1b0f967aef8a82d7771e6d166def) C:\Windows\system32\DRIVERS\akshasp.sys
20:01:03.0609 4376 akshasp - ok
20:01:03.0625 4376 akshhl (bc0ee7f8d0be561793b80871f4f10627) C:\Windows\system32\DRIVERS\akshhl.sys
20:01:03.0640 4376 akshhl - ok
20:01:03.0687 4376 aksusb (a9a09bc526e614ce9f29bb23c2a76ced) C:\Windows\system32\DRIVERS\aksusb.sys
20:01:03.0703 4376 aksusb - ok
20:01:03.0749 4376 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:01:03.0781 4376 ALG - ok
20:01:03.0812 4376 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:01:03.0827 4376 aliide - ok
20:01:03.0827 4376 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:01:03.0843 4376 amdide - ok
20:01:03.0874 4376 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
20:01:03.0890 4376 AmdK8 - ok
20:01:03.0890 4376 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
20:01:03.0921 4376 AmdPPM - ok
20:01:03.0952 4376 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:01:03.0968 4376 amdsata - ok
20:01:03.0983 4376 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
20:01:03.0999 4376 amdsbs - ok
20:01:04.0015 4376 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:01:04.0030 4376 amdxata - ok
20:01:04.0124 4376 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
20:01:04.0139 4376 AntiVirSchedulerService - ok
20:01:04.0311 4376 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
20:01:04.0311 4376 AntiVirService - ok
20:01:04.0358 4376 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:01:04.0405 4376 AppID - ok
20:01:04.0436 4376 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:01:04.0483 4376 AppIDSvc - ok
20:01:04.0498 4376 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
20:01:04.0561 4376 Appinfo - ok
20:01:04.0623 4376 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
20:01:04.0639 4376 AppMgmt - ok
20:01:04.0685 4376 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
20:01:04.0701 4376 arc - ok
20:01:04.0717 4376 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
20:01:04.0732 4376 arcsas - ok
20:01:04.0732 4376 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:01:04.0795 4376 AsyncMac - ok
20:01:04.0810 4376 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:01:04.0826 4376 atapi - ok
20:01:04.0904 4376 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:01:04.0951 4376 AudioEndpointBuilder - ok
20:01:04.0951 4376 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:01:04.0997 4376 AudioSrv - ok
20:01:05.0029 4376 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
20:01:05.0044 4376 avgntflt - ok
20:01:05.0075 4376 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
20:01:05.0091 4376 avipbb - ok
20:01:05.0107 4376 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
20:01:05.0107 4376 avkmgr - ok
20:01:05.0153 4376 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
20:01:05.0185 4376 AxInstSV - ok
20:01:05.0247 4376 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
20:01:05.0278 4376 b06bdrv - ok
20:01:05.0325 4376 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:01:05.0372 4376 b57nd60a - ok
20:01:05.0419 4376 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:01:05.0434 4376 BDESVC - ok
20:01:05.0450 4376 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:01:05.0497 4376 Beep - ok
20:01:05.0575 4376 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
20:01:05.0621 4376 BFE - ok
20:01:05.0699 4376 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
20:01:05.0762 4376 BITS - ok
20:01:05.0824 4376 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:01:05.0855 4376 blbdrive - ok
20:01:05.0887 4376 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:01:05.0918 4376 bowser - ok
20:01:05.0933 4376 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
20:01:05.0965 4376 BrFiltLo - ok
20:01:05.0980 4376 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
20:01:05.0996 4376 BrFiltUp - ok
20:01:06.0027 4376 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
20:01:06.0089 4376 Browser - ok
20:01:06.0121 4376 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:01:06.0152 4376 Brserid - ok
20:01:06.0167 4376 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:01:06.0199 4376 BrSerWdm - ok
20:01:06.0214 4376 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:01:06.0261 4376 BrUsbMdm - ok
20:01:06.0261 4376 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:01:06.0277 4376 BrUsbSer - ok
20:01:06.0292 4376 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
20:01:06.0323 4376 BTHMODEM - ok
20:01:06.0370 4376 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:01:06.0401 4376 bthserv - ok
20:01:06.0433 4376 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:01:06.0479 4376 cdfs - ok
20:01:06.0526 4376 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
20:01:06.0542 4376 cdrom - ok
20:01:06.0557 4376 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:01:06.0620 4376 CertPropSvc - ok
20:01:06.0651 4376 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:01:06.0682 4376 circlass - ok
20:01:06.0713 4376 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:01:06.0729 4376 CLFS - ok
20:01:06.0776 4376 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:01:06.0791 4376 clr_optimization_v2.0.50727_32 - ok
20:01:06.0854 4376 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:01:06.0869 4376 clr_optimization_v2.0.50727_64 - ok
20:01:06.0916 4376 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:01:06.0932 4376 clr_optimization_v4.0.30319_32 - ok
20:01:06.0963 4376 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:01:06.0979 4376 clr_optimization_v4.0.30319_64 - ok
20:01:07.0010 4376 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:01:07.0025 4376 CmBatt - ok
20:01:07.0041 4376 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:01:07.0057 4376 cmdide - ok
20:01:07.0119 4376 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:01:07.0135 4376 CNG - ok
20:01:07.0150 4376 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:01:07.0166 4376 Compbatt - ok
20:01:07.0197 4376 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
20:01:07.0213 4376 CompositeBus - ok
20:01:07.0228 4376 COMSysApp - ok
20:01:07.0244 4376 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
20:01:07.0259 4376 crcdisk - ok
20:01:07.0322 4376 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
20:01:07.0337 4376 CryptSvc - ok
20:01:07.0415 4376 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
20:01:07.0462 4376 CSC - ok
20:01:07.0525 4376 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
20:01:07.0540 4376 CscService - ok
20:01:07.0571 4376 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
20:01:07.0587 4376 CVirtA - ok
20:01:07.0743 4376 CVPND (66257cb4e4fb69887cddc71663741435) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
20:01:07.0790 4376 CVPND - ok
20:01:07.0899 4376 CVPNDRVA (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys
20:01:07.0915 4376 CVPNDRVA - ok
20:01:07.0993 4376 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:01:08.0055 4376 DcomLaunch - ok
20:01:08.0086 4376 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:01:08.0133 4376 defragsvc - ok
20:01:08.0180 4376 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:01:08.0227 4376 DfsC - ok
20:01:08.0258 4376 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
20:01:08.0305 4376 Dhcp - ok
20:01:08.0320 4376 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:01:08.0383 4376 discache - ok
20:01:08.0429 4376 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
20:01:08.0445 4376 Disk - ok
20:01:08.0476 4376 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
20:01:08.0507 4376 dmvsc - ok
20:01:08.0554 4376 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
20:01:08.0570 4376 DNE - ok
20:01:08.0601 4376 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
20:01:08.0632 4376 Dnscache - ok
20:01:08.0679 4376 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
20:01:08.0726 4376 dot3svc - ok
20:01:08.0741 4376 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
20:01:08.0788 4376 DPS - ok
20:01:08.0819 4376 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:01:08.0851 4376 drmkaud - ok
20:01:08.0897 4376 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
20:01:08.0913 4376 dtsoftbus01 - ok
20:01:09.0007 4376 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:01:09.0038 4376 DXGKrnl - ok
20:01:09.0085 4376 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:01:09.0131 4376 EapHost - ok
20:01:09.0365 4376 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
20:01:09.0443 4376 ebdrv - ok
20:01:09.0568 4376 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
20:01:09.0599 4376 EFS - ok
20:01:09.0677 4376 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
20:01:09.0724 4376 ehRecvr - ok
20:01:09.0755 4376 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:01:09.0787 4376 ehSched - ok
20:01:09.0865 4376 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
20:01:09.0880 4376 elxstor - ok
20:01:09.0896 4376 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:01:09.0911 4376 ErrDev - ok
20:01:09.0974 4376 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:01:10.0021 4376 EventSystem - ok
20:01:10.0052 4376 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:01:10.0099 4376 exfat - ok
20:01:10.0130 4376 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:01:10.0177 4376 fastfat - ok
20:01:10.0239 4376 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
20:01:10.0270 4376 Fax - ok
20:01:10.0301 4376 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
20:01:10.0317 4376 fdc - ok
20:01:10.0348 4376 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:01:10.0395 4376 fdPHost - ok
20:01:10.0395 4376 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:01:10.0457 4376 FDResPub - ok
20:01:10.0504 4376 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:01:10.0504 4376 FileInfo - ok
20:01:10.0535 4376 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:01:10.0582 4376 Filetrace - ok
20:01:10.0598 4376 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
20:01:10.0613 4376 flpydisk - ok
20:01:10.0645 4376 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:01:10.0660 4376 FltMgr - ok
20:01:10.0754 4376 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
20:01:10.0801 4376 FontCache - ok
20:01:10.0847 4376 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:01:10.0847 4376 FontCache3.0.0.0 - ok
20:01:10.0894 4376 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:01:10.0910 4376 FsDepends - ok
20:01:10.0941 4376 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
20:01:10.0957 4376 Fs_Rec - ok
20:01:10.0988 4376 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:01:11.0003 4376 fvevol - ok
20:01:11.0035 4376 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
20:01:11.0050 4376 gagp30kx - ok
20:01:11.0113 4376 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
20:01:11.0160 4376 gpsvc - ok
20:01:11.0222 4376 hardlock (78fad9117e4527f2ca82259da10f40bd) C:\Windows\system32\drivers\hardlock.sys
20:01:11.0238 4376 hardlock - ok
20:01:11.0253 4376 hasplms - ok
20:01:11.0253 4376 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:01:11.0284 4376 hcw85cir - ok
20:01:11.0347 4376 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:01:11.0378 4376 HdAudAddService - ok
20:01:11.0394 4376 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:01:11.0425 4376 HDAudBus - ok
20:01:11.0440 4376 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
20:01:11.0456 4376 HidBatt - ok
20:01:11.0472 4376 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
20:01:11.0487 4376 HidBth - ok
20:01:11.0518 4376 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:01:11.0534 4376 HidIr - ok
20:01:11.0550 4376 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
20:01:11.0596 4376 hidserv - ok
20:01:11.0612 4376 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:01:11.0628 4376 HidUsb - ok
20:01:11.0643 4376 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
20:01:11.0690 4376 hkmsvc - ok
20:01:11.0737 4376 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
20:01:11.0768 4376 HomeGroupListener - ok
20:01:11.0799 4376 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
20:01:11.0815 4376 HomeGroupProvider - ok
20:01:11.0846 4376 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:01:11.0862 4376 HpSAMD - ok
20:01:11.0940 4376 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:01:11.0986 4376 HTTP - ok
20:01:12.0002 4376 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:01:12.0018 4376 hwpolicy - ok
20:01:12.0033 4376 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
20:01:12.0049 4376 i8042prt - ok
20:01:12.0096 4376 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:01:12.0111 4376 iaStorV - ok
20:01:12.0236 4376 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:01:12.0267 4376 idsvc - ok
20:01:12.0298 4376 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
20:01:12.0314 4376 iirsp - ok
20:01:12.0392 4376 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
20:01:12.0454 4376 IKEEXT - ok
20:01:12.0610 4376 IntcAzAudAddService (1a6241b70453a6629a83db942aa6b08c) C:\Windows\system32\drivers\RTKVHD64.sys
20:01:12.0657 4376 IntcAzAudAddService - ok
20:01:12.0782 4376 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:01:12.0782 4376 intelide - ok
20:01:12.0813 4376 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:01:12.0829 4376 intelppm - ok
20:01:12.0860 4376 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:01:12.0907 4376 IPBusEnum - ok
20:01:12.0922 4376 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:01:12.0969 4376 IpFilterDriver - ok
20:01:13.0016 4376 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
20:01:13.0063 4376 iphlpsvc - ok
20:01:13.0094 4376 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:01:13.0110 4376 IPMIDRV - ok
20:01:13.0110 4376 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:01:13.0172 4376 IPNAT - ok
20:01:13.0203 4376 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:01:13.0234 4376 IRENUM - ok
20:01:13.0250 4376 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:01:13.0266 4376 isapnp - ok
20:01:13.0297 4376 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:01:13.0312 4376 iScsiPrt - ok
20:01:13.0328 4376 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:01:13.0344 4376 kbdclass - ok
20:01:13.0359 4376 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
20:01:13.0390 4376 kbdhid - ok
20:01:13.0406 4376 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:01:13.0422 4376 KeyIso - ok
20:01:13.0437 4376 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:01:13.0453 4376 KSecDD - ok
20:01:13.0468 4376 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:01:13.0484 4376 KSecPkg - ok
20:01:13.0500 4376 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:01:13.0546 4376 ksthunk - ok
20:01:13.0593 4376 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:01:13.0640 4376 KtmRm - ok
20:01:13.0687 4376 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
20:01:13.0734 4376 LanmanServer - ok
20:01:13.0765 4376 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
20:01:13.0812 4376 LanmanWorkstation - ok
20:01:13.0843 4376 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:01:13.0905 4376 lltdio - ok
20:01:13.0952 4376 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:01:13.0999 4376 lltdsvc - ok
20:01:14.0030 4376 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:01:14.0077 4376 lmhosts - ok
20:01:14.0108 4376 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
20:01:14.0124 4376 LSI_FC - ok
20:01:14.0139 4376 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
20:01:14.0155 4376 LSI_SAS - ok
20:01:14.0170 4376 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
20:01:14.0186 4376 LSI_SAS2 - ok
20:01:14.0202 4376 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
20:01:14.0217 4376 LSI_SCSI - ok
20:01:14.0233 4376 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:01:14.0280 4376 luafv - ok
20:01:14.0326 4376 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
20:01:14.0342 4376 MBAMProtector - ok
20:01:14.0436 4376 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:01:14.0451 4376 MBAMService - ok
20:01:14.0482 4376 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
20:01:14.0514 4376 Mcx2Svc - ok
20:01:14.0529 4376 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
20:01:14.0545 4376 megasas - ok
20:01:14.0576 4376 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
20:01:14.0592 4376 MegaSR - ok
20:01:14.0638 4376 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:01:14.0685 4376 MMCSS - ok
20:01:14.0701 4376 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:01:14.0748 4376 Modem - ok
20:01:14.0763 4376 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:01:14.0794 4376 monitor - ok
20:01:14.0810 4376 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:01:14.0826 4376 mouclass - ok
20:01:14.0841 4376 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:01:14.0872 4376 mouhid - ok
20:01:14.0888 4376 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:01:14.0904 4376 mountmgr - ok
20:01:15.0013 4376 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:01:15.0013 4376 MozillaMaintenance - ok
20:01:15.0044 4376 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:01:15.0060 4376 mpio - ok
20:01:15.0075 4376 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:01:15.0106 4376 mpsdrv - ok
20:01:15.0169 4376 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
20:01:15.0216 4376 MpsSvc - ok
20:01:15.0247 4376 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:01:15.0278 4376 MRxDAV - ok
20:01:15.0309 4376 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:01:15.0325 4376 mrxsmb - ok
20:01:15.0356 4376 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:01:15.0372 4376 mrxsmb10 - ok
20:01:15.0387 4376 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:01:15.0403 4376 mrxsmb20 - ok
20:01:15.0418 4376 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:01:15.0434 4376 msahci - ok
20:01:15.0450 4376 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:01:15.0465 4376 msdsm - ok
20:01:15.0496 4376 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:01:15.0543 4376 MSDTC - ok
20:01:15.0559 4376 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:01:15.0606 4376 Msfs - ok
20:01:15.0637 4376 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:01:15.0684 4376 mshidkmdf - ok
20:01:15.0699 4376 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:01:15.0715 4376 msisadrv - ok
20:01:15.0746 4376 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:01:15.0777 4376 MSiSCSI - ok
20:01:15.0777 4376 msiserver - ok
20:01:15.0808 4376 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:01:15.0871 4376 MSKSSRV - ok
20:01:15.0886 4376 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:01:15.0933 4376 MSPCLOCK - ok
20:01:15.0949 4376 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:01:15.0996 4376 MSPQM - ok
20:01:16.0027 4376 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:01:16.0042 4376 MsRPC - ok
20:01:16.0058 4376 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
20:01:16.0074 4376 mssmbios - ok
20:01:16.0089 4376 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:01:16.0152 4376 MSTEE - ok
20:01:16.0167 4376 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
20:01:16.0183 4376 MTConfig - ok
20:01:16.0198 4376 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:01:16.0198 4376 Mup - ok
20:01:16.0261 4376 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
20:01:16.0308 4376 napagent - ok
20:01:16.0354 4376 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:01:16.0386 4376 NativeWifiP - ok
20:01:16.0464 4376 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:01:16.0495 4376 NDIS - ok
20:01:16.0510 4376 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:01:16.0557 4376 NdisCap - ok
20:01:16.0573 4376 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:01:16.0620 4376 NdisTapi - ok
20:01:16.0651 4376 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:01:16.0698 4376 Ndisuio - ok
20:01:16.0713 4376 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:01:16.0760 4376 NdisWan - ok
20:01:16.0776 4376 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:01:16.0807 4376 NDProxy - ok
20:01:16.0838 4376 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:01:16.0885 4376 NetBIOS - ok
20:01:16.0916 4376 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:01:16.0963 4376 NetBT - ok
20:01:16.0978 4376 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:01:16.0994 4376 Netlogon - ok
20:01:17.0056 4376 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:01:17.0103 4376 Netman - ok
20:01:17.0150 4376 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:01:17.0197 4376 netprofm - ok
20:01:17.0275 4376 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:01:17.0275 4376 NetTcpPortSharing - ok
20:01:17.0634 4376 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
20:01:17.0774 4376 netw5v64 - ok
20:01:17.0914 4376 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
20:01:17.0930 4376 nfrd960 - ok
20:01:17.0977 4376 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
20:01:18.0024 4376 NlaSvc - ok
20:01:18.0055 4376 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:01:18.0086 4376 Npfs - ok
20:01:18.0102 4376 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:01:18.0133 4376 nsi - ok
20:01:18.0148 4376 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:01:18.0195 4376 nsiproxy - ok
20:01:18.0320 4376 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:01:18.0367 4376 Ntfs - ok
20:01:18.0476 4376 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:01:18.0538 4376 Null - ok
20:01:18.0570 4376 nuvotoncir (6f09cb36c344b98356978b37ba9ad42b) C:\Windows\system32\DRIVERS\nuvotoncir.sys
20:01:18.0585 4376 nuvotoncir - ok
20:01:19.0334 4376 nvlddmkm (325520227cc568052ae1d7ad49d90951) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:01:19.0724 4376 nvlddmkm - ok
20:01:19.0880 4376 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:01:19.0896 4376 nvraid - ok
20:01:19.0927 4376 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:01:19.0942 4376 nvstor - ok
20:01:20.0005 4376 nvsvc (4dffb8ddba4a0e8222e0e8d2cd590803) C:\Windows\system32\nvvsvc.exe
20:01:20.0005 4376 nvsvc - ok
20:01:20.0208 4376 nvUpdatusService (7e22de30e222bfdfcec7e77032baf3cd) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
20:01:20.0254 4376 nvUpdatusService - ok
20:01:20.0379 4376 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:01:20.0395 4376 nv_agp - ok
20:01:20.0410 4376 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:01:20.0442 4376 ohci1394 - ok
20:01:20.0504 4376 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:01:20.0520 4376 ose - ok
20:01:20.0878 4376 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:01:20.0956 4376 osppsvc - ok
20:01:21.0081 4376 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:01:21.0097 4376 p2pimsvc - ok
20:01:21.0144 4376 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:01:21.0175 4376 p2psvc - ok
20:01:21.0206 4376 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
20:01:21.0237 4376 Parport - ok
20:01:21.0268 4376 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
20:01:21.0284 4376 partmgr - ok
20:01:21.0300 4376 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:01:21.0346 4376 PcaSvc - ok
20:01:21.0362 4376 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:01:21.0378 4376 pci - ok
20:01:21.0409 4376 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:01:21.0409 4376 pciide - ok
20:01:21.0440 4376 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
20:01:21.0456 4376 pcmcia - ok
20:01:21.0471 4376 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:01:21.0487 4376 pcw - ok
20:01:21.0534 4376 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:01:21.0596 4376 PEAUTH - ok
20:01:21.0705 4376 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
20:01:21.0752 4376 PeerDistSvc - ok
20:01:21.0830 4376 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:01:21.0846 4376 PerfHost - ok
20:01:22.0017 4376 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
20:01:22.0095 4376 pla - ok
20:01:22.0158 4376 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
20:01:22.0189 4376 PlugPlay - ok
20:01:22.0204 4376 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:01:22.0236 4376 PNRPAutoReg - ok
20:01:22.0267 4376 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:01:22.0282 4376 PNRPsvc - ok
20:01:22.0329 4376 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
20:01:22.0376 4376 PolicyAgent - ok
20:01:22.0407 4376 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:01:22.0470 4376 Power - ok
20:01:22.0532 4376 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:01:22.0563 4376 PptpMiniport - ok
20:01:22.0579 4376 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
20:01:22.0594 4376 Processor - ok
20:01:22.0641 4376 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
20:01:22.0672 4376 ProfSvc - ok
20:01:22.0704 4376 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:01:22.0704 4376 ProtectedStorage - ok
20:01:22.0750 4376 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:01:22.0797 4376 Psched - ok
20:01:22.0922 4376 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
20:01:22.0969 4376 ql2300 - ok
20:01:23.0094 4376 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
20:01:23.0109 4376 ql40xx - ok
20:01:23.0156 4376 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:01:23.0187 4376 QWAVE - ok
20:01:23.0203 4376 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:01:23.0234 4376 QWAVEdrv - ok
20:01:23.0250 4376 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:01:23.0281 4376 RasAcd - ok
20:01:23.0328 4376 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:01:23.0359 4376 RasAgileVpn - ok
20:01:23.0374 4376 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:01:23.0421 4376 RasAuto - ok
20:01:23.0452 4376 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:01:23.0499 4376 Rasl2tp - ok
20:01:23.0546 4376 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
20:01:23.0577 4376 RasMan - ok
20:01:23.0608 4376 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:01:23.0655 4376 RasPppoe - ok
20:01:23.0671 4376 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:01:23.0718 4376 RasSstp - ok
20:01:23.0749 4376 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:01:23.0796 4376 rdbss - ok
20:01:23.0811 4376 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:01:23.0842 4376 rdpbus - ok
20:01:23.0858 4376 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:01:23.0905 4376 RDPCDD - ok
20:01:23.0952 4376 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
20:01:23.0952 4376 RDPDR - ok
20:01:23.0983 4376 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:01:24.0014 4376 RDPENCDD - ok
20:01:24.0030 4376 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:01:24.0061 4376 RDPREFMP - ok
20:01:24.0108 4376 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
20:01:24.0139 4376 RDPWD - ok
20:01:24.0186 4376 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:01:24.0201 4376 rdyboost - ok
20:01:24.0232 4376 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:01:24.0264 4376 RemoteAccess - ok
20:01:24.0295 4376 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:01:24.0357 4376 RemoteRegistry - ok
20:01:24.0388 4376 rimmptsk (6faf5b04bedc66d300d9d233b2d222f0) C:\Windows\system32\DRIVERS\rimmpx64.sys
20:01:24.0404 4376 rimmptsk - ok
20:01:24.0435 4376 rimsptsk (67f50c31713106fd1b0f286f86aa2b2e) C:\Windows\system32\DRIVERS\rimspx64.sys
20:01:24.0451 4376 rimsptsk - ok
20:01:24.0466 4376 rismxdp (4d7ef3d46346ec4c58784db964b365de) C:\Windows\system32\DRIVERS\rixdpx64.sys
20:01:24.0482 4376 rismxdp - ok
20:01:24.0498 4376 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:01:24.0544 4376 RpcEptMapper - ok
20:01:24.0576 4376 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:01:24.0591 4376 RpcLocator - ok
20:01:24.0622 4376 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:01:24.0669 4376 RpcSs - ok
20:01:24.0700 4376 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:01:24.0747 4376 rspndr - ok
20:01:24.0763 4376 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
20:01:24.0778 4376 s3cap - ok
20:01:24.0810 4376 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:01:24.0825 4376 SamSs - ok
20:01:24.0841 4376 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:01:24.0856 4376 sbp2port - ok
20:01:24.0888 4376 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:01:24.0919 4376 SCardSvr - ok
20:01:24.0950 4376 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:01:24.0981 4376 scfilter - ok
20:01:25.0075 4376 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
20:01:25.0137 4376 Schedule - ok
20:01:25.0168 4376 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:01:25.0200 4376 SCPolicySvc - ok
20:01:25.0246 4376 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
20:01:25.0278 4376 sdbus - ok
20:01:25.0309 4376 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
20:01:25.0340 4376 SDRSVC - ok
20:01:25.0387 4376 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:01:25.0418 4376 secdrv - ok
20:01:25.0449 4376 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
20:01:25.0480 4376 seclogon - ok
20:01:25.0512 4376 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
20:01:25.0558 4376 SENS - ok
20:01:25.0558 4376 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:01:25.0590 4376 SensrSvc - ok
20:01:25.0636 4376 Sentinel64 (84ac127242dd3ccde02f9a4673214b1f) C:\Windows\System32\Drivers\Sentinel64.sys
20:01:25.0636 4376 Sentinel64 - ok
20:01:25.0668 4376 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
20:01:25.0699 4376 Serenum - ok
20:01:25.0714 4376 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
20:01:25.0730 4376 Serial - ok
20:01:25.0746 4376 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
20:01:25.0777 4376 sermouse - ok
20:01:25.0808 4376 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
20:01:25.0870 4376 SessionEnv - ok
20:01:25.0870 4376 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
20:01:25.0886 4376 sffdisk - ok
20:01:25.0933 4376 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:01:25.0964 4376 sffp_mmc - ok
20:01:25.0980 4376 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:01:26.0011 4376 sffp_sd - ok
20:01:26.0011 4376 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
20:01:26.0026 4376 sfloppy - ok
20:01:26.0073 4376 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:01:26.0136 4376 SharedAccess - ok
20:01:26.0182 4376 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
20:01:26.0229 4376 ShellHWDetection - ok
20:01:26.0245 4376 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
20:01:26.0260 4376 SiSRaid2 - ok
20:01:26.0276 4376 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
20:01:26.0292 4376 SiSRaid4 - ok
20:01:26.0370 4376 SkypeUpdate (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files (x86)\Skype\Updater\Updater.exe
20:01:26.0385 4376 SkypeUpdate - ok
20:01:26.0416 4376 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:01:26.0448 4376 Smb - ok
20:01:26.0494 4376 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:01:26.0510 4376 SNMPTRAP - ok
20:01:26.0557 4376 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:01:26.0572 4376 spldr - ok
20:01:26.0604 4376 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
20:01:26.0650 4376 Spooler - ok
20:01:26.0869 4376 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
20:01:26.0978 4376 sppsvc - ok
20:01:27.0087 4376 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:01:27.0134 4376 sppuinotify - ok
20:01:27.0181 4376 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:01:27.0212 4376 srv - ok
20:01:27.0243 4376 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:01:27.0274 4376 srv2 - ok
20:01:27.0337 4376 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
20:01:27.0352 4376 SrvHsfHDA - ok
20:01:27.0462 4376 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
20:01:27.0508 4376 SrvHsfV92 - ok
20:01:27.0664 4376 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
20:01:27.0680 4376 SrvHsfWinac - ok
20:01:27.0711 4376 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:01:27.0727 4376 srvnet - ok
20:01:27.0758 4376 sscdbus (ed161b91fdf7eaa39469d72d463d5f4e) C:\Windows\system32\DRIVERS\sscdbus.sys
20:01:27.0774 4376 sscdbus - ok
20:01:27.0774 4376 sscdmdfl (4cb09e77593dbd8d7af33b37375ca715) C:\Windows\system32\DRIVERS\sscdmdfl.sys
20:01:27.0789 4376 sscdmdfl - ok
20:01:27.0820 4376 sscdmdm (c7b4cf53497a6e5363f3439427663882) C:\Windows\system32\DRIVERS\sscdmdm.sys
20:01:27.0836 4376 sscdmdm - ok
20:01:27.0883 4376 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:01:27.0930 4376 SSDPSRV - ok
20:01:27.0945 4376 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:01:27.0992 4376 SstpSvc - ok
20:01:28.0008 4376 StarOpen - ok
20:01:28.0023 4376 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
20:01:28.0039 4376 stexstor - ok
20:01:28.0101 4376 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
20:01:28.0132 4376 stisvc - ok
20:01:28.0164 4376 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
20:01:28.0179 4376 storflt - ok
20:01:28.0195 4376 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
20:01:28.0210 4376 StorSvc - ok
20:01:28.0242 4376 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
20:01:28.0257 4376 storvsc - ok
20:01:28.0273 4376 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
20:01:28.0288 4376 swenum - ok
20:01:28.0335 4376 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:01:28.0398 4376 swprv - ok
20:01:28.0460 4376 SynTP (ed6d1424e5b0c21a57b28dd8508d6843) C:\Windows\system32\DRIVERS\SynTP.sys
20:01:28.0476 4376 SynTP - ok
20:01:28.0600 4376 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
20:01:28.0663 4376 SysMain - ok
20:01:28.0772 4376 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
20:01:28.0803 4376 TabletInputService - ok
20:01:28.0834 4376 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
20:01:28.0881 4376 TapiSrv - ok
20:01:28.0912 4376 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:01:28.0944 4376 TBS - ok
20:01:29.0100 4376 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
20:01:29.0146 4376 Tcpip - ok
20:01:29.0349 4376 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
20:01:29.0396 4376 TCPIP6 - ok
20:01:29.0474 4376 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:01:29.0521 4376 tcpipreg - ok
20:01:29.0536 4376 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:01:29.0568 4376 TDPIPE - ok
20:01:29.0599 4376 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:01:29.0630 4376 TDTCP - ok
20:01:29.0661 4376 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:01:29.0692 4376 tdx - ok
20:01:29.0708 4376 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
20:01:29.0724 4376 TermDD - ok
20:01:29.0817 4376 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
20:01:29.0880 4376 TermService - ok
20:01:29.0880 4376 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:01:29.0911 4376 Themes - ok
20:01:29.0942 4376 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:01:29.0973 4376 THREADORDER - ok
20:01:30.0004 4376 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:01:30.0051 4376 TrkWks - ok
20:01:30.0098 4376 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
20:01:30.0160 4376 TrustedInstaller - ok
20:01:30.0176 4376 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:01:30.0223 4376 tssecsrv - ok
20:01:30.0254 4376 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:01:30.0270 4376 TsUsbFlt - ok
20:01:30.0301 4376 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
20:01:30.0332 4376 TsUsbGD - ok
20:01:30.0363 4376 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:01:30.0394 4376 tunnel - ok
20:01:30.0426 4376 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
20:01:30.0441 4376 uagp35 - ok
20:01:30.0472 4376 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:01:30.0519 4376 udfs - ok
20:01:30.0566 4376 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:01:30.0597 4376 UI0Detect - ok
20:01:30.0597 4376 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:01:30.0613 4376 uliagpkx - ok
20:01:30.0644 4376 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
20:01:30.0675 4376 umbus - ok
20:01:30.0691 4376 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
20:01:30.0722 4376 UmPass - ok
20:01:30.0769 4376 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
20:01:30.0800 4376 UmRdpService - ok
20:01:30.0847 4376 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:01:30.0894 4376 upnphost - ok
20:01:30.0925 4376 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:01:30.0940 4376 usbccgp - ok
20:01:30.0987 4376 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:01:31.0003 4376 usbcir - ok
20:01:31.0018 4376 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
20:01:31.0050 4376 usbehci - ok
20:01:31.0081 4376 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:01:31.0112 4376 usbhub - ok
20:01:31.0143 4376 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
20:01:31.0159 4376 usbohci - ok
20:01:31.0159 4376 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:01:31.0190 4376 usbprint - ok
20:01:31.0206 4376 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:01:31.0237 4376 USBSTOR - ok
20:01:31.0252 4376 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
20:01:31.0268 4376 usbuhci - ok
20:01:31.0315 4376 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
20:01:31.0362 4376 usbvideo - ok
20:01:31.0393 4376 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:01:31.0440 4376 UxSms - ok
20:01:31.0486 4376 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:01:31.0502 4376 VaultSvc - ok
20:01:31.0518 4376 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:01:31.0533 4376 vdrvroot - ok
20:01:31.0580 4376 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
20:01:31.0627 4376 vds - ok
20:01:31.0658 4376 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:01:31.0674 4376 vga - ok
20:01:31.0689 4376 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:01:31.0752 4376 VgaSave - ok
20:01:31.0783 4376 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:01:31.0798 4376 vhdmp - ok
20:01:31.0798 4376 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:01:31.0814 4376 viaide - ok
20:01:31.0845 4376 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
20:01:31.0876 4376 vmbus - ok
20:01:31.0892 4376 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
20:01:31.0908 4376 VMBusHID - ok
20:01:31.0939 4376 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:01:31.0954 4376 volmgr - ok
20:01:31.0986 4376 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:01:32.0001 4376 volmgrx - ok
20:01:32.0032 4376 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:01:32.0048 4376 volsnap - ok
20:01:32.0157 4376 vpnagent (f937e203d6f18fad36b68d92df02775d) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
20:01:32.0173 4376 vpnagent - ok
20:01:32.0188 4376 vpnva (845dae50510383b7f6aca73ce2099048) C:\Windows\system32\DRIVERS\vpnva64.sys
20:01:32.0204 4376 vpnva - ok
20:01:32.0235 4376 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
20:01:32.0251 4376 vsmraid - ok
20:01:32.0360 4376 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
20:01:32.0438 4376 VSS - ok
20:01:32.0563 4376 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
20:01:32.0594 4376 vwifibus - ok
20:01:32.0641 4376 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:01:32.0688 4376 W32Time - ok
20:01:32.0703 4376 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
20:01:32.0719 4376 WacomPen - ok
20:01:32.0766 4376 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:01:32.0812 4376 WANARP - ok
20:01:32.0828 4376 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:01:32.0859 4376 Wanarpv6 - ok
20:01:32.0968 4376 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
20:01:33.0015 4376 wbengine - ok
20:01:33.0124 4376 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:01:33.0156 4376 WbioSrvc - ok
20:01:33.0187 4376 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
20:01:33.0218 4376 wcncsvc - ok
20:01:33.0234 4376 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:01:33.0249 4376 WcsPlugInService - ok
20:01:33.0312 4376 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
20:01:33.0327 4376 Wd - ok
20:01:33.0374 4376 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:01:33.0390 4376 Wdf01000 - ok
20:01:33.0405 4376 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:01:33.0436 4376 WdiServiceHost - ok
20:01:33.0452 4376 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:01:33.0468 4376 WdiSystemHost - ok
20:01:33.0499 4376 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
20:01:33.0530 4376 WebClient - ok
20:01:33.0561 4376 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:01:33.0608 4376 Wecsvc - ok
20:01:33.0639 4376 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:01:33.0670 4376 wercplsupport - ok
20:01:33.0702 4376 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:01:33.0748 4376 WerSvc - ok
20:01:33.0795 4376 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:01:33.0842 4376 WfpLwf - ok
20:01:33.0858 4376 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:01:33.0873 4376 WIMMount - ok
20:01:33.0920 4376 winbondcir (54d68b92dc59fbba95919c804a7c3e07) C:\Windows\system32\DRIVERS\winbondcir.sys
20:01:33.0936 4376 winbondcir - ok
20:01:33.0951 4376 WinDefend - ok
20:01:33.0967 4376 WinHttpAutoProxySvc - ok
20:01:34.0014 4376 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:01:34.0060 4376 Winmgmt - ok
20:01:34.0201 4376 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
20:01:34.0279 4376 WinRM - ok
20:01:34.0419 4376 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:01:34.0450 4376 WinUsb - ok
20:01:34.0513 4376 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:01:34.0560 4376 Wlansvc - ok
20:01:34.0591 4376 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:01:34.0606 4376 WmiAcpi - ok
20:01:34.0669 4376 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:01:34.0716 4376 wmiApSrv - ok
20:01:34.0762 4376 WMPNetworkSvc - ok
20:01:34.0794 4376 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:01:34.0809 4376 WPCSvc - ok
20:01:34.0840 4376 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
20:01:34.0856 4376 WPDBusEnum - ok
20:01:34.0872 4376 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:01:34.0918 4376 ws2ifsl - ok
20:01:34.0934 4376 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
20:01:34.0965 4376 wscsvc - ok
20:01:34.0981 4376 WSearch - ok
20:01:35.0137 4376 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
20:01:35.0199 4376 wuauserv - ok
20:01:35.0324 4376 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:01:35.0371 4376 WudfPf - ok
20:01:35.0402 4376 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:01:35.0449 4376 WUDFRd - ok
20:01:35.0480 4376 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
20:01:35.0511 4376 wudfsvc - ok
20:01:35.0542 4376 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:01:35.0574 4376 WwanSvc - ok
20:01:35.0620 4376 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:01:35.0917 4376 \Device\Harddisk0\DR0 - ok
20:01:35.0932 4376 Boot (0x1200) (86962d203fe153d8ddcf18976c8939f5) \Device\Harddisk0\DR0\Partition0
20:01:35.0932 4376 \Device\Harddisk0\DR0\Partition0 - ok
20:01:35.0964 4376 Boot (0x1200) (e4982c91bebb6a03bedc517d9cbc03e6) \Device\Harddisk0\DR0\Partition1
20:01:35.0964 4376 \Device\Harddisk0\DR0\Partition1 - ok
20:01:35.0979 4376 Boot (0x1200) (5ff4771ad7c75b5ef59d6fd609cdf72b) \Device\Harddisk0\DR0\Partition2
20:01:35.0979 4376 \Device\Harddisk0\DR0\Partition2 - ok
20:01:35.0979 4376 ============================================================
20:01:35.0979 4376 Scan finished
20:01:35.0979 4376 ============================================================
20:01:35.0995 5072 Detected object count: 0
20:01:35.0995 5072 Actual detected object count: 0
Code:
ATTFilter 20:05:09.0604 4688 Deinitialize success
Eins ist mir aufgefallen: Es werden die Dateiendungen nicht mehr angezeigt. Ich glaube, das ist so seit dem Fix mit OTL. War das gewollt? Ich selber habe da in letzter Zeit nichts dran eingestellt, bisher wurden sie immer angezeigt. Kann ich die Dateiendungen wieder einschalten? Viele Grüße, Rumpel |
|
03.07.2012, 12:26
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 14 Funde bei AntiVir nach erscheinen des JAVA Logos (EXP/2008-5353.AR,EXP/CVE-2011-3544.CF) Ja sicher kannst du diese Anzeigeeinstellung machen, das ist doch nichts weiter als eine ziemlich banale Ansichtsoption Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.07.2012, 11:36
| #15 |
| | 14 Funde bei AntiVir nach erscheinen des JAVA Logos (EXP/2008-5353.AR,EXP/CVE-2011-3544.CF) Hallo Arne! Hat etwas länger gedauert, weil ich mir das Tutorium doch erst ausdrucken wollte. Zu den Endungen nochmal: Ich wollte dir nur die Veränderung mitteilen, weil ich nicht beurteilen konnte, ob das irgendein Programm im Hintergrund gestellt hat oder durch den Fix kam. Hab das ComboFix laufen lassen. Und es gab keine Auffälligkeiten. Hier der Log: Combofix Logfile: Code:
ATTFilter ComboFix 12-07-02.01 - *** 04.07.2012 11:47:44.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4094.2929 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\users\+++~1\AppData\Local\Temp\RtkBtMnt.exe
c:\users\***\AppData\Local\Temp\RtkBtMnt.exe
c:\users\***\AppData\Local\TempDIR
c:\users\***\AppData\Local\TempDIR\WindowsXP-KB893357-v2-x86-DEU.exe
c:\users\***\AppData\Local\TempDIR\WindowsXP-KB917021-v3-x86-DEU.exe
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-04 bis 2012-07-04 ))))))))))))))))))))))))))))))
.
.
2012-07-03 09:02 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{708C552D-EF0A-48B1-A1D4-30434AD6829A}\mpengine.dll
2012-07-02 13:39 . 2012-07-02 13:39 -------- d-----w- C:\_OTL
2012-07-01 15:49 . 2012-07-01 15:49 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-01 15:49 . 2012-07-01 15:49 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-29 17:07 . 2012-06-29 17:07 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2012-06-29 17:07 . 2012-06-29 17:07 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-29 17:07 . 2012-06-29 17:07 -------- d-----w- c:\programdata\Malwarebytes
2012-06-29 17:07 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-24 13:18 . 2012-06-24 13:18 -------- d-----w- c:\users\***\AppData\Local\ElevatedDiagnostics
2012-06-24 05:03 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-24 05:03 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-24 05:03 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-24 05:03 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-24 05:03 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-24 05:03 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-24 05:03 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-24 05:03 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-24 05:03 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-23 09:56 . 2012-06-23 09:56 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-06-23 09:56 . 2012-06-23 09:56 -------- d-----w- c:\program files (x86)\Java
2012-06-19 15:51 . 2012-06-19 15:52 -------- d-----w- c:\programdata\LogiShrd
2012-06-19 15:51 . 2012-06-19 15:51 -------- d-----w- c:\program files\Common Files\LogiShrd
2012-06-15 05:32 . 2012-06-15 05:32 -------- d-----w- c:\users\***\AppData\Local\Macromedia
2012-06-14 00:59 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-12 06:37 . 2012-06-12 06:37 -------- d-----w- c:\program files (x86)\Common Files\Aladdin Shared
2012-06-12 06:37 . 2009-04-21 10:59 2869760 ----a-w- c:\windows\system32\hasplms.exe
2012-06-12 06:36 . 2009-08-26 05:48 71040 ----a-w- c:\windows\system32\drivers\aksdf.sys
2012-06-12 06:36 . 2009-04-30 12:28 11776 ----a-w- c:\windows\system32\akshsp51.dll
2012-06-12 06:36 . 2009-03-13 09:55 53760 ----a-w- c:\windows\system32\drivers\akshasp.sys
2012-06-12 06:36 . 2009-03-13 09:55 318464 ----a-w- c:\windows\system32\drivers\hardlock.sys
2012-06-12 06:36 . 2009-03-13 09:55 25344 ----a-w- c:\windows\system32\drivers\aksusb.sys
2012-06-12 06:36 . 2008-12-19 12:46 33792 ----a-w- c:\windows\system32\akshhl27.dll
2012-06-12 06:36 . 2008-12-19 12:43 71168 ----a-w- c:\windows\system32\aksusb3.dll
2012-06-12 06:36 . 2007-11-23 10:35 14848 ----a-w- c:\windows\system32\drivers\aksclass.sys
2012-06-12 06:34 . 2009-10-26 00:21 111104 ----a-w- c:\windows\SysWow64\PropShellEx.dll
2012-06-12 06:34 . 2009-10-26 00:21 274432 ----a-w- c:\windows\SysWow64\ThmShellEx.dll
2012-06-12 06:34 . 2008-11-14 15:18 631592 ----a-w- c:\windows\SysWow64\msvcr80.dll
2012-06-12 06:34 . 2008-11-14 15:18 348968 ----a-w- c:\windows\SysWow64\msvcr70.dll
2012-06-12 06:34 . 2008-11-14 15:18 553768 ----a-w- c:\windows\SysWow64\msvcp80.dll
2012-06-12 06:34 . 2008-11-14 15:18 492328 ----a-w- c:\windows\SysWow64\msvcp70.dll
2012-06-12 06:34 . 2008-11-14 15:18 484136 ----a-w- c:\windows\SysWow64\msvcm80.dll
2012-06-12 06:34 . 2008-11-14 15:18 1097512 ----a-w- c:\windows\SysWow64\mfc80u.dll
2012-06-12 06:34 . 2008-11-14 15:18 504616 ----a-w- c:\windows\SysWow64\MSVCP71.DLL
2012-06-12 06:34 . 2008-11-14 15:18 1106728 ----a-w- c:\windows\SysWow64\mfc80.dll
2012-06-12 06:34 . 2008-11-14 15:18 979752 ----a-w- c:\windows\SysWow64\mfc70.dll
2012-06-12 06:33 . 2012-06-12 06:35 -------- d-----w- c:\program files (x86)\Common Files\Dlubal
2012-06-12 06:33 . 2012-06-12 06:35 -------- d-----w- c:\program files (x86)\Dlubal
2012-06-12 06:33 . 2012-06-12 06:36 -------- d-----w- c:\programdata\Dlubal
2012-06-07 15:35 . 2012-06-07 15:35 10744 ----a-w- c:\windows\SysWow64\vpncategories.dll
2012-06-07 15:35 . 2012-06-07 15:35 33272 ----a-w- c:\windows\SysWow64\vpnevents.dll
2012-06-06 05:13 . 2012-06-06 05:15 -------- d-----w- c:\users\***\AppData\Roaming\pdfforge
2012-06-06 05:13 . 2012-05-14 07:21 94208 ----a-w- c:\windows\system32\pdfcmon.dll
2012-06-06 05:13 . 2004-03-08 23:00 662288 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX
2012-06-06 05:13 . 1998-06-23 23:00 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX
2012-06-06 05:13 . 2012-06-06 05:13 -------- d-----w- c:\program files (x86)\PDFCreator
2012-06-06 05:13 . 1998-07-06 16:56 125712 ----a-w- c:\windows\SysWow64\VB6DE.DLL
2012-06-06 05:13 . 1998-07-06 16:55 158208 ----a-w- c:\windows\SysWow64\MSCMCDE.DLL
2012-06-06 05:13 . 1998-07-06 16:55 64512 ----a-w- c:\windows\SysWow64\MSCC2DE.DLL
2012-06-06 05:13 . 1998-07-05 23:00 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 09:56 . 2011-11-18 15:52 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-15 05:32 . 2012-03-29 20:04 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-15 05:32 . 2011-11-09 18:53 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-07 15:25 . 2011-05-18 11:12 27048 ----a-w- c:\windows\system32\drivers\vpnva64.sys
2012-06-07 15:24 . 2011-09-09 15:59 107432 ----a-r- c:\windows\system32\drivers\acsock64.sys
2012-05-08 21:10 . 2011-11-11 13:25 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-08 21:10 . 2011-11-11 13:25 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-06 21:37 . 2012-03-29 20:37 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-06-07 522744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [2012-06-07 107432]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-01 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 46592]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-19 27760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-22 279616]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [2009-08-26 71040]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [2007-04-27 142120]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-06-07 478712]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 nuvotoncir;Nuvoton IR Transceiver;c:\windows\system32\DRIVERS\nuvotoncir.sys [2009-06-24 48128]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-04 c:\windows\Tasks\MATLAB R2011b Startup Accelerator.job
- c:\program files\MATLAB\R2011b\bin\win64\MATLABStartupAccelerator.exe [2012-01-18 14:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-23 7981600]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: Interfaces\{0ED86950-1512-4D79-83CB-751C7CBB0338}: NameServer = 193.194.148.20 193.194.149.101
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\epj6lbtx.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-RuckZuck 4.0 Studentenversion - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\system32\hasplms.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-04 12:09:09 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-07-04 10:09
.
Vor Suchlauf: 8 Verzeichnis(se), 93.207.334.912 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 92.689.616.896 Bytes frei
.
- - End Of File - - 85A17E68DFE7EE79B79B2C587C40D67F
*** ist wie immer der Standard Nutzer. +++ ist eine Abkürzung von diesem Standardnutzer gewesen, die ComboFix wohl gemacht hat. Ist ja aber an ~ zu erkennen. Anschließend 2 kleine Auffälligkeiten: 1) Ich konnte Firefox nicht direkt starten. Es kam die von dir schon angesprochene Fehlermeldung und ich habe auf die anschließende Frage (irgendwas löschen) mit "nein" geantwortet und den Laptop neu gestartet. 2) In dem Moment, als ich auf neu starten geklickt habe, hab ich gesehen, dass neben "herunterfahren" dieses Warndreieck für Windows Updates war. Leider zu spät. Er hat dann ganz normal heruntergefahren und neu gestartet, wahrscheinlich keine Updates installiert (zumindest nicht so, dass er es einem sagt). Nach dem Neustart alles gut. Allerdings ist das Warndreieck weg. Warte nun auf weitere Anweisungen von dir. Hab grad nochmal geguckt: Das Zeichen für Windows Updates ist wieder da. Viele Grüße, Rumpel |
|
| Themen zu 14 Funde bei AntiVir nach erscheinen des JAVA Logos (EXP/2008-5353.AR,EXP/CVE-2011-3544.CF) |
| 4d36e972-e325-11ce-bfc1-08002be10318, 64 bit system, 7-zip, antivir, antivirus, any video converter, avira, avira rescue, bho, checkliste, converter, desktop, device driver, document, error, exp/2008-5353.ar, exp/cve-2011-3544.cf, failed, firefox, firfox, flash player, helper, homepage, kunde, langs, logfile, maus, microsoft office word, nt.dll, nvidia update, object, plug-in, popup, programm, realtek, rescue cd, richtlinie, scan, schweden, searchscopes, security, senden, starten, svchost.exe, system, trojaner-board, version=1.0, verweise, win 7 64 bit, win64, windows |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
