| |
| |||||||
Log-Analyse und Auswertung: Verfrühtes Weihnachtsgeschenk: TR/Crypt.ZPACK.Gen und EXP/2012-1723.GEWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
27.12.2012, 17:30
| #1 |
 |  Verfrühtes Weihnachtsgeschenk: TR/Crypt.ZPACK.Gen und EXP/2012-1723.GE Hallo liebes Forum, habe mir das Wochenende kurz vor Weihnachten einen Trojaner eingefangen. Vorsichtshalber habe ich mal nachgesehen um was es sich da handelt und bin etwas in Panik verfallen. Zum Glück gibt es aber Trojaner-Board, habe gehört ihr macht gute Arbeit. Details: In meinem Temp-Order unter C:\Dokumente und Einstellungen\one\Lokale Einstellungen\Temp fand Antivir eine Datei mit dem Namen 0.1585816588512725.exe welche vom Programm in die Quarantäne verschoben wurde. Verändert have ich daran nichts. Beim heutigen Systemscan (über die Feiertage habe ich den Virus mal Virus sein lassen) fand Antivir außerdem etwas das sich EXP/2012-1723.GE nennt. Eine Suche ergibt, dass sich diese Datei in Java einschleicht: Verwundert mich nicht, denn diese Datei befand sich hier bevor sie auch in Quarantäne gesteckt wurde: C:\Dokumente und Einstellungen\one\Lokale Einstellungen\Temp\jar_cache372445240489031649.tmp Ich kann von keiner Leistungseinbuße bei meinem PC der auf Windows XP schon seit über 10 Jahren läuft sprechen. Nichts ist mir aufgefallen. Es folgen die Logdaten, wie in diesem Thread erklärt: http://www.trojaner-board.de/69886-a...-beachten.html Code:
ATTFilter OTL logfile created on: 27.12.2012 16:51:36 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\one\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1023,48 Mb Total Physical Memory | 747,94 Mb Available Physical Memory | 73,08% Memory free 2,90 Gb Paging File | 2,64 Gb Available in Paging File | 90,80% Paging File free Paging file location(s): C:\pagefile.sys 2048 4096 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 18,63 Gb Total Space | 1,01 Gb Free Space | 5,40% Space Free | Partition Type: FAT32 Drive M: | 74,52 Gb Total Space | 29,15 Gb Free Space | 39,12% Space Free | Partition Type: NTFS Computer Name: *** | User Name: one | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\one\Desktop\OTL.exe (OldTimer Tools) PRC - M:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - M:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - M:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - M:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation) PRC - C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - M:\Programme\Avira\AntiVir Desktop\sqlite3.dll () ========== Services (SafeList) ========== SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirSchedulerService) -- M:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- M:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (JavaQuickStarterService) -- C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation) SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (UPnPService) -- C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (FirebirdServerMAGIXInstance) -- M:\Common\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (Scutum50) -- System32\Drivers\Scutum50.sys File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (EAPPkt) -- system32\DRIVERS\EAPPkt.sys File not found DRV - (Changer) -- File not found DRV - (AR5523) -- system32\DRIVERS\ar5523.sys File not found DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH) DRV - (rt2870) -- C:\WINDOWS\system32\drivers\rt2870.sys (Ralink Technology, Corp.) DRV - (FWLANUSB) -- C:\WINDOWS\system32\drivers\fwlanusb.sys (AVM GmbH) DRV - (AR9271) -- C:\WINDOWS\system32\drivers\athuw.sys (Atheros Communications, Inc.) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (RTLWUSB) -- C:\WINDOWS\system32\drivers\RTL8187.sys (Realtek Semiconductor Corporation ) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (atirage3) -- C:\WINDOWS\system32\drivers\atimpae.sys (ATI Technologies Inc.) DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://nachtschatten.host56.com/index.php IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.carddex.net/PTC/|hxxp://forum.learnnavi.org/index.php|hxxp://dogpound.zzn.com/|hxxp://www.furaffinity.net/|hxxp://www.equestriadaily.com/" FF - prefs.js..extensions.enabledAddons: ponify@pterocorn.blogspot.com:0.96 FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10 FF - prefs.js..extensions.enabledAddons: firefox@ghostery.com:2.8.3 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 FF - prefs.js..network.proxy.http: "proxy.personalitycores.com" FF - prefs.js..network.proxy.http_port: 8000 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.04.19 14:58:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.08.27 20:49:18 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\one\Anwendungsdaten\Mozilla\Extensions [2010.08.27 20:49:18 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\one\Anwendungsdaten\Mozilla\Firefox\Profiles\q6nrl8il.default\extensions [2012.09.16 13:45:56 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\one\Anwendungsdaten\Mozilla\Firefox\Profiles\q6nrl8il.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.10.03 02:30:40 | 000,000,000 | ---D | M] (Ghostery) -- C:\Dokumente und Einstellungen\one\Anwendungsdaten\Mozilla\Firefox\Profiles\q6nrl8il.default\extensions\firefox@ghostery.com [2011.07.27 16:00:04 | 000,025,781 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\one\Anwendungsdaten\Mozilla\Firefox\Profiles\q6nrl8il.default\extensions\add-to-searchbox@maltekraus.de.xpi [2012.03.11 22:36:16 | 000,047,472 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\one\Anwendungsdaten\Mozilla\Firefox\Profiles\q6nrl8il.default\extensions\ponify@pterocorn.blogspot.com.xpi [2012.07.31 17:50:52 | 000,741,958 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\one\Anwendungsdaten\Mozilla\Firefox\Profiles\q6nrl8il.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.10.25 18:03:52 | 000,291,630 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\one\Anwendungsdaten\Mozilla\Firefox\Profiles\q6nrl8il.default\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2012.07.31 17:46:34 | 000,001,853 | ---- | M] () -- C:\Dokumente und Einstellungen\one\Anwendungsdaten\Mozilla\Firefox\Profiles\q6nrl8il.default\searchplugins\metager2.xml [2012.07.31 17:46:34 | 000,001,635 | ---- | M] () -- C:\Dokumente und Einstellungen\one\Anwendungsdaten\Mozilla\Firefox\Profiles\q6nrl8il.default\searchplugins\ixquick.xml [2012.07.21 14:47:22 | 000,001,161 | ---- | M] () -- C:\Dokumente und Einstellungen\one\Anwendungsdaten\Mozilla\Firefox\Profiles\q6nrl8il.default\searchplugins\wikipedia-de.xml [2012.07.31 19:57:52 | 000,001,151 | ---- | M] () -- C:\Dokumente und Einstellungen\one\Anwendungsdaten\Mozilla\Firefox\Profiles\q6nrl8il.default\searchplugins\wikipedia-en.xml [2011.07.28 00:14:06 | 000,000,927 | ---- | M] () -- C:\Dokumente und Einstellungen\one\Anwendungsdaten\Mozilla\Firefox\Profiles\q6nrl8il.default\searchplugins\urban-dictionary.xml [2011.07.29 23:43:28 | 000,001,030 | ---- | M] () -- C:\Dokumente und Einstellungen\one\Anwendungsdaten\Mozilla\Firefox\Profiles\q6nrl8il.default\searchplugins\youtube---broadcast-yourself.xml [2012.07.31 15:11:10 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.07.14 02:15:46 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.07.14 02:45:08 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.14 02:45:08 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2001.08.18 12:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] M:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.19.63 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F0EE87DA-6073-45E1-AFF2-7B14D77FC8F4}: DhcpNameServer = 192.168.19.63 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\one\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\one\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.07.30 19:25:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ] O33 - MountPoints2\{acd7d97a-90eb-11e0-a1d0-00e0601a0bb6}\Shell - "" = AutoRun O33 - MountPoints2\{acd7d97a-90eb-11e0-a1d0-00e0601a0bb6}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{acd7d97a-90eb-11e0-a1d0-00e0601a0bb6}\Shell\AutoRun\command - "" = IomegaEncryptionSetup v1.3.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.12.27 15:41:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\one\Desktop\OTL.exe [2012.12.22 04:30:25 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\one\Recent [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.27 16:28:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.12.27 16:06:16 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\one\Desktop\24y39r88.exe [2012.12.27 16:04:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.12.27 15:41:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\one\Desktop\OTL.exe [2012.12.27 15:39:22 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\one\defogger_reenable [2012.12.27 15:39:00 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\one\Desktop\Defogger.exe [2012.12.22 11:53:44 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2012.12.11 13:09:12 | 000,034,807 | ---- | M] () -- C:\Dokumente und Einstellungen\one\Desktop\qwerasdf.png [2012.12.11 13:09:12 | 000,009,588 | ---- | M] () -- C:\Dokumente und Einstellungen\one\.recently-used.xbel [2012.11.29 17:52:36 | 000,042,496 | ---- | M] () -- C:\Dokumente und Einstellungen\one\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.27 16:06:15 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\one\Desktop\24y39r88.exe [2012.12.27 15:39:21 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\one\defogger_reenable [2012.12.27 15:38:56 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\one\Desktop\Defogger.exe [2012.12.11 13:09:11 | 000,034,807 | ---- | C] () -- C:\Dokumente und Einstellungen\one\Desktop\qwerasdf.png [2012.12.11 13:09:11 | 000,009,588 | ---- | C] () -- C:\Dokumente und Einstellungen\one\.recently-used.xbel [2012.07.31 15:13:08 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.07.31 14:26:26 | 000,097,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\Fwusb1b.bin [2012.05.01 01:47:11 | 000,350,754 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1292428093-879983540-839522115-1003-0.dat [2012.04.20 15:11:27 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe [2012.04.18 01:25:14 | 000,350,754 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2011.07.27 16:34:33 | 000,042,496 | ---- | C] () -- C:\Dokumente und Einstellungen\one\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.07 18:06:44 | 000,000,463 | ---- | C] () -- C:\WINDOWS\musiceditor.INI [2011.05.07 17:56:19 | 000,000,634 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2011.04.29 19:24:28 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\AV32UID.DAT [2011.04.28 21:12:08 | 000,006,642 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini [2011.04.28 20:26:15 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI [2011.04.28 20:26:15 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI [2011.04.28 20:26:13 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll [2011.04.28 20:26:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini [2011.04.28 20:26:12 | 000,266,240 | ---- | C] () -- C:\WINDOWS\CMIUninstall.exe [2011.04.28 20:26:12 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe [2011.04.28 20:26:12 | 000,225,280 | ---- | C] () -- C:\WINDOWS\CmiRmRedundDir.exe [2011.04.28 20:26:12 | 000,134,699 | ---- | C] () -- C:\WINDOWS\Cmuda.ini [2011.04.28 20:26:11 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll ========== ZeroAccess Check ========== [2012.04.02 18:15:04 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 04:22:26 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.04.28 21:16:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX [2011.05.04 20:22:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FREEDB [2012.04.18 00:17:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Freemake [2011.04.28 21:19:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\one\Anwendungsdaten\MAGIX [2011.07.28 22:49:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\one\Anwendungsdaten\gtk-2.0 [2012.01.13 23:10:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\one\Anwendungsdaten\TIPP10 [2012.04.23 22:49:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\one\Anwendungsdaten\GlarySoft [2012.05.31 15:32:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\one\Anwendungsdaten\Oracle [2012.06.12 23:48:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\one\Anwendungsdaten\ImgBurn [2012.07.02 20:32:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\one\Anwendungsdaten\Audacity [2012.09.09 22:53:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\one\Anwendungsdaten\Opera ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 27.12.2012 15:43:18 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\one\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1023,48 Mb Total Physical Memory | 738,22 Mb Available Physical Memory | 72,13% Memory free
2,90 Gb Paging File | 2,62 Gb Available in Paging File | 90,07% Paging File free
Paging file location(s): C:\pagefile.sys 2048 4096 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 18,63 Gb Total Space | 1,03 Gb Free Space | 5,53% Space Free | Partition Type: FAT32
Drive M: | 74,52 Gb Total Space | 29,15 Gb Free Space | 39,12% Space Free | Partition Type: NTFS
Computer Name: *** | User Name: one | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- M:\Programme\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- M:\Programme\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "M:\Programme\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "M:\Programme\Opera\Opera.exe" "%1" (Opera Software)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1542:TCP" = 1542:TCP:*:Enabled:Realtek WPS TCP Prot
"1542:UDP" = 1542:UDP:*:Enabled:Realtek WPS UDP Prot
"53:UDP" = 53:UDP:*:Enabled:Realtek AP UDP Prot
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe" = C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe:LocalSubNet:Enabled:Magix UPnP Service -- (Magix AG)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"M:\MP3MAKER\MP3Maker.exe" = M:\MP3MAKER\MP3Maker.exe:*:Enabled:MP3Maker.exe -- (MAGIX)
"C:\Programme\REALTEK\RTL8187B Wireless LAN Utility\RtWLan.exe" = C:\Programme\REALTEK\RTL8187B Wireless LAN Utility\RtWLan.exe:*:Enabled:RtWlan
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Programme\Mozilla Firefox\plugin-container.exe" = C:\Programme\Mozilla Firefox\plugin-container.exe:*:Enabled:Plugin Container for Firefox -- (Mozilla Corporation)
"M:\Programme\Yahoo!\Messenger\YahooMessenger.exe" = M:\Programme\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"M:\Programme\Opera\opera.exe" = M:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8398B542-3CC4-44D9-83DF-696CCE70124B}" = Windows Support Tools
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{BA1E1AFD-D1F2-4C52-88C3-186FC5E61604}" = RollerCoaster Tycoon 2: Time Twister
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D4B8AFAB-FB39-11D7-9D43-000A735D259C}" = Rollercoaster Tycoon 2 UCES
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"CCleaner" = CCleaner
"CDex" = CDex - Open Source Digital Audio CD Extractor
"C-Media Audio" = C-Media 3D Audio
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Freemake Audio Converter_is1" = Freemake Audio Converter Version 1.1.0
"ImgBurn" = ImgBurn
"IrfanView" = IrfanView (remove only)
"jEdit_is1" = jEdit 4.5.1
"LilyPond" = LilyPond
"MAGIX Foto Manager 2006 D" = MAGIX Foto Manager 2006 (D)
"MAGIX MP3 Maker 11 D" = MAGIX MP3 Maker 11 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service (D)
"MAGIX Podcast Maker D" = MAGIX Podcast Maker (D)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Opera 12.02.1578" = Opera 12.02
"PROPLUS" = Microsoft Office Professional Plus 2007
"Registry Repair" = Registry Repair 4.1.0.388
"STDU Viewer_is1" = STDU Viewer version 1.6.2.0
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TIPP10_is1" = TIPP10 Version 2.1.0
"VLC media player" = VLC media player 1.1.9
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.11 (32-Bit)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 27.12.2012 09:53:19 | Computer Name = *** | Source = VSS | ID = 12289
Description = Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{bef5361e-9c0b-11df-9cfa-806d6172696f},0xc0000000,0x00000003,...)".
hr = 0x80070005.
Error - 27.12.2012 09:53:43 | Computer Name = *** | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070015" (konvertiert
in 0x800423f3) fehlgeschlagen.
Error - 27.12.2012 09:55:07 | Computer Name = *** | Source = VSS | ID = 12289
Description = Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{bef5361e-9c0b-11df-9cfa-806d6172696f},0xc0000000,0x00000003,...)".
hr = 0x80070005.
Error - 27.12.2012 09:55:30 | Computer Name = *** | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070015" (konvertiert
in 0x800423f3) fehlgeschlagen.
Error - 27.12.2012 09:57:16 | Computer Name = *** | Source = VSS | ID = 12289
Description = Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{bef5361e-9c0b-11df-9cfa-806d6172696f},0xc0000000,0x00000003,...)".
hr = 0x80070005.
Error - 27.12.2012 09:57:39 | Computer Name = *** | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070015" (konvertiert
in 0x800423f3) fehlgeschlagen.
Error - 27.12.2012 09:57:50 | Computer Name = *** | Source = VSS | ID = 12289
Description = Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{bef5361e-9c0b-11df-9cfa-806d6172696f},0xc0000000,0x00000003,...)".
hr = 0x80070005.
Error - 27.12.2012 09:58:12 | Computer Name = *** | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070015" (konvertiert
in 0x800423f3) fehlgeschlagen.
Error - 27.12.2012 10:03:53 | Computer Name = *** | Source = VSS | ID = 12289
Description = Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{bef5361e-9c0b-11df-9cfa-806d6172696f},0xc0000000,0x00000003,...)".
hr = 0x80070005.
Error - 27.12.2012 10:04:17 | Computer Name = *** | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070015" (konvertiert
in 0x800423f3) fehlgeschlagen.
[ System Events ]
Error - 21.12.2012 16:50:53 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Realtek EAPPkt Protocol" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 22.12.2012 06:51:18 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Scutum50 NDIS Protocol Driver" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 22.12.2012 06:51:18 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Realtek EAPPkt Protocol" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 27.12.2012 09:45:11 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Scutum50 NDIS Protocol Driver" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 27.12.2012 09:45:11 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Realtek EAPPkt Protocol" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 27.12.2012 09:54:25 | Computer Name = *** | Source = Wechselmediendienst | ID = 262159
Description = Der Wechselmediendienst kann die Bibliothek CdRom0 nicht verwalten.
Die Datenbank ist beschädigt.
Error - 27.12.2012 09:56:12 | Computer Name = *** | Source = Wechselmediendienst | ID = 262159
Description = Der Wechselmediendienst kann die Bibliothek CdRom0 nicht verwalten.
Die Datenbank ist beschädigt.
Error - 27.12.2012 09:58:21 | Computer Name = *** | Source = Wechselmediendienst | ID = 262159
Description = Der Wechselmediendienst kann die Bibliothek CdRom0 nicht verwalten.
Die Datenbank ist beschädigt.
Error - 27.12.2012 10:05:00 | Computer Name = *** | Source = Wechselmediendienst | ID = 262159
Description = Der Wechselmediendienst kann die Bibliothek CdRom0 nicht verwalten.
Die Datenbank ist beschädigt.
Error - 27.12.2012 10:38:48 | Computer Name = *** | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{F0EE87DA-6073-45E1-AFF2-7B14D77FC8F4} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.
< End of report >
Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-12-27 17:06:11
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD200EB-11CPF0 rev.06.04G06
Running: 24y39r88.exe; Driver: C:\DOKUME~1\one\LOKALE~1\Temp\uxlyapow.sys
---- System - GMER 1.0.15 ----
SSDT F7F68664 ZwClose
SSDT F7F6861E ZwCreateKey
SSDT F7F6866E ZwCreateSection
SSDT F7F68614 ZwCreateThread
SSDT F7F68623 ZwDeleteKey
SSDT F7F6862D ZwDeleteValueKey
SSDT F7F6865F ZwDuplicateObject
SSDT F7F68632 ZwLoadKey
SSDT F7F68600 ZwOpenProcess
SSDT F7F68605 ZwOpenThread
SSDT F7F68687 ZwQueryValueKey
SSDT F7F6863C ZwReplaceKey
SSDT F7F68678 ZwRequestWaitReplyPort
SSDT F7F68637 ZwRestoreKey
SSDT F7F68673 ZwSetContextThread
SSDT F7F6867D ZwSetSecurityObject
SSDT F7F68628 ZwSetValueKey
SSDT F7F68682 ZwSystemDebugControl
SSDT F7F6860F ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!_abnormal_termination + 3A1 804E2A0D 3 Bytes [86, F6, F7]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
|
|
27.12.2012, 18:05
| #2 |
| /// Malware-holic   | Verfrühtes Weihnachtsgeschenk: TR/Crypt.ZPACK.Gen und EXP/2012-1723.GE Hi
__________________öffne mal bitte Avira, Verwaltung, Quarantäne, poste die Fundmeldungen mit Pfadangabe.
__________________ |
|
27.12.2012, 18:08
| #3 |
| | Verfrühtes Weihnachtsgeschenk: TR/Crypt.ZPACK.Gen und EXP/2012-1723.GE Das hier?
__________________Code:
ATTFilter Typ: Datei
Quelle: C:\Dokumente und Einstellungen\one\Lokale Einstellungen\Temp\jar_cache372445240489031649.tmp
Status: Infiziert
Quarantäne-Objekt: 53a7f8c7.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.224
Virendefinitionsdatei: 7.11.54.234
Meldung: EXP/2012-1723.GE
Datum/Uhrzeit: 27.12.2012, 15:32
Code:
ATTFilter Typ: Datei
Quelle: C:\Dokumente und Einstellungen\one\Lokale Einstellungen\Temp\0.1585816588512725.exe
Status: Infiziert
Quarantäne-Objekt: 537cf7b9.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.224
Virendefinitionsdatei: 7.11.54.172
Meldung: TR/Crypt.ZPACK.Gen
Datum/Uhrzeit: 23.12.2012, 01:39
|
|
27.12.2012, 18:10
| #4 |
| /// Malware-holic | Verfrühtes Weihnachtsgeschenk: TR/Crypt.ZPACK.Gen und EXP/2012-1723.GE Jepp. download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
27.12.2012, 18:28
| #5 |
| | Verfrühtes Weihnachtsgeschenk: TR/Crypt.ZPACK.Gen und EXP/2012-1723.GECode:
ATTFilter 18:19:34.0312 2000 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:19:34.0531 2000 ============================================================
18:19:34.0531 2000 Current date / time: 2012/12/27 18:19:34.0531
18:19:34.0531 2000 SystemInfo:
18:19:34.0531 2000
18:19:34.0531 2000 OS Version: 5.1.2600 ServicePack: 3.0
18:19:34.0531 2000 Product type: Workstation
18:19:34.0531 2000 ComputerName: ***
18:19:34.0546 2000 UserName: one
18:19:34.0546 2000 Windows directory: C:\WINDOWS
18:19:34.0546 2000 System windows directory: C:\WINDOWS
18:19:34.0546 2000 Processor architecture: Intel x86
18:19:34.0546 2000 Number of processors: 1
18:19:34.0546 2000 Page size: 0x1000
18:19:34.0546 2000 Boot type: Normal boot
18:19:34.0546 2000 ============================================================
18:19:36.0421 2000 Drive \Device\Harddisk0\DR0 - Size: 0x4A94F0000 (18.65 Gb), SectorSize: 0x200, Cylinders: 0x982, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:19:36.0421 2000 Drive \Device\Harddisk1\DR1 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:19:36.0531 2000 ============================================================
18:19:36.0531 2000 \Device\Harddisk0\DR0:
18:19:36.0531 2000 MBR partitions:
18:19:36.0531 2000 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x2546802
18:19:36.0531 2000 \Device\Harddisk1\DR1:
18:19:36.0531 2000 MBR partitions:
18:19:36.0531 2000 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x950A5C1
18:19:36.0531 2000 ============================================================
18:19:36.0531 2000 C: <-> \Device\Harddisk0\DR0\Partition1
18:19:36.0750 2000 M: <-> \Device\Harddisk1\DR1\Partition1
18:19:36.0750 2000 ============================================================
18:19:36.0750 2000 Initialize success
18:19:36.0750 2000 ============================================================
18:19:50.0968 2356 ============================================================
18:19:50.0968 2356 Scan started
18:19:50.0968 2356 Mode: Manual; SigCheck; TDLFS;
18:19:50.0968 2356 ============================================================
18:19:51.0593 2356 ================ Scan system memory ========================
18:19:51.0593 2356 System memory - ok
18:19:51.0593 2356 ================ Scan services =============================
18:19:51.0671 2356 Abiosdsk - ok
18:19:51.0671 2356 abp480n5 - ok
18:19:51.0750 2356 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:19:53.0593 2356 ACPI - ok
18:19:53.0609 2356 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
18:19:53.0875 2356 ACPIEC - ok
18:19:53.0875 2356 adpu160m - ok
18:19:53.0937 2356 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
18:19:54.0125 2356 aec - ok
18:19:54.0187 2356 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
18:19:54.0265 2356 AFD - ok
18:19:54.0296 2356 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
18:19:54.0453 2356 agp440 - ok
18:19:54.0453 2356 Aha154x - ok
18:19:54.0468 2356 aic78u2 - ok
18:19:54.0468 2356 aic78xx - ok
18:19:54.0562 2356 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
18:19:54.0734 2356 Alerter - ok
18:19:54.0812 2356 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
18:19:55.0031 2356 ALG - ok
18:19:55.0046 2356 AliIde - ok
18:19:55.0046 2356 amsint - ok
18:19:55.0218 2356 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService M:\Programme\Avira\AntiVir Desktop\sched.exe
18:19:55.0250 2356 AntiVirSchedulerService - ok
18:19:55.0265 2356 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService M:\Programme\Avira\AntiVir Desktop\avguard.exe
18:19:55.0312 2356 AntiVirService - ok
18:19:55.0375 2356 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
18:19:55.0562 2356 AppMgmt - ok
18:19:55.0578 2356 AR5523 - ok
18:19:55.0781 2356 [ 8DBEB23BAF83D7161A69503BD5FC0162 ] AR9271 C:\WINDOWS\system32\DRIVERS\athuw.sys
18:19:56.0156 2356 AR9271 ( UnsignedFile.Multi.Generic ) - warning
18:19:56.0156 2356 AR9271 - detected UnsignedFile.Multi.Generic (1)
18:19:56.0218 2356 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:19:56.0390 2356 Arp1394 - ok
18:19:56.0390 2356 asc - ok
18:19:56.0406 2356 asc3350p - ok
18:19:56.0421 2356 asc3550 - ok
18:19:56.0468 2356 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:19:56.0640 2356 AsyncMac - ok
18:19:56.0656 2356 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
18:19:56.0828 2356 atapi - ok
18:19:56.0828 2356 Atdisk - ok
18:19:56.0921 2356 [ 8948961A4BD498A29E5EEEFE548E380F ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
18:19:57.0140 2356 ati2mtag - ok
18:19:57.0171 2356 [ AE5333A1A1B9788DB5D9D62CB430B441 ] atirage3 C:\WINDOWS\system32\DRIVERS\atimpae.sys
18:19:57.0328 2356 atirage3 - ok
18:19:57.0359 2356 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:19:57.0515 2356 Atmarpc - ok
18:19:57.0671 2356 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
18:19:57.0859 2356 AudioSrv - ok
18:19:57.0890 2356 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
18:19:58.0031 2356 audstub - ok
18:19:58.0093 2356 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
18:19:58.0187 2356 avgntflt - ok
18:19:58.0218 2356 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
18:19:58.0250 2356 avipbb - ok
18:19:58.0281 2356 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
18:19:58.0312 2356 avkmgr - ok
18:19:58.0421 2356 [ C6F4C466B654C1BE98AF31418BB5AC30 ] AVM WLAN Connection Service C:\Programme\avmwlanstick\WlanNetService.exe
18:19:58.0500 2356 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - warning
18:19:58.0500 2356 AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic (1)
18:19:58.0531 2356 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
18:19:58.0687 2356 Beep - ok
18:19:58.0812 2356 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
18:19:59.0015 2356 BITS - ok
18:19:59.0093 2356 [ B42057F06BBB98B31876C0B3F2B54E33 ] Browser C:\WINDOWS\System32\browser.dll
18:19:59.0265 2356 Browser - ok
18:19:59.0328 2356 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
18:19:59.0500 2356 cbidf2k - ok
18:19:59.0500 2356 cd20xrnt - ok
18:19:59.0531 2356 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
18:19:59.0703 2356 Cdaudio - ok
18:19:59.0734 2356 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
18:19:59.0875 2356 Cdfs - ok
18:19:59.0890 2356 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:20:00.0062 2356 Cdrom - ok
18:20:00.0062 2356 Changer - ok
18:20:00.0125 2356 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
18:20:00.0296 2356 CiSvc - ok
18:20:00.0312 2356 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
18:20:00.0484 2356 ClipSrv - ok
18:20:00.0656 2356 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:20:00.0687 2356 clr_optimization_v4.0.30319_32 - ok
18:20:00.0703 2356 CmdIde - ok
18:20:00.0812 2356 [ B7D9E7D64C1FD830856807E63356178D ] cmuda C:\WINDOWS\system32\drivers\cmuda.sys
18:20:00.0968 2356 cmuda - ok
18:20:00.0984 2356 COMSysApp - ok
18:20:01.0000 2356 Cpqarray - ok
18:20:01.0078 2356 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
18:20:01.0250 2356 CryptSvc - ok
18:20:01.0265 2356 dac2w2k - ok
18:20:01.0265 2356 dac960nt - ok
18:20:01.0328 2356 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
18:20:01.0468 2356 DcomLaunch - ok
18:20:01.0500 2356 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
18:20:01.0703 2356 Dhcp - ok
18:20:01.0734 2356 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
18:20:01.0890 2356 Disk - ok
18:20:01.0921 2356 dmadmin - ok
18:20:02.0031 2356 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
18:20:02.0296 2356 dmboot - ok
18:20:02.0343 2356 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
18:20:02.0515 2356 dmio - ok
18:20:02.0515 2356 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
18:20:02.0671 2356 dmload - ok
18:20:02.0703 2356 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
18:20:02.0859 2356 dmserver - ok
18:20:02.0921 2356 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
18:20:03.0078 2356 DMusic - ok
18:20:03.0109 2356 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
18:20:03.0218 2356 Dnscache - ok
18:20:03.0296 2356 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
18:20:03.0468 2356 Dot3svc - ok
18:20:03.0484 2356 dpti2o - ok
18:20:03.0515 2356 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
18:20:03.0671 2356 drmkaud - ok
18:20:03.0718 2356 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
18:20:03.0890 2356 EapHost - ok
18:20:03.0906 2356 EAPPkt - ok
18:20:03.0937 2356 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
18:20:04.0093 2356 ERSvc - ok
18:20:04.0171 2356 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
18:20:04.0250 2356 Eventlog - ok
18:20:04.0296 2356 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
18:20:04.0343 2356 EventSystem - ok
18:20:04.0375 2356 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
18:20:04.0531 2356 Fastfat - ok
18:20:04.0562 2356 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
18:20:04.0625 2356 FastUserSwitchingCompatibility - ok
18:20:04.0656 2356 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
18:20:04.0812 2356 Fdc - ok
18:20:04.0875 2356 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
18:20:05.0031 2356 Fips - ok
18:20:05.0203 2356 [ 167D24A045499EBEF438F231976158DF ] FirebirdServerMAGIXInstance M:\Common\Database\bin\fbserver.exe
18:20:05.0453 2356 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
18:20:05.0453 2356 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
18:20:05.0500 2356 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
18:20:05.0640 2356 Flpydisk - ok
18:20:05.0671 2356 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
18:20:05.0843 2356 FltMgr - ok
18:20:05.0859 2356 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:20:06.0000 2356 Fs_Rec - ok
18:20:06.0046 2356 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:20:06.0218 2356 Ftdisk - ok
18:20:06.0281 2356 [ FF12FA487265DA2AC7DE4BE53F72FF1A ] FWLANUSB C:\WINDOWS\system32\DRIVERS\fwlanusb.sys
18:20:06.0359 2356 FWLANUSB - ok
18:20:06.0406 2356 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:20:06.0562 2356 Gpc - ok
18:20:06.0640 2356 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:20:06.0796 2356 helpsvc - ok
18:20:06.0828 2356 HidServ - ok
18:20:06.0890 2356 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:20:07.0046 2356 HidUsb - ok
18:20:07.0109 2356 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
18:20:07.0250 2356 hkmsvc - ok
18:20:07.0265 2356 hpn - ok
18:20:07.0328 2356 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
18:20:07.0390 2356 HTTP - ok
18:20:07.0453 2356 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
18:20:07.0609 2356 HTTPFilter - ok
18:20:07.0625 2356 i2omgmt - ok
18:20:07.0625 2356 i2omp - ok
18:20:07.0656 2356 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:20:07.0828 2356 i8042prt - ok
18:20:07.0859 2356 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
18:20:08.0015 2356 Imapi - ok
18:20:08.0062 2356 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
18:20:08.0234 2356 ImapiService - ok
18:20:08.0250 2356 ini910u - ok
18:20:08.0296 2356 [ 69C4E3C9E67A1F103B94E14FDD5F3213 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
18:20:08.0453 2356 IntelIde - ok
18:20:08.0484 2356 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:20:08.0640 2356 intelppm - ok
18:20:08.0687 2356 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
18:20:08.0859 2356 Ip6Fw - ok
18:20:08.0906 2356 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:20:09.0078 2356 IpFilterDriver - ok
18:20:09.0140 2356 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:20:09.0296 2356 IpInIp - ok
18:20:09.0312 2356 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:20:09.0484 2356 IpNat - ok
18:20:09.0515 2356 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:20:09.0671 2356 IPSec - ok
18:20:09.0703 2356 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
18:20:09.0875 2356 IRENUM - ok
18:20:09.0906 2356 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:20:10.0046 2356 isapnp - ok
18:20:10.0203 2356 [ 5472D771C0197355C1D347F20392B982 ] JavaQuickStarterService C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
18:20:10.0234 2356 JavaQuickStarterService - ok
18:20:10.0281 2356 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:20:10.0453 2356 Kbdclass - ok
18:20:10.0515 2356 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
18:20:10.0671 2356 kmixer - ok
18:20:10.0703 2356 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
18:20:10.0781 2356 KSecDD - ok
18:20:10.0812 2356 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
18:20:10.0890 2356 lanmanserver - ok
18:20:10.0968 2356 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
18:20:11.0031 2356 lanmanworkstation - ok
18:20:11.0046 2356 lbrtfdc - ok
18:20:11.0093 2356 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
18:20:11.0250 2356 LmHosts - ok
18:20:11.0328 2356 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
18:20:11.0468 2356 Messenger - ok
18:20:11.0500 2356 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
18:20:11.0656 2356 mnmdd - ok
18:20:11.0718 2356 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
18:20:11.0875 2356 mnmsrvc - ok
18:20:11.0937 2356 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
18:20:12.0109 2356 Modem - ok
18:20:12.0140 2356 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:20:12.0296 2356 Mouclass - ok
18:20:12.0359 2356 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:20:12.0515 2356 mouhid - ok
18:20:12.0546 2356 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
18:20:12.0718 2356 MountMgr - ok
18:20:12.0718 2356 mraid35x - ok
18:20:12.0765 2356 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:20:12.0921 2356 MRxDAV - ok
18:20:13.0031 2356 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:20:13.0140 2356 MRxSmb - ok
18:20:13.0171 2356 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
18:20:13.0343 2356 MSDTC - ok
18:20:13.0375 2356 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
18:20:13.0531 2356 Msfs - ok
18:20:13.0578 2356 MSIServer - ok
18:20:13.0640 2356 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:20:13.0796 2356 MSKSSRV - ok
18:20:13.0812 2356 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:20:13.0953 2356 MSPCLOCK - ok
18:20:13.0968 2356 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
18:20:14.0125 2356 MSPQM - ok
18:20:14.0156 2356 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:20:14.0281 2356 mssmbios - ok
18:20:14.0296 2356 [ CA3E22598F411199ADC2DFEE76CD0AE0 ] ms_mpu401 C:\WINDOWS\system32\drivers\msmpu401.sys
18:20:14.0453 2356 ms_mpu401 - ok
18:20:14.0500 2356 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
18:20:14.0562 2356 Mup - ok
18:20:14.0656 2356 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
18:20:14.0828 2356 napagent - ok
18:20:14.0859 2356 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
18:20:15.0031 2356 NDIS - ok
18:20:15.0093 2356 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:20:15.0156 2356 NdisTapi - ok
18:20:15.0203 2356 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:20:15.0359 2356 Ndisuio - ok
18:20:15.0375 2356 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:20:15.0546 2356 NdisWan - ok
18:20:15.0578 2356 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
18:20:15.0625 2356 NDProxy - ok
18:20:15.0656 2356 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
18:20:15.0812 2356 NetBIOS - ok
18:20:15.0843 2356 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
18:20:16.0000 2356 NetBT - ok
18:20:16.0046 2356 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
18:20:16.0218 2356 NetDDE - ok
18:20:16.0234 2356 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
18:20:16.0359 2356 NetDDEdsdm - ok
18:20:16.0437 2356 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
18:20:16.0593 2356 Netlogon - ok
18:20:16.0640 2356 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
18:20:16.0812 2356 Netman - ok
18:20:16.0843 2356 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:20:17.0000 2356 NIC1394 - ok
18:20:17.0046 2356 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
18:20:17.0140 2356 Nla - ok
18:20:17.0156 2356 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
18:20:17.0312 2356 Npfs - ok
18:20:17.0375 2356 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
18:20:17.0593 2356 Ntfs - ok
18:20:17.0609 2356 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
18:20:17.0750 2356 NtLmSsp - ok
18:20:17.0875 2356 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
18:20:18.0093 2356 NtmsSvc - ok
18:20:18.0125 2356 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
18:20:18.0265 2356 Null - ok
18:20:18.0328 2356 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:20:18.0500 2356 NwlnkFlt - ok
18:20:18.0515 2356 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:20:18.0671 2356 NwlnkFwd - ok
18:20:18.0843 2356 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
18:20:18.0921 2356 odserv - ok
18:20:18.0953 2356 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:20:19.0093 2356 ohci1394 - ok
18:20:19.0140 2356 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
18:20:19.0171 2356 ose - ok
18:20:19.0203 2356 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
18:20:19.0359 2356 Parport - ok
18:20:19.0375 2356 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
18:20:19.0515 2356 PartMgr - ok
18:20:19.0578 2356 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
18:20:19.0734 2356 ParVdm - ok
18:20:19.0765 2356 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
18:20:19.0921 2356 PCI - ok
18:20:19.0921 2356 PCIDump - ok
18:20:19.0937 2356 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
18:20:20.0093 2356 PCIIde - ok
18:20:20.0156 2356 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
18:20:20.0328 2356 Pcmcia - ok
18:20:20.0343 2356 PDCOMP - ok
18:20:20.0343 2356 PDFRAME - ok
18:20:20.0359 2356 PDRELI - ok
18:20:20.0375 2356 PDRFRAME - ok
18:20:20.0375 2356 perc2 - ok
18:20:20.0390 2356 perc2hib - ok
18:20:20.0437 2356 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
18:20:20.0515 2356 PlugPlay - ok
18:20:20.0531 2356 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
18:20:20.0656 2356 PolicyAgent - ok
18:20:20.0687 2356 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:20:20.0843 2356 PptpMiniport - ok
18:20:20.0859 2356 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
18:20:21.0000 2356 ProtectedStorage - ok
18:20:21.0015 2356 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
18:20:21.0156 2356 PSched - ok
18:20:21.0156 2356 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:20:21.0343 2356 Ptilink - ok
18:20:21.0359 2356 ql1080 - ok
18:20:21.0359 2356 Ql10wnt - ok
18:20:21.0375 2356 ql12160 - ok
18:20:21.0375 2356 ql1240 - ok
18:20:21.0390 2356 ql1280 - ok
18:20:21.0406 2356 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:20:21.0578 2356 RasAcd - ok
18:20:21.0640 2356 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
18:20:21.0812 2356 RasAuto - ok
18:20:21.0843 2356 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:20:22.0000 2356 Rasl2tp - ok
18:20:22.0078 2356 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
18:20:22.0265 2356 RasMan - ok
18:20:22.0296 2356 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:20:22.0453 2356 RasPppoe - ok
18:20:22.0484 2356 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
18:20:22.0640 2356 Raspti - ok
18:20:22.0671 2356 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:20:22.0843 2356 Rdbss - ok
18:20:22.0859 2356 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:20:23.0015 2356 RDPCDD - ok
18:20:23.0046 2356 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:20:23.0203 2356 rdpdr - ok
18:20:23.0281 2356 [ 6589DB6E5969F8EEE594CF71171C5028 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
18:20:23.0359 2356 RDPWD - ok
18:20:23.0437 2356 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
18:20:23.0593 2356 RDSessMgr - ok
18:20:23.0625 2356 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
18:20:23.0796 2356 redbook - ok
18:20:23.0875 2356 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
18:20:24.0046 2356 RemoteAccess - ok
18:20:24.0093 2356 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
18:20:24.0250 2356 RemoteRegistry - ok
18:20:24.0281 2356 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
18:20:24.0437 2356 RpcLocator - ok
18:20:24.0531 2356 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
18:20:24.0656 2356 RpcSs - ok
18:20:24.0687 2356 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
18:20:24.0859 2356 RSVP - ok
18:20:25.0031 2356 [ 0A7293EDC2537652A4914018A7589F14 ] rt2870 C:\WINDOWS\system32\DRIVERS\rt2870.sys
18:20:25.0156 2356 rt2870 - ok
18:20:25.0218 2356 [ EDCD7C87BEEE635DB2DDA09D46359DAA ] RTLWUSB C:\WINDOWS\system32\DRIVERS\RTL8187.sys
18:20:25.0296 2356 RTLWUSB - ok
18:20:25.0390 2356 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
18:20:25.0531 2356 SamSs - ok
18:20:25.0562 2356 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
18:20:25.0718 2356 SCardSvr - ok
18:20:25.0765 2356 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
18:20:25.0953 2356 Schedule - ok
18:20:25.0953 2356 Scutum50 - ok
18:20:26.0015 2356 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:20:26.0156 2356 Secdrv - ok
18:20:26.0218 2356 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
18:20:26.0390 2356 seclogon - ok
18:20:26.0437 2356 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
18:20:26.0578 2356 SENS - ok
18:20:26.0640 2356 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
18:20:26.0781 2356 serenum - ok
18:20:26.0796 2356 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
18:20:26.0953 2356 Serial - ok
18:20:26.0984 2356 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
18:20:27.0140 2356 Sfloppy - ok
18:20:27.0234 2356 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
18:20:27.0437 2356 SharedAccess - ok
18:20:27.0484 2356 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:20:27.0515 2356 ShellHWDetection - ok
18:20:27.0531 2356 Simbad - ok
18:20:27.0656 2356 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Programme\Skype\Updater\Updater.exe
18:20:27.0750 2356 SkypeUpdate - ok
18:20:27.0765 2356 Sparrow - ok
18:20:27.0828 2356 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
18:20:27.0984 2356 splitter - ok
18:20:28.0000 2356 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
18:20:28.0062 2356 Spooler - ok
18:20:28.0093 2356 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
18:20:28.0234 2356 sr - ok
18:20:28.0281 2356 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
18:20:28.0453 2356 srservice - ok
18:20:28.0500 2356 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
18:20:28.0609 2356 Srv - ok
18:20:28.0703 2356 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
18:20:28.0890 2356 SSDPSRV - ok
18:20:28.0906 2356 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
18:20:28.0937 2356 ssmdrv - ok
18:20:29.0031 2356 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
18:20:29.0265 2356 stisvc - ok
18:20:29.0296 2356 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
18:20:29.0453 2356 swenum - ok
18:20:29.0484 2356 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
18:20:29.0625 2356 swmidi - ok
18:20:29.0687 2356 SwPrv - ok
18:20:29.0703 2356 symc810 - ok
18:20:29.0718 2356 symc8xx - ok
18:20:29.0718 2356 sym_hi - ok
18:20:29.0734 2356 sym_u3 - ok
18:20:29.0781 2356 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
18:20:29.0937 2356 sysaudio - ok
18:20:30.0015 2356 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
18:20:30.0171 2356 SysmonLog - ok
18:20:30.0218 2356 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
18:20:30.0421 2356 TapiSrv - ok
18:20:30.0484 2356 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:20:30.0609 2356 Tcpip - ok
18:20:30.0671 2356 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
18:20:30.0828 2356 TDPIPE - ok
18:20:30.0843 2356 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
18:20:31.0000 2356 TDTCP - ok
18:20:31.0031 2356 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
18:20:31.0187 2356 TermDD - ok
18:20:31.0281 2356 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
18:20:31.0453 2356 TermService - ok
18:20:31.0484 2356 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
18:20:31.0500 2356 Themes - ok
18:20:31.0546 2356 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
18:20:31.0703 2356 TlntSvr - ok
18:20:31.0703 2356 TosIde - ok
18:20:31.0750 2356 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
18:20:31.0906 2356 TrkWks - ok
18:20:31.0937 2356 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
18:20:32.0109 2356 Udfs - ok
18:20:32.0125 2356 ultra - ok
18:20:32.0171 2356 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
18:20:32.0390 2356 Update - ok
18:20:32.0484 2356 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
18:20:32.0640 2356 upnphost - ok
18:20:32.0828 2356 [ 7CE0FE34FD8FB7F52D1E503B0C1E4FA9 ] UPnPService C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe
18:20:32.0937 2356 UPnPService ( UnsignedFile.Multi.Generic ) - warning
18:20:32.0937 2356 UPnPService - detected UnsignedFile.Multi.Generic (1)
18:20:32.0984 2356 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
18:20:33.0125 2356 UPS - ok
18:20:33.0156 2356 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:20:33.0312 2356 usbehci - ok
18:20:33.0375 2356 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:20:33.0531 2356 usbhub - ok
18:20:33.0578 2356 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:20:33.0734 2356 usbstor - ok
18:20:33.0750 2356 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:20:33.0921 2356 usbuhci - ok
18:20:33.0953 2356 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
18:20:34.0109 2356 VgaSave - ok
18:20:34.0109 2356 ViaIde - ok
18:20:34.0140 2356 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
18:20:34.0296 2356 VolSnap - ok
18:20:34.0375 2356 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
18:20:34.0546 2356 VSS - ok
18:20:34.0609 2356 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
18:20:34.0781 2356 W32Time - ok
18:20:34.0812 2356 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:20:34.0968 2356 Wanarp - ok
18:20:34.0984 2356 WDICA - ok
18:20:35.0015 2356 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
18:20:35.0171 2356 wdmaud - ok
18:20:35.0218 2356 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
18:20:35.0375 2356 WebClient - ok
18:20:35.0453 2356 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
18:20:35.0609 2356 winmgmt - ok
18:20:35.0687 2356 [ 6E18978B749F0696A774DE3F2CB142DD ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
18:20:35.0843 2356 WmdmPmSN - ok
18:20:35.0953 2356 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll
18:20:36.0078 2356 Wmi - ok
18:20:36.0156 2356 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:20:36.0328 2356 WmiApSrv - ok
18:20:36.0609 2356 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:20:36.0703 2356 WPFFontCache_v0400 - ok
18:20:36.0750 2356 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
18:20:36.0921 2356 wscsvc - ok
18:20:37.0015 2356 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
18:20:37.0171 2356 wuauserv - ok
18:20:37.0296 2356 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
18:20:37.0531 2356 WZCSVC - ok
18:20:37.0625 2356 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
18:20:37.0796 2356 xmlprov - ok
18:20:37.0812 2356 ================ Scan global ===============================
18:20:37.0875 2356 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
18:20:37.0984 2356 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
18:20:38.0046 2356 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
18:20:38.0093 2356 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
18:20:38.0093 2356 [Global] - ok
18:20:38.0109 2356 ================ Scan MBR ==================================
18:20:38.0125 2356 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
18:20:41.0781 2356 \Device\Harddisk0\DR0 - ok
18:20:41.0796 2356 [ 50807E3CED7C99EE6F6E0CED35C8435E ] \Device\Harddisk1\DR1
18:20:42.0640 2356 \Device\Harddisk1\DR1 - ok
18:20:42.0656 2356 ================ Scan VBR ==================================
18:20:42.0656 2356 [ 1AEC03822A34BAF1E08C2379CF5A995B ] \Device\Harddisk0\DR0\Partition1
18:20:42.0656 2356 \Device\Harddisk0\DR0\Partition1 - ok
18:20:42.0687 2356 [ 6A0B2902330FB9B0F5AFB4E94263AB57 ] \Device\Harddisk1\DR1\Partition1
18:20:42.0687 2356 \Device\Harddisk1\DR1\Partition1 - ok
18:20:42.0687 2356 ============================================================
18:20:42.0687 2356 Scan finished
18:20:42.0687 2356 ============================================================
18:20:42.0812 1100 Detected object count: 4
18:20:42.0812 1100 Actual detected object count: 4
18:21:17.0234 1100 AR9271 ( UnsignedFile.Multi.Generic ) - skipped by user
18:21:17.0234 1100 AR9271 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:21:17.0234 1100 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:21:17.0234 1100 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:21:17.0234 1100 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
18:21:17.0234 1100 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:21:17.0234 1100 UPnPService ( UnsignedFile.Multi.Generic ) - skipped by user
18:21:17.0234 1100 UPnPService ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
27.12.2012, 19:14
| #6 | |
| /// Malware-holic | Verfrühtes Weihnachtsgeschenk: TR/Crypt.ZPACK.Gen und EXP/2012-1723.GE Hi, combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> Verfrühtes Weihnachtsgeschenk: TR/Crypt.ZPACK.Gen und EXP/2012-1723.GE |
Linear-Darstellung
