| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: tr/atraps.gen2 und andere FundeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
29.12.2012, 12:45
| #1 |
 |  tr/atraps.gen2 und andere Funde Hi Leute,sitze hier grad am Pc meiner Mutter,und der Echtzeitscanner von Avira hat hier Virusmeldungen angezeigt (tr/atraps.gen2 und andere) die sich allerdings nicht löschen ließen. Hab dann Avira Scan gemacht und bei 46%, 6 Funden nach 3 Stunden abgebrochen.Konnte dann 2 Funde löschen.Danach Anti Maleware Bytes Quickscan gemacht, der zeigte mir 4 Funde an ,diese gelöscht(Hab erst hier gelesen das man das nicht machen soll,zu spät) Seit dem kommen keine Meldungen mehr, aber ich trau der Sache nicht so richtig. Danke für eure Hilfe. Gruß Meister G. Ganz unten noch die Malware Log OTL logfile created on: 29.12.2012 10:44:58 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*****\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,75 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 57,96% Memory free 5,50 Gb Paging File | 4,29 Gb Available in Paging File | 78,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 342,02 Gb Total Space | 237,48 Gb Free Space | 69,43% Space Free | Partition Type: NTFS Drive D: | 341,97 Gb Total Space | 228,21 Gb Free Space | 66,73% Space Free | Partition Type: NTFS Computer Name: *****-PC | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.29 10:44:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gieske\Desktop\OTL.exe PRC - [2012.10.04 15:57:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012.09.12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\NisSrv.exe PRC - [2012.09.12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe PRC - [2012.09.07 15:37:04 | 000,100,864 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe PRC - [2012.08.09 07:37:19 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.05.09 07:24:46 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.09 07:24:40 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.05.09 07:24:39 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.05.20 23:52:06 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2010.05.20 23:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2009.08.18 01:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009.08.18 01:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe PRC - [2007.01.11 04:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE PRC - [2006.02.17 01:51:08 | 000,483,328 | ---- | M] () -- C:\Programme\MSI\US54SE_Utility\ZDWlan.exe ========== Modules (No Company Name) ========== MOD - [2010.05.04 14:36:28 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2006.02.17 01:51:08 | 000,483,328 | ---- | M] () -- C:\Programme\MSI\US54SE_Utility\ZDWlan.exe MOD - [2005.11.11 13:46:48 | 000,045,056 | ---- | M] () -- C:\Programme\MSI\US54SE_Utility\ZDWlan.dll MOD - [2005.11.10 14:50:18 | 000,212,992 | ---- | M] () -- C:\Programme\MSI\US54SE_Utility\dot1x_dll.dll ========== Services (SafeList) ========== SRV - [2012.12.12 08:48:44 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.09.12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.09.07 15:37:04 | 000,100,864 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.05.09 07:24:46 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.09 07:24:39 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2009.08.18 01:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService) SRV - [2008.10.23 17:45:14 | 000,307,200 | ---- | M] (T-Systems Enterprise Services GmbH) [On_Demand | Stopped] -- C:\Programme\DSL-Manager\DslMgrSvc.exe -- (TDslMgrService) SRV - [2007.05.31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007.01.11 04:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) ========== Driver Services (SafeList) ========== DRV - [2012.08.30 21:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2012.05.09 07:24:46 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.09 07:24:46 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB) DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.09.28 08:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2009.08.18 02:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008.07.29 04:45:00 | 000,904,192 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb) DRV - [2007.08.21 09:00:22 | 000,873,472 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WlanGZG.sys -- (XG762_VS) DRV - [2007.08.01 14:49:00 | 000,016,448 | ---- | M] (T-Systems Enterprise Services GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\dslmnlwf.sys -- (DslMNLwf) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5A 2E DA 97 A8 4A CB 01 [binary data] IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {8A0BACF6-CE30-4284-A51E-0405D60018AF} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{8A0BACF6-CE30-4284-A51E-0405D60018AF}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADRA_deDE395 IE - HKCU\..\SearchScopes\{FAFA8EBF-EA44-46C9-823C-9404E9E5CD2F}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=652E5B7F-9537-4FAA-A1A5-C62E58D54FB2&apn_sauid=A6ED621F-C0D0-4155-8603-6784821A30E6& IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.14 17:50:50 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\2.6.2\FF [2012.03.03 22:31:08 | 000,000,000 | ---D | M] [2012.03.14 17:50:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gieske\AppData\Roaming\mozilla\Extensions [2012.05.04 14:51:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gieske\AppData\Roaming\mozilla\Firefox\Profiles\yz3ltjcy.default\extensions [2012.03.14 17:50:50 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.03.13 05:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.03.13 06:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.13 06:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.03.13 06:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.03.13 06:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.13 06:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.13 06:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Bing (Enabled) CHR - default_search_provider: search_url = hxxp://www.bing.com/search?setmkt=de-DE&q={searchTerms} CHR - default_search_provider: suggest_url = hxxp://api.bing.com/osjson.aspx?query={searchTerms}&language={language} CHR - homepage: hxxp://www.google.com/ CHR - Extension: PriceGong = C:\Users\Gieske\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.2_0\ CHR - Extension: YouTube = C:\Users\Gieske\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: YouTube = C:\Users\Gieske\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\Gieske\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google-Suche = C:\Users\Gieske\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Google Mail = C:\Users\Gieske\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: Google Mail = C:\Users\Gieske\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Programme\PriceGong\2.6.2\PriceGongIE.dll (PriceGong) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe (SONIX) O4 - HKCU..\Run: [syshost32] C:\Users\Gieske\AppData\Local\{AFF6C721-3C92-F4CD-0922-36C5E90BBAB1}\syshost.exe () O4 - Startup: C:\Users\Gieske\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk = File not found O4 - Startup: C:\Users\Gieske\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: microsoft.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] * in Trusted sites) O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] * in Trusted sites) O15 - HKCU\..Trusted Domains: windowsupdate.com ([]* in Trusted sites) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31116BF8-057C-44C7-990E-B3A02309704D}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4BD9EE6B-B642-44BB-9FE9-C07A51D22CAB}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D940974-3B24-4ED4-85D2-954CBD761AF8}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF72BE95-631A-4864-BFC7-5D33E0DC5F90}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7E3C8F4-6BFD-4B4C-8A29-C6113049523D}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{5bc6ba27-feef-11e0-a3a8-00226869e1ea}\Shell - "" = AutoRun O33 - MountPoints2\{5bc6ba27-feef-11e0-a3a8-00226869e1ea}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\Start.hta O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.29 10:44:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Gieske\Desktop\OTL.exe [2012.12.28 17:42:05 | 000,000,000 | ---D | C] -- C:\Users\Gieske\AppData\Local\{AFF6C721-3C92-F4CD-0922-36C5E90BBAB1} [2012.12.28 11:40:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Age of Empires 3 [2012.12.28 11:39:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Games [2012.12.24 21:20:55 | 000,000,000 | -H-D | C] -- C:\Users\Gieske\Documents\Freemake_do_not_remove_this_folder634919808556983394 [2012.12.24 01:42:48 | 000,000,000 | ---D | C] -- C:\Users\Gieske\AppData\Roaming\TuneUp Software [2012.12.24 01:42:29 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2012.12.24 01:42:19 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2012.12.24 01:42:19 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.12.24 01:39:06 | 000,000,000 | -H-D | C] -- C:\Users\Gieske\Documents\Freemake_do_not_remove_this_folder [2012.12.24 01:38:16 | 000,000,000 | ---D | C] -- C:\Users\Gieske\Documents\Freemake [2012.12.24 01:38:15 | 000,000,000 | ---D | C] -- C:\Users\Gieske\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake [2012.12.24 01:38:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake [2012.12.24 01:38:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake [2012.12.24 01:38:03 | 000,000,000 | ---D | C] -- C:\Users\Gieske\AppData\Roaming\OpenCandy [2012.12.24 01:38:03 | 000,000,000 | ---D | C] -- C:\Program Files\Freemake [2012.12.23 23:55:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited [2012.12.23 23:55:00 | 000,000,000 | ---D | C] -- C:\Users\Gieske\AppData\Roaming\Canneverbe Limited [2012.12.23 23:51:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter [2012.12.23 23:51:00 | 000,000,000 | ---D | C] -- C:\Users\Gieske\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter [2012.12.23 23:51:00 | 000,000,000 | ---D | C] -- C:\Program Files\Haali [2012.12.23 23:50:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TSDoctor [2012.12.23 23:50:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Cypheros [2012.12.23 23:50:36 | 000,000,000 | ---D | C] -- C:\Program Files\Cypheros [2012.12.16 15:40:51 | 000,000,000 | ---D | C] -- C:\Users\Gieske\AppData\Local\Proxure [2012.12.16 15:40:42 | 000,000,000 | ---D | C] -- C:\ProgramData\ClubSanDisk [2012.12.14 14:30:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Holzfäller Simulator 2013 [2012.12.14 14:30:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2012.12.14 14:30:18 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies [2012.12.14 14:30:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\AGEIA [2012.12.14 14:30:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2012.12.14 14:29:01 | 000,000,000 | ---D | C] -- C:\Program Files\Woodcutter Simulator 2013 [2012.12.08 14:09:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Landwirtschafts Simulator 2013 [2012.12.08 14:07:00 | 000,000,000 | ---D | C] -- C:\Program Files\Landwirtschafts Simulator 2013 ========== Files - Modified Within 30 Days ========== [2012.12.29 10:46:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.29 10:44:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gieske\Desktop\OTL.exe [2012.12.29 10:43:05 | 000,000,000 | ---- | M] () -- C:\Users\Gieske\defogger_reenable [2012.12.29 10:41:49 | 000,050,477 | ---- | M] () -- C:\Users\Gieske\Desktop\Defogger.exe [2012.12.29 10:16:30 | 000,013,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.29 10:16:30 | 000,013,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.29 09:50:06 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.29 08:50:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.29 08:31:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.29 08:31:34 | 2213,945,344 | -HS- | M] () -- C:\hiberfil.sys [2012.12.26 21:13:07 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.24 20:51:01 | 000,654,150 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.12.24 20:51:01 | 000,616,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.12.24 20:51:01 | 000,130,022 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.12.24 20:51:01 | 000,106,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.12.24 01:38:15 | 000,001,282 | ---- | M] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk [2012.12.23 23:50:40 | 000,001,030 | ---- | M] () -- C:\Users\Public\Desktop\TSDoctor.lnk [2012.12.21 09:27:41 | 000,302,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.12.17 11:20:08 | 000,032,720 | ---- | M] () -- C:\Users\Gieske\Documents\Tannebaum.odt [2012.12.16 15:41:26 | 000,000,288 | ---- | M] () -- C:\Users\Gieske\AppData\Roaming\.backup.dm [2012.12.14 19:27:19 | 000,076,844 | ---- | M] () -- C:\Users\Gieske\Documents\weißkopfseeadler.odt [2012.12.14 14:30:28 | 000,002,030 | ---- | M] () -- C:\Users\Gieske\Desktop\Holzfäller Simulator 2013.lnk [2012.12.14 11:25:09 | 000,013,652 | ---- | M] () -- C:\Users\Gieske\Documents\Parkfriedhof Nutzungsrechte.odt [2012.12.14 11:25:09 | 000,000,102 | -H-- | M] () -- C:\Users\Gieske\Documents\.~lock.Parkfriedhof Nutzungsrechte.odt# [2012.12.13 19:55:17 | 000,002,324 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.12.08 14:09:09 | 000,001,245 | ---- | M] () -- C:\Users\Gieske\Desktop\Landwirtschafts Simulator 2013 .lnk [2012.12.08 12:08:52 | 000,013,376 | ---- | M] () -- C:\Users\Gieske\Documents\Wundertüte.odt [2012.12.05 14:16:40 | 000,017,349 | ---- | M] () -- C:\Users\Gieske\Documents\Advent.odt ========== Files Created - No Company Name ========== [2012.12.29 10:43:05 | 000,000,000 | ---- | C] () -- C:\Users\Gieske\defogger_reenable [2012.12.29 10:41:49 | 000,050,477 | ---- | C] () -- C:\Users\Gieske\Desktop\Defogger.exe [2012.12.24 01:38:15 | 000,001,282 | ---- | C] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk [2012.12.23 23:50:40 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\TSDoctor.lnk [2012.12.17 11:20:06 | 000,032,720 | ---- | C] () -- C:\Users\Gieske\Documents\Tannebaum.odt [2012.12.16 15:41:26 | 000,000,288 | ---- | C] () -- C:\Users\Gieske\AppData\Roaming\.backup.dm [2012.12.14 19:27:17 | 000,076,844 | ---- | C] () -- C:\Users\Gieske\Documents\weißkopfseeadler.odt [2012.12.14 14:30:28 | 000,002,030 | ---- | C] () -- C:\Users\Gieske\Desktop\Holzfäller Simulator 2013.lnk [2012.12.14 10:56:31 | 000,000,102 | -H-- | C] () -- C:\Users\Gieske\Documents\.~lock.Parkfriedhof Nutzungsrechte.odt# [2012.12.14 10:56:29 | 000,013,652 | ---- | C] () -- C:\Users\Gieske\Documents\Parkfriedhof Nutzungsrechte.odt [2012.12.08 14:09:09 | 000,001,245 | ---- | C] () -- C:\Users\Gieske\Desktop\Landwirtschafts Simulator 2013 .lnk [2012.12.05 14:24:53 | 000,013,376 | ---- | C] () -- C:\Users\Gieske\Documents\Wundertüte.odt [2012.12.05 14:16:39 | 000,017,349 | ---- | C] () -- C:\Users\Gieske\Documents\Advent.odt [2012.03.26 16:11:29 | 000,000,019 | ---- | C] () -- C:\Windows\TKKG_9.INI [2012.02.18 13:36:06 | 000,284,160 | ---- | C] () -- C:\Windows\uninst.exe [2011.12.24 15:26:37 | 000,004,608 | ---- | C] () -- C:\Users\Gieske\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.01 19:29:29 | 000,843,776 | ---- | C] () -- C:\Windows\vsnpstd3.exe [2011.11.01 19:29:29 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini [2011.11.01 19:29:28 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnpstd3.dll [2011.11.01 19:29:28 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll [2011.11.01 19:29:28 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll [2011.11.01 19:29:28 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll [2011.07.25 16:29:40 | 000,000,056 | ---- | C] () -- C:\Windows\TKKG_7.ini [2011.07.22 13:57:33 | 000,000,168 | ---- | C] () -- C:\Windows\Wendy3.ini ========== ZeroAccess Check ========== [2011.11.17 06:38:39 | 000,000,000 | -HSD | M] -- C:\Users\Gieske\AppData\Local\{725f5121-2ebf-fe7c-6f8a-bfe6380e9f70}\L [2011.11.17 06:38:39 | 000,000,000 | -HSD | M] -- C:\Users\Gieske\AppData\Local\{725f5121-2ebf-fe7c-6f8a-bfe6380e9f70}\U [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] "ThreadingModel" = Both "" = C:\$Recycle.Bin\S-1-5-21-132146776-3345195101-1586744503-1000\$725f51212ebffe7c6f8abfe6380e9f70\n. -- File not found [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.09.29 09:15:09 | 000,000,000 | ---D | M] -- C:\Users\Gieske\AppData\Roaming\.minecraft [2011.01.30 19:51:20 | 000,000,000 | ---D | M] -- C:\Users\Gieske\AppData\Roaming\Ashampoo [2010.12.27 18:47:06 | 000,000,000 | ---D | M] -- C:\Users\Gieske\AppData\Roaming\Baumaschinen Simulator 2011 [2011.09.20 15:48:37 | 000,000,000 | ---D | M] -- C:\Users\Gieske\AppData\Roaming\becker [2012.12.23 23:55:00 | 000,000,000 | ---D | M] -- C:\Users\Gieske\AppData\Roaming\Canneverbe Limited [2010.12.17 20:07:14 | 000,000,000 | ---D | M] -- C:\Users\Gieske\AppData\Roaming\Chirurgie Simulation [2011.11.01 19:28:45 | 000,000,000 | ---D | M] -- C:\Users\Gieske\AppData\Roaming\Engelmann Media [2010.09.01 20:00:50 | 000,000,000 | ---D | M] -- C:\Users\Gieske\AppData\Roaming\InterTrust [2012.12.24 01:38:03 | 000,000,000 | ---D | M] -- C:\Users\Gieske\AppData\Roaming\OpenCandy [2010.09.02 17:48:10 | 000,000,000 | ---D | M] -- C:\Users\Gieske\AppData\Roaming\OpenOffice.org [2012.04.01 06:14:59 | 000,000,000 | ---D | M] -- C:\Users\Gieske\AppData\Roaming\T-Online [2012.12.24 01:42:48 | 000,000,000 | ---D | M] -- C:\Users\Gieske\AppData\Roaming\TuneUp Software [2011.02.03 15:23:30 | 000,000,000 | ---D | M] -- C:\Users\Gieske\AppData\Roaming\TweakNow RegCleaner 2011 [2012.03.06 13:19:57 | 000,000,000 | ---D | M] -- C:\Users\Gieske\AppData\Roaming\Ukotg [2012.03.06 17:17:36 | 000,000,000 | ---D | M] -- C:\Users\Gieske\AppData\Roaming\Upwiu [2011.03.12 15:40:38 | 000,000,000 | ---D | M] -- C:\Users\Gieske\AppData\Roaming\Wildlife Park 2 [2011.03.12 15:23:29 | 000,000,000 | ---D | M] -- C:\Users\Gieske\AppData\Roaming\Wildlife Park 2 - Abenteuer auf der Ranch [2011.03.12 17:54:47 | 000,000,000 | ---D | M] -- C:\Users\Gieske\AppData\Roaming\Wildlife Park 2 - Crazy Zoo [2011.03.12 14:56:18 | 000,000,000 | ---D | M] -- C:\Users\Gieske\AppData\Roaming\Wildlife Park 2 - Farm World [2011.03.12 15:28:42 | 000,000,000 | ---D | M] -- C:\Users\Gieske\AppData\Roaming\Wildlife Park 2 - Marine World ========== Purity Check ========== < End of report > OTL Extras logfile created on: 29.12.2012 10:44:58 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gieske\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,75 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 57,96% Memory free 5,50 Gb Paging File | 4,29 Gb Available in Paging File | 78,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 342,02 Gb Total Space | 237,48 Gb Free Space | 69,43% Space Free | Partition Type: NTFS Drive D: | 341,97 Gb Total Space | 228,21 Gb Free Space | 66,73% Space Free | Partition Type: NTFS Computer Name: GIESKE-PC | User Name: Gieske | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04BCD8BE-5A0D-453E-BD59-117C5A54A869}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{1A0AE945-0DAF-438A-ADAE-952BDC897D9B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{1B676298-EA56-4A87-B093-713C41508E25}" = rport=445 | protocol=6 | dir=out | app=system | "{1D75D03B-C12D-4436-871D-E352B0187220}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{25227096-ADF6-4181-A4CC-9B6E37704FF0}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{28F92B40-36F8-4D60-BB7F-6F85EF431034}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{31CF4F8D-55CA-4D51-B612-7D5508EB5A6D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{38885871-B694-475D-8FDA-94D8C2717CAB}" = lport=2869 | protocol=6 | dir=in | app=system | "{4221DCC0-0DF9-46FF-96AF-3DB2F1CAA543}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4582BFA6-0428-4B4D-823F-EE1D4977BB7C}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{464978F6-FEAC-4F47-ADE6-CBD64B735401}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5C283D4C-60D6-4FBB-AD22-544EC0CAA63F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5DD670B2-E259-432D-AD7F-68BF418EE409}" = lport=445 | protocol=6 | dir=in | app=system | "{603D1CF7-6C18-4F96-AF4D-76D87CEB0DF5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6910E3F0-9310-4F94-A7BB-7BCA1B7EE768}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{69D2AE4C-77B4-4DEA-8495-230FEB066415}" = rport=138 | protocol=17 | dir=out | app=system | "{6E548F25-CD64-4B37-A9A7-888B7812D9A2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{70172EF1-6DD3-4ECD-8AA0-E7E1A18CE6F6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{768F4AD2-A19C-4A20-9101-B083F39D8018}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{7888E51D-1385-431F-971E-BA6D36D3D047}" = lport=2869 | protocol=6 | dir=in | app=system | "{7C9F42FB-7A57-4BD1-98A1-A2C546ACC6D4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8147DF4F-C183-438D-AC51-9393FF141B1E}" = lport=137 | protocol=17 | dir=in | app=system | "{8E85B8FF-15AE-4C41-923B-0AF2ACEBA844}" = rport=137 | protocol=17 | dir=out | app=system | "{9157C833-B394-4BB9-80BE-D7436B2F5485}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A43DE8C8-392F-441E-990A-28DE4D9D96D3}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{AA5F0D0C-49C4-4170-8697-CA0987ED4644}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{AECC0377-4324-4B20-B37D-55FA2CCE7BD4}" = rport=10243 | protocol=6 | dir=out | app=system | "{AFC6981F-3883-4116-9958-C2AFBB660D01}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B5F39ECD-4E9A-4000-A2D6-CEA5E4949978}" = lport=138 | protocol=17 | dir=in | app=system | "{BC75B75D-B5F3-4CC8-9666-B6C5AED7745D}" = rport=2869 | protocol=6 | dir=out | app=system | "{C001D24A-F574-4B09-AF3A-8BFDAB8B1345}" = rport=139 | protocol=6 | dir=out | app=system | "{C2ECFDE2-E6DD-4633-B8C5-677270803308}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C694D6E8-1290-45B5-A66F-2A1382B7A705}" = lport=139 | protocol=6 | dir=in | app=system | "{CB8903A4-9EDD-493B-9C36-8461E168AE78}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{E01C48F5-BBA8-460D-B894-69C65E4B42C5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E59C7EDA-956D-41B8-BC2A-A990A26E4DC8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{EB2103C8-5CED-4CEC-9EC8-A5614125CE66}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{EBEC9A09-B0B5-41B2-83B4-14BF86AE5D28}" = lport=10243 | protocol=6 | dir=in | app=system | "{F1230E72-AAE2-4240-A798-F03DE04BDACF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{110695E0-DF06-48D8-AD70-3954C6678733}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{1232D079-1DEB-40C6-A392-C9E309AC51D9}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2013\farmingsimulator2013game.exe | "{13ACBDEE-3C37-404E-8BD2-88B0483D014F}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe | "{169C4895-EA15-4801-B3AF-6252D9637097}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe | "{1C3BC58D-51FD-479D-8ABA-62D4CD7C0D75}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe | "{21B0CBAC-91D8-4222-8DE6-CA01E1A7035C}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe | "{2D7FD6B4-C267-4D58-A8D5-66790A31B42F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{332F7BC8-0D60-4C4B-9A54-350864FD66A5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{383C553A-0960-4D80-B0FD-66640F24F731}" = protocol=6 | dir=in | app=c:\program files\woodcutter simulator 2013\iupdate.dll | "{4CE21E39-B30B-4303-A4BC-81B79CE82533}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{513C21EC-2C5F-43B4-880F-2B8AC4F19E97}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{51594E13-2BF8-4D94-A00B-7A8773062D88}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe | "{586E6A13-21DB-442D-99B2-D8FE15B32765}" = protocol=6 | dir=out | app=system | "{5980C17C-3F9F-49B9-91C1-AF57E79B30E9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{663A1AC0-A101-44BE-A04C-2120B2E697E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{67122DE6-DE46-4B66-8907-AD493C8E04E5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{6ABB683C-91E7-47FC-8EB6-CB25602D340C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{74DFDDB9-206D-48E3-A93C-C19FC06AD141}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{7E394048-09DF-46C9-93CD-3592CA2AF03E}" = protocol=17 | dir=in | app=c:\program files\woodcutter simulator 2013\woodcutter2013.dll | "{831BF245-FA4D-49B1-A52F-28622BF834C9}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe | "{91E378D5-315E-4BAB-84B3-089EA1C695DB}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{923B50CC-2DD5-4674-B424-B3511E6FBE32}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{969039BF-3964-47EC-A943-72E19470F7C1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{9AF3448A-0E4D-4EFE-8808-FC2215C3FFA1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{A79AB58C-D5D3-48DF-AD18-F3C82EC4F6FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A97D8670-6121-4259-8FF0-0B5FEF0A72F3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{AD26C3EB-8308-4FEA-9BC0-B823FE2F63C4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{AF8A934A-395C-43D8-8DB5-FCDB34187B86}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2013\farmingsimulator2013.exe | "{B0BA9D01-7694-4E26-BBAE-DA3BB991114F}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{C81DF9C4-A3C4-441B-9509-10CC8F042839}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | "{CE1D30CA-9CEA-424D-9DAB-04D8920E2060}" = protocol=6 | dir=in | app=c:\program files\woodcutter simulator 2013\woodcutter2013.dll | "{DA851F06-17CC-4AF7-A772-154FD2CED362}" = protocol=17 | dir=in | app=c:\program files\woodcutter simulator 2013\iupdate.dll | "{DACBE3C1-3D82-4415-AB51-790EE86CA572}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{E166971C-13B9-4CFA-8B60-1714CE40C325}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{E9039C09-E92A-49ED-8F93-842A1E11E2EF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{E9512C71-1F11-4F4E-A50D-916911BD13DE}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2013\farmingsimulator2013.exe | "{ED626596-493D-4EFC-8BBB-D24F4F1DF4B9}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2013\farmingsimulator2013game.exe | "{EDF43FEC-D404-48D2-B08F-D5290B25189C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F0591DCA-F49B-4BC8-BBE2-FEE9D652E21A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{F69C03F0-50AA-41EE-AAA2-F832A8430539}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{FA6E50E6-86CA-457D-A6E3-756122C36F92}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | "TCP Query User{0DEF862D-4C5A-4179-9BC0-277AC44B2D4E}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{3D182DCD-72A6-4CDA-BBC0-92D437F8E355}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe | "TCP Query User{448532B0-85DE-4C0D-A726-314E88B13996}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | "TCP Query User{61B1129E-5EEE-4944-9990-007FA5AAF830}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{887759FA-CB7C-4F98-9E93-9301DB0075E4}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{A5245801-F2D7-41C3-9D15-83FD30327359}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{17A01AD2-D692-48B7-AE7D-5C74A6AF4256}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{2158A60C-5C84-40F7-AC8B-7D1D33F7A298}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{3F2293C7-9AC6-4BAF-9C23-32B977C031CE}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | "UDP Query User{7B63AADE-D3C4-48E4-BED9-A1050D737C8D}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe | "UDP Query User{7FA70033-A8FB-435E-9207-FE272243F0CB}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{B1D795FD-33D2-48B8-9F11-2F32E1DCA154}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack "{52602542-6E1A-4002-AB4C-9A4391103507}" = O&O PartitionManager Professional "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{537575D6-3B96-474C-BD8F-DFF667363DBD}" = Naviextras Toolbox Prerequesities "{581CE7EA-A30D-0000-1211-088635773309}" = MSI US54SE 802.11 b+g USB Stick "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter "{90A455A7-0FC8-4508-B7FA-8F135B8F041A}" = DSL-Manager "{923BC9EF-A7FC-4E6D-8056-F1534DFCE530}" = Steuer-Software 2011 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A00F8237-F496-44D2-0001-E3CCF8CD58AE}" = Photomizer "{A8CB4BF4-CD9C-49C0-92D2-7A85631C746D}_is1" = Baumaschinen Simulator 2011 Version 1.0 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{AF805B23-DCB3-44D5-A9A8-B44C7A80C8D7}_is1" = Gabelstapler Simulator 2009 "{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga "{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2 "{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = USB PC Camera Plus "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F19178B7-F232-4E97-8511-E4D37A339E9C}" = Steuer-Software 2012 "{F4BBEF26-9D37-411F-B0E0-221C680F7B9B}" = TSDoctor "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Age of Empires" = Microsoft Age of Empires "Age of Empires 2.0" = Microsoft Age of Empires II "Ashampoo Photo Commander 7_is1" = Ashampoo Photo Commander 7.60 "AutoBauDeinstKey" = Autos bauen mit Willy Werkel "Avira AntiVir Desktop" = Avira Free Antivirus "Content Manager 2" = Content Manager 2 "DemolitionCompanyDE_is1" = Demolition Company "Digital Editions" = Adobe Digital Editions "EPSON Printer and Utilities" = EPSON-Drucker-Software "Euro Truck Simulator" = Euro Truck Simulator 1.1 "FarmingSimulator2011DE_is1" = Landwirtschafts Simulator 2011 "FarmingSimulator2013DE_is1" = Landwirtschafts Simulator 2013 "Freemake Video Converter_is1" = Freemake Video Converter Version 3.2.1 "Google Chrome" = Google Chrome "HaaliMkx" = Haali Media Splitter "InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III "InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: Die Komplette Saga "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft Security Client" = Microsoft Security Essentials "Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de) "PokerStars" = PokerStars "PriceGong" = PriceGong 2.6.2 "QuickTime" = QuickTime "SBMWW" = Schiffe bauen mit Willy Werkel "TKKG 9" = TKKG 9 "TweakNow RegCleaner 2011_is1" = TweakNow RegCleaner 2011 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "WLP2_is1" = Wildlife Park 2 - Farm World v2.1 "Woodcutter Simulator 2013" = Holzfäller Simulator 2013 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 30.11.2012 15:27:25 | Computer Name = Gieske-PC | Source = Application Hang | ID = 1002 Description = Programm wlmail.exe, Version 14.0.8117.416 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 8d4 Startzeit: 01cdcf3078c39ecb Endzeit: 16 Anwendungspfad: C:\Program Files\Windows Live\Mail\wlmail.exe Berichts-ID: ecfc7e3e-3b23-11e2-b143-00226869e1ea Error - 02.12.2012 04:50:10 | Computer Name = Gieske-PC | Source = Application Hang | ID = 1002 Description = Programm game.exe, Version 4.1.6.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 748 Startzeit: 01cdd066b7b35a43 Endzeit: 245 Anwendungspfad: C:\Program Files\Landwirtschafts Simulator 2011\game.exe Berichts-ID: 41981ccc-3c5d-11e2-9b35-00226869e1ea Error - 14.12.2012 06:26:20 | Computer Name = Gieske-PC | Source = Application Hang | ID = 1002 Description = Programm soffice.bin, Version 3.2.9498.500 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 94c Startzeit: 01cdd9dc74f160e6 Endzeit: 9 Anwendungspfad: C:\Program Files\OpenOffice.org 3\program\soffice.bin Berichts-ID: a11f32f7-45d8-11e2-b9b2-00226869e1ea Error - 14.12.2012 09:29:26 | Computer Name = Gieske-PC | Source = VSS | ID = 8194 Description = Error - 23.12.2012 19:14:24 | Computer Name = Gieske-PC | Source = Application Hang | ID = 1002 Description = Programm wmplayer.exe, Version 12.0.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 140 Startzeit: 01cde162f96269b8 Endzeit: 16 Anwendungspfad: C:\Program Files\Windows Media Player\wmplayer.exe Berichts-ID: Error - 23.12.2012 19:44:33 | Computer Name = Gieske-PC | Source = Windows Backup | ID = 4104 Description = Error - 24.12.2012 15:58:49 | Computer Name = Gieske-PC | Source = TS-Doctor | ID = 2134 Description = Error - 24.12.2012 15:58:51 | Computer Name = Gieske-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: TSDoctor.exe, Version: 1.2.57.2901, Zeitstempel: 0x50cdd3d6 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x04a2f768 ID des fehlerhaften Prozesses: 0x1484 Startzeit der fehlerhaften Anwendung: 0x01cde2110d1d1b5e Pfad der fehlerhaften Anwendung: C:\Program Files\Cypheros\TSDoctor\TSDoctor.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 5621038a-4e04-11e2-8b71-00226869e1ea Error - 26.12.2012 16:03:47 | Computer Name = Gieske-PC | Source = Microsoft-Windows-RestartManager | ID = 10006 Description = Die Anwendung oder der Dienst "Windows-Explorer" konnte nicht heruntergefahren werden. Error - 28.12.2012 06:29:25 | Computer Name = Gieske-PC | Source = VSS | ID = 8194 Description = [ System Events ] Error - 28.12.2012 11:40:45 | Computer Name = Gieske-PC | Source = ipnathlp | ID = 31004 Description = Error - 28.12.2012 12:46:05 | Computer Name = Gieske-PC | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 28.12.2012 12:46:05 | Computer Name = Gieske-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 28.12.2012 14:26:16 | Computer Name = Gieske-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 28.12.2012 14:26:27 | Computer Name = Gieske-PC | Source = ipnathlp | ID = 31004 Description = Error - 29.12.2012 02:55:46 | Computer Name = Gieske-PC | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 29.12.2012 02:55:46 | Computer Name = Gieske-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 29.12.2012 03:31:42 | Computer Name = Gieske-PC | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 29.12.2012 03:31:42 | Computer Name = Gieske-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 29.12.2012 03:32:24 | Computer Name = Gieske-PC | Source = ipnathlp | ID = 31004 Description = < End of report > OTL Extras logfile created on: 29.12.2012 10:44:58 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gieske\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,75 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 57,96% Memory free 5,50 Gb Paging File | 4,29 Gb Available in Paging File | 78,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 342,02 Gb Total Space | 237,48 Gb Free Space | 69,43% Space Free | Partition Type: NTFS Drive D: | 341,97 Gb Total Space | 228,21 Gb Free Space | 66,73% Space Free | Partition Type: NTFS Computer Name: GIESKE-PC | User Name: Gieske | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04BCD8BE-5A0D-453E-BD59-117C5A54A869}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{1A0AE945-0DAF-438A-ADAE-952BDC897D9B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{1B676298-EA56-4A87-B093-713C41508E25}" = rport=445 | protocol=6 | dir=out | app=system | "{1D75D03B-C12D-4436-871D-E352B0187220}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{25227096-ADF6-4181-A4CC-9B6E37704FF0}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{28F92B40-36F8-4D60-BB7F-6F85EF431034}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{31CF4F8D-55CA-4D51-B612-7D5508EB5A6D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{38885871-B694-475D-8FDA-94D8C2717CAB}" = lport=2869 | protocol=6 | dir=in | app=system | "{4221DCC0-0DF9-46FF-96AF-3DB2F1CAA543}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4582BFA6-0428-4B4D-823F-EE1D4977BB7C}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{464978F6-FEAC-4F47-ADE6-CBD64B735401}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5C283D4C-60D6-4FBB-AD22-544EC0CAA63F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5DD670B2-E259-432D-AD7F-68BF418EE409}" = lport=445 | protocol=6 | dir=in | app=system | "{603D1CF7-6C18-4F96-AF4D-76D87CEB0DF5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6910E3F0-9310-4F94-A7BB-7BCA1B7EE768}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{69D2AE4C-77B4-4DEA-8495-230FEB066415}" = rport=138 | protocol=17 | dir=out | app=system | "{6E548F25-CD64-4B37-A9A7-888B7812D9A2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{70172EF1-6DD3-4ECD-8AA0-E7E1A18CE6F6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{768F4AD2-A19C-4A20-9101-B083F39D8018}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{7888E51D-1385-431F-971E-BA6D36D3D047}" = lport=2869 | protocol=6 | dir=in | app=system | "{7C9F42FB-7A57-4BD1-98A1-A2C546ACC6D4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8147DF4F-C183-438D-AC51-9393FF141B1E}" = lport=137 | protocol=17 | dir=in | app=system | "{8E85B8FF-15AE-4C41-923B-0AF2ACEBA844}" = rport=137 | protocol=17 | dir=out | app=system | "{9157C833-B394-4BB9-80BE-D7436B2F5485}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A43DE8C8-392F-441E-990A-28DE4D9D96D3}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{AA5F0D0C-49C4-4170-8697-CA0987ED4644}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{AECC0377-4324-4B20-B37D-55FA2CCE7BD4}" = rport=10243 | protocol=6 | dir=out | app=system | "{AFC6981F-3883-4116-9958-C2AFBB660D01}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B5F39ECD-4E9A-4000-A2D6-CEA5E4949978}" = lport=138 | protocol=17 | dir=in | app=system | "{BC75B75D-B5F3-4CC8-9666-B6C5AED7745D}" = rport=2869 | protocol=6 | dir=out | app=system | "{C001D24A-F574-4B09-AF3A-8BFDAB8B1345}" = rport=139 | protocol=6 | dir=out | app=system | "{C2ECFDE2-E6DD-4633-B8C5-677270803308}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C694D6E8-1290-45B5-A66F-2A1382B7A705}" = lport=139 | protocol=6 | dir=in | app=system | "{CB8903A4-9EDD-493B-9C36-8461E168AE78}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{E01C48F5-BBA8-460D-B894-69C65E4B42C5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E59C7EDA-956D-41B8-BC2A-A990A26E4DC8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{EB2103C8-5CED-4CEC-9EC8-A5614125CE66}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{EBEC9A09-B0B5-41B2-83B4-14BF86AE5D28}" = lport=10243 | protocol=6 | dir=in | app=system | "{F1230E72-AAE2-4240-A798-F03DE04BDACF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{110695E0-DF06-48D8-AD70-3954C6678733}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{1232D079-1DEB-40C6-A392-C9E309AC51D9}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2013\farmingsimulator2013game.exe | "{13ACBDEE-3C37-404E-8BD2-88B0483D014F}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe | "{169C4895-EA15-4801-B3AF-6252D9637097}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe | "{1C3BC58D-51FD-479D-8ABA-62D4CD7C0D75}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe | "{21B0CBAC-91D8-4222-8DE6-CA01E1A7035C}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe | "{2D7FD6B4-C267-4D58-A8D5-66790A31B42F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{332F7BC8-0D60-4C4B-9A54-350864FD66A5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{383C553A-0960-4D80-B0FD-66640F24F731}" = protocol=6 | dir=in | app=c:\program files\woodcutter simulator 2013\iupdate.dll | "{4CE21E39-B30B-4303-A4BC-81B79CE82533}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{513C21EC-2C5F-43B4-880F-2B8AC4F19E97}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{51594E13-2BF8-4D94-A00B-7A8773062D88}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe | "{586E6A13-21DB-442D-99B2-D8FE15B32765}" = protocol=6 | dir=out | app=system | "{5980C17C-3F9F-49B9-91C1-AF57E79B30E9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{663A1AC0-A101-44BE-A04C-2120B2E697E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{67122DE6-DE46-4B66-8907-AD493C8E04E5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{6ABB683C-91E7-47FC-8EB6-CB25602D340C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{74DFDDB9-206D-48E3-A93C-C19FC06AD141}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{7E394048-09DF-46C9-93CD-3592CA2AF03E}" = protocol=17 | dir=in | app=c:\program files\woodcutter simulator 2013\woodcutter2013.dll | "{831BF245-FA4D-49B1-A52F-28622BF834C9}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe | "{91E378D5-315E-4BAB-84B3-089EA1C695DB}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{923B50CC-2DD5-4674-B424-B3511E6FBE32}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{969039BF-3964-47EC-A943-72E19470F7C1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{9AF3448A-0E4D-4EFE-8808-FC2215C3FFA1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{A79AB58C-D5D3-48DF-AD18-F3C82EC4F6FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A97D8670-6121-4259-8FF0-0B5FEF0A72F3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{AD26C3EB-8308-4FEA-9BC0-B823FE2F63C4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{AF8A934A-395C-43D8-8DB5-FCDB34187B86}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2013\farmingsimulator2013.exe | "{B0BA9D01-7694-4E26-BBAE-DA3BB991114F}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{C81DF9C4-A3C4-441B-9509-10CC8F042839}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | "{CE1D30CA-9CEA-424D-9DAB-04D8920E2060}" = protocol=6 | dir=in | app=c:\program files\woodcutter simulator 2013\woodcutter2013.dll | "{DA851F06-17CC-4AF7-A772-154FD2CED362}" = protocol=17 | dir=in | app=c:\program files\woodcutter simulator 2013\iupdate.dll | "{DACBE3C1-3D82-4415-AB51-790EE86CA572}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{E166971C-13B9-4CFA-8B60-1714CE40C325}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{E9039C09-E92A-49ED-8F93-842A1E11E2EF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{E9512C71-1F11-4F4E-A50D-916911BD13DE}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2013\farmingsimulator2013.exe | "{ED626596-493D-4EFC-8BBB-D24F4F1DF4B9}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2013\farmingsimulator2013game.exe | "{EDF43FEC-D404-48D2-B08F-D5290B25189C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F0591DCA-F49B-4BC8-BBE2-FEE9D652E21A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{F69C03F0-50AA-41EE-AAA2-F832A8430539}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{FA6E50E6-86CA-457D-A6E3-756122C36F92}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | "TCP Query User{0DEF862D-4C5A-4179-9BC0-277AC44B2D4E}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{3D182DCD-72A6-4CDA-BBC0-92D437F8E355}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe | "TCP Query User{448532B0-85DE-4C0D-A726-314E88B13996}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | "TCP Query User{61B1129E-5EEE-4944-9990-007FA5AAF830}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{887759FA-CB7C-4F98-9E93-9301DB0075E4}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{A5245801-F2D7-41C3-9D15-83FD30327359}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{17A01AD2-D692-48B7-AE7D-5C74A6AF4256}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{2158A60C-5C84-40F7-AC8B-7D1D33F7A298}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{3F2293C7-9AC6-4BAF-9C23-32B977C031CE}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | "UDP Query User{7B63AADE-D3C4-48E4-BED9-A1050D737C8D}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe | "UDP Query User{7FA70033-A8FB-435E-9207-FE272243F0CB}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{B1D795FD-33D2-48B8-9F11-2F32E1DCA154}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack "{52602542-6E1A-4002-AB4C-9A4391103507}" = O&O PartitionManager Professional "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{537575D6-3B96-474C-BD8F-DFF667363DBD}" = Naviextras Toolbox Prerequesities "{581CE7EA-A30D-0000-1211-088635773309}" = MSI US54SE 802.11 b+g USB Stick "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter "{90A455A7-0FC8-4508-B7FA-8F135B8F041A}" = DSL-Manager "{923BC9EF-A7FC-4E6D-8056-F1534DFCE530}" = Steuer-Software 2011 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A00F8237-F496-44D2-0001-E3CCF8CD58AE}" = Photomizer "{A8CB4BF4-CD9C-49C0-92D2-7A85631C746D}_is1" = Baumaschinen Simulator 2011 Version 1.0 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{AF805B23-DCB3-44D5-A9A8-B44C7A80C8D7}_is1" = Gabelstapler Simulator 2009 "{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga "{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2 "{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = USB PC Camera Plus "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F19178B7-F232-4E97-8511-E4D37A339E9C}" = Steuer-Software 2012 "{F4BBEF26-9D37-411F-B0E0-221C680F7B9B}" = TSDoctor "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Age of Empires" = Microsoft Age of Empires "Age of Empires 2.0" = Microsoft Age of Empires II "Ashampoo Photo Commander 7_is1" = Ashampoo Photo Commander 7.60 "AutoBauDeinstKey" = Autos bauen mit Willy Werkel "Avira AntiVir Desktop" = Avira Free Antivirus "Content Manager 2" = Content Manager 2 "DemolitionCompanyDE_is1" = Demolition Company "Digital Editions" = Adobe Digital Editions "EPSON Printer and Utilities" = EPSON-Drucker-Software "Euro Truck Simulator" = Euro Truck Simulator 1.1 "FarmingSimulator2011DE_is1" = Landwirtschafts Simulator 2011 "FarmingSimulator2013DE_is1" = Landwirtschafts Simulator 2013 "Freemake Video Converter_is1" = Freemake Video Converter Version 3.2.1 "Google Chrome" = Google Chrome "HaaliMkx" = Haali Media Splitter "InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III "InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: Die Komplette Saga "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft Security Client" = Microsoft Security Essentials "Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de) "PokerStars" = PokerStars "PriceGong" = PriceGong 2.6.2 "QuickTime" = QuickTime "SBMWW" = Schiffe bauen mit Willy Werkel "TKKG 9" = TKKG 9 "TweakNow RegCleaner 2011_is1" = TweakNow RegCleaner 2011 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "WLP2_is1" = Wildlife Park 2 - Farm World v2.1 "Woodcutter Simulator 2013" = Holzfäller Simulator 2013 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 30.11.2012 15:27:25 | Computer Name = Gieske-PC | Source = Application Hang | ID = 1002 Description = Programm wlmail.exe, Version 14.0.8117.416 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 8d4 Startzeit: 01cdcf3078c39ecb Endzeit: 16 Anwendungspfad: C:\Program Files\Windows Live\Mail\wlmail.exe Berichts-ID: ecfc7e3e-3b23-11e2-b143-00226869e1ea Error - 02.12.2012 04:50:10 | Computer Name = Gieske-PC | Source = Application Hang | ID = 1002 Description = Programm game.exe, Version 4.1.6.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 748 Startzeit: 01cdd066b7b35a43 Endzeit: 245 Anwendungspfad: C:\Program Files\Landwirtschafts Simulator 2011\game.exe Berichts-ID: 41981ccc-3c5d-11e2-9b35-00226869e1ea Error - 14.12.2012 06:26:20 | Computer Name = Gieske-PC | Source = Application Hang | ID = 1002 Description = Programm soffice.bin, Version 3.2.9498.500 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 94c Startzeit: 01cdd9dc74f160e6 Endzeit: 9 Anwendungspfad: C:\Program Files\OpenOffice.org 3\program\soffice.bin Berichts-ID: a11f32f7-45d8-11e2-b9b2-00226869e1ea Error - 14.12.2012 09:29:26 | Computer Name = Gieske-PC | Source = VSS | ID = 8194 Description = Error - 23.12.2012 19:14:24 | Computer Name = Gieske-PC | Source = Application Hang | ID = 1002 Description = Programm wmplayer.exe, Version 12.0.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 140 Startzeit: 01cde162f96269b8 Endzeit: 16 Anwendungspfad: C:\Program Files\Windows Media Player\wmplayer.exe Berichts-ID: Error - 23.12.2012 19:44:33 | Computer Name = Gieske-PC | Source = Windows Backup | ID = 4104 Description = Error - 24.12.2012 15:58:49 | Computer Name = Gieske-PC | Source = TS-Doctor | ID = 2134 Description = Error - 24.12.2012 15:58:51 | Computer Name = Gieske-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: TSDoctor.exe, Version: 1.2.57.2901, Zeitstempel: 0x50cdd3d6 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x04a2f768 ID des fehlerhaften Prozesses: 0x1484 Startzeit der fehlerhaften Anwendung: 0x01cde2110d1d1b5e Pfad der fehlerhaften Anwendung: C:\Program Files\Cypheros\TSDoctor\TSDoctor.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 5621038a-4e04-11e2-8b71-00226869e1ea Error - 26.12.2012 16:03:47 | Computer Name = Gieske-PC | Source = Microsoft-Windows-RestartManager | ID = 10006 Description = Die Anwendung oder der Dienst "Windows-Explorer" konnte nicht heruntergefahren werden. Error - 28.12.2012 06:29:25 | Computer Name = Gieske-PC | Source = VSS | ID = 8194 Description = [ System Events ] Error - 28.12.2012 11:40:45 | Computer Name = Gieske-PC | Source = ipnathlp | ID = 31004 Description = Error - 28.12.2012 12:46:05 | Computer Name = Gieske-PC | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 28.12.2012 12:46:05 | Computer Name = Gieske-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 28.12.2012 14:26:16 | Computer Name = Gieske-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 28.12.2012 14:26:27 | Computer Name = Gieske-PC | Source = ipnathlp | ID = 31004 Description = Error - 29.12.2012 02:55:46 | Computer Name = Gieske-PC | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 29.12.2012 02:55:46 | Computer Name = Gieske-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 29.12.2012 03:31:42 | Computer Name = Gieske-PC | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 29.12.2012 03:31:42 | Computer Name = Gieske-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 29.12.2012 03:32:24 | Computer Name = Gieske-PC | Source = ipnathlp | ID = 31004 Description = < End of report > GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-12-29 12:19:58 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3750528AS rev.CC44 Running: 3jn7se1i.exe; Driver: C:\Users\Gieske\AppData\Local\Temp\pgriapoc.sys ---- System - GMER 1.0.15 ---- SSDT 90B3197E ZwCreateSection SSDT 90B31988 ZwRequestWaitReplyPort SSDT 90B31983 ZwSetContextThread SSDT 90B3198D ZwSetSecurityObject SSDT 90B31992 ZwSystemDebugControl SSDT 90B3191F ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 83248A49 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 832824D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 8328962C 4 Bytes [7E, 19, B3, 90] {JLE 0x1b; MOV BL, 0x90} .text ntkrnlpa.exe!KeRemoveQueueEx + 1553 83289988 4 Bytes [88, 19, B3, 90] {MOV [ECX], BL; MOV BL, 0x90} .text ntkrnlpa.exe!KeRemoveQueueEx + 1597 832899CC 4 Bytes [83, 19, B3, 90] {SBB DWORD [ECX], -0x4d; NOP } .text ntkrnlpa.exe!KeRemoveQueueEx + 1613 83289A48 4 Bytes [8D, 19, B3, 90] {LEA EBX, [ECX]; MOV BL, 0x90} .text ntkrnlpa.exe!KeRemoveQueueEx + 1667 83289A9C 4 Bytes [92, 19, B3, 90] .text ... .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9201B000, 0x2D5378, 0xE8000020] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[1692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [744B24CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [7449562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [744956EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [744B2546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [744A85AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [744A4D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [744A5105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [744A51DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [744A6707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [744A8301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [744A8850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [744A90B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [744AE254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [744A4C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1808] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7581FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1808] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7581FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1808] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7581FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1808] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7581FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1808] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [7581FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \Driver\ACPI_HAL \Device\00000049 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) ---- Threads - GMER 1.0.15 ---- Thread System [4:1484] 9E999F2E ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OOPM03.00.00.01PRO 5D58C566F90E9667CB9697C65318A8C86110B716643EACCA4B458A625417BAA5546AB77C4D4587CC6CD5C03CBF218491B752A801C5230A97342FA99B04A59C1AE6AEF8EFAA78B30125BC22 F77E3C9EC161F46C0FF0186F1A10014C09CFB67A0E9BB8F0A8F817E43F64225553AA2F4494D2B7EBA15CDACA28FDFD4E3C261A859159EE8B04BFA7AD7879B3761788D30875E6A89412A238 CDCB013B0E371C342FEE6C8CB7D3ACC2E1CE9B6F267FFB99BE04DD2D59A981936FC20122EEF268FBAF9DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFE BC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98088EDD5E5BE2F6E6675D575E7D6A3B9808A2D97226D213B555D490791B4D30260CD1E3EAA726CE5E6E379B64C7C7D1BC32798291D7 92C805B910E46C5059F82FC49D26F726CE15B03F1EA982757FD9C14E270D017EDC61C036C1316FF0555C2211C88E4E0A02116AD3D7E22502DD29BD20D4A51643155382E77FD18C7F58378C E48F81E903CFB0D8DE6ECFD6688D636238F5170F901D9A7B5BC278CF729E78406A9632C835EBF99044CE49281BD8C3225A5E82ABC47B439FD26BA94B368422D27FE6ABEC372E046721C7FE AC00321537FD485931B1597129C0BABC95298E4C20B4694BDD97137A79440FF37B6DAFBA1D4E5066681D845994CF57DFC89D64A245506FC325D3B99FA62 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F709BF6-5D31-43B9-9DDA-BCCCF79A8F75} Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BEAD2096-2814-41E0-AF79-3D70BC6918AF} Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F709BF6-5D31-43B9-9DDA-BCCCF79A8F75} Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F709BF6-5D31-43B9-9DDA-BCCCF79A8F75}@Path \Microsoft\Microsoft Antimalware\MpIdleTask Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F709BF6-5D31-43B9-9DDA-BCCCF79A8F75}@Hash 0x55 0x9C 0x68 0x8C ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F709BF6-5D31-43B9-9DDA-BCCCF79A8F75}@Triggers 0x15 0x00 0x00 0x00 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F709BF6-5D31-43B9-9DDA-BCCCF79A8F75}@DynamicInfo 0x03 0x00 0x00 0x00 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BEAD2096-2814-41E0-AF79-3D70BC6918AF} Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BEAD2096-2814-41E0-AF79-3D70BC6918AF}@Path \Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BEAD2096-2814-41E0-AF79-3D70BC6918AF}@Hash 0xCC 0x66 0xBE 0x0A ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BEAD2096-2814-41E0-AF79-3D70BC6918AF}@Triggers 0x15 0x00 0x00 0x00 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BEAD2096-2814-41E0-AF79-3D70BC6918AF}@DynamicInfo 0x03 0x00 0x00 0x00 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan@Id {BEAD2096-2814-41E0-AF79-3D70BC6918AF} Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Microsoft Antimalware\MpIdleTask@Id {2F709BF6-5D31-43B9-9DDA-BCCCF79A8F75} ---- EOF - GMER 1.0.15 ---- alwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.26.12 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Gieske :: GIESKE-PC [Administrator] 29.12.2012 10:59:51 mbam-log-2012-12-29 (10-59-51).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 193461 Laufzeit: 3 Minute(n), 48 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 1 HKCR\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InProcServer32| (Trojan.0Access) -> Bösartig: (C:\$Recycle.Bin\S-1-5-21-132146776-3345195101-1586744503-1000\$725f51212ebffe7c6f8abfe6380e9f70\n.) Gut: (shell32.dll) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\$Recycle.Bin\S-1-5-21-132146776-3345195101-1586744503-1000\$725f51212ebffe7c6f8abfe6380e9f70\n (Trojan.0Access) -> Löschen bei Neustart. C:\Users\Gieske\AppData\Local\Temp\msimg32.dll (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Gieske\AppData\Local\Temp\3706443.exe (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
29.12.2012, 12:58
| #2 | ||
| /// TB-Ausbilder  | tr/atraps.gen2 und andere Funde
 Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich. Gelesen und verstanden? Schritt 1: Laufwerksemulationen abschalten mit Defogger Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop und starte es: Schritt 2: Scan mit aswMBR
Schritt 3: Scan mit dem TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.
Schritt 4: Scan mit DDS (+ attach) Downloade dir bitte DDS (von sUBs) von einem der folgenden Downloadspiegel und speichere die Datei auf deinem Desktop.
__________________ |
|
29.12.2012, 13:12
| #3 |
| | tr/atraps.gen2 und andere Funde Dat ging ja schnell.
__________________defogger_disable by jpshortstuff (23.02.10.1) Log created at 10:43 on 29/12/2012 (Gieske) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Soll ich jeden Punkt einzeln Posten oder alles in eine Antwort packen?Wie gross ist den die Datei in Punkt 2 hab hier nur ne 1000 Leitung bin jetzt bei 30MB Danke |
|
29.12.2012, 13:18
| #4 |
| /// TB-Ausbilder | tr/atraps.gen2 und andere Funde Gelesen und verstanden?
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
29.12.2012, 13:23
| #5 |
| | tr/atraps.gen2 und andere Funde Ha, Ja gelesen und jetzt auch verstanden So bitte: Schritt 1 Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:43 on 29/12/2012 (Gieske)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-29 13:55:08
-----------------------------
13:55:08.714 OS Version: Windows 6.1.7601 Service Pack 1
13:55:08.714 Number of processors: 2 586 0x6B02
13:55:08.714 ComputerName: GIESKE-PC UserName: Gieske
13:55:12.802 Initialize success
13:55:23.831 AVAST engine defs: 12122900
13:55:26.498 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:55:26.498 Disk 0 Vendor: ST3750528AS CC44 Size: 715404MB BusType: 3
13:55:26.748 Disk 0 MBR read successfully
13:55:26.748 Disk 0 MBR scan
13:55:26.764 Disk 0 Windows 7 default MBR code
13:55:26.904 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15000 MB offset 2048
13:55:26.998 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 350226 MB offset 30722048
13:55:27.107 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 350176 MB offset 747984896
13:55:27.310 Disk 0 scanning sectors +1465145344
13:55:28.121 Disk 0 scanning C:\Windows\system32\drivers
13:57:55.748 Service scanning
13:58:09.367 Service MpKsla2b99d2b c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{78E2287E-3CA6-4D1C-A1F3-F8DCF01D7F4A}\MpKsla2b99d2b.sys **LOCKED** 32
13:58:27.395 Modules scanning
14:01:28.901 Disk 0 trace - called modules:
14:01:28.932
14:01:32.785 AVAST engine scan C:\Windows
14:04:42.528 AVAST engine scan C:\Windows\system32
14:25:36.736 AVAST engine scan C:\Windows\system32\drivers
14:26:24.129 AVAST engine scan C:\Users\Gieske
14:50:34.132 File: C:\Users\Gieske\AppData\Local\{AFF6C721-3C92-F4CD-0922-36C5E90BBAB1}\syshost.exe **INFECTED** Win32:Malware-gen
15:08:45.428 AVAST engine scan C:\ProgramData
15:18:47.719 Scan finished successfully
15:19:26.919 Disk 0 MBR has been saved successfully to "C:\Users\Gieske\Desktop\MBR.dat"
15:19:27.013 The log file has been saved successfully to "C:\Users\Gieske\Desktop\aswMBR.txt"
Schritt 3 Code:
ATTFilter 15:34:54.0900 4936 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:34:55.0166 4936 ============================================================
15:34:55.0166 4936 Current date / time: 2012/12/29 15:34:55.0166
15:34:55.0166 4936 SystemInfo:
15:34:55.0166 4936
15:34:55.0166 4936 OS Version: 6.1.7601 ServicePack: 1.0
15:34:55.0166 4936 Product type: Workstation
15:34:55.0166 4936 ComputerName: GIESKE-PC
15:34:55.0166 4936 UserName: Gieske
15:34:55.0166 4936 Windows directory: C:\Windows
15:34:55.0166 4936 System windows directory: C:\Windows
15:34:55.0166 4936 Processor architecture: Intel x86
15:34:55.0166 4936 Number of processors: 2
15:34:55.0166 4936 Page size: 0x1000
15:34:55.0166 4936 Boot type: Normal boot
15:34:55.0166 4936 ============================================================
15:34:56.0757 4936 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:34:56.0882 4936 ============================================================
15:34:56.0882 4936 \Device\Harddisk0\DR0:
15:34:56.0882 4936 MBR partitions:
15:34:56.0882 4936 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D4C800, BlocksNum 0x2AC09000
15:34:56.0882 4936 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2C955800, BlocksNum 0x2ABF0000
15:34:56.0882 4936 ============================================================
15:34:56.0913 4936 C: <-> \Device\Harddisk0\DR0\Partition1
15:34:57.0038 4936 D: <-> \Device\Harddisk0\DR0\Partition2
15:34:57.0038 4936 ============================================================
15:34:57.0038 4936 Initialize success
15:34:57.0038 4936 ============================================================
15:35:04.0479 5512 ============================================================
15:35:04.0479 5512 Scan started
15:35:04.0479 5512 Mode: Manual; TDLFS;
15:35:04.0479 5512 ============================================================
15:35:05.0150 5512 ================ Scan system memory ========================
15:35:05.0150 5512 System memory - ok
15:35:05.0150 5512 ================ Scan services =============================
15:35:05.0228 5512 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:35:05.0228 5512 1394ohci - ok
15:35:05.0321 5512 [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
15:35:05.0321 5512 AAV UpdateService - ok
15:35:05.0368 5512 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:35:05.0368 5512 ACPI - ok
15:35:05.0399 5512 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:35:05.0399 5512 AcpiPmi - ok
15:35:05.0462 5512 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
15:35:05.0462 5512 AdobeARMservice - ok
15:35:05.0508 5512 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:35:05.0508 5512 AdobeFlashPlayerUpdateSvc - ok
15:35:05.0540 5512 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
15:35:05.0540 5512 adp94xx - ok
15:35:05.0555 5512 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
15:35:05.0555 5512 adpahci - ok
15:35:05.0571 5512 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
15:35:05.0586 5512 adpu320 - ok
15:35:05.0602 5512 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:35:05.0602 5512 AeLookupSvc - ok
15:35:05.0633 5512 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
15:35:05.0633 5512 AFD - ok
15:35:05.0664 5512 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
15:35:05.0664 5512 agp440 - ok
15:35:05.0680 5512 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
15:35:05.0680 5512 aic78xx - ok
15:35:05.0711 5512 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
15:35:05.0711 5512 ALG - ok
15:35:05.0711 5512 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
15:35:05.0711 5512 aliide - ok
15:35:05.0742 5512 [ B19505648F033393E907E2E419FDE8B3 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:35:05.0742 5512 AMD External Events Utility - ok
15:35:05.0758 5512 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
15:35:05.0758 5512 amdagp - ok
15:35:05.0789 5512 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
15:35:05.0789 5512 amdide - ok
15:35:05.0805 5512 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
15:35:05.0805 5512 AmdK8 - ok
15:35:05.0805 5512 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
15:35:05.0820 5512 AmdPPM - ok
15:35:05.0836 5512 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:35:05.0836 5512 amdsata - ok
15:35:05.0836 5512 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
15:35:05.0852 5512 amdsbs - ok
15:35:05.0852 5512 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:35:05.0852 5512 amdxata - ok
15:35:05.0930 5512 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
15:35:05.0930 5512 AntiVirSchedulerService - ok
15:35:05.0976 5512 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
15:35:05.0992 5512 AntiVirService - ok
15:35:06.0008 5512 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
15:35:06.0023 5512 AppID - ok
15:35:06.0039 5512 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:35:06.0039 5512 AppIDSvc - ok
15:35:06.0070 5512 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
15:35:06.0070 5512 Appinfo - ok
15:35:06.0070 5512 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
15:35:06.0070 5512 arc - ok
15:35:06.0101 5512 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
15:35:06.0101 5512 arcsas - ok
15:35:06.0101 5512 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:35:06.0101 5512 AsyncMac - ok
15:35:06.0117 5512 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
15:35:06.0117 5512 atapi - ok
15:35:06.0164 5512 [ 44FA26470D4C8123CCF71F4200B782D3 ] athrusb C:\Windows\system32\DRIVERS\athrusb.sys
15:35:06.0164 5512 athrusb - ok
15:35:06.0288 5512 [ 04F09923A393E4E0E8453A8F78361E73 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
15:35:06.0304 5512 atikmdag - ok
15:35:06.0413 5512 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:35:06.0413 5512 AudioEndpointBuilder - ok
15:35:06.0413 5512 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
15:35:06.0429 5512 Audiosrv - ok
15:35:06.0444 5512 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
15:35:06.0444 5512 avgntflt - ok
15:35:06.0460 5512 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
15:35:06.0460 5512 avipbb - ok
15:35:06.0476 5512 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
15:35:06.0476 5512 avkmgr - ok
15:35:06.0507 5512 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:35:06.0507 5512 AxInstSV - ok
15:35:06.0522 5512 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
15:35:06.0538 5512 b06bdrv - ok
15:35:06.0554 5512 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
15:35:06.0554 5512 b57nd60x - ok
15:35:06.0569 5512 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
15:35:06.0569 5512 BDESVC - ok
15:35:06.0585 5512 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
15:35:06.0585 5512 Beep - ok
15:35:06.0632 5512 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
15:35:06.0632 5512 BFE - ok
15:35:06.0647 5512 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
15:35:06.0647 5512 BITS - ok
15:35:06.0663 5512 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:35:06.0663 5512 blbdrive - ok
15:35:06.0678 5512 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:35:06.0678 5512 bowser - ok
15:35:06.0694 5512 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:35:06.0694 5512 BrFiltLo - ok
15:35:06.0710 5512 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:35:06.0710 5512 BrFiltUp - ok
15:35:06.0741 5512 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
15:35:06.0741 5512 Browser - ok
15:35:06.0756 5512 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:35:06.0756 5512 Brserid - ok
15:35:06.0788 5512 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:35:06.0788 5512 BrSerWdm - ok
15:35:06.0788 5512 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:35:06.0788 5512 BrUsbMdm - ok
15:35:06.0803 5512 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:35:06.0803 5512 BrUsbSer - ok
15:35:06.0803 5512 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
15:35:06.0803 5512 BTHMODEM - ok
15:35:06.0819 5512 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
15:35:06.0819 5512 bthserv - ok
15:35:06.0834 5512 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:35:06.0834 5512 cdfs - ok
15:35:06.0866 5512 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:35:06.0866 5512 cdrom - ok
15:35:06.0897 5512 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
15:35:06.0897 5512 CertPropSvc - ok
15:35:06.0912 5512 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
15:35:06.0912 5512 circlass - ok
15:35:06.0944 5512 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
15:35:06.0959 5512 CLFS - ok
15:35:07.0006 5512 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:35:07.0006 5512 clr_optimization_v2.0.50727_32 - ok
15:35:07.0084 5512 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:35:07.0084 5512 clr_optimization_v4.0.30319_32 - ok
15:35:07.0100 5512 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:35:07.0100 5512 CmBatt - ok
15:35:07.0115 5512 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:35:07.0115 5512 cmdide - ok
15:35:07.0162 5512 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
15:35:07.0162 5512 CNG - ok
15:35:07.0178 5512 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:35:07.0178 5512 Compbatt - ok
15:35:07.0224 5512 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
15:35:07.0224 5512 CompositeBus - ok
15:35:07.0224 5512 COMSysApp - ok
15:35:07.0240 5512 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
15:35:07.0240 5512 crcdisk - ok
15:35:07.0271 5512 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:35:07.0271 5512 CryptSvc - ok
15:35:07.0318 5512 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
15:35:07.0318 5512 DcomLaunch - ok
15:35:07.0334 5512 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
15:35:07.0334 5512 defragsvc - ok
15:35:07.0349 5512 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:35:07.0349 5512 DfsC - ok
15:35:07.0380 5512 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
15:35:07.0380 5512 Dhcp - ok
15:35:07.0396 5512 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
15:35:07.0396 5512 discache - ok
15:35:07.0412 5512 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
15:35:07.0412 5512 Disk - ok
15:35:07.0427 5512 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:35:07.0443 5512 Dnscache - ok
15:35:07.0458 5512 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
15:35:07.0474 5512 dot3svc - ok
15:35:07.0490 5512 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
15:35:07.0490 5512 DPS - ok
15:35:07.0505 5512 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:35:07.0505 5512 drmkaud - ok
15:35:07.0536 5512 [ E577B5C4A6BE078E5445CDCFB65BE7AB ] DslMNLwf C:\Windows\system32\DRIVERS\dslmnlwf.sys
15:35:07.0536 5512 DslMNLwf - ok
15:35:07.0583 5512 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:35:07.0599 5512 DXGKrnl - ok
15:35:07.0630 5512 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
15:35:07.0630 5512 EapHost - ok
15:35:07.0708 5512 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
15:35:07.0739 5512 ebdrv - ok
15:35:07.0755 5512 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
15:35:07.0770 5512 EFS - ok
15:35:07.0802 5512 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:35:07.0802 5512 ehRecvr - ok
15:35:07.0833 5512 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
15:35:07.0833 5512 ehSched - ok
15:35:07.0848 5512 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
15:35:07.0848 5512 elxstor - ok
15:35:07.0895 5512 [ 8FE6AB59CAB8F2C038FEA9522A5EEBA7 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
15:35:07.0895 5512 EPSON_PM_RPCV4_01 - ok
15:35:07.0911 5512 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:35:07.0911 5512 ErrDev - ok
15:35:07.0942 5512 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
15:35:07.0942 5512 EventSystem - ok
15:35:07.0958 5512 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
15:35:07.0958 5512 exfat - ok
15:35:07.0973 5512 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:35:07.0989 5512 fastfat - ok
15:35:08.0004 5512 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
15:35:08.0004 5512 Fax - ok
15:35:08.0020 5512 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:35:08.0020 5512 fdc - ok
15:35:08.0036 5512 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
15:35:08.0036 5512 fdPHost - ok
15:35:08.0051 5512 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
15:35:08.0051 5512 FDResPub - ok
15:35:08.0067 5512 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:35:08.0067 5512 FileInfo - ok
15:35:08.0067 5512 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:35:08.0067 5512 Filetrace - ok
15:35:08.0082 5512 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:35:08.0082 5512 flpydisk - ok
15:35:08.0098 5512 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:35:08.0098 5512 FltMgr - ok
15:35:08.0145 5512 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
15:35:08.0160 5512 FontCache - ok
15:35:08.0207 5512 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:35:08.0207 5512 FontCache3.0.0.0 - ok
15:35:08.0285 5512 [ D40B85303BCFF96A717392B06FB015C4 ] Freemake Improver C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
15:35:08.0301 5512 Freemake Improver - ok
15:35:08.0316 5512 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:35:08.0316 5512 FsDepends - ok
15:35:08.0348 5512 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:35:08.0348 5512 Fs_Rec - ok
15:35:08.0363 5512 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:35:08.0363 5512 fvevol - ok
15:35:08.0379 5512 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
15:35:08.0379 5512 gagp30kx - ok
15:35:08.0410 5512 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
15:35:08.0410 5512 gpsvc - ok
15:35:08.0472 5512 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
15:35:08.0472 5512 gupdate - ok
15:35:08.0472 5512 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
15:35:08.0472 5512 gupdatem - ok
15:35:08.0504 5512 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:35:08.0504 5512 gusvc - ok
15:35:08.0519 5512 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:35:08.0519 5512 hcw85cir - ok
15:35:08.0550 5512 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:35:08.0550 5512 HdAudAddService - ok
15:35:08.0566 5512 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
15:35:08.0566 5512 HDAudBus - ok
15:35:08.0582 5512 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
15:35:08.0582 5512 HidBatt - ok
15:35:08.0597 5512 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
15:35:08.0597 5512 HidBth - ok
15:35:08.0613 5512 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
15:35:08.0613 5512 HidIr - ok
15:35:08.0628 5512 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
15:35:08.0644 5512 hidserv - ok
15:35:08.0644 5512 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:35:08.0644 5512 HidUsb - ok
15:35:08.0675 5512 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:35:08.0675 5512 hkmsvc - ok
15:35:08.0691 5512 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:35:08.0691 5512 HomeGroupListener - ok
15:35:08.0722 5512 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:35:08.0738 5512 HomeGroupProvider - ok
15:35:08.0753 5512 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:35:08.0753 5512 HpSAMD - ok
15:35:08.0769 5512 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:35:08.0784 5512 HTTP - ok
15:35:08.0784 5512 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:35:08.0800 5512 hwpolicy - ok
15:35:08.0816 5512 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
15:35:08.0816 5512 i8042prt - ok
15:35:08.0831 5512 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:35:08.0847 5512 iaStorV - ok
15:35:08.0894 5512 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:35:08.0894 5512 idsvc - ok
15:35:08.0925 5512 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
15:35:08.0925 5512 iirsp - ok
15:35:08.0940 5512 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
15:35:08.0956 5512 IKEEXT - ok
15:35:08.0972 5512 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
15:35:08.0972 5512 intelide - ok
15:35:08.0972 5512 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:35:08.0972 5512 intelppm - ok
15:35:09.0003 5512 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:35:09.0003 5512 IPBusEnum - ok
15:35:09.0018 5512 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:35:09.0018 5512 IpFilterDriver - ok
15:35:09.0050 5512 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:35:09.0065 5512 iphlpsvc - ok
15:35:09.0065 5512 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:35:09.0065 5512 IPMIDRV - ok
15:35:09.0081 5512 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:35:09.0081 5512 IPNAT - ok
15:35:09.0096 5512 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:35:09.0096 5512 IRENUM - ok
15:35:09.0112 5512 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:35:09.0112 5512 isapnp - ok
15:35:09.0128 5512 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:35:09.0128 5512 iScsiPrt - ok
15:35:09.0143 5512 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:35:09.0143 5512 kbdclass - ok
15:35:09.0159 5512 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:35:09.0159 5512 kbdhid - ok
15:35:09.0174 5512 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
15:35:09.0174 5512 KeyIso - ok
15:35:09.0206 5512 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:35:09.0206 5512 KSecDD - ok
15:35:09.0206 5512 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:35:09.0206 5512 KSecPkg - ok
15:35:09.0237 5512 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
15:35:09.0252 5512 KtmRm - ok
15:35:09.0268 5512 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
15:35:09.0268 5512 LanmanServer - ok
15:35:09.0284 5512 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:35:09.0284 5512 LanmanWorkstation - ok
15:35:09.0299 5512 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:35:09.0299 5512 lltdio - ok
15:35:09.0315 5512 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:35:09.0315 5512 lltdsvc - ok
15:35:09.0330 5512 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
15:35:09.0330 5512 lmhosts - ok
15:35:09.0346 5512 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
15:35:09.0346 5512 LSI_FC - ok
15:35:09.0362 5512 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
15:35:09.0362 5512 LSI_SAS - ok
15:35:09.0377 5512 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:35:09.0377 5512 LSI_SAS2 - ok
15:35:09.0393 5512 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:35:09.0393 5512 LSI_SCSI - ok
15:35:09.0408 5512 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
15:35:09.0408 5512 luafv - ok
15:35:09.0424 5512 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:35:09.0440 5512 Mcx2Svc - ok
15:35:09.0455 5512 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
15:35:09.0455 5512 megasas - ok
15:35:09.0471 5512 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
15:35:09.0471 5512 MegaSR - ok
15:35:09.0486 5512 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
15:35:09.0486 5512 MMCSS - ok
15:35:09.0518 5512 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
15:35:09.0518 5512 Modem - ok
15:35:09.0518 5512 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:35:09.0533 5512 monitor - ok
15:35:09.0549 5512 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
15:35:09.0564 5512 mouclass - ok
15:35:09.0564 5512 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:35:09.0564 5512 mouhid - ok
15:35:09.0580 5512 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:35:09.0580 5512 mountmgr - ok
15:35:09.0627 5512 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
15:35:09.0627 5512 MpFilter - ok
15:35:09.0658 5512 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
15:35:09.0658 5512 mpio - ok
15:35:09.0736 5512 [ A69630D039C38018689190234F866D77 ] MpKsla2b99d2b c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{78E2287E-3CA6-4D1C-A1F3-F8DCF01D7F4A}\MpKsla2b99d2b.sys
15:35:09.0736 5512 MpKsla2b99d2b - ok
15:35:09.0767 5512 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:35:09.0767 5512 mpsdrv - ok
15:35:09.0814 5512 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:35:09.0830 5512 MpsSvc - ok
15:35:09.0861 5512 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:35:09.0861 5512 MRxDAV - ok
15:35:09.0876 5512 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:35:09.0876 5512 mrxsmb - ok
15:35:09.0892 5512 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:35:09.0892 5512 mrxsmb10 - ok
15:35:09.0923 5512 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:35:09.0923 5512 mrxsmb20 - ok
15:35:09.0939 5512 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
15:35:09.0939 5512 msahci - ok
15:35:09.0954 5512 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:35:09.0954 5512 msdsm - ok
15:35:09.0970 5512 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
15:35:09.0970 5512 MSDTC - ok
15:35:09.0986 5512 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:35:09.0986 5512 Msfs - ok
15:35:10.0017 5512 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:35:10.0032 5512 mshidkmdf - ok
15:35:10.0032 5512 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:35:10.0032 5512 msisadrv - ok
15:35:10.0048 5512 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:35:10.0064 5512 MSiSCSI - ok
15:35:10.0064 5512 msiserver - ok
15:35:10.0079 5512 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:35:10.0079 5512 MSKSSRV - ok
15:35:10.0142 5512 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
15:35:10.0142 5512 MsMpSvc - ok
15:35:10.0157 5512 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:35:10.0157 5512 MSPCLOCK - ok
15:35:10.0157 5512 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:35:10.0157 5512 MSPQM - ok
15:35:10.0173 5512 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:35:10.0173 5512 MsRPC - ok
15:35:10.0188 5512 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
15:35:10.0188 5512 mssmbios - ok
15:35:10.0188 5512 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:35:10.0188 5512 MSTEE - ok
15:35:10.0188 5512 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
15:35:10.0188 5512 MTConfig - ok
15:35:10.0204 5512 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
15:35:10.0204 5512 Mup - ok
15:35:10.0235 5512 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
15:35:10.0235 5512 napagent - ok
15:35:10.0251 5512 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:35:10.0266 5512 NativeWifiP - ok
15:35:10.0298 5512 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:35:10.0298 5512 NDIS - ok
15:35:10.0313 5512 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:35:10.0313 5512 NdisCap - ok
15:35:10.0345 5512 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:35:10.0345 5512 NdisTapi - ok
15:35:10.0376 5512 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:35:10.0376 5512 Ndisuio - ok
15:35:10.0391 5512 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:35:10.0391 5512 NdisWan - ok
15:35:10.0407 5512 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:35:10.0407 5512 NDProxy - ok
15:35:10.0423 5512 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:35:10.0423 5512 NetBIOS - ok
15:35:10.0438 5512 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:35:10.0438 5512 NetBT - ok
15:35:10.0438 5512 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
15:35:10.0438 5512 Netlogon - ok
15:35:10.0454 5512 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
15:35:10.0469 5512 Netman - ok
15:35:10.0485 5512 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
15:35:10.0485 5512 netprofm - ok
15:35:10.0501 5512 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:35:10.0501 5512 NetTcpPortSharing - ok
15:35:10.0501 5512 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
15:35:10.0501 5512 nfrd960 - ok
15:35:10.0563 5512 [ 2CD24A6AF497D0E9B9BF3DA924ED05E6 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:35:10.0563 5512 NisDrv - ok
15:35:10.0594 5512 [ 3B846434055F80D9E89D0742F3ADAD34 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
15:35:10.0594 5512 NisSrv - ok
15:35:10.0625 5512 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
15:35:10.0641 5512 NlaSvc - ok
15:35:10.0641 5512 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:35:10.0641 5512 Npfs - ok
15:35:10.0688 5512 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
15:35:10.0688 5512 nsi - ok
15:35:10.0703 5512 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:35:10.0703 5512 nsiproxy - ok
15:35:10.0766 5512 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:35:10.0766 5512 Ntfs - ok
15:35:10.0781 5512 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
15:35:10.0781 5512 Null - ok
15:35:10.0813 5512 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:35:10.0813 5512 nvraid - ok
15:35:10.0828 5512 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:35:10.0828 5512 nvstor - ok
15:35:10.0828 5512 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:35:10.0844 5512 nv_agp - ok
15:35:10.0859 5512 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:35:10.0859 5512 ohci1394 - ok
15:35:10.0891 5512 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:35:10.0891 5512 p2pimsvc - ok
15:35:10.0906 5512 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
15:35:10.0906 5512 p2psvc - ok
15:35:10.0922 5512 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
15:35:10.0937 5512 Parport - ok
15:35:10.0953 5512 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:35:10.0953 5512 partmgr - ok
15:35:10.0969 5512 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
15:35:10.0969 5512 Parvdm - ok
15:35:10.0984 5512 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:35:11.0000 5512 PcaSvc - ok
15:35:11.0000 5512 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
15:35:11.0000 5512 pci - ok
15:35:11.0015 5512 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
15:35:11.0015 5512 pciide - ok
15:35:11.0031 5512 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
15:35:11.0031 5512 pcmcia - ok
15:35:11.0031 5512 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
15:35:11.0031 5512 pcw - ok
15:35:11.0062 5512 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:35:11.0062 5512 PEAUTH - ok
15:35:11.0125 5512 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
15:35:11.0140 5512 pla - ok
15:35:11.0203 5512 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:35:11.0203 5512 PlugPlay - ok
15:35:11.0218 5512 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:35:11.0218 5512 PNRPAutoReg - ok
15:35:11.0234 5512 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:35:11.0234 5512 PNRPsvc - ok
15:35:11.0265 5512 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:35:11.0265 5512 PolicyAgent - ok
15:35:11.0296 5512 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
15:35:11.0312 5512 Power - ok
15:35:11.0327 5512 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:35:11.0327 5512 PptpMiniport - ok
15:35:11.0343 5512 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
15:35:11.0343 5512 Processor - ok
15:35:11.0390 5512 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
15:35:11.0390 5512 ProfSvc - ok
15:35:11.0421 5512 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:35:11.0421 5512 ProtectedStorage - ok
15:35:11.0437 5512 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:35:11.0437 5512 Psched - ok
15:35:11.0499 5512 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
15:35:11.0515 5512 ql2300 - ok
15:35:11.0515 5512 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
15:35:11.0515 5512 ql40xx - ok
15:35:11.0546 5512 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
15:35:11.0546 5512 QWAVE - ok
15:35:11.0561 5512 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:35:11.0561 5512 QWAVEdrv - ok
15:35:11.0608 5512 [ 8F97D374AD1857E1EED85A79F29A1D3D ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
15:35:11.0608 5512 RapiMgr - ok
15:35:11.0624 5512 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:35:11.0624 5512 RasAcd - ok
15:35:11.0639 5512 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:35:11.0639 5512 RasAgileVpn - ok
15:35:11.0655 5512 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
15:35:11.0655 5512 RasAuto - ok
15:35:11.0671 5512 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:35:11.0671 5512 Rasl2tp - ok
15:35:11.0702 5512 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
15:35:11.0702 5512 RasMan - ok
15:35:11.0717 5512 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:35:11.0717 5512 RasPppoe - ok
15:35:11.0717 5512 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:35:11.0717 5512 RasSstp - ok
15:35:11.0749 5512 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:35:11.0749 5512 rdbss - ok
15:35:11.0764 5512 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:35:11.0764 5512 rdpbus - ok
15:35:11.0780 5512 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:35:11.0780 5512 RDPCDD - ok
15:35:11.0795 5512 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:35:11.0795 5512 RDPENCDD - ok
15:35:11.0795 5512 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:35:11.0811 5512 RDPREFMP - ok
15:35:11.0842 5512 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:35:11.0842 5512 RDPWD - ok
15:35:11.0858 5512 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:35:11.0858 5512 rdyboost - ok
15:35:11.0889 5512 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
15:35:11.0889 5512 RemoteAccess - ok
15:35:11.0905 5512 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:35:11.0905 5512 RemoteRegistry - ok
15:35:11.0936 5512 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:35:11.0936 5512 RpcEptMapper - ok
15:35:11.0951 5512 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
15:35:11.0951 5512 RpcLocator - ok
15:35:11.0967 5512 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
15:35:11.0983 5512 RpcSs - ok
15:35:11.0983 5512 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:35:11.0983 5512 rspndr - ok
15:35:12.0029 5512 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
15:35:12.0029 5512 SamSs - ok
15:35:12.0045 5512 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:35:12.0061 5512 sbp2port - ok
15:35:12.0076 5512 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:35:12.0076 5512 SCardSvr - ok
15:35:12.0092 5512 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:35:12.0092 5512 scfilter - ok
15:35:12.0139 5512 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
15:35:12.0154 5512 Schedule - ok
15:35:12.0170 5512 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:35:12.0170 5512 SCPolicySvc - ok
15:35:12.0217 5512 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:35:12.0217 5512 SDRSVC - ok
15:35:12.0263 5512 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:35:12.0263 5512 secdrv - ok
15:35:12.0279 5512 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
15:35:12.0295 5512 seclogon - ok
15:35:12.0310 5512 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
15:35:12.0326 5512 SENS - ok
15:35:12.0341 5512 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:35:12.0341 5512 SensrSvc - ok
15:35:12.0357 5512 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:35:12.0357 5512 Serenum - ok
15:35:12.0373 5512 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:35:12.0373 5512 Serial - ok
15:35:12.0388 5512 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
15:35:12.0388 5512 sermouse - ok
15:35:12.0435 5512 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
15:35:12.0435 5512 SessionEnv - ok
15:35:12.0466 5512 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:35:12.0466 5512 sffdisk - ok
15:35:12.0482 5512 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:35:12.0482 5512 sffp_mmc - ok
15:35:12.0497 5512 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:35:12.0497 5512 sffp_sd - ok
15:35:12.0513 5512 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
15:35:12.0513 5512 sfloppy - ok
15:35:12.0544 5512 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:35:12.0544 5512 SharedAccess - ok
15:35:12.0591 5512 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:35:12.0591 5512 ShellHWDetection - ok
15:35:12.0607 5512 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
15:35:12.0607 5512 sisagp - ok
15:35:12.0622 5512 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:35:12.0622 5512 SiSRaid2 - ok
15:35:12.0638 5512 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
15:35:12.0638 5512 SiSRaid4 - ok
15:35:12.0638 5512 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:35:12.0638 5512 Smb - ok
15:35:12.0669 5512 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:35:12.0669 5512 SNMPTRAP - ok
15:35:12.0669 5512 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
15:35:12.0685 5512 spldr - ok
15:35:12.0716 5512 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
15:35:12.0716 5512 Spooler - ok
15:35:12.0778 5512 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
15:35:12.0809 5512 sppsvc - ok
15:35:12.0825 5512 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:35:12.0841 5512 sppuinotify - ok
15:35:12.0856 5512 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
15:35:12.0856 5512 srv - ok
15:35:12.0887 5512 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:35:12.0887 5512 srv2 - ok
15:35:12.0887 5512 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:35:12.0887 5512 srvnet - ok
15:35:12.0903 5512 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:35:12.0919 5512 SSDPSRV - ok
15:35:12.0950 5512 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
15:35:12.0950 5512 ssmdrv - ok
15:35:12.0965 5512 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:35:12.0965 5512 SstpSvc - ok
15:35:12.0981 5512 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
15:35:12.0981 5512 stexstor - ok
15:35:13.0028 5512 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
15:35:13.0028 5512 StiSvc - ok
15:35:13.0059 5512 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
15:35:13.0059 5512 swenum - ok
15:35:13.0075 5512 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
15:35:13.0075 5512 swprv - ok
15:35:13.0121 5512 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
15:35:13.0153 5512 SysMain - ok
15:35:13.0199 5512 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:35:13.0199 5512 TabletInputService - ok
15:35:13.0231 5512 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
15:35:13.0246 5512 TapiSrv - ok
15:35:13.0262 5512 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
15:35:13.0262 5512 TBS - ok
15:35:13.0309 5512 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:35:13.0324 5512 Tcpip - ok
15:35:13.0355 5512 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:35:13.0371 5512 TCPIP6 - ok
15:35:13.0402 5512 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:35:13.0402 5512 tcpipreg - ok
15:35:13.0433 5512 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:35:13.0449 5512 TDPIPE - ok
15:35:13.0511 5512 [ 1226A953D4FDBDFD570DA5CEE66EAA55 ] TDslMgrService C:\Program Files\DSL-Manager\DslMgrSvc.exe
15:35:13.0511 5512 TDslMgrService - ok
15:35:13.0543 5512 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:35:13.0543 5512 TDTCP - ok
15:35:13.0574 5512 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:35:13.0574 5512 tdx - ok
15:35:13.0574 5512 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
15:35:13.0589 5512 TermDD - ok
15:35:13.0605 5512 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
15:35:13.0605 5512 TermService - ok
15:35:13.0621 5512 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
15:35:13.0621 5512 Themes - ok
15:35:13.0621 5512 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
15:35:13.0636 5512 THREADORDER - ok
15:35:13.0636 5512 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
15:35:13.0652 5512 TrkWks - ok
15:35:13.0667 5512 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:35:13.0667 5512 TrustedInstaller - ok
15:35:13.0683 5512 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:35:13.0699 5512 tssecsrv - ok
15:35:13.0714 5512 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:35:13.0714 5512 TsUsbFlt - ok
15:35:13.0761 5512 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:35:13.0761 5512 tunnel - ok
15:35:13.0777 5512 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
15:35:13.0777 5512 uagp35 - ok
15:35:13.0808 5512 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:35:13.0808 5512 udfs - ok
15:35:13.0823 5512 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:35:13.0823 5512 UI0Detect - ok
15:35:13.0855 5512 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:35:13.0855 5512 uliagpkx - ok
15:35:13.0870 5512 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
15:35:13.0870 5512 umbus - ok
15:35:13.0886 5512 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
15:35:13.0886 5512 UmPass - ok
15:35:13.0901 5512 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
15:35:13.0901 5512 upnphost - ok
15:35:13.0933 5512 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:35:13.0933 5512 usbccgp - ok
15:35:13.0948 5512 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:35:13.0964 5512 usbcir - ok
15:35:13.0995 5512 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:35:13.0995 5512 usbehci - ok
15:35:13.0995 5512 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:35:14.0011 5512 usbhub - ok
15:35:14.0026 5512 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
15:35:14.0026 5512 usbohci - ok
15:35:14.0026 5512 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:35:14.0026 5512 usbprint - ok
15:35:14.0042 5512 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
15:35:14.0042 5512 usbscan - ok
15:35:14.0057 5512 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:35:14.0057 5512 USBSTOR - ok
15:35:14.0089 5512 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
15:35:14.0089 5512 usbuhci - ok
15:35:14.0135 5512 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
15:35:14.0135 5512 usbvideo - ok
15:35:14.0151 5512 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
15:35:14.0151 5512 UxSms - ok
15:35:14.0167 5512 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
15:35:14.0167 5512 VaultSvc - ok
15:35:14.0182 5512 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:35:14.0182 5512 vdrvroot - ok
15:35:14.0213 5512 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
15:35:14.0213 5512 vds - ok
15:35:14.0245 5512 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:35:14.0245 5512 vga - ok
15:35:14.0260 5512 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
15:35:14.0276 5512 VgaSave - ok
15:35:14.0276 5512 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:35:14.0291 5512 vhdmp - ok
15:35:14.0307 5512 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
15:35:14.0307 5512 viaagp - ok
15:35:14.0307 5512 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
15:35:14.0323 5512 ViaC7 - ok
15:35:14.0323 5512 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
15:35:14.0323 5512 viaide - ok
15:35:14.0338 5512 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:35:14.0338 5512 volmgr - ok
15:35:14.0338 5512 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:35:14.0338 5512 volmgrx - ok
15:35:14.0354 5512 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:35:14.0354 5512 volsnap - ok
15:35:14.0385 5512 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
15:35:14.0401 5512 vsmraid - ok
15:35:14.0432 5512 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
15:35:14.0447 5512 VSS - ok
15:35:14.0463 5512 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
15:35:14.0463 5512 vwifibus - ok
15:35:14.0479 5512 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
15:35:14.0494 5512 W32Time - ok
15:35:14.0510 5512 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
15:35:14.0510 5512 WacomPen - ok
15:35:14.0541 5512 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:35:14.0541 5512 WANARP - ok
15:35:14.0541 5512 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:35:14.0541 5512 Wanarpv6 - ok
15:35:14.0572 5512 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
15:35:14.0588 5512 wbengine - ok
15:35:14.0603 5512 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:35:14.0603 5512 WbioSrvc - ok
15:35:14.0635 5512 [ 59E19BD13C3BDB857646B9E436BA27F7 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
15:35:14.0650 5512 WcesComm - ok
15:35:14.0681 5512 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:35:14.0697 5512 wcncsvc - ok
15:35:14.0728 5512 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:35:14.0728 5512 WcsPlugInService - ok
15:35:14.0744 5512 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
15:35:14.0744 5512 Wd - ok
15:35:14.0775 5512 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:35:14.0791 5512 Wdf01000 - ok
15:35:14.0806 5512 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:35:14.0806 5512 WdiServiceHost - ok
15:35:14.0806 5512 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:35:14.0822 5512 WdiSystemHost - ok
15:35:14.0837 5512 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
15:35:14.0837 5512 WebClient - ok
15:35:14.0869 5512 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:35:14.0869 5512 Wecsvc - ok
15:35:14.0884 5512 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:35:14.0900 5512 wercplsupport - ok
15:35:14.0900 5512 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
15:35:14.0915 5512 WerSvc - ok
15:35:14.0915 5512 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:35:14.0915 5512 WfpLwf - ok
15:35:14.0931 5512 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:35:14.0931 5512 WIMMount - ok
15:35:14.0993 5512 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
15:35:15.0009 5512 WinDefend - ok
15:35:15.0009 5512 WinHttpAutoProxySvc - ok
15:35:15.0056 5512 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:35:15.0056 5512 Winmgmt - ok
15:35:15.0087 5512 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
15:35:15.0087 5512 WinRM - ok
15:35:15.0149 5512 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WINUSB C:\Windows\system32\drivers\WinUSB.SYS
15:35:15.0149 5512 WINUSB - ok
15:35:15.0181 5512 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
15:35:15.0181 5512 Wlansvc - ok
15:35:15.0196 5512 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:35:15.0196 5512 WmiAcpi - ok
15:35:15.0212 5512 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:35:15.0212 5512 wmiApSrv - ok
15:35:15.0243 5512 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
15:35:15.0259 5512 WMPNetworkSvc - ok
15:35:15.0274 5512 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:35:15.0274 5512 WPCSvc - ok
15:35:15.0305 5512 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:35:15.0305 5512 WPDBusEnum - ok
15:35:15.0321 5512 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:35:15.0321 5512 ws2ifsl - ok
15:35:15.0337 5512 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
15:35:15.0337 5512 wscsvc - ok
15:35:15.0337 5512 WSearch - ok
15:35:15.0399 5512 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
15:35:15.0415 5512 wuauserv - ok
15:35:15.0446 5512 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:35:15.0446 5512 WudfPf - ok
15:35:15.0461 5512 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:35:15.0461 5512 WUDFRd - ok
15:35:15.0477 5512 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:35:15.0477 5512 wudfsvc - ok
15:35:15.0493 5512 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
15:35:15.0508 5512 WwanSvc - ok
15:35:15.0539 5512 [ BE701D39FB0543083DDF74227638BCF3 ] XG762_VS C:\Windows\system32\DRIVERS\WlanGZG.sys
15:35:15.0555 5512 XG762_VS - ok
15:35:15.0586 5512 [ 30B73EB97218A16CBC6DE535782A1B35 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x86.sys
15:35:15.0586 5512 yukonw7 - ok
15:35:15.0602 5512 ================ Scan global ===============================
15:35:15.0633 5512 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
15:35:15.0680 5512 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
15:35:15.0695 5512 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
15:35:15.0727 5512 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
15:35:15.0742 5512 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
15:35:15.0742 5512 [Global] - ok
15:35:15.0742 5512 ================ Scan MBR ==================================
15:35:15.0758 5512 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:35:16.0148 5512 \Device\Harddisk0\DR0 - ok
15:35:16.0148 5512 ================ Scan VBR ==================================
15:35:16.0148 5512 [ 8F94CDFE32569CBA3CB2F7142322C838 ] \Device\Harddisk0\DR0\Partition1
15:35:16.0163 5512 \Device\Harddisk0\DR0\Partition1 - ok
15:35:16.0179 5512 [ 29400EB4E8665A9DB7F27A7B7C3D0149 ] \Device\Harddisk0\DR0\Partition2
15:35:16.0179 5512 \Device\Harddisk0\DR0\Partition2 - ok
15:35:16.0179 5512 ============================================================
15:35:16.0179 5512 Scan finished
15:35:16.0179 5512 ============================================================
15:35:16.0195 0364 Detected object count: 0
15:35:16.0195 0364 Actual detected object count: 0
DDS Logfile: DDS Logfile: Code:
ATTFilter DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457
Run by Gieske at 15:27:47 on 2012-12-29
#Option MBR scan is disabled.
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.2815.1304 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSI\US54SE_Utility\ZDWlan.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\alg.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.de/
uURLSearchHooks: {40c3cc16-7269-4b32-9531-17f2950fb06f} - <orphaned>
BHO: Shopping Assistant Plugin: {1631550F-191D-4826-B069-D9439253D926} - c:\program files\pricegong\2.6.2\PriceGongIE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Anmelde-Hilfsprogramm: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [syshost32] c:\users\gieske\appdata\local\{aff6c721-3c92-f4cd-0922-36c5e90bbab1}\syshost.exe
mRun: [Windows Mobile Device Center] c:\windows\windowsmobile\wmdc.exe
mRun: [tsnpstd3] c:\windows\tsnpstd3.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\users\gieske\appdata\roaming\micros~1\windows\startm~1\programs\startup\DSL-MA~1.LNK -
StartupFolder: c:\users\gieske\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\msius5~1.lnk - c:\program files\msi\us54se_utility\ZDWlan.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
Trusted Zone: microsoft.com
Trusted Zone: windowsupdate.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{31116BF8-057C-44C7-990E-B3A02309704D} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{4BD9EE6B-B642-44BB-9FE9-C07A51D22CAB} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{9D940974-3B24-4ED4-85D2-954CBD761AF8} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{EF72BE95-631A-4864-BFC7-5D33E0DC5F90} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{F7E3C8F4-6BFD-4B4C-8A29-C6113049523D} : DHCPNameServer = 192.168.2.1
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\gieske\appdata\roaming\mozilla\firefox\profiles\yz3ltjcy.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-3-16 36000]
R1 DslMNLwf;DSL-Manager NDIS LightWeight Filter;c:\windows\system32\drivers\dslmnlwf.sys [2012-1-4 16448]
R1 MpKsla2b99d2b;MpKsla2b99d2b;c:\programdata\microsoft\microsoft antimalware\definition updates\{78e2287e-3ca6-4d1c-a1f3-f8dcf01d7f4a}\MpKsla2b99d2b.sys [2012-12-29 29904]
R2 AAV UpdateService;AAV UpdateService;c:\program files\akademische arbeitsgemeinschaft\aavupdatemanager\aavus.exe [2008-10-24 128296]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2012-3-16 86224]
R2 AntiVirService;Avira Echtzeit Scanner;c:\program files\avira\antivir desktop\avguard.exe [2012-3-16 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-3-16 83392]
R2 Freemake Improver;Freemake Improver;c:\programdata\freemake\freemakeutilsservice\FreemakeUtilsService.exe [2012-12-24 100864]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 99272]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\drivers\athrusb.sys [2008-7-29 904192]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 TDslMgrService;DSL-Manager;c:\program files\dsl-manager\DslMgrSvc.exe [2012-1-4 307200]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-12 52224]
S3 XG762_VS;ZyXEL 802.11g XG762 1211 Vista Driver;c:\windows\system32\drivers\WlanGZG.sys [2010-9-2 873472]
.
=============== Created Last 30 ================
.
2012-12-29 10:12:28 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{78e2287e-3ca6-4d1c-a1f3-f8dcf01d7f4a}\MpKsla2b99d2b.sys
2012-12-29 10:08:08 60872 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{78e2287e-3ca6-4d1c-a1f3-f8dcf01d7f4a}\offreg.dll
2012-12-28 18:37:17 6812136 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{78e2287e-3ca6-4d1c-a1f3-f8dcf01d7f4a}\mpengine.dll
2012-12-28 16:42:05 -------- d-----w- c:\users\gieske\appdata\local\{AFF6C721-3C92-F4CD-0922-36C5E90BBAB1}
2012-12-28 10:40:48 -------- d-----w- c:\programdata\Age of Empires 3
2012-12-28 10:39:51 -------- d-----w- c:\program files\common files\Microsoft Games
2012-12-27 18:29:33 6812136 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-12-24 00:42:48 -------- d-----w- c:\users\gieske\appdata\roaming\TuneUp Software
2012-12-24 00:42:29 -------- d-----w- c:\programdata\TuneUp Software
2012-12-24 00:42:19 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-12-24 00:42:19 -------- d--h--w- c:\programdata\Common Files
2012-12-24 00:38:14 -------- d-----w- c:\programdata\Freemake
2012-12-24 00:38:03 -------- d-----w- c:\users\gieske\appdata\roaming\OpenCandy
2012-12-24 00:38:03 -------- d-----w- c:\program files\Freemake
2012-12-23 22:55:01 -------- d-----w- c:\programdata\Canneverbe Limited
2012-12-23 22:55:00 -------- d-----w- c:\users\gieske\appdata\roaming\Canneverbe Limited
2012-12-23 22:51:00 -------- d-----w- c:\program files\Haali
2012-12-23 22:50:36 -------- d-----w- c:\programdata\Cypheros
2012-12-23 22:50:36 -------- d-----w- c:\program files\Cypheros
2012-12-21 08:22:43 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 08:22:42 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:40:51 -------- d-----w- c:\users\gieske\appdata\local\Proxure
2012-12-16 14:40:42 -------- d-----w- c:\programdata\ClubSanDisk
2012-12-14 13:30:18 -------- d-----w- c:\windows\system32\AGEIA
2012-12-14 13:30:00 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-12-14 13:29:58 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2012-12-14 13:29:58 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2012-12-14 13:29:56 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2012-12-14 13:29:56 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2012-12-14 13:29:56 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2012-12-14 13:29:56 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2012-12-14 13:29:53 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2012-12-14 13:29:01 -------- d-----w- c:\program files\Woodcutter Simulator 2013
2012-12-12 07:09:07 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-12-08 13:09:43 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2012-12-08 13:09:43 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2012-12-08 13:09:43 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-12-08 13:09:42 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-12-08 13:09:41 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2012-12-08 13:07:00 -------- d-----w- c:\program files\Landwirtschafts Simulator 2013
.
==================== Find3M ====================
.
2012-12-12 07:48:40 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-12 07:48:40 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-13 11:49:24 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-11-09 04:42:49 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-02 05:11:31 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-10-16 07:39:52 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 17:40:31 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-04 16:47:18 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-10-04 16:43:05 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-10-04 14:57:58 271360 ----a-w- c:\windows\system32\conhost.exe
2012-10-04 14:41:50 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-10-04 14:41:50 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-04 14:41:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-04 14:41:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-10-03 16:58:30 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 16:42:26 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 16:42:26 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 16:42:24 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 16:40:35 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 15:21:38 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
.
============= FINISH: 15:28:28,55 ===============
--- --- --- --- --- --- Code:
ATTFilter .
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 01.09.2010 09:35:31
System Uptime: 29.12.2012 11:06:43 (4 hours ago)
.
Motherboard: Acer | | RS740DVF
Processor: AMD Athlon(tm) Dual Core Processor 5050e | AM2 | 1794/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 342 GiB total, 237,201 GiB free.
D: is FIXED (NTFS) - 342 GiB total, 228,209 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e968-e325-11ce-bfc1-08002be10318}
Description: ATI Radeon 2100 (Microsoft Corporation - WDDM)
Device ID: PCI\VEN_1002&DEV_796E&SUBSYS_01551025&REV_00\4&38DE457&0&2808
Manufacturer: ATI Technologies Inc.
Name: ATI Radeon 2100 (Microsoft Corporation - WDDM)
PNP Device ID: PCI\VEN_1002&DEV_796E&SUBSYS_01551025&REV_00\4&38DE457&0&2808
Service: atikmdag
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: USB CF Reader
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#2004888&1#
Manufacturer: Generic
Name: G:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#2004888&1#
Service: WUDFRd
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: USB MS Reader
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_MS_READER&REV_1.03#2004888&3#
Manufacturer: Generic
Name: I:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_MS_READER&REV_1.03#2004888&3#
Service: WUDFRd
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: USB SD Reader
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SD_READER&REV_1.00#2004888&0#
Manufacturer: Generic
Name: F:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SD_READER&REV_1.00#2004888&0#
Service: WUDFRd
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: USB SM Reader
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SM_READER&REV_1.02#2004888&2#
Manufacturer: Generic
Name: H:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SM_READER&REV_1.02#2004888&2#
Service: WUDFRd
.
==== System Restore Points ===================
.
RP633: 26.12.2012 21:02:39 - TuneUp Utilities 2013 wird entfernt
RP634: 26.12.2012 21:04:07 - TuneUp Utilities Language Pack (de-DE) wird entfernt
RP635: 27.12.2012 19:29:12 - Windows Update
RP637: 28.12.2012 11:29:28 - Installiert Age of Empires III
.
==== Installed Programs ======================
.
AAVUpdateManager
Adobe Digital Editions
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4) - Deutsch
Age of Empires III
Ashampoo Photo Commander 7.60
Autos bauen mit Willy Werkel
Avira Free Antivirus
Baumaschinen Simulator 2011 Version 1.0
Content Manager 2
Demolition Company
DSL-Manager
EPSON-Drucker-Software
Euro Truck Simulator 1.1
Freemake Video Converter Version 3.2.1
Gabelstapler Simulator 2009
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Haali Media Splitter
Holzfäller Simulator 2013
Java Auto Updater
Java(TM) 6 Update 29
Junk Mail filter update
Landwirtschafts Simulator 2011
Landwirtschafts Simulator 2013
LEGO® Star Wars™: Die Komplette Saga
LEGO® Star Wars™: The Complete Saga
Malwarebytes Anti-Malware Version 1.65.1.1000
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Age of Empires
Microsoft Age of Empires II
Microsoft Antimalware Service DE-DE Language Pack
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Security Client
Microsoft Security Client DE-DE Language Pack
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 11.0 (x86 de)
MSI US54SE 802.11 b+g USB Stick
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Naviextras Toolbox Prerequesities
NVIDIA PhysX
O&O PartitionManager Professional
OpenOffice.org 3.2
Photomizer
PokerStars
PriceGong 2.6.2
QuickTime
Schiffe bauen mit Willy Werkel
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Steuer-Software 2011
Steuer-Software 2012
Stronghold
TKKG 9
TSDoctor
TweakNow RegCleaner 2011
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
USB PC Camera Plus
Wildlife Park 2 - Farm World v2.1
Windows Live-Uploadtool
Windows Live Anmelde-Assistent
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Mobile-Gerätecenter
WinRAR
.
==== End Of File ===========================
Geändert von Meister G. (29.12.2012 um 14:13 Uhr) |
|
29.12.2012, 15:55
| #6 | ||
| /// TB-Ausbilder | tr/atraps.gen2 und andere Funde Dann gehts weiter: Schritt 1: Deinstallation von Programmen Schritt 2: AdwCleaner: Werbeprogramme suchen und löschen Schritt 3: Temporäre Dateien löschen mit TFC Schritt 4: Scan mit Combofix
__________________ --> tr/atraps.gen2 und andere Funde |
|
29.12.2012, 16:58
| #7 |
| | tr/atraps.gen2 und andere Funde So Schritt 2 Code:
ATTFilter # AdwCleaner v2.103 - Datei am 29/12/2012 um 16:11:51 erstellt
# Aktualisiert am 25/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Gieske - GIESKE-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Gieske\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\PriceGong
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong
Ordner Gelöscht : C:\Users\Gieske\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Gieske\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Ordner Gelöscht : C:\Users\Gieske\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Gieske\AppData\Roaming\OpenCandy
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\3e5f8339b341c9b2
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
Schlüssel Gelöscht : HKCU\Software\SweetIM
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong
Schlüssel Gelöscht : HKLM\Software\SweetIM
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{8a9386b4-e958-4c4c-adf4-8f26db3e4829}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v11.0 (de)
Datei : C:\Users\Gieske\AppData\Roaming\Mozilla\Firefox\Profiles\yz3ltjcy.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v23.0.1271.97
Datei : C:\Users\Gieske\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [3520 octets] - [29/12/2012 16:11:51]
########## EOF - C:\AdwCleaner[S1].txt - [3580 octets] ##########
Code:
ATTFilter ComboFix 12-12-29.02 - Gieske 29.12.2012 16:48:06.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.2815.1862 [GMT 1:00]
ausgeführt von:: c:\users\Gieske\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Gieske\AppData\Local\{AFF6C721-3C92-F4CD-0922-36C5E90BBAB1}\syshost.exe
c:\windows\IsUn0407.exe
c:\windows\security\Database\tmp.edb
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\sysprep\cryptbase.dll
c:\windows\unin0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-28 bis 2012-12-29 ))))))))))))))))))))))))))))))
.
.
2012-12-29 15:53 . 2012-12-29 15:53 -------- d-----w- c:\users\Gieske\AppData\Local\temp
2012-12-29 15:53 . 2012-12-29 15:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-29 15:43 . 2012-12-29 15:43 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{78E2287E-3CA6-4D1C-A1F3-F8DCF01D7F4A}\MpKslf2f95a95.sys
2012-12-29 15:15 . 2012-12-29 15:23 60872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{78E2287E-3CA6-4D1C-A1F3-F8DCF01D7F4A}\offreg.dll
2012-12-28 18:37 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{78E2287E-3CA6-4D1C-A1F3-F8DCF01D7F4A}\mpengine.dll
2012-12-28 10:40 . 2012-12-28 10:40 -------- d-----w- c:\programdata\Age of Empires 3
2012-12-28 10:39 . 2012-12-28 10:39 -------- d-----w- c:\program files\Common Files\Microsoft Games
2012-12-27 18:29 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-12-24 00:42 . 2012-12-24 00:42 -------- d-----w- c:\users\Gieske\AppData\Roaming\TuneUp Software
2012-12-24 00:42 . 2012-12-24 00:42 -------- d-----w- c:\programdata\TuneUp Software
2012-12-24 00:42 . 2012-12-25 22:24 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-12-24 00:42 . 2012-12-24 00:42 -------- d--h--w- c:\programdata\Common Files
2012-12-24 00:38 . 2012-12-24 00:39 -------- d-----w- c:\programdata\Freemake
2012-12-24 00:38 . 2012-12-24 00:38 -------- d-----w- c:\program files\Freemake
2012-12-23 22:55 . 2012-12-23 22:55 -------- d-----w- c:\programdata\Canneverbe Limited
2012-12-23 22:55 . 2012-12-23 22:55 -------- d-----w- c:\users\Gieske\AppData\Roaming\Canneverbe Limited
2012-12-23 22:51 . 2012-12-23 22:51 -------- d-----w- c:\program files\Haali
2012-12-23 22:50 . 2012-12-23 22:50 -------- d-----w- c:\programdata\Cypheros
2012-12-23 22:50 . 2012-12-23 22:50 -------- d-----w- c:\program files\Cypheros
2012-12-21 08:22 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 08:22 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:40 . 2012-12-16 14:40 -------- d-----w- c:\users\Gieske\AppData\Local\Proxure
2012-12-16 14:40 . 2012-12-16 14:40 -------- d-----w- c:\programdata\ClubSanDisk
2012-12-14 13:30 . 2012-12-14 13:30 -------- d-----w- c:\program files\AGEIA Technologies
2012-12-14 13:30 . 2012-12-14 13:30 -------- d-----w- c:\windows\system32\AGEIA
2012-12-14 13:30 . 2012-12-14 13:30 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-12-14 13:29 . 2010-02-04 09:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2012-12-14 13:29 . 2010-02-04 09:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2012-12-14 13:29 . 2009-09-04 16:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2012-12-14 13:29 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2012-12-14 13:29 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2012-12-14 13:29 . 2009-03-16 13:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2012-12-14 13:29 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2012-12-14 13:29 . 2012-12-14 13:43 -------- d-----w- c:\program files\Woodcutter Simulator 2013
2012-12-12 07:09 . 2012-11-22 02:56 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-12-08 13:09 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2012-12-08 13:09 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2012-12-08 13:09 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-12-08 13:09 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-12-08 13:09 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2012-12-08 13:07 . 2012-12-14 14:45 -------- d-----w- c:\program files\Landwirtschafts Simulator 2013
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 07:48 . 2012-05-06 07:38 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 07:48 . 2011-06-14 10:32 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-28 18:44 . 2012-11-28 18:44 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C06F06A6-12ED-4975-B3B6-6B927153F87D}\gapaengine.dll
2012-11-13 11:49 . 2012-11-13 11:49 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-10-16 07:39 . 2012-11-28 07:22 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 17:40 . 2012-11-16 06:38 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-16 06:38 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-03 16:58 . 2012-11-16 06:38 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 16:42 . 2012-11-16 06:38 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 16:42 . 2012-11-16 06:38 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 16:42 . 2012-11-16 06:38 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 16:42 . 2012-11-16 06:38 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 16:42 . 2012-11-16 06:38 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 16:40 . 2012-11-16 06:38 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 15:21 . 2012-11-16 06:38 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-10-02 07:04 . 2011-03-25 12:20 740784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-03-13 04:38 . 2012-03-14 16:50 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-02 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-03-30 262144]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
.
c:\users\Gieske\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DSL-Manager.lnk - [N/A]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MSI US54SE 802.11b+g USB Stick Utility.lnk - c:\program files\MSI\US54SE_Utility\ZDWlan.exe [2010-9-1 483328]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DSL-Manager.lnk - c:\program files\DSL-Manager\DslMgr.exe [2012-1-4 1085440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"MSC"="c:\program files\Microsoft Security Client\mssecex.exe" -hide -runkey
.
R2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TDslMgrService;DSL-Manager;c:\program files\DSL-Manager\DslMgrSvc.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 XG762_VS;ZyXEL 802.11g XG762 1211 Vista Driver;c:\windows\system32\DRIVERS\WlanGZG.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 DslMNLwf;DSL-Manager NDIS LightWeight Filter;c:\windows\system32\DRIVERS\dslmnlwf.sys [x]
S1 MpKslf2f95a95;MpKslf2f95a95;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{78E2287E-3CA6-4D1C-A1F3-F8DCF01D7F4A}\MpKslf2f95a95.sys [x]
S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MPKSLF2F95A95
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 07:48]
.
2012-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-02 15:54]
.
2012-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-02 15:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
Trusted Zone: microsoft.com
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: windowsupdate.com
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Gieske\AppData\Roaming\Mozilla\Firefox\Profiles\yz3ltjcy.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-syshost32 - c:\users\Gieske\AppData\Local\{AFF6C721-3C92-F4CD-0922-36C5E90BBAB1}\syshost.exe
AddRemove-AutoBauDeinstKey - c:\windows\unin0407.exe
AddRemove-SBMWW - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-132146776-3345195101-1586744503-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:22,6b,47,3d,c1,af,c7,62,d2,a4,58,2a,66,89,df,6d,06,99,bf,46,aa,20,81,
5a,3c,86,62,4b,42,46,34,16,d0,98,73,de,55,d0,ad,9e,92,d3,41,15,18,7e,d3,9f,\
"??"=hex:66,41,61,5d,05,28,9b,19,cf,0e,59,d4,00,94,c2,e6
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OOPM03.00.00.01PRO"="5D58C566F90E9667CB9697C65318A8C86110B716643EACCA4B458A625417BAA5546AB77C4D4587CC6CD5C03CBF218491B752A801C5230A97342FA99B04A59C1AE6AEF8EFAA78B30125BC22F77E3C9EC161F46C0FF0186F1A10014C09CFB67A0E9BB8F0A8F817E43F64225553AA2F4494D2B7EBA15CDACA28FDFD4E3C261A859159EE8B04BFA7AD7879B3761788D30875E6A89412A238CDCB013B0E371C342FEE6C8CB7D3ACC2E1CE9B6F267FFB99BE04DD2D59A981936FC20122EEF268FBAF9DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98088EDD5E5BE2F6E6675D575E7D6A3B9808A2D97226D213B555D490791B4D30260CD1E3EAA726CE5E6E379B64C7C7D1BC32798291D792C805B910E46C5059F82FC49D26F726CE15B03F1EA982757FD9C14E270D017EDC61C036C1316FF0555C2211C88E4E0A02116AD3D7E22502DD29BD20D4A51643155382E77FD18C7F58378CE48F81E903CFB0D8DE6ECFD6688D636238F5170F901D9A7B5BC278CF729E78406A9632C835EBF99044CE49281BD8C3225A5E82ABC47B439FD26BA94B368422D27FE6ABEC372E046721C7FEAC00321537FD485931B1597129C0BABC95298E4C20B4694BDD97137A79440FF37B6DAFBA1D4E5066681D845994CF57DFC89D64A245506FC325D3B99FA62DBB7DB1B287A992ABF7439C40F0C723DACB94805CCFE3A4CBAB98D2E167C59095CB48EC1199699C28266020C93119DA7207AC609E3FE2645434A6792982D71FE61FD1D13B641A048D228046DC81C0835B5A548D93C6886F4B07192E84184FFC3E786D085C0EEAD4541ABDE88EBFC42A0FFD8631DF9C4EF14702F28D46563E1A700342BB105EA15EAEA08163E7EC3FA1390A14F7191B445F116809343093C6A982494A9CE8C397B5FE290D17E8AE5EFDB9FE22954A420EEDA5E107C57BC4A4A1AF3C545C6BCDBA325C0EF3698250E398A63D293F7235E118B6F9E8E9D409A0BD66B084358FB28A70938D1EC11ABE278EC70DF6AD85B98C9AAA20024AD99E1D7DC8DDCF61C2C91E5123C7C68C8A0B12C119172A1FE93BEB799AA7761522690E242D628120E6111F77BE427DBCA2ECA2D54CEBBAD47BC9F3F8D4C7C07D32F07BB71FBB393750A9C84CCDE627C323BDEB34C47C6E150895AB25581D2E3B88E102055CCF68EAC858EC7AEC837A1DC2FA920B9B1F632AD2772E4B5DA46207930CD01A57E6570A0C84F1F3EAC88244ABC6534B9C8E8ADF13E9ABFC4DC3D09FB8E2AC4AB72E9FE2CCBC506BCACBA1B87AE67AA9C9E8A708748C669143C1444A4E7EEEADD6B4B04A2E32965AC4860A014246EA9F563155F915A0B6A193C8DA4A221B039D43EF4D164BB7E37BC35643250A7099E92C4D7E8E080F078BC269066DF319693BC0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-29 16:54:43
ComboFix-quarantined-files.txt 2012-12-29 15:54
.
Vor Suchlauf: 18 Verzeichnis(se), 254.949.658.624 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 255.195.807.744 Bytes frei
.
- - End Of File - - FC0537A9B3F18FAA358267E2E6BF7162
|
|
29.12.2012, 18:24
| #8 |
| /// TB-Ausbilder | tr/atraps.gen2 und andere Funde So dann weiter: Schritt 1: Deinstalliere Security Essentials Schritt 2: zurück ans Netz Schritt 3: Scan mit MBAR Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
30.12.2012, 09:54
| #9 |
| | tr/atraps.gen2 und andere Funde Hi in Schritt 3 wurden keine Funde angezeigt also auch kein Cleanup. Hier das Logfile Code:
ATTFilter ---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x86
Account is Administrative
Internet Explorer version: 9.0.8112.16421
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.599000 GHz
Memory total: 2951929856, free: 1853427712
------------ Kernel report ------------
12/30/2012 09:43:20
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\dslmnlwf.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\ssmdrv.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdk8.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\yk62x86.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\drivers\mouclass.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\athrusb.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\ipnat.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\normaliz.dll
\Windows\System32\wininet.dll
\Windows\System32\sechost.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xffffffff8703dac8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000071\
Lower Device Object: 0xffffffff87034030
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
DriverEntry returned 0x0
Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xffffffff8703d030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000070\
Lower Device Object: 0xffffffff87028920
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xffffffff8703cac8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006f\
Lower Device Object: 0xffffffff87028ca8
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff8703c030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006e\
Lower Device Object: 0xffffffff87028030
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff863bd600
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xffffffff855ef908
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
DriverEntry returned 0x0
Function returned 0x0
Downloaded database version: v2012.12.30.05
Downloaded database version: v2012.12.27.02
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff863bd600, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff863bd238, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff863bd600, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff862858d8, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff855ef908, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xffffffffb0b37630, 0xffffffff863bd600, 0xffffffff85c30ac8
Lower DeviceData: 0xffffffffa7e1ffc0, 0xffffffff855ef908, 0xffffffff858e12f8
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: A2972EB
Partition information:
Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 30720000
Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 30722048 Numsec = 717262848
Partition file system is NTFS
Partition is bootable
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 747984896 Numsec = 717160448
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 750156374016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff8703c030, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87034560, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8703c030, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff87028030, DeviceName: \Device\0000006e\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff8703cac8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86fa4340, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8703cac8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff87028ca8, DeviceName: \Device\0000006f\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff8703d030, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8703c7a8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8703d030, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff87028920, DeviceName: \Device\00000070\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffffff8703dac8, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8703d7a8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8703dac8, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff87034030, DeviceName: \Device\00000071\, DriverName: \Driver\USBSTOR\
------------ End ----------
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================
Jetzt der Richtige Code:
ATTFilter Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org
Database version: v2012.12.30.05
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Gieske :: GIESKE-PC [administrator]
30.12.2012 09:51:18
mbar-log-2012-12-30 (09-51-18).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27534
Time elapsed: 6 minute(s), 16 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Geändert von Meister G. (30.12.2012 um 10:03 Uhr) |
|
30.12.2012, 10:39
| #10 | |
| /// TB-Ausbilder | tr/atraps.gen2 und andere Funde Gut!  Soweit ich das sehe haben wir damit alles Schädliche entfernt. Um sicher sein zu können müssen jetzt noch ein paar Kontrollen machen und werden dann deinen Computer noch auf einen sicheren Stand bringen. Da diese Scans jetzt sehr lange dauern können bitte ich dich mir erst wieder zu schreiben, wenn du auch wirklich alles erledigt hast oder Probleme auftreten sollten. Schritt 1: Quick-Scan mit Malwarebytes Schritt 2: ESET Online Scanner Zitat:
Schritt 3: Scan mit SecurityCheck Downloade Dir bitte SecurityCheck: LINK1 LINK2
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
30.12.2012, 14:30
| #11 |
| | tr/atraps.gen2 und andere Funde Schritt 1 kein Fund Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2012.12.30.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Gieske :: GIESKE-PC [Administrator] 30.12.2012 11:18:53 mbam-log-2012-12-30 (11-18-53).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 197602 Laufzeit: 3 Minute(n), 23 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Trial Creator\Export\SoftDMA_Trial\Autorun.inf INF/Autorun.gen worm
C:\Qoobox\Quarantine\C\Users\Gieske\AppData\Local\{AFF6C721-3C92-F4CD-0922-36C5E90BBAB1}\syshost.exe.vir a variant of Win32/Kryptik.ARIW trojan
Code:
ATTFilter Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.70.0.1100 Adobe Reader 10.1.4 Adobe Reader out of Date! Mozilla Firefox 11.0 Firefox out of Date! Google Chrome 22.0.1229.95 Google Chrome 23.0.1271.64 Google Chrome 23.0.1271.91 Google Chrome 23.0.1271.95 Google Chrome 23.0.1271.97 ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
30.12.2012, 16:35
| #12 | ||||
| /// TB-Ausbilder | tr/atraps.gen2 und andere Funde Prima! Damit wären wir fertig. Wir räumen jetzt noch ein wenig auf und dann habe ich am Ende etwas Lesestoff für dich. Schritt 1: Tools deinstallieren
Schritt 2: ESET deinstallieren (Optional)
Schritt 3: Update: Firefox, Addons und Plugins
Schritt 4: Update: Adobe Reader
Probiere einen alternativen Viewer für pdf-Dokumente aus. Diese sind meist schlanker, schneller und schleusen sehr viel seltener Schädlinge ein. Mein Vorschlag:
Abschließend noch Tipps zu folgenden Themen:
Damit wünsche ich dir noch viel Spaß beim Surfen im Internet ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Eine Bitte: Gib mir eine kurze Rückmeldung, wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
31.12.2012, 15:22
| #13 |
| | tr/atraps.gen2 und andere Funde Hi so habe alles ausgeführt,ausser das Secunia Psi versucht Firefox 11 Adobe Reader 9 und Powerpoint 2003 ständig upzudaten obwohl von allen die neuste Version on ist,ist alles ok.Habe sie auf ignorieren gestellt. Besten dank für deine Hilfe und Geduld,kann jetzt zugemacht werden.Guten Rutsch und Tschüss |
|
31.12.2012, 15:23
| #14 |
| /// TB-Ausbilder | tr/atraps.gen2 und andere Funde Die sind auch alt. (FF und der Reader) Schön, dass wir helfen konnten  Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen Falls du noch Lob oder Kritik loswerden möchtest, dann gibt es diesen Bereich hier: http://www.trojaner-board.de/lob-kritik-wuensche/
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
| Themen zu tr/atraps.gen2 und andere Funde |
| anti maleware, antivir, autorun, avg, avira, bho, error, euro, firefox, flash player, format, home, homepage, install.exe, installation, logfile, maleware, malware, msiexec.exe, object, plug-in, recycle.bin, registry, rundll, scan, security, software, svchost.exe, udp, windows, windows-explorer |
Button.
und dann 
+ R Taste und kopiere folgenden Text in das Ausführen-Fenster und klicke OK.
Linear-Darstellung
