| |
| |||||||
Log-Analyse und Auswertung: Avira findet 'TR/Crypt.ZPACK.Gen' und 'TR/Agent.53248.57'Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
19.10.2012, 17:43
| #1 |
| |  Avira findet 'TR/Crypt.ZPACK.Gen' und 'TR/Agent.53248.57' Hallo! Avira hat Dienstag- und Mittwochabend nachfolgende Viren gefunden und in Quarantäne gelegt. Seitdem ist wieder alles ruhig. Hier die Ereignisse von avira: Code:
ATTFilter
Echzeit Scanner: Malware gefunden
Datum/Uhrzeit: 16.10.2012, 23:01:01
In der Datei 'C:\$Recycle.Bin\S-1-5-21-3374835662-2939492500-1884947871-1000\$413b70cc2dcfaf99870c327cd61c6d79\n'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
Echzeit Scanner: Malware gefunden
Datum/Uhrzeit: 16.10.2012, 23:01:04
In der Datei 'C:\Users\Doeni\AppData\Local\Temp\msimg32.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen' [trojan] gefunden.
Ausgeführte Aktion: Übergeben an Scanner
Echzeit Scanner: Malware gefunden
Datum/Uhrzeit: 16.10.2012, 23:01:04
In der Datei 'C:\$Recycle.Bin\S-1-5-21-3374835662-2939492500-1884947871-1000\$413b70cc2dcfaf99870c327cd61c6d79\n'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen' [trojan] gefunden.
Ausgeführte Aktion: Übergeben an Scanner
System Scanner: Malware gefunden
Datum/Uhrzeit: 16.10.2012, 23:02:38
Die Datei 'C:\Users\Doeni\AppData\Local\Temp\msimg32.dll'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen' [trojan].
Durchgeführte Aktion(en):
Eine Sicherungskopie wurde unter dem Namen 56c7602a.qua erstellt ( QUARANTÄNE ).
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4e504fb5.qua' verschoben!
System Scanner: Malware gefunden
Datum/Uhrzeit: 16.10.2012, 23:13:31
Die Datei 'C:\$Recycle.Bin\S-1-5-21-3374835662-2939492500-1884947871-1000\$413b70cc2dcfaf99870c327cd61c6d79\n'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen' [trojan].
Durchgeführte Aktion(en):
Eine Sicherungskopie wurde unter dem Namen 55446519.qua erstellt ( QUARANTÄNE ).
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4dd34b46.qua' verschoben!
Echzeit Scanner: Malware gefunden
Datum/Uhrzeit: 17.10.2012, 20:03:22
In der Datei 'C:\Users\Doeni\sudbyzquxqus.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Agent.53248.57' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
System Scanner: Malware gefunden
Datum/Uhrzeit: 17.10.2012, 20:11:28
Die Datei 'C:\Users\Doeni\sudbyzquxqus.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Agent.53248.57' [trojan].
Durchgeführte Aktion(en):
Eine Sicherungskopie wurde unter dem Namen 55695576.qua erstellt ( QUARANTÄNE ).
Der Registrierungseintrag <HKEY_USERS\S-1-5-21-3374835662-2939492500-1884947871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sudbyzquxqus> wurde erfolgreich repariert.
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4dfe7a91.qua' verschoben!
Echzeit Scanner: Malware gefunden
Datum/Uhrzeit: 17.10.2012, 20:31:50
In der Datei 'C:\Users\Doeni\AppData\Local\Temp\7290129.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Agent.53248.57' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
System Scanner: Malware gefunden
Datum/Uhrzeit: 17.10.2012, 21:01:04
Die Datei 'C:\Users\Doeni\AppData\Local\Temp\7290129.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Agent.53248.57' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '559ba191.qua' verschoben!
Habe defogger benutzt: defogger_disable by jpshortstuff (23.02.10.1) Log created at 15:56 on 19/10/2012 (Doeni) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... Unable to read sptd.sys SPTD -> Disabled (Service running -> reboot required) -=E.O.F=- Hier nun OTL.txt: Code:
ATTFilter OTL logfile created on: 19.10.2012 16:04:45 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Doeni\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19328) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 56,61% Memory free 4,21 Gb Paging File | 3,18 Gb Available in Paging File | 75,54% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 126,95 Gb Total Space | 18,43 Gb Free Space | 14,52% Space Free | Partition Type: NTFS Drive E: | 78,12 Gb Total Space | 17,10 Gb Free Space | 21,89% Space Free | Partition Type: NTFS Drive P: | 27,80 Gb Total Space | 10,79 Gb Free Space | 38,80% Space Free | Partition Type: NTFS Computer Name: DOENI-PC | User Name: Doeni | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.19 16:04:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Doeni\Downloads\OTL.exe PRC - [2012.08.09 10:25:14 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.09.14 00:26:26 | 000,573,104 | ---- | M] (Crawler.com) -- C:\Programme\Spyware Terminator\st_rsser.exe PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2007.03.28 20:47:34 | 000,021,504 | ---- | M] (UPEK Inc.) -- C:\Programme\Protector Suite QL\upeksvr.exe PRC - [2007.03.28 20:30:18 | 000,053,776 | ---- | M] (UPEK Inc.) -- C:\Programme\Protector Suite QL\psqltray.exe PRC - [2006.10.05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.09.14 00:26:26 | 000,573,104 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Programme\Spyware Terminator\st_rsser.exe -- (ST2012_Svc) SRV - [2010.12.30 00:14:07 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.06.02 11:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.03.29 05:42:42 | 000,029,704 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.10.05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wdcsam.sys -- (WDC_SAM) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.06.21 11:24:06 | 000,032,768 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2) DRV - [2010.06.23 10:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.08.27 09:53:18 | 000,027,488 | ---- | M] (CSR, plc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp) DRV - [2009.04.29 16:47:47 | 000,682,232 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2009.02.09 09:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2009.02.09 09:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2009.02.09 09:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2009.02.09 09:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2008.10.09 15:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV - [2008.08.26 11:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.06.26 06:30:50 | 003,662,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2007.10.18 13:33:48 | 000,119,424 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl) DRV - [2007.04.11 10:40:14 | 000,046,592 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR) DRV - [2007.04.11 10:40:10 | 000,063,488 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR) DRV - [2007.04.11 10:40:06 | 000,067,584 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR) DRV - [2006.10.05 12:39:40 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.belinea.de IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.belinea.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 FE 70 16 64 8F CD 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/ie.aspx?q={searchTerms} IE - HKCU\..\SearchScopes\Google.de: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.tagesschau.de" FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.0.2 FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a66}:0.6.2.15 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3.1 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: P:\itunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: P:\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: P:\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: P:\codecs\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: P:\codecs\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: P:\adobe\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: P:\Nokia PC Suite 7\bkmrksync\ [2009.10.28 20:26:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.08 15:31:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.08 15:31:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: P:\Mozilla Sunbird\components [2012.01.08 15:31:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: P:\Mozilla Sunbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: P:\thunderbird\components [2012.01.08 15:31:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: P:\thunderbird\plugins [2012.01.08 15:31:18 | 000,000,000 | ---D | M] [2009.01.16 13:25:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doeni\AppData\Roaming\mozilla\Extensions [2012.10.18 21:02:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doeni\AppData\Roaming\mozilla\Firefox\Profiles\knc1cg7b.default\extensions [2011.06.25 16:46:11 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Doeni\AppData\Roaming\mozilla\Firefox\Profiles\knc1cg7b.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2011.06.25 16:46:09 | 000,000,000 | ---D | M] (Favicon Picker 2) -- C:\Users\Doeni\AppData\Roaming\mozilla\Firefox\Profiles\knc1cg7b.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a66} [2011.05.19 21:40:38 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Users\Doeni\AppData\Roaming\mozilla\Firefox\Profiles\knc1cg7b.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8} [2009.04.01 22:40:04 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Doeni\AppData\Roaming\mozilla\Firefox\Profiles\knc1cg7b.default\extensions\moveplayer@movenetworks.com [2009.01.16 13:25:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doeni\AppData\Roaming\mozilla\Firefox\Profiles\knc1cg7b.default\extensions\toolbar_extras@de.yahoo.com [2009.12.02 15:51:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doeni\AppData\Roaming\mozilla\Sunbird\Profiles\33a9gc06.default\extensions [2010.10.20 13:24:24 | 000,002,895 | ---- | M] () -- C:\Users\Doeni\AppData\Roaming\mozilla\firefox\profiles\knc1cg7b.default\searchplugins\blackle.xml [2012.03.13 22:37:03 | 000,002,289 | ---- | M] () -- C:\Users\Doeni\AppData\Roaming\mozilla\firefox\profiles\knc1cg7b.default\searchplugins\ecosia.xml [2010.03.31 13:57:34 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.01.16 13:25:33 | 000,000,000 | ---D | M] (Yahoo! Deutschland Toolbar und Extras) -- C:\Programme\Mozilla Firefox\extensions\toolbar_extras@de.yahoo.com [2009.11.23 15:57:32 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010.03.31 13:57:34 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [2010.04.04 23:36:42 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.04.04 23:36:42 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.04.04 23:36:42 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.04.04 23:36:42 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.04.04 23:36:42 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - P:\java\bin\jp2ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Regedit32] C:\Windows\system32\regedit.exe File not found O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableCAD = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 9 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - P:\office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Doeni\Desktop\PartyPoker.lnk File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Doeni\Desktop\PartyPoker.lnk File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21C445E5-65D2-42D3-A32A-7C08AAEC225D}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.) O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.) O24 - Desktop WallPaper: C:\Users\Doeni\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Doeni\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{b2b15813-6356-11df-b6d6-001d92144282}\Shell - "" = AutoRun O33 - MountPoints2\{b2b15813-6356-11df-b6d6-001d92144282}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{f3c8173c-f2cc-11de-9feb-001d924d5491}\Shell\AutoRun\command - "" = G:\Toshiba\more4you.exe O33 - MountPoints2\{f58238ed-2cec-11df-9b94-001d92144282}\Shell - "" = AutoRun O33 - MountPoints2\{f58238ed-2cec-11df-9b94-001d92144282}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.19 16:01:36 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.19 16:01:35 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.19 16:01:07 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.19 16:00:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.19 15:57:17 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.10.19 15:57:01 | 000,000,020 | ---- | M] () -- C:\Users\Doeni\defogger_reenable [2012.10.19 15:54:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.19 15:31:12 | 001,745,776 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.10.15 14:39:00 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012.10.12 17:47:32 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.10.12 17:47:32 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.10.12 17:47:32 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.10.12 17:47:32 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.10.12 17:44:12 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2012.10.01 19:54:37 | 000,105,472 | ---- | M] () -- C:\Users\Doeni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.19 15:56:38 | 000,000,020 | ---- | C] () -- C:\Users\Doeni\defogger_reenable [2012.06.14 19:52:18 | 000,072,220 | ---- | C] () -- C:\Users\Doeni\ESt2011_Kölzer_Sarah.elfo [2011.10.20 21:59:30 | 000,007,596 | ---- | C] () -- C:\Users\Doeni\ESt2010_Kölzer_Sarah.elfo [2011.09.17 12:39:50 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys [2011.08.05 18:32:35 | 000,000,680 | RHS- | C] () -- C:\Users\Doeni\ntuser.pol [2010.03.15 17:54:31 | 000,004,096 | -H-- | C] () -- C:\Users\Doeni\AppData\Local\keyfile3.drm [2009.05.25 18:20:02 | 000,110,241 | ---- | C] () -- C:\Users\Doeni\AppData\Roaming\mdbu.bin [2009.02.14 03:10:39 | 000,000,680 | ---- | C] () -- C:\Users\Doeni\AppData\Local\d3d9caps.dat [2009.01.16 13:41:43 | 000,105,472 | ---- | C] () -- C:\Users\Doeni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] "ThreadingModel" = Both "" = C:\$Recycle.Bin\S-1-5-21-3374835662-2939492500-1884947871-1000\$413b70cc2dcfaf99870c327cd61c6d79\n. [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.03.28 17:30:23 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\46developments [2011.11.01 17:35:26 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\Aegisub [2012.02.10 16:15:13 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\Audacity [2012.06.24 15:03:32 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\Azureus [2010.11.04 12:06:48 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\Canon [2012.06.07 10:07:45 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\Dropbox [2011.10.20 21:27:14 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\elsterformular [2009.03.17 22:59:46 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\FreeDoko [2011.01.08 18:38:50 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\GARMIN [2009.07.14 18:22:46 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\ICQ [2009.10.28 19:59:36 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\Jumping Bytes [2011.11.01 19:39:11 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\mkvtoolnix [2009.10.29 10:37:13 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\Mobile Master [2009.10.29 11:08:45 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\Nokia [2010.03.29 14:54:25 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\Notepad++ [2009.10.28 20:34:10 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\PC Suite [2010.10.28 14:27:46 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\ProtectDisc [2011.09.17 12:39:50 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\Spyware Terminator [2010.07.25 13:46:50 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\streamripper [2010.07.25 14:00:09 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\TheLastRipper [2009.01.27 10:41:29 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\Thunderbird [2009.02.10 02:10:36 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\TuneUp Software [2011.11.01 19:29:52 | 000,000,000 | ---D | M] -- C:\Users\Doeni\AppData\Roaming\XMedia Recode ========== Purity Check ========== < End of report > und Extra.txt : Code:
ATTFilter OTL Extras logfile created on: 19.10.2012 16:04:45 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Doeni\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19328)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 56,61% Memory free
4,21 Gb Paging File | 3,18 Gb Available in Paging File | 75,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 126,95 Gb Total Space | 18,43 Gb Free Space | 14,52% Space Free | Partition Type: NTFS
Drive E: | 78,12 Gb Total Space | 17,10 Gb Free Space | 21,89% Space Free | Partition Type: NTFS
Drive P: | 27,80 Gb Total Space | 10,79 Gb Free Space | 38,80% Space Free | Partition Type: NTFS
Computer Name: DOENI-PC | User Name: Doeni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "P:\office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "P:\office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- P:\vlc\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm Fotowelt] -- "P:\dm Fotowelt\dm Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- P:\vlc\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "P:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "P:\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "P:\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01153A24-E918-4E76-85F1-DA089DE2700B}" = rport=138 | protocol=17 | dir=out | app=system |
"{0F630F58-73F5-4317-9DD5-B747E596B450}" = rport=139 | protocol=6 | dir=out | app=system |
"{127BC208-63BB-4790-813E-385B85468031}" = rport=137 | protocol=17 | dir=out | app=system |
"{2DA088D6-6E82-427F-8E71-11D14F79F906}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{365338D6-A429-4CAC-ACCA-F2C38164422B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{37BEABEA-BF8E-4893-A9C1-5292687EFCD6}" = rport=445 | protocol=6 | dir=out | app=system |
"{DEA498CE-671F-4696-A0FC-D0511B1342ED}" = lport=139 | protocol=6 | dir=in | app=system |
"{F28BFD8B-FBCB-436C-9A6C-87CF18F86243}" = lport=138 | protocol=17 | dir=in | app=system |
"{F37F1FD3-3092-48AA-9A82-CBA23A371172}" = lport=445 | protocol=6 | dir=in | app=system |
"{F5830B5B-0AFC-4498-A552-0A100CF4526A}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{026C734E-CF8A-403D-B743-DDB1E715AC7F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{0E455403-DCFF-4D9B-A476-C5F9196D173A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0EFAEF96-5CC3-4310-853A-DDB9EA65876D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{13293FB0-B922-454D-B475-081D277D940D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{1DFA0C8E-4C75-4486-B81C-5972EFEEF30D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{29BD3B11-DF3C-4F5A-A9D3-C7DE66C2D69B}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{2A344B9B-9DFD-4743-B28D-0AADCCDD206E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{36EAF98E-6D41-4021-93F1-79DD0E1A4073}" = dir=in | app=p:\skype\phone\skype.exe |
"{482FCC81-93EC-4533-891A-F1E3A8CE2E49}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{4D0B9CE7-28A9-46AA-A075-3612AAAF4B21}" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"{5979AE78-5927-4D95-BC9D-6CE407CB0A62}" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"{783A4E31-39D0-4AEF-B26F-D7F80F8DBD07}" = protocol=6 | dir=in | app=c:\users\doeni\appdata\roaming\dropbox\bin\dropbox.exe |
"{8694CC1A-7094-455F-8D74-60993720A3EF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{9A4E29B6-2634-4A1C-84A5-249C056E7429}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9A82747F-2D44-4B02-85C9-0942F90B4A68}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{9BA2EB8A-76B2-4592-A958-5F912A04A392}" = protocol=17 | dir=in | app=c:\users\doeni\appdata\roaming\dropbox\bin\dropbox.exe |
"{A459FEF5-3F2F-4504-99BB-EE075145F082}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{AC8F84FF-7627-4ED9-9043-927012C88E22}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{AE1A01CB-F950-46D3-BDB6-06F92E1EAD9E}" = dir=in | app=p:\itunes\itunes.exe |
"{B01EEAB2-BCCD-4C6A-A281-D662326D0CDA}" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminator.exe |
"{B2151D44-818B-4519-840A-7A6952196E4A}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{B957DD37-DAF6-45ED-BC81-BF4E6DA46545}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{C348F6DE-F9E3-4EC0-A096-FF2715399F51}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C4AFC8A8-6973-4A4D-9B3E-FE7BD2B9546A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C8C496F7-FB22-4E46-951F-A7AC1D6E53F8}" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminator.exe |
"{DA6E82A5-C8B1-4201-A89A-E3594DB0D006}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{EE31AA8E-8FCA-408D-90A2-FF0AF6496FAB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{FF0F453F-6F93-404B-B73D-6792FBDD2E0E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{06E325BB-E060-4116-BCEA-059CDB5B4003}P:\java\bin\javaw.exe" = protocol=6 | dir=in | app=p:\java\bin\javaw.exe |
"TCP Query User{06E57A23-0BC2-47A4-9106-2A0D8AFAF0C3}P:\vuze\azureus.exe" = protocol=6 | dir=in | app=p:\vuze\azureus.exe |
"TCP Query User{0FB724FE-207D-47F7-BC3F-DB1778072158}P:\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=p:\sopcast\adv\sopadver.exe |
"TCP Query User{200006BB-AEDE-4652-95FB-D46C25A6427F}D:\setup.exe" = protocol=6 | dir=in | app=d:\setup.exe |
"TCP Query User{44558397-DEE4-4613-AB97-B581C959CD81}P:\java\bin\javaw.exe" = protocol=6 | dir=in | app=p:\java\bin\javaw.exe |
"TCP Query User{5945BE1B-EFD4-4D13-9387-4E48AF419FC6}P:\icq6.5\icq.exe" = protocol=6 | dir=in | app=p:\icq6.5\icq.exe |
"TCP Query User{690D02B8-19D4-46AA-8C83-7FE5CABD476F}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{743BEA8E-2B46-494D-B308-92F8EB22108E}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{77B58778-9CB7-4AC8-93A3-4C57BEC70304}P:\sopcast\sopcast.exe" = protocol=6 | dir=in | app=p:\sopcast\sopcast.exe |
"TCP Query User{84CAD570-4C3D-415E-97E9-60A0360DE79C}P:\trillian\trillian.exe" = protocol=6 | dir=in | app=p:\trillian\trillian.exe |
"TCP Query User{856BC50B-521D-418A-944E-5D785A6D1E45}P:\trillian\trillian.exe" = protocol=6 | dir=in | app=p:\trillian\trillian.exe |
"TCP Query User{963D318B-AAB9-48D8-A28F-B20601F48A3B}P:\emule\emule.exe" = protocol=6 | dir=in | app=p:\emule\emule.exe |
"TCP Query User{97F8600B-8950-4875-8890-6444113BBAF3}P:\vuze\azureus.exe" = protocol=6 | dir=in | app=p:\vuze\azureus.exe |
"TCP Query User{AED0A524-CA87-494B-B72B-2513D616CA19}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{DA121AFA-4C18-4D75-BDB3-DA7C6E1310C9}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{DECF8E31-2A06-4913-B084-7D1144B9A56A}C:\users\doeni\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\doeni\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{10AEF358-B5A1-4E0B-88AE-1C0ECA446551}P:\trillian\trillian.exe" = protocol=17 | dir=in | app=p:\trillian\trillian.exe |
"UDP Query User{10BC9455-83EA-4335-AC30-DBCCF6847F0A}P:\vuze\azureus.exe" = protocol=17 | dir=in | app=p:\vuze\azureus.exe |
"UDP Query User{2E5FF665-C126-4A7E-9A28-0CBC89C9E152}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{33C586CB-E206-48E9-B0D7-A82624BA452E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{4E173D44-3518-4A4D-9211-2EC2844D5C49}P:\trillian\trillian.exe" = protocol=17 | dir=in | app=p:\trillian\trillian.exe |
"UDP Query User{6633BCE5-571D-45B3-8C7E-8496B4473D1F}D:\setup.exe" = protocol=17 | dir=in | app=d:\setup.exe |
"UDP Query User{70739042-E950-44DE-8391-F462C19B5743}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{8222D54A-6BF2-4C16-8907-F33B8A653378}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{928203BC-A629-488C-BD04-DD8F0A1422EF}P:\java\bin\javaw.exe" = protocol=17 | dir=in | app=p:\java\bin\javaw.exe |
"UDP Query User{98CF290A-662B-4990-91A8-CDB9913B7872}P:\icq6.5\icq.exe" = protocol=17 | dir=in | app=p:\icq6.5\icq.exe |
"UDP Query User{A459DF0E-C811-4295-A42C-D63780004AC3}C:\users\doeni\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\doeni\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{D3B174BE-C133-4B95-90BF-DBF9B8D3F6EC}P:\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=p:\sopcast\adv\sopadver.exe |
"UDP Query User{D478BEAD-3A34-4C1E-A559-66D6955330B7}P:\emule\emule.exe" = protocol=17 | dir=in | app=p:\emule\emule.exe |
"UDP Query User{E58AF51B-4651-49EF-B926-9476743C9BB9}P:\vuze\azureus.exe" = protocol=17 | dir=in | app=p:\vuze\azureus.exe |
"UDP Query User{EE55C92D-9296-462D-9534-66C8EA611C26}P:\java\bin\javaw.exe" = protocol=17 | dir=in | app=p:\java\bin\javaw.exe |
"UDP Query User{FCAC9316-BAE8-4ED2-872F-B3EFF031965D}P:\sopcast\sopcast.exe" = protocol=17 | dir=in | app=p:\sopcast\sopcast.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{03BEFEBD-7303-4F8E-96E1-BDB4CA5962F5}" = SILKYPIX Developer Studio 3.0G Free version
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{115C6DA4-A8B1-4DA2-B675-302576FD04FB}" = LUMIX RAW Codec 1.0
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{23F76BD5-9DD6-4121-900B-FBBDF81DC74A}" = AveoCap
"{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1" = Aegisub 2.1.8
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 19
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3748D2FC-83CB-445A-87D8-DE88080FBB4F}" = Power Voice II
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3A3C031C-4688-4105-B441-5393C36139D3}" = Rund um (2.0) ... Seydlitz Geographie 2 RP
"{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{66EBD70F-A42C-475F-AEDF-277378151031}" = Nero 7 Essentials
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B4AE751-7055-4518-87B0-E148A8D50D0A}" = Macromedia FreeHand MX
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2289997-10A3-48F2-AA03-99180D761661}" = Protector Suite QL 5.6
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BF962E1B-D17A-4713-A100-6531A132D83D}_is1" = Foto-Mosaik-Edda 5.5.9
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F0AF5265-0E76-4AC0-AE45-ACA6428D5EDA}" = Pfadfinder 2.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Any DWG to Image Converter_is1" = Any DWG to Image Converter 2010
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)
"Audacity_is1" = Audacity 1.2.6
"AvaCam_is1" = AvaCam v3.1.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"CanonMyPrinter" = Canon Utilities My Printer
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"dm Fotowelt" = dm Fotowelt
"DVD Shrink_is1" = DVD Shrink 3.2
"E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Windows-Treiberpaket - Nokia Modem (06/01/2009 4.1)
"EasyGPS_is1" = EasyGPS 4.18
"ElsterFormular 12.4.0.7094p" = ElsterFormular
"F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Windows-Treiberpaket - Nokia Modem (06/01/2009 7.01.0.3)
"FreeDoko" = FreeDoko 0.7.5
"Google Updater" = Google Updater
"InstallShield_{03BEFEBD-7303-4F8E-96E1-BDB4CA5962F5}" = SILKYPIX Developer Studio 3.0G Free version
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MKVtoolnix" = MKVtoolnix 5.0.1
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Sunbird (0.9)" = Mozilla Sunbird (0.9)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"Nokia PC Suite" = Nokia PC Suite
"Notepad++" = Notepad++
"PartyPoker" = PartyPoker
"Recuva" = Recuva
"Rossmannr Online Print Wizard Installer_is1" = Rossmann Online Print Wizard Installer 1.0
"SopCast" = SopCast 3.3.2
"Streamripper" = Streamripper (Remove only)
"SubtitleWorkshop" = Subtitle Workshop 2.51
"TheLastRipper" = TheLastRipper 1.4
"Trillian" = Trillian
"Video mp3 Extractor_is1" = Video mp3 Extractor
"VLC media player" = VLC media player 0.9.8a
"vLite_is1" = vLite
"VSO DivxToDVD_is1" = DivxToDVD 0.5.2
"Vuze" = Vuze
"WAV to MP3" = WAV to MP3
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"XMedia Recode" = XMedia Recode 3.0.3.4
"XviD" = XviD MPEG-4 Codec
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 07.04.2012 11:45:05 | Computer Name = Doeni-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 428690
Error - 07.04.2012 11:45:05 | Computer Name = Doeni-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 428690
Error - 07.04.2012 11:45:20 | Computer Name = Doeni-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 07.04.2012 11:45:20 | Computer Name = Doeni-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 444150
Error - 07.04.2012 11:45:20 | Computer Name = Doeni-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 444150
Error - 07.04.2012 11:45:36 | Computer Name = Doeni-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 07.04.2012 11:45:36 | Computer Name = Doeni-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 459750
Error - 07.04.2012 11:45:36 | Computer Name = Doeni-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 459750
Error - 07.04.2012 11:45:52 | Computer Name = Doeni-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 07.04.2012 11:45:52 | Computer Name = Doeni-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 475350
Error - 07.04.2012 11:45:52 | Computer Name = Doeni-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 475350
[ System Events ]
Error - 17.10.2012 17:29:30 | Computer Name = Doeni-PC | Source = DCOM | ID = 10010
Description =
Error - 18.10.2012 14:27:28 | Computer Name = Doeni-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 18.10.2012 14:27:37 | Computer Name = Doeni-PC | Source = Service Control Manager | ID = 7023
Description =
Error - 18.10.2012 16:07:56 | Computer Name = Doeni-PC | Source = DCOM | ID = 10010
Description =
Error - 19.10.2012 09:32:45 | Computer Name = Doeni-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 19.10.2012 09:32:46 | Computer Name = Doeni-PC | Source = Service Control Manager | ID = 7023
Description =
Error - 19.10.2012 09:46:58 | Computer Name = Doeni-PC | Source = BROWSER | ID = 8032
Description =
Error - 19.10.2012 10:02:42 | Computer Name = Doeni-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 19.10.2012 10:02:43 | Computer Name = Doeni-PC | Source = Service Control Manager | ID = 7023
Description =
Error - 19.10.2012 10:16:26 | Computer Name = Doeni-PC | Source = BROWSER | ID = 8032
Description =
< End of report >
Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-19 17:40:14
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 FUJITSU_ rev.0000
Running: rzj6dc4i.exe; Driver: C:\Users\Doeni\AppData\Local\Temp\pwtoapog.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwClose [0xA8ABE444]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateFile [0xA8ABDC8A]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateKey [0xA8ABD958]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateSection [0xA8ABF520]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwDeleteKey [0xA8ABDA68]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwDeleteValueKey [0xA8ABDB5A]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwLoadDriver [0xA8ABE780]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwOpenFile [0xA8ABDF9C]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwSetInformationFile [0xA8ABE0D2]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwSetValueKey [0xA8ABD77E]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwTerminateProcess [0xA8ABE6C8]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwWriteFile [0xA8ABE2BC]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 1A9 82AE886C 4 Bytes [44, E4, AB, A8]
.text ntkrnlpa.exe!KeSetEvent + 1D9 82AE889C 4 Bytes [8A, DC, AB, A8]
.text ntkrnlpa.exe!KeSetEvent + 1E9 82AE88AC 4 Bytes [58, D9, AB, A8]
.text ntkrnlpa.exe!KeSetEvent + 215 82AE88D8 4 Bytes [20, F5, AB, A8]
.text ntkrnlpa.exe!KeSetEvent + 2D5 82AE8998 4 Bytes [68, DA, AB, A8]
.text ...
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0019db9b4345
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001d92144282
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001d92144282@001c354e918d 0xA0 0xD5 0x6C 0xC7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 P:\DemonTools\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB9 0xEC 0x03 0x6A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xCC 0x43 0xC5 0x42 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEA 0x58 0xDE 0x75 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0019db9b4345 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001d92144282 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001d92144282@001c354e918d 0xA0 0xD5 0x6C 0xC7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 P:\DemonTools\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB9 0xEC 0x03 0x6A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xCC 0x43 0xC5 0x42 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEA 0x58 0xDE 0x75 ...
---- EOF - GMER 1.0.15 ----
Ich hoffe es kann mir jemand helfen! Schonmal Danke im Voraus!! |
|
20.10.2012, 16:12
| #2 | |
| /// TB-Ausbilder   | Avira findet 'TR/Crypt.ZPACK.Gen' und 'TR/Agent.53248.57' Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Schritt 1 Ich sehe, dass du sog. Registry Cleaner auf dem System hast. In deinem Fall TuneUp Utilities 2007. Wir empfehlen auf keinen Fall jegliche Art von Registry Cleaner. Der Grund ist ganz einfach: Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich. Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr booted.
Zerstörst Du die Registry, zerstörst Du Windows. Ich empfehle dir hiermit die oben genannte Software zu deinstallieren und in Zukunft auf solche Art von Software zu verzichten. Am Ende der Bereinigung empfehle ich dir ein anderes Tool, mit dem du deine temporären Dateien entfernen kannst. Schritt 2 Ich sehe, dass du sogenannte Peer to Peer oder Filesharing Programme verwendest. In deinem Fall Vuze. Diese Programme erlauben es dir, Daten mit anderen Usern auszutauschen. Leider ist auch p2p oder Filesharing nicht ausgenommen, infizierte Dateien zu verteilen und das ist auch ein Grund warum sich Malware so schnell verbreitet. Es ist also möglich, dass du dir eine infizierte Datei herunter ladest. Du kannst niemals wissen, woher diese stammen. Daher sollte diese Art von Software mit äußerster Vorsicht benutzt werden. Ein ebenfalls wichtiger Punkt ist, dass das Verbreiten von Media und Entertainment Dateien in den meisten Ländern der Welt gegen Copyright Rechte verstößt. Natürlich gibt es auch einen legalen Weg zur Nutzung dieses Service. Zum Beispiel zum Downloaden von Linux oder Open Office. Denoch würde ich dich ersuchen, diese Art von Software nicht weiterhin zu verwenden. Bitte gehe zu Start --> Systemsteuerung --> Programme deinstallieren und deinstalliere die oben genannte Software. Bitte sag bescheid wenn Du eines der gelisteten Programme nicht finden kannst. Schritt 3 Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
Bitte poste mit deiner nächsten Antwort
|
|
21.10.2012, 12:13
| #3 |
| | Avira findet 'TR/Crypt.ZPACK.Gen' und 'TR/Agent.53248.57' Hallo Matthias,
__________________vielen Dank dass du mir hilfst!! Ich habe Combofix ausgeführt. Zwischendurch, so bei Stufe 20, gab es eine Windows Fehlermeldung: PEV.exe funktioniere nicht mehr. Hier die Logdatei: [CODE] Combofix Logfile: Code:
ATTFilter ComboFix 12-10-21.01 - Doeni 21.10.2012 12:44:50.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2039.995 [GMT 2:00]
ausgeführt von:: c:\users\Doeni\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\uxtE1C6.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-21 bis 2012-10-21 ))))))))))))))))))))))))))))))
.
.
2012-10-18 19:21 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-10-18 19:21 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-10-18 19:21 . 2012-07-04 14:02 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-10-18 19:21 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-10-18 19:21 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll
2012-10-18 19:21 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-18 19:21 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-18 19:21 . 2012-09-13 13:28 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-18 19:21 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-18 19:21 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-10-18 19:21 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-10-18 19:21 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-10-18 19:17 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-18 19:17 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Doeni\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Doeni\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Doeni\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-03-28 18:59 2953216 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-03-28 18:59 2953216 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-01 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-01 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-01 133656]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2007-03-28 49168]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"disableCAD"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 9 (0x9)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-28 18:46 90112 ----a-w- c:\windows\System32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Doeni^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Doeni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02 37296 ----a-w- p:\adobe\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-01 22:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-07-27 02:10 1983816 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2007-04-03 22:29 165784 ----a-w- p:\demontools\DAEMON Tools\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-07-23 08:46 135680 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 00:36 421736 ----a-w- p:\itunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMAgent]
2009-10-11 10:51 1363392 ----a-w- P:\MMAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-06-25 14:12 1414144 ----a-w- p:\nokia pc suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-05-28 14:06 6144000 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-04-10 17:29 37888 ----a-w- p:\winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="p:\itunes\iTunesHelper.exe"
"Skytel"=Skytel.exe
"Adobe Reader Speed Launcher"="p:\adobe\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SpywareTerminatorShield"=c:\program files\Spyware Terminator\SpywareTerminatorShield.exe
"SpywareTerminatorUpdater"=c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
"WPCUMI"=c:\windows\system32\WpcUmi.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-05-11 08:00]
.
2012-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 07:48]
.
2012-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 07:48]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - p:\office\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Doeni\AppData\Roaming\Mozilla\Firefox\Profiles\knc1cg7b.default\
FF - prefs.js: browser.startup.homepage - www.tagesschau.de
FF - user.js: browser.urlbar.hideGoButton - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.tabMinWidth - 125
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe
MSConfigStartUp-hpqSRMon - c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-10-21 12:53
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(700)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll
.
- - - - - - - > 'Explorer.exe'(1280)
c:\users\Doeni\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infra.dll
.
Zeit der Fertigstellung: 2012-10-21 12:56:58
ComboFix-quarantined-files.txt 2012-10-21 10:56
.
Vor Suchlauf: 7 Verzeichnis(se), 19.175.178.240 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 19.338.653.696 Bytes frei
.
- - End Of File - - 1D08F6A2F1BDA9BAADE18791EF93D24F
|
|
21.10.2012, 12:43
| #4 |
| /// TB-Ausbilder | Avira findet 'TR/Crypt.ZPACK.Gen' und 'TR/Agent.53248.57' Servus, Schritt 1 Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit. Schritt 2 Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
Schritt 3 Starte bitte OTL.exe. Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button. Poste die OTL.txt und die Extras.txt hier in deinen Thread. Bitte poste mit deiner nächsten Antwort
|
|
21.10.2012, 13:57
| #5 |
| | Avira findet 'TR/Crypt.ZPACK.Gen' und 'TR/Agent.53248.57' Hey Matthias! Hier nun also die Logdatei von aswMBR: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-21 13:51:40
-----------------------------
13:51:40.854 OS Version: Windows 6.0.6002 Service Pack 2
13:51:40.854 Number of processors: 2 586 0xF0D
13:51:40.854 ComputerName: DOENI-PC UserName: Doeni
13:51:43.334 Initialize success
13:54:22.261 AVAST engine defs: 12102100
14:01:35.613 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
14:01:35.629 Disk 0 Vendor: FUJITSU_ 0000 Size: 238475MB BusType: 3
14:01:35.644 Disk 0 MBR read successfully
14:01:35.660 Disk 0 MBR scan
14:01:35.691 Disk 0 Windows VISTA default MBR code
14:01:35.722 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 130000 MB offset 2048
14:01:35.753 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 28471 MB offset 266244096
14:01:35.785 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 80000 MB offset 324552704
14:01:35.800 Disk 0 scanning sectors +488392704
14:01:35.894 Disk 0 scanning C:\Windows\system32\drivers
14:01:58.498 Service scanning
14:02:29.776 Modules scanning
14:02:36.578 Disk 0 trace - called modules:
14:02:36.609 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
14:02:36.609 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85ef9030]
14:02:36.625 3 CLASSPNP.SYS[885ab8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x853d3028]
14:02:37.295 AVAST engine scan C:\Windows
14:02:42.303 AVAST engine scan C:\Windows\system32
14:06:49.473 AVAST engine scan C:\Windows\system32\drivers
14:07:08.537 AVAST engine scan C:\Users\Doeni
14:13:40.175 AVAST engine scan C:\ProgramData
14:15:38.813 Scan finished successfully
14:16:04.095 Disk 0 MBR has been saved successfully to "C:\Users\Doeni\Desktop\MBR.dat"
14:16:04.110 The log file has been saved successfully to "C:\Users\Doeni\Desktop\aswMBR.txt"
und die Logdatei von TDSSKiller: Code:
ATTFilter 14:16:32.0022 2464 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
14:16:32.0536 2464 ============================================================
14:16:32.0536 2464 Current date / time: 2012/10/21 14:16:32.0536
14:16:32.0536 2464 SystemInfo:
14:16:32.0536 2464
14:16:32.0536 2464 OS Version: 6.0.6002 ServicePack: 2.0
14:16:32.0536 2464 Product type: Workstation
14:16:32.0536 2464 ComputerName: DOENI-PC
14:16:32.0536 2464 UserName: Doeni
14:16:32.0536 2464 Windows directory: C:\Windows
14:16:32.0536 2464 System windows directory: C:\Windows
14:16:32.0536 2464 Processor architecture: Intel x86
14:16:32.0536 2464 Number of processors: 2
14:16:32.0536 2464 Page size: 0x1000
14:16:32.0536 2464 Boot type: Normal boot
14:16:32.0536 2464 ============================================================
14:16:33.0145 2464 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:16:33.0145 2464 ============================================================
14:16:33.0145 2464 \Device\Harddisk0\DR0:
14:16:33.0145 2464 MBR partitions:
14:16:33.0145 2464 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xFDE8168
14:16:33.0145 2464 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xFDE9000, BlocksNum 0x379B800
14:16:33.0145 2464 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x13584800, BlocksNum 0x9C40000
14:16:33.0145 2464 ============================================================
14:16:33.0176 2464 C: <-> \Device\Harddisk0\DR0\Partition1
14:16:33.0332 2464 P: <-> \Device\Harddisk0\DR0\Partition2
14:16:33.0472 2464 E: <-> \Device\Harddisk0\DR0\Partition3
14:16:33.0472 2464 ============================================================
14:16:33.0472 2464 Initialize success
14:16:33.0472 2464 ============================================================
14:16:44.0782 3404 ============================================================
14:16:44.0782 3404 Scan started
14:16:44.0782 3404 Mode: Manual;
14:16:44.0782 3404 ============================================================
14:16:45.0921 3404 ================ Scan system memory ========================
14:16:45.0921 3404 System memory - ok
14:16:45.0921 3404 ================ Scan services =============================
14:16:46.0608 3404 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
14:16:46.0670 3404 ACPI - ok
14:16:46.0732 3404 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
14:16:46.0764 3404 adp94xx - ok
14:16:46.0795 3404 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
14:16:46.0795 3404 adpahci - ok
14:16:46.0826 3404 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
14:16:46.0826 3404 adpu160m - ok
14:16:46.0888 3404 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
14:16:46.0904 3404 adpu320 - ok
14:16:46.0951 3404 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:16:46.0951 3404 AeLookupSvc - ok
14:16:47.0013 3404 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
14:16:47.0029 3404 AFD - ok
14:16:47.0060 3404 [ 39E435C90C9C4F780FA0ED05CA3C3A1B ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
14:16:47.0076 3404 AgereModemAudio - ok
14:16:47.0122 3404 [ 2E3ABAACBF547ABBB5E73A504A56D05A ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
14:16:47.0154 3404 AgereSoftModem - ok
14:16:47.0185 3404 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:16:47.0200 3404 agp440 - ok
14:16:47.0232 3404 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
14:16:47.0232 3404 aic78xx - ok
14:16:47.0263 3404 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
14:16:47.0263 3404 ALG - ok
14:16:47.0278 3404 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
14:16:47.0278 3404 aliide - ok
14:16:47.0310 3404 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
14:16:47.0310 3404 amdagp - ok
14:16:47.0325 3404 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
14:16:47.0325 3404 amdide - ok
14:16:47.0356 3404 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
14:16:47.0356 3404 AmdK7 - ok
14:16:47.0372 3404 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
14:16:47.0372 3404 AmdK8 - ok
14:16:47.0700 3404 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
14:16:47.0700 3404 AntiVirSchedulerService - ok
14:16:47.0746 3404 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
14:16:47.0762 3404 AntiVirService - ok
14:16:47.0793 3404 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
14:16:47.0793 3404 Appinfo - ok
14:16:47.0871 3404 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:16:47.0887 3404 Apple Mobile Device - ok
14:16:47.0949 3404 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
14:16:47.0965 3404 arc - ok
14:16:47.0996 3404 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
14:16:47.0996 3404 arcsas - ok
14:16:48.0043 3404 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:16:48.0058 3404 AsyncMac - ok
14:16:48.0105 3404 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
14:16:48.0105 3404 atapi - ok
14:16:48.0168 3404 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:16:48.0168 3404 AudioEndpointBuilder - ok
14:16:48.0183 3404 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
14:16:48.0199 3404 Audiosrv - ok
14:16:48.0246 3404 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
14:16:48.0261 3404 avgntflt - ok
14:16:48.0308 3404 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
14:16:48.0308 3404 avipbb - ok
14:16:48.0355 3404 [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
14:16:48.0355 3404 avkmgr - ok
14:16:48.0386 3404 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
14:16:48.0386 3404 Beep - ok
14:16:48.0433 3404 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
14:16:48.0448 3404 BFE - ok
14:16:48.0636 3404 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
14:16:48.0667 3404 BITS - ok
14:16:48.0714 3404 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
14:16:48.0714 3404 blbdrive - ok
14:16:48.0854 3404 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:16:48.0885 3404 Bonjour Service - ok
14:16:48.0932 3404 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:16:48.0963 3404 bowser - ok
14:16:48.0994 3404 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
14:16:49.0010 3404 BrFiltLo - ok
14:16:49.0057 3404 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
14:16:49.0072 3404 BrFiltUp - ok
14:16:49.0119 3404 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
14:16:49.0150 3404 Browser - ok
14:16:49.0182 3404 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
14:16:49.0182 3404 Brserid - ok
14:16:49.0197 3404 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
14:16:49.0197 3404 BrSerWdm - ok
14:16:49.0228 3404 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
14:16:49.0228 3404 BrUsbMdm - ok
14:16:49.0260 3404 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
14:16:49.0275 3404 BrUsbSer - ok
14:16:49.0322 3404 [ C0B236E51FD8DB8EF7ACE66A81C7F32D ] BthAvrcp C:\Windows\system32\DRIVERS\BthAvrcp.sys
14:16:49.0322 3404 BthAvrcp - ok
14:16:49.0369 3404 [ 6D39C954799B63BA866910234CF7D726 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
14:16:49.0384 3404 BthEnum - ok
14:16:49.0431 3404 [ 9A966A8E86D1771911AE34A20D11BFF3 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
14:16:49.0431 3404 BTHMODEM - ok
14:16:49.0478 3404 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
14:16:49.0478 3404 BthPan - ok
14:16:49.0587 3404 [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
14:16:49.0603 3404 BTHPORT - ok
14:16:49.0650 3404 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll
14:16:49.0665 3404 BthServ - ok
14:16:49.0696 3404 [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
14:16:49.0696 3404 BTHUSB - ok
14:16:49.0759 3404 catchme - ok
14:16:49.0821 3404 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:16:49.0837 3404 cdfs - ok
14:16:49.0868 3404 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:16:49.0868 3404 cdrom - ok
14:16:49.0915 3404 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
14:16:49.0915 3404 CertPropSvc - ok
14:16:49.0962 3404 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
14:16:49.0977 3404 circlass - ok
14:16:50.0024 3404 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
14:16:50.0024 3404 CLFS - ok
14:16:50.0086 3404 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:16:50.0102 3404 clr_optimization_v2.0.50727_32 - ok
14:16:50.0149 3404 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:16:50.0149 3404 CmBatt - ok
14:16:50.0180 3404 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:16:50.0196 3404 cmdide - ok
14:16:50.0227 3404 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
14:16:50.0227 3404 Compbatt - ok
14:16:50.0242 3404 COMSysApp - ok
14:16:50.0289 3404 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
14:16:50.0289 3404 crcdisk - ok
14:16:50.0320 3404 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
14:16:50.0320 3404 Crusoe - ok
14:16:50.0383 3404 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:16:50.0398 3404 CryptSvc - ok
14:16:50.0461 3404 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:16:50.0508 3404 DcomLaunch - ok
14:16:50.0554 3404 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:16:50.0554 3404 DfsC - ok
14:16:50.0664 3404 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
14:16:50.0726 3404 DFSR - ok
14:16:50.0788 3404 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
14:16:50.0804 3404 Dhcp - ok
14:16:50.0835 3404 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
14:16:50.0851 3404 disk - ok
14:16:50.0882 3404 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:16:50.0898 3404 Dnscache - ok
14:16:50.0944 3404 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
14:16:50.0944 3404 dot3svc - ok
14:16:51.0022 3404 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
14:16:51.0022 3404 Dot4 - ok
14:16:51.0100 3404 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
14:16:51.0100 3404 Dot4Print - ok
14:16:51.0132 3404 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
14:16:51.0132 3404 dot4usb - ok
14:16:51.0178 3404 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
14:16:51.0178 3404 DPS - ok
14:16:51.0210 3404 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:16:51.0210 3404 drmkaud - ok
14:16:51.0272 3404 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:16:51.0303 3404 DXGKrnl - ok
14:16:51.0319 3404 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
14:16:51.0334 3404 E1G60 - ok
14:16:51.0366 3404 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
14:16:51.0366 3404 EapHost - ok
14:16:51.0412 3404 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
14:16:51.0412 3404 Ecache - ok
14:16:51.0490 3404 [ 3A511ED3C9A9DA2CD5A50FF46178063A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:16:51.0506 3404 ehRecvr - ok
14:16:51.0537 3404 [ A3D94C93333619458AF4BDE7531234C5 ] ehSched C:\Windows\ehome\ehsched.exe
14:16:51.0537 3404 ehSched - ok
14:16:51.0553 3404 [ 487BA5C5BB442BD172F120DC197811C2 ] ehstart C:\Windows\ehome\ehstart.dll
14:16:51.0584 3404 ehstart - ok
14:16:51.0631 3404 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
14:16:51.0662 3404 elxstor - ok
14:16:51.0724 3404 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
14:16:51.0740 3404 EMDMgmt - ok
14:16:51.0771 3404 [ FC37A2212B56663BBABEF748266A58C7 ] EMSCR C:\Windows\system32\DRIVERS\EMS7SK.sys
14:16:51.0771 3404 EMSCR - ok
14:16:51.0802 3404 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:16:51.0802 3404 ErrDev - ok
14:16:51.0818 3404 [ A498240D0E1F0B27702E3DF77B0C6E56 ] ESDCR C:\Windows\system32\DRIVERS\ESD7SK.sys
14:16:51.0834 3404 ESDCR - ok
14:16:51.0849 3404 [ CE6E1032802EE415955721A208A86718 ] ESMCR C:\Windows\system32\DRIVERS\ESM7SK.sys
14:16:51.0865 3404 ESMCR - ok
14:16:51.0927 3404 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
14:16:51.0927 3404 EventSystem - ok
14:16:51.0974 3404 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
14:16:51.0990 3404 exfat - ok
14:16:52.0021 3404 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:16:52.0021 3404 fastfat - ok
14:16:52.0068 3404 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:16:52.0068 3404 fdc - ok
14:16:52.0099 3404 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
14:16:52.0099 3404 fdPHost - ok
14:16:52.0114 3404 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
14:16:52.0130 3404 FDResPub - ok
14:16:52.0146 3404 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:16:52.0161 3404 FileInfo - ok
14:16:52.0208 3404 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:16:52.0208 3404 Filetrace - ok
14:16:52.0270 3404 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:16:52.0380 3404 FLEXnet Licensing Service - ok
14:16:52.0426 3404 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:16:52.0426 3404 flpydisk - ok
14:16:52.0473 3404 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:16:52.0473 3404 FltMgr - ok
14:16:52.0551 3404 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
14:16:52.0598 3404 FontCache - ok
14:16:52.0645 3404 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:16:52.0645 3404 FontCache3.0.0.0 - ok
14:16:52.0692 3404 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:16:52.0692 3404 Fs_Rec - ok
14:16:52.0723 3404 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
14:16:52.0723 3404 gagp30kx - ok
14:16:52.0770 3404 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:16:52.0770 3404 GEARAspiWDM - ok
14:16:52.0816 3404 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
14:16:52.0848 3404 gpsvc - ok
14:16:52.0926 3404 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
14:16:52.0941 3404 gupdate - ok
14:16:52.0957 3404 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
14:16:52.0957 3404 gupdatem - ok
14:16:53.0019 3404 [ 408DDD80EEDE47175F6844817B90213E ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:16:53.0019 3404 gusvc - ok
14:16:53.0082 3404 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:16:53.0097 3404 HdAudAddService - ok
14:16:53.0160 3404 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
14:16:53.0191 3404 HDAudBus - ok
14:16:53.0222 3404 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
14:16:53.0222 3404 HidBth - ok
14:16:53.0253 3404 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
14:16:53.0253 3404 HidIr - ok
14:16:53.0316 3404 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
14:16:53.0316 3404 hidserv - ok
14:16:53.0362 3404 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:16:53.0362 3404 HidUsb - ok
14:16:53.0394 3404 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:16:53.0409 3404 hkmsvc - ok
14:16:53.0440 3404 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
14:16:53.0440 3404 HpCISSs - ok
14:16:53.0534 3404 [ ED377B3C83FDEA8D906109A085D219BA ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
14:16:53.0534 3404 hpqcxs08 - ok
14:16:53.0596 3404 [ EE4C7A4CF2316701FFDE90F404520265 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
14:16:53.0596 3404 hpqddsvc - ok
14:16:53.0643 3404 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:16:53.0674 3404 HTTP - ok
14:16:53.0721 3404 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
14:16:53.0721 3404 i2omp - ok
14:16:53.0752 3404 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
14:16:53.0752 3404 i8042prt - ok
14:16:53.0862 3404 [ 62F534791AE488A475A3E508D92AF4CC ] ialm C:\Windows\system32\DRIVERS\igdkmd32.sys
14:16:53.0940 3404 ialm - ok
14:16:53.0986 3404 [ 707C1692214B1C290271067197F075F6 ] iaStor C:\Windows\system32\drivers\iastor.sys
14:16:53.0986 3404 iaStor - ok
14:16:54.0018 3404 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
14:16:54.0033 3404 iaStorV - ok
14:16:54.0111 3404 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
14:16:54.0158 3404 IDriverT - ok
14:16:54.0236 3404 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:16:54.0345 3404 idsvc - ok
14:16:54.0470 3404 [ 62F534791AE488A475A3E508D92AF4CC ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
14:16:54.0501 3404 igfx - ok
14:16:54.0548 3404 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
14:16:54.0548 3404 iirsp - ok
14:16:54.0595 3404 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
14:16:54.0626 3404 IKEEXT - ok
14:16:54.0704 3404 [ 98FB74EC7F46E25EC082F1925EEF39CD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
14:16:54.0766 3404 IntcAzAudAddService - ok
14:16:54.0782 3404 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
14:16:54.0782 3404 intelide - ok
14:16:54.0813 3404 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:16:54.0813 3404 intelppm - ok
14:16:54.0829 3404 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:16:54.0844 3404 IPBusEnum - ok
14:16:54.0876 3404 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:16:54.0876 3404 IpFilterDriver - ok
14:16:54.0922 3404 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:16:54.0922 3404 iphlpsvc - ok
14:16:54.0938 3404 IpInIp - ok
14:16:54.0969 3404 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
14:16:54.0969 3404 IPMIDRV - ok
14:16:55.0000 3404 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
14:16:55.0000 3404 IPNAT - ok
14:16:55.0078 3404 [ 178FE38B7740F598391EB2F51AE4CCAC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:16:55.0110 3404 iPod Service - ok
14:16:55.0125 3404 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:16:55.0125 3404 IRENUM - ok
14:16:55.0156 3404 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:16:55.0156 3404 isapnp - ok
14:16:55.0188 3404 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
14:16:55.0203 3404 iScsiPrt - ok
14:16:55.0234 3404 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
14:16:55.0234 3404 iteatapi - ok
14:16:55.0250 3404 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
14:16:55.0250 3404 iteraid - ok
14:16:55.0281 3404 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:16:55.0281 3404 kbdclass - ok
14:16:55.0328 3404 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:16:55.0328 3404 kbdhid - ok
14:16:55.0359 3404 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
14:16:55.0359 3404 KeyIso - ok
14:16:55.0390 3404 [ 566C5FD480FDBCE3BA5CF9FBCFFAEA9A ] KMWDFILTER C:\Windows\system32\DRIVERS\KMWDFILTER.sys
14:16:55.0390 3404 KMWDFILTER - ok
14:16:55.0437 3404 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:16:55.0453 3404 KSecDD - ok
14:16:55.0484 3404 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
14:16:55.0515 3404 KtmRm - ok
14:16:55.0562 3404 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
14:16:55.0562 3404 LanmanServer - ok
14:16:55.0624 3404 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:16:55.0624 3404 LanmanWorkstation - ok
14:16:55.0671 3404 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:16:55.0671 3404 lltdio - ok
14:16:55.0718 3404 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:16:55.0718 3404 lltdsvc - ok
14:16:55.0749 3404 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:16:55.0749 3404 lmhosts - ok
14:16:55.0765 3404 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
14:16:55.0780 3404 LSI_FC - ok
14:16:55.0796 3404 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
14:16:55.0796 3404 LSI_SAS - ok
14:16:55.0827 3404 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
14:16:55.0827 3404 LSI_SCSI - ok
14:16:55.0858 3404 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
14:16:55.0858 3404 luafv - ok
14:16:55.0890 3404 [ 3BD2AD18179DEAD6652E87157FB98E4A ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:16:55.0890 3404 Mcx2Svc - ok
14:16:55.0905 3404 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
14:16:55.0905 3404 megasas - ok
14:16:55.0952 3404 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
14:16:55.0952 3404 MegaSR - ok
14:16:55.0983 3404 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
14:16:55.0983 3404 MMCSS - ok
14:16:55.0999 3404 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
14:16:55.0999 3404 Modem - ok
14:16:56.0014 3404 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:16:56.0014 3404 monitor - ok
14:16:56.0030 3404 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:16:56.0030 3404 mouclass - ok
14:16:56.0046 3404 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:16:56.0046 3404 mouhid - ok
14:16:56.0061 3404 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
14:16:56.0061 3404 MountMgr - ok
14:16:56.0092 3404 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
14:16:56.0092 3404 mpio - ok
14:16:56.0124 3404 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:16:56.0124 3404 mpsdrv - ok
14:16:56.0186 3404 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
14:16:56.0186 3404 MpsSvc - ok
14:16:56.0217 3404 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
14:16:56.0217 3404 Mraid35x - ok
14:16:56.0264 3404 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:16:56.0264 3404 MRxDAV - ok
14:16:56.0295 3404 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:16:56.0295 3404 mrxsmb - ok
14:16:56.0358 3404 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:16:56.0358 3404 mrxsmb10 - ok
14:16:56.0373 3404 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:16:56.0373 3404 mrxsmb20 - ok
14:16:56.0404 3404 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
14:16:56.0404 3404 msahci - ok
14:16:56.0436 3404 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:16:56.0436 3404 msdsm - ok
14:16:56.0467 3404 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
14:16:56.0467 3404 MSDTC - ok
14:16:56.0482 3404 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:16:56.0482 3404 Msfs - ok
14:16:56.0498 3404 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:16:56.0498 3404 msisadrv - ok
14:16:56.0529 3404 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:16:56.0529 3404 MSiSCSI - ok
14:16:56.0545 3404 msiserver - ok
14:16:56.0560 3404 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:16:56.0560 3404 MSKSSRV - ok
14:16:56.0576 3404 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:16:56.0576 3404 MSPCLOCK - ok
14:16:56.0592 3404 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:16:56.0592 3404 MSPQM - ok
14:16:56.0623 3404 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:16:56.0638 3404 MsRPC - ok
14:16:56.0654 3404 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
14:16:56.0654 3404 mssmbios - ok
14:16:56.0670 3404 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:16:56.0670 3404 MSTEE - ok
14:16:56.0670 3404 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
14:16:56.0685 3404 Mup - ok
14:16:56.0732 3404 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
14:16:56.0732 3404 napagent - ok
14:16:56.0763 3404 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:16:56.0779 3404 NativeWifiP - ok
14:16:56.0872 3404 [ 6D8FCDD5BB3B676EF58FA234073492C6 ] NBService P:\Nero\Nero 7\Nero BackItUp\NBService.exe
14:16:56.0888 3404 NBService - ok
14:16:56.0950 3404 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:16:56.0966 3404 NDIS - ok
14:16:56.0997 3404 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:16:56.0997 3404 NdisTapi - ok
14:16:57.0013 3404 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:16:57.0013 3404 Ndisuio - ok
14:16:57.0028 3404 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:16:57.0028 3404 NdisWan - ok
14:16:57.0044 3404 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:16:57.0044 3404 NDProxy - ok
14:16:57.0091 3404 [ 949941E4DE88DF1FAF49A4B3CFFB756F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
14:16:57.0091 3404 Net Driver HPZ12 - ok
14:16:57.0106 3404 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:16:57.0106 3404 NetBIOS - ok
14:16:57.0153 3404 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
14:16:57.0169 3404 netbt - ok
14:16:57.0184 3404 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
14:16:57.0184 3404 Netlogon - ok
14:16:57.0200 3404 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
14:16:57.0216 3404 Netman - ok
14:16:57.0231 3404 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
14:16:57.0231 3404 netprofm - ok
14:16:57.0262 3404 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:16:57.0278 3404 NetTcpPortSharing - ok
14:16:57.0387 3404 [ 9CA26DCCF0B84A6FF2B54FBB2A94520B ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
14:16:57.0481 3404 NETw5v32 - ok
14:16:57.0512 3404 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
14:16:57.0512 3404 nfrd960 - ok
14:16:57.0543 3404 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:16:57.0543 3404 NlaSvc - ok
14:16:57.0621 3404 [ 060DAF68493AD7ADF104413E5A62AFA8 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
14:16:57.0668 3404 NMIndexingService - ok
14:16:57.0730 3404 [ 4A8A2AA0706B659175169DECF198E9D7 ] nmwcd C:\Windows\system32\drivers\ccdcmb.sys
14:16:57.0730 3404 nmwcd - ok
14:16:57.0762 3404 [ FD3E61831095AC62E6840D986B5A2016 ] nmwcdc C:\Windows\system32\drivers\ccdcmbo.sys
14:16:57.0762 3404 nmwcdc - ok
14:16:57.0793 3404 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:16:57.0793 3404 Npfs - ok
14:16:57.0824 3404 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
14:16:57.0824 3404 nsi - ok
14:16:57.0840 3404 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:16:57.0840 3404 nsiproxy - ok
14:16:57.0918 3404 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:16:57.0949 3404 Ntfs - ok
14:16:57.0980 3404 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
14:16:57.0980 3404 ntrigdigi - ok
14:16:57.0996 3404 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
14:16:58.0011 3404 Null - ok
14:16:58.0027 3404 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:16:58.0027 3404 nvraid - ok
14:16:58.0058 3404 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:16:58.0058 3404 nvstor - ok
14:16:58.0074 3404 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:16:58.0089 3404 nv_agp - ok
14:16:58.0089 3404 NwlnkFlt - ok
14:16:58.0105 3404 NwlnkFwd - ok
14:16:58.0120 3404 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:16:58.0120 3404 ohci1394 - ok
14:16:58.0183 3404 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:16:58.0198 3404 ose - ok
14:16:58.0245 3404 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
14:16:58.0276 3404 p2pimsvc - ok
14:16:58.0292 3404 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
14:16:58.0308 3404 p2psvc - ok
14:16:58.0323 3404 [ 8A79FDF04A73428597E2CAF9D0D67850 ] Parport C:\Windows\system32\DRIVERS\parport.sys
14:16:58.0339 3404 Parport - ok
14:16:58.0386 3404 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:16:58.0386 3404 partmgr - ok
14:16:58.0417 3404 [ 6C580025C81CAF3AE9E3617C22CAD00E ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
14:16:58.0417 3404 Parvdm - ok
14:16:58.0432 3404 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
14:16:58.0432 3404 PcaSvc - ok
14:16:58.0479 3404 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfd.sys
14:16:58.0479 3404 pccsmcfd - ok
14:16:58.0526 3404 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
14:16:58.0526 3404 pci - ok
14:16:58.0542 3404 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
14:16:58.0542 3404 pciide - ok
14:16:58.0573 3404 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
14:16:58.0588 3404 pcmcia - ok
14:16:58.0635 3404 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:16:58.0666 3404 PEAUTH - ok
14:16:58.0729 3404 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
14:16:58.0776 3404 pla - ok
14:16:58.0822 3404 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:16:58.0838 3404 PlugPlay - ok
14:16:58.0854 3404 [ 2F4CA141A609CAF5C98F6E4760EF1B9B ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
14:16:58.0869 3404 Pml Driver HPZ12 - ok
14:16:58.0916 3404 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
14:16:58.0916 3404 PNRPAutoReg - ok
14:16:58.0947 3404 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
14:16:58.0963 3404 PNRPsvc - ok
14:16:58.0994 3404 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:16:58.0994 3404 PolicyAgent - ok
14:16:59.0041 3404 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:16:59.0041 3404 PptpMiniport - ok
14:16:59.0056 3404 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
14:16:59.0072 3404 Processor - ok
14:16:59.0103 3404 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
14:16:59.0103 3404 ProfSvc - ok
14:16:59.0119 3404 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
14:16:59.0119 3404 ProtectedStorage - ok
14:16:59.0166 3404 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
14:16:59.0166 3404 PSched - ok
14:16:59.0212 3404 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
14:16:59.0244 3404 ql2300 - ok
14:16:59.0275 3404 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
14:16:59.0275 3404 ql40xx - ok
14:16:59.0322 3404 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
14:16:59.0322 3404 QWAVE - ok
14:16:59.0353 3404 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:16:59.0353 3404 QWAVEdrv - ok
14:16:59.0368 3404 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:16:59.0368 3404 RasAcd - ok
14:16:59.0384 3404 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
14:16:59.0400 3404 RasAuto - ok
14:16:59.0400 3404 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:16:59.0400 3404 Rasl2tp - ok
14:16:59.0446 3404 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
14:16:59.0462 3404 RasMan - ok
14:16:59.0493 3404 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:16:59.0509 3404 RasPppoe - ok
14:16:59.0540 3404 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:16:59.0540 3404 RasSstp - ok
14:16:59.0587 3404 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:16:59.0587 3404 rdbss - ok
14:16:59.0618 3404 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:16:59.0618 3404 RDPCDD - ok
14:16:59.0665 3404 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
14:16:59.0665 3404 rdpdr - ok
14:16:59.0665 3404 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:16:59.0665 3404 RDPENCDD - ok
14:16:59.0727 3404 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:16:59.0727 3404 RDPWD - ok
14:16:59.0758 3404 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:16:59.0758 3404 RemoteAccess - ok
14:16:59.0805 3404 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:16:59.0805 3404 RemoteRegistry - ok
14:16:59.0852 3404 [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
14:16:59.0868 3404 RFCOMM - ok
14:16:59.0883 3404 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
14:16:59.0883 3404 RpcLocator - ok
14:16:59.0914 3404 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
14:16:59.0930 3404 RpcSs - ok
14:16:59.0946 3404 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:16:59.0946 3404 rspndr - ok
14:16:59.0992 3404 [ 2D19A7469EA19993D0C12E627F4530BC ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
14:16:59.0992 3404 RTL8169 - ok
14:17:00.0008 3404 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
14:17:00.0008 3404 SamSs - ok
14:17:00.0055 3404 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:17:00.0070 3404 sbp2port - ok
14:17:00.0102 3404 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:17:00.0102 3404 SCardSvr - ok
14:17:00.0164 3404 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
14:17:00.0195 3404 Schedule - ok
14:17:00.0211 3404 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
14:17:00.0211 3404 SCPolicySvc - ok
14:17:00.0258 3404 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
14:17:00.0258 3404 sdbus - ok
14:17:00.0289 3404 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:17:00.0304 3404 SDRSVC - ok
14:17:00.0320 3404 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:17:00.0320 3404 secdrv - ok
14:17:00.0336 3404 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
14:17:00.0336 3404 seclogon - ok
14:17:00.0367 3404 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
14:17:00.0367 3404 SENS - ok
14:17:00.0414 3404 [ A59E73BCB63F4F30183CF0A22C29FAF5 ] Ser2pl C:\Windows\system32\DRIVERS\ser2pl.sys
14:17:00.0414 3404 Ser2pl - ok
14:17:00.0460 3404 [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:17:00.0460 3404 Serenum - ok
14:17:00.0492 3404 [ 6D663022DB3E7058907784AE14B69898 ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:17:00.0492 3404 Serial - ok
14:17:00.0507 3404 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
14:17:00.0507 3404 sermouse - ok
14:17:00.0585 3404 [ 58D5BFDF3ADF49FE9CABD78CC61D92F6 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
14:17:00.0616 3404 ServiceLayer - ok
14:17:00.0663 3404 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
14:17:00.0663 3404 SessionEnv - ok
14:17:00.0694 3404 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:17:00.0694 3404 sffdisk - ok
14:17:00.0726 3404 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:17:00.0726 3404 sffp_mmc - ok
14:17:00.0741 3404 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:17:00.0741 3404 sffp_sd - ok
14:17:00.0772 3404 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
14:17:00.0772 3404 sfloppy - ok
14:17:00.0804 3404 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:17:00.0819 3404 SharedAccess - ok
14:17:00.0882 3404 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:17:00.0882 3404 ShellHWDetection - ok
14:17:00.0928 3404 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
14:17:00.0928 3404 sisagp - ok
14:17:00.0944 3404 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
14:17:00.0960 3404 SiSRaid2 - ok
14:17:00.0975 3404 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
14:17:00.0975 3404 SiSRaid4 - ok
14:17:01.0100 3404 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
14:17:01.0209 3404 slsvc - ok
14:17:01.0240 3404 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
14:17:01.0256 3404 SLUINotify - ok
14:17:01.0303 3404 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:17:01.0303 3404 Smb - ok
14:17:01.0334 3404 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:17:01.0350 3404 SNMPTRAP - ok
14:17:01.0365 3404 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
14:17:01.0365 3404 spldr - ok
14:17:01.0396 3404 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
14:17:01.0412 3404 Spooler - ok
14:17:01.0490 3404 [ 4F576E516CC76EC50A244586BCFA1C78 ] sptd C:\Windows\System32\Drivers\sptd.sys
14:17:01.0521 3404 sptd - ok
14:17:01.0537 3404 [ 7B426B8E809EDF081D771EF429345528 ] sp_rsdrv2 C:\Windows\system32\drivers\sp_rsdrv2.sys
14:17:01.0537 3404 sp_rsdrv2 - ok
14:17:01.0584 3404 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
14:17:01.0584 3404 srv - ok
14:17:01.0646 3404 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:17:01.0646 3404 srv2 - ok
14:17:01.0662 3404 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:17:01.0662 3404 srvnet - ok
14:17:01.0693 3404 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:17:01.0708 3404 SSDPSRV - ok
14:17:01.0740 3404 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
14:17:01.0740 3404 ssmdrv - ok
14:17:01.0771 3404 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:17:01.0786 3404 SstpSvc - ok
14:17:01.0833 3404 [ BB807054A6F06E4A6361CB6C10CC64B1 ] ST2012_Svc C:\Program Files\Spyware Terminator\st_rsser.exe
14:17:01.0864 3404 ST2012_Svc - ok
14:17:01.0911 3404 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
14:17:01.0942 3404 stisvc - ok
14:17:01.0958 3404 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
14:17:01.0974 3404 swenum - ok
14:17:02.0005 3404 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
14:17:02.0036 3404 swprv - ok
14:17:02.0052 3404 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
14:17:02.0052 3404 Symc8xx - ok
14:17:02.0083 3404 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
14:17:02.0083 3404 Sym_hi - ok
14:17:02.0098 3404 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
14:17:02.0098 3404 Sym_u3 - ok
14:17:02.0145 3404 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
14:17:02.0161 3404 SysMain - ok
14:17:02.0192 3404 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:17:02.0192 3404 TabletInputService - ok
14:17:02.0254 3404 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:17:02.0254 3404 TapiSrv - ok
14:17:02.0286 3404 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
14:17:02.0301 3404 TBS - ok
14:17:02.0364 3404 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:17:02.0395 3404 Tcpip - ok
14:17:02.0442 3404 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
14:17:02.0457 3404 Tcpip6 - ok
14:17:02.0504 3404 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:17:02.0504 3404 tcpipreg - ok
14:17:02.0520 3404 [ 5CA437A08509FB7ECF843480FC1232E2 ] TcUsb C:\Windows\system32\Drivers\tcusb.sys
14:17:02.0520 3404 TcUsb - ok
14:17:02.0551 3404 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:17:02.0551 3404 TDPIPE - ok
14:17:02.0566 3404 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:17:02.0566 3404 TDTCP - ok
14:17:02.0598 3404 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:17:02.0613 3404 tdx - ok
14:17:02.0644 3404 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
14:17:02.0644 3404 TermDD - ok
14:17:02.0691 3404 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
14:17:02.0722 3404 TermService - ok
14:17:02.0738 3404 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
14:17:02.0754 3404 Themes - ok
14:17:02.0769 3404 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
14:17:02.0769 3404 THREADORDER - ok
14:17:02.0785 3404 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
14:17:02.0800 3404 TrkWks - ok
14:17:02.0847 3404 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:17:02.0847 3404 TrustedInstaller - ok
14:17:02.0878 3404 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:17:02.0878 3404 tssecsrv - ok
14:17:02.0894 3404 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
14:17:02.0894 3404 tunmp - ok
14:17:02.0941 3404 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:17:02.0941 3404 tunnel - ok
14:17:02.0956 3404 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
14:17:02.0972 3404 uagp35 - ok
14:17:03.0003 3404 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:17:03.0019 3404 udfs - ok
14:17:03.0050 3404 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:17:03.0050 3404 UI0Detect - ok
14:17:03.0066 3404 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:17:03.0081 3404 uliagpkx - ok
14:17:03.0112 3404 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
14:17:03.0112 3404 uliahci - ok
14:17:03.0144 3404 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
14:17:03.0144 3404 UlSata - ok
14:17:03.0175 3404 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
14:17:03.0175 3404 ulsata2 - ok
14:17:03.0190 3404 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:17:03.0206 3404 umbus - ok
14:17:03.0237 3404 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
14:17:03.0253 3404 upnphost - ok
14:17:03.0284 3404 [ 587E643A4E2FFD9A00F114B057CEB773 ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
14:17:03.0284 3404 upperdev - ok
14:17:03.0315 3404 [ 60A68A5EA173A97971EE9F1FF49EB2B3 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
14:17:03.0315 3404 USBAAPL - ok
14:17:03.0346 3404 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:17:03.0362 3404 usbccgp - ok
14:17:03.0393 3404 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:17:03.0393 3404 usbcir - ok
14:17:03.0424 3404 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:17:03.0424 3404 usbehci - ok
14:17:03.0487 3404 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:17:03.0487 3404 usbhub - ok
14:17:03.0518 3404 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
14:17:03.0518 3404 usbohci - ok
14:17:03.0549 3404 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:17:03.0549 3404 usbprint - ok
14:17:03.0596 3404 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
14:17:03.0596 3404 usbscan - ok
14:17:03.0643 3404 [ D575246188F63DE0ACCF6EAC5FB59E6A ] usbser C:\Windows\system32\drivers\usbser.sys
14:17:03.0643 3404 usbser - ok
14:17:03.0658 3404 [ FCA6A196D47CB972A0E4ADC0DB9CD17C ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
14:17:03.0658 3404 UsbserFilt - ok
14:17:03.0705 3404 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:17:03.0705 3404 USBSTOR - ok
14:17:03.0736 3404 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
14:17:03.0736 3404 usbuhci - ok
14:17:03.0768 3404 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
14:17:03.0768 3404 usbvideo - ok
14:17:03.0799 3404 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
14:17:03.0799 3404 UxSms - ok
14:17:03.0861 3404 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
14:17:03.0877 3404 vds - ok
14:17:03.0892 3404 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:17:03.0908 3404 vga - ok
14:17:03.0924 3404 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
14:17:03.0939 3404 VgaSave - ok
14:17:03.0955 3404 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
14:17:03.0955 3404 viaagp - ok
14:17:03.0986 3404 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
14:17:03.0986 3404 ViaC7 - ok
14:17:04.0002 3404 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
14:17:04.0002 3404 viaide - ok
14:17:04.0033 3404 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:17:04.0033 3404 volmgr - ok
14:17:04.0080 3404 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:17:04.0095 3404 volmgrx - ok
14:17:04.0142 3404 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:17:04.0158 3404 volsnap - ok
14:17:04.0204 3404 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
14:17:04.0204 3404 vsmraid - ok
14:17:04.0282 3404 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
14:17:04.0329 3404 VSS - ok
14:17:04.0360 3404 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
14:17:04.0376 3404 W32Time - ok
14:17:04.0423 3404 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
14:17:04.0423 3404 WacomPen - ok
14:17:04.0454 3404 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
14:17:04.0470 3404 Wanarp - ok
14:17:04.0470 3404 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:17:04.0485 3404 Wanarpv6 - ok
14:17:04.0516 3404 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:17:04.0548 3404 wcncsvc - ok
14:17:04.0579 3404 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:17:04.0579 3404 WcsPlugInService - ok
14:17:04.0610 3404 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
14:17:04.0626 3404 Wd - ok
14:17:04.0626 3404 WDC_SAM - ok
14:17:04.0672 3404 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:17:04.0704 3404 Wdf01000 - ok
14:17:04.0719 3404 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:17:04.0719 3404 WdiServiceHost - ok
14:17:04.0766 3404 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:17:04.0766 3404 WdiSystemHost - ok
14:17:04.0813 3404 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
14:17:04.0828 3404 WebClient - ok
14:17:04.0875 3404 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:17:04.0891 3404 Wecsvc - ok
14:17:04.0922 3404 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:17:04.0922 3404 wercplsupport - ok
14:17:04.0969 3404 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
14:17:04.0969 3404 WerSvc - ok
14:17:05.0031 3404 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
14:17:05.0078 3404 WinDefend - ok
14:17:05.0094 3404 WinHttpAutoProxySvc - ok
14:17:05.0172 3404 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:17:05.0218 3404 Winmgmt - ok
14:17:05.0296 3404 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
14:17:05.0343 3404 WinRM - ok
14:17:05.0421 3404 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
14:17:05.0452 3404 Wlansvc - ok
14:17:05.0499 3404 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
14:17:05.0499 3404 WmiAcpi - ok
14:17:05.0546 3404 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:17:05.0577 3404 wmiApSrv - ok
14:17:05.0671 3404 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
14:17:05.0780 3404 WMPNetworkSvc - ok
14:17:05.0811 3404 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:17:05.0827 3404 WPCSvc - ok
14:17:05.0874 3404 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:17:05.0874 3404 WPDBusEnum - ok
14:17:05.0920 3404 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
14:17:05.0920 3404 WpdUsb - ok
14:17:05.0967 3404 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:17:05.0967 3404 ws2ifsl - ok
14:17:05.0998 3404 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
14:17:06.0014 3404 wscsvc - ok
14:17:06.0014 3404 WSearch - ok
14:17:06.0139 3404 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
14:17:06.0217 3404 wuauserv - ok
14:17:06.0248 3404 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:17:06.0248 3404 WUDFRd - ok
14:17:06.0279 3404 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:17:06.0295 3404 wudfsvc - ok
14:17:06.0326 3404 ================ Scan global ===============================
14:17:06.0373 3404 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
14:17:06.0420 3404 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
14:17:06.0466 3404 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
14:17:06.0513 3404 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
14:17:06.0544 3404 [Global] - ok
14:17:06.0544 3404 ================ Scan MBR ==================================
14:17:06.0560 3404 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
14:17:06.0810 3404 \Device\Harddisk0\DR0 - ok
14:17:06.0810 3404 ================ Scan VBR ==================================
14:17:06.0810 3404 [ 3658E1257F2218762EC2F4D3B837C934 ] \Device\Harddisk0\DR0\Partition1
14:17:06.0825 3404 \Device\Harddisk0\DR0\Partition1 - ok
14:17:06.0841 3404 [ FEA590CB5E6F31F505461621FB2A80E8 ] \Device\Harddisk0\DR0\Partition2
14:17:06.0841 3404 \Device\Harddisk0\DR0\Partition2 - ok
14:17:06.0856 3404 [ E369EB07718DD63880F277C7FE954877 ] \Device\Harddisk0\DR0\Partition3
14:17:06.0856 3404 \Device\Harddisk0\DR0\Partition3 - ok
14:17:06.0856 3404 ============================================================
14:17:06.0856 3404 Scan finished
14:17:06.0856 3404 ============================================================
14:17:06.0872 3780 Detected object count: 0
14:17:06.0872 3780 Actual detected object count: 0
14:17:34.0047 3984 Deinitialize success
Code:
ATTFilter OTL logfile created on: 21.10.2012 14:18:23 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Doeni\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19328) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,03 Gb Available Physical Memory | 51,79% Memory free 4,22 Gb Paging File | 3,12 Gb Available in Paging File | 74,04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 126,95 Gb Total Space | 17,92 Gb Free Space | 14,11% Space Free | Partition Type: NTFS Drive E: | 78,12 Gb Total Space | 17,10 Gb Free Space | 21,89% Space Free | Partition Type: NTFS Drive P: | 27,80 Gb Total Space | 10,84 Gb Free Space | 38,99% Space Free | Partition Type: NTFS Computer Name: DOENI-PC | User Name: Doeni | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.19 16:04:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Doeni\Downloads\OTL.exe PRC - [2012.08.09 10:25:14 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.09.14 00:26:26 | 000,573,104 | ---- | M] (Crawler.com) -- C:\Programme\Spyware Terminator\st_rsser.exe PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2007.03.28 20:47:34 | 000,021,504 | ---- | M] (UPEK Inc.) -- C:\Programme\Protector Suite QL\upeksvr.exe PRC - [2007.03.28 20:30:18 | 000,053,776 | ---- | M] (UPEK Inc.) -- C:\Programme\Protector Suite QL\psqltray.exe PRC - [2006.10.05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe ========== Modules (No Company Name) ========== MOD - [2009.11.04 02:14:04 | 000,054,272 | ---- | M] () -- P:\Notepad++\NppShell_01.dll MOD - [2008.09.16 21:18:06 | 000,132,608 | ---- | M] () -- P:\winRAR\RarExt.dll ========== Services (SafeList) ========== SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.09.14 00:26:26 | 000,573,104 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Programme\Spyware Terminator\st_rsser.exe -- (ST2012_Svc) SRV - [2010.12.30 00:14:07 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.06.02 11:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.10.05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wdcsam.sys -- (WDC_SAM) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Doeni\AppData\Local\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Doeni\AppData\Local\Temp\aswMBR.sys -- (aswMBR) DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.06.21 11:24:06 | 000,032,768 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2) DRV - [2010.06.23 10:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.08.27 09:53:18 | 000,027,488 | ---- | M] (CSR, plc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp) DRV - [2009.04.29 16:47:47 | 000,682,232 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2009.02.09 09:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2009.02.09 09:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2009.02.09 09:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2009.02.09 09:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2008.10.09 15:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV - [2008.08.26 11:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.06.26 06:30:50 | 003,662,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2007.10.18 13:33:48 | 000,119,424 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl) DRV - [2007.04.11 10:40:14 | 000,046,592 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR) DRV - [2007.04.11 10:40:10 | 000,063,488 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR) DRV - [2007.04.11 10:40:06 | 000,067,584 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR) DRV - [2006.10.05 12:39:40 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 FE 70 16 64 8F CD 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/ie.aspx?q={searchTerms} IE - HKCU\..\SearchScopes\Google.de: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.tagesschau.de" FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a66}:0.6.2.15 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: P:\itunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: P:\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: P:\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: P:\codecs\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: P:\codecs\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: P:\adobe\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: P:\Nokia PC Suite 7\bkmrksync\ [2009.10.28 20:26:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.08 15:31:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.08 15:31:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: P:\Mozilla Sunbird\components [2012.01.08 15:31:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: P:\Mozilla Sunbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: P:\thunderbird\components [2012.01.08 15:31:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: P:\thunderbird\plugins [2012.01.08 15:31:18 | 000,000,000 | ---D | M] [2009.01.16 13:25:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doeni\AppData\Roaming\mozilla\Extensions [2012.10.21 13:34:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doeni\AppData\Roaming\mozilla\Firefox\Profiles\knc1cg7b.default\extensions [2011.06.25 16:46:11 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Doeni\AppData\Roaming\mozilla\Firefox\Profiles\knc1cg7b.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2011.06.25 16:46:09 | 000,000,000 | ---D | M] (Favicon Picker 2) -- C:\Users\Doeni\AppData\Roaming\mozilla\Firefox\Profiles\knc1cg7b.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a66} [2011.05.19 21:40:38 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Users\Doeni\AppData\Roaming\mozilla\Firefox\Profiles\knc1cg7b.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8} [2009.04.01 22:40:04 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Doeni\AppData\Roaming\mozilla\Firefox\Profiles\knc1cg7b.default\extensions\moveplayer@movenetworks.com [2012.10.21 13:34:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doeni\AppData\Roaming\mozilla\Firefox\Profiles\knc1cg7b.default\extensions\staged-xpis [2009.01.16 13:25:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doeni\AppData\Roaming\mozilla\Firefox\Profiles\knc1cg7b.default\extensions\toolbar_extras@de.yahoo.com [2009.12.02 15:51:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doeni\AppData\Roaming\mozilla\Sunbird\Profiles\33a9gc06.default\extensions [2012.10.21 13:34:44 | 020,549,299 | ---- | M] () (No name found) -- C:\Users\Doeni\AppData\Roaming\mozilla\firefox\profiles\knc1cg7b.default\extensions\staged-xpis\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\tmp-1.xpi [2012.10.21 13:33:30 | 000,316,177 | ---- | M] () (No name found) -- C:\Users\Doeni\AppData\Roaming\mozilla\firefox\profiles\knc1cg7b.default\extensions\staged-xpis\{c50ca3c4-5656-43c2-a061-13e717f73fc8}\tmp.xpi [2010.10.20 13:24:24 | 000,002,895 | ---- | M] () -- C:\Users\Doeni\AppData\Roaming\mozilla\firefox\profiles\knc1cg7b.default\searchplugins\blackle.xml [2012.03.13 22:37:03 | 000,002,289 | ---- | M] () -- C:\Users\Doeni\AppData\Roaming\mozilla\firefox\profiles\knc1cg7b.default\searchplugins\ecosia.xml [2010.03.31 13:57:34 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.01.16 13:25:33 | 000,000,000 | ---D | M] (Yahoo! Deutschland Toolbar und Extras) -- C:\Programme\Mozilla Firefox\extensions\toolbar_extras@de.yahoo.com [2009.11.23 15:57:32 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010.03.31 13:57:34 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [2010.04.04 23:36:42 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.04.04 23:36:42 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.04.04 23:36:42 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.04.04 23:36:42 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.04.04 23:36:42 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.10.21 12:53:38 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - P:\java\bin\jp2ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableCAD = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 9 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - P:\office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Doeni\Desktop\PartyPoker.lnk File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Doeni\Desktop\PartyPoker.lnk File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21C445E5-65D2-42D3-A32A-7C08AAEC225D}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.) O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.) O24 - Desktop WallPaper: C:\Users\Doeni\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Doeni\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.10.21 13:48:58 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Doeni\Desktop\tdsskiller.exe [2012.10.21 13:48:10 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Doeni\Desktop\aswMBR.exe [2012.10.21 12:57:01 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.10.21 12:57:01 | 000,000,000 | ---D | C] -- C:\Users\Doeni\AppData\Local\temp [2012.10.21 12:55:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.10.21 12:42:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.10.21 12:42:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.10.21 12:42:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.10.21 12:42:29 | 000,000,000 | ---D | C] -- C:\ComboFix [2012.10.21 12:42:25 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.10.21 12:41:58 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.10.21 12:35:03 | 004,985,492 | R--- | C] (Swearware) -- C:\Users\Doeni\Desktop\ComboFix.exe [2012.10.18 21:22:26 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.10.18 21:22:26 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.10.18 21:22:26 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2012.10.18 21:22:26 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2012.10.18 21:22:25 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.10.18 21:22:23 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2012.10.18 21:22:21 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2012.10.18 21:22:21 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2012.10.18 21:22:21 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.10.18 21:22:19 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2012.10.18 21:22:19 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.10.18 21:22:19 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2012.10.18 21:22:18 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2012.10.18 21:22:17 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.10.18 21:22:16 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2012.10.18 21:22:16 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2012.10.18 21:22:16 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2012.10.18 21:22:15 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.10.18 21:21:52 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.10.18 21:21:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012.10.18 21:21:32 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2012.10.18 21:17:31 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012.10.18 21:17:31 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.21 14:16:04 | 000,000,512 | ---- | M] () -- C:\Users\Doeni\Desktop\MBR.dat [2012.10.21 13:54:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.21 13:48:59 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Doeni\Desktop\tdsskiller.exe [2012.10.21 13:48:16 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Doeni\Desktop\aswMBR.exe [2012.10.21 13:03:32 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.21 13:03:32 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.21 13:03:23 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.21 13:02:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.21 13:00:08 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.10.21 12:53:38 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.10.21 12:35:04 | 004,985,492 | R--- | M] (Swearware) -- C:\Users\Doeni\Desktop\ComboFix.exe [2012.10.21 12:20:45 | 000,105,472 | ---- | M] () -- C:\Users\Doeni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.10.19 15:57:01 | 000,000,020 | ---- | M] () -- C:\Users\Doeni\defogger_reenable [2012.10.19 15:31:12 | 001,745,776 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.10.15 14:39:00 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012.10.12 17:47:32 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.10.12 17:47:32 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.10.12 17:47:32 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.10.12 17:47:32 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.21 14:16:04 | 000,000,512 | ---- | C] () -- C:\Users\Doeni\Desktop\MBR.dat [2012.10.21 12:42:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.10.21 12:42:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.10.21 12:42:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.10.21 12:42:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.10.21 12:42:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.10.19 15:56:38 | 000,000,020 | ---- | C] () -- C:\Users\Doeni\defogger_reenable [2012.06.14 19:52:18 | 000,072,220 | ---- | C] () -- C:\Users\Doeni\ESt2011_Kölzer_Sarah.elfo [2011.10.20 21:59:30 | 000,007,596 | ---- | C] () -- C:\Users\Doeni\ESt2010_Kölzer_Sarah.elfo [2011.09.17 12:39:50 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys [2011.08.05 18:32:35 | 000,000,680 | RHS- | C] () -- C:\Users\Doeni\ntuser.pol [2010.03.15 17:54:31 | 000,004,096 | -H-- | C] () -- C:\Users\Doeni\AppData\Local\keyfile3.drm [2009.05.25 18:20:02 | 000,110,241 | ---- | C] () -- C:\Users\Doeni\AppData\Roaming\mdbu.bin [2009.02.14 03:10:39 | 000,000,680 | ---- | C] () -- C:\Users\Doeni\AppData\Local\d3d9caps.dat [2009.01.16 13:41:43 | 000,105,472 | ---- | C] () -- C:\Users\Doeni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > und extras.txt als ZIP angehängt: |
|
21.10.2012, 19:21
| #6 |
| /// TB-Ausbilder | Avira findet 'TR/Crypt.ZPACK.Gen' und 'TR/Agent.53248.57' Servus, Schritt 1 Downloade Dir bitte Malwarebytes
Schritt 2 ESET Online Scanner
Schritt 3 Downloade Dir bitte SecurityCheck
Wie läuft dein Rechner derzeit? Gibt es noch Probleme? Wenn ja, welche? Bitte poste mit deiner nächsten Antwort
|
|
22.10.2012, 11:50
| #7 |
| | Avira findet 'TR/Crypt.ZPACK.Gen' und 'TR/Agent.53248.57' Hey Matthias, keine Funde bei den Scans. Sieht wohl ganz gut aus? Computer läuft auch ganz normal. Nichts auffälliges. Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.10.21.08 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.19328 Doeni :: DOENI-PC [Administrator] 22.10.2012 09:39:27 mbam-log-2012-10-22 (09-39-27).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 232219 Laufzeit: 5 Minute(n), 27 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) ESET Online Scanner hat auch nichts gefunden, daher gab es da wohl keine Log ausgabe. Checkup: Code:
ATTFilter Results of screen317's Security Check version 0.99.53 Windows Vista Service Pack 2 x86 Internet Explorer 8 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Spyware Terminator 2012 Malwarebytes Anti-Malware Version 1.65.1.1000 Java(TM) 6 Update 19 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 10.3.183.11 Flash Player out of Date! Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (3.6.3) Firefox out of Date! Mozilla Thunderbird (2.0.0 Thunderbird out of Date! ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` |
|
22.10.2012, 16:45
| #8 |
| /// TB-Ausbilder | Avira findet 'TR/Crypt.ZPACK.Gen' und 'TR/Agent.53248.57' Servus, Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.  Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Schritt 1 Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Schritt 2 Deine Version von Adobe Flash Player ist veraltet. Bitte folge diesen Schritte, um Adobe Flash zu aktualisieren:
Schritt 3 Deinstalliere bitte deine aktuelle Version von Adobe Reader Start--> Systemsteuerung--> Programme deinstallieren--> Adobe Reader und lade dir die neue Version von Hier herunter- Entferne den Hacken für den McAfee SecurityScan bzw. Google Chrome. Schritt 4
Prüfe bitte auch (regelmässig) ob folgende Links fehlende Updates bei deinen Plugins zeigen: Schritt 5 Starte DeFogger und klicke auf Re-enable. Gegebenenfalls muss dein Rechner neu gestartet werden. Schritt 6 Ich würde dir empfehlen, 1 mal pro Woche auch mit diesem Scanner dein System zu prüfen. Möchtest Du ESET denoch deinstallieren, Drücke bitte die  + R Taste und kopiere folgenden Text in das Ausführen Fenster.Code:
ATTFilter "%PROGRAMFILES%\Eset\Eset Online Scanner\OnlineScannerUninstaller.exe"
Schritt 7 Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren. Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK. Code:
ATTFilter Combofix /Uninstall
 Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden. Nun die eben deaktivierten Programme wieder aktivieren. Schritt 8 Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Schritt 9 Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich diesen Thread aus meinen Abos löschen kann. |
|
22.10.2012, 19:51
| #9 |
| | Avira findet 'TR/Crypt.ZPACK.Gen' und 'TR/Agent.53248.57' Hey Matthias, Super Es sieht alles gut aus! VIIIEEEELEN DANK, für deine Hilfe und die Tipps!!! Doeni |
|
23.10.2012, 16:15
| #10 |
| /// TB-Ausbilder | Avira findet 'TR/Crypt.ZPACK.Gen' und 'TR/Agent.53248.57' Ich bin froh, dass wir helfen konnten  Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |
|
| Themen zu Avira findet 'TR/Crypt.ZPACK.Gen' und 'TR/Agent.53248.57' |
| 32 bit, antivir, avira, bho, bonjour, desktop, error, excel, firefox, flash player, helper, home, install.exe, logfile, malware, mp3, plug-in, programm, realtek, recuva, recycle.bin, registry, required, scan, security, software, spyware, viren, virus, vista, windows |
Linear-Darstellung
