|
Plagegeister aller Art und deren Bekämpfung: tr/atraps.gen2 und andere FundeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
29.12.2012, 12:45 | #1 |
| tr/atraps.gen2 und andere Funde Hi Leute,sitze hier grad am Pc meiner Mutter,und der Echtzeitscanner von Avira hat hier Virusmeldungen angezeigt (tr/atraps.gen2 und andere) die sich allerdings nicht löschen ließen. Hab dann Avira Scan gemacht und bei 46%, 6 Funden nach 3 Stunden abgebrochen.Konnte dann 2 Funde löschen.Danach Anti Maleware Bytes Quickscan gemacht, der zeigte mir 4 Funde an ,diese gelöscht(Hab erst hier gelesen das man das nicht machen soll,zu spät) Seit dem kommen keine Meldungen mehr, aber ich trau der Sache nicht so richtig. Danke für eure Hilfe. Gruß Meister G. Ganz unten noch die Malware Log OTL logfile created on: 29.12.2012 10:44:58 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*****\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,75 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 57,96% Memory free 5,50 Gb Paging File | 4,29 Gb Available in Paging File | 78,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 342,02 Gb Total Space | 237,48 Gb Free Space | 69,43% Space Free | Partition Type: NTFS Drive D: | 341,97 Gb Total Space | 228,21 Gb Free Space | 66,73% Space Free | Partition Type: NTFS Computer Name: *****-PC | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.29 10:44:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gieske\Desktop\OTL.exe PRC - [2012.10.04 15:57:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012.09.12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\NisSrv.exe PRC - [2012.09.12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe PRC - [2012.09.07 15:37:04 | 000,100,864 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe PRC - [2012.08.09 07:37:19 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.05.09 07:24:46 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.09 07:24:40 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.05.09 07:24:39 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.05.20 23:52:06 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2010.05.20 23:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2009.08.18 01:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009.08.18 01:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe PRC - [2007.01.11 04:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE PRC - [2006.02.17 01:51:08 | 000,483,328 | ---- | M] () -- C:\Programme\MSI\US54SE_Utility\ZDWlan.exe ========== Modules (No Company Name) ========== MOD - [2010.05.04 14:36:28 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2006.02.17 01:51:08 | 000,483,328 | ---- | M] () -- C:\Programme\MSI\US54SE_Utility\ZDWlan.exe MOD - [2005.11.11 13:46:48 | 000,045,056 | ---- | M] () -- C:\Programme\MSI\US54SE_Utility\ZDWlan.dll MOD - [2005.11.10 14:50:18 | 000,212,992 | ---- | M] () -- C:\Programme\MSI\US54SE_Utility\dot1x_dll.dll ========== Services (SafeList) ========== SRV - [2012.12.12 08:48:44 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.09.12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.09.07 15:37:04 | 000,100,864 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.05.09 07:24:46 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.09 07:24:39 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2009.08.18 01:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService) SRV - [2008.10.23 17:45:14 | 000,307,200 | ---- | M] (T-Systems Enterprise Services GmbH) [On_Demand | Stopped] -- C:\Programme\DSL-Manager\DslMgrSvc.exe -- (TDslMgrService) SRV - [2007.05.31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007.01.11 04:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) ========== Driver Services (SafeList) ========== DRV - [2012.08.30 21:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2012.05.09 07:24:46 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.09 07:24:46 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB) DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.09.28 08:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2009.08.18 02:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008.07.29 04:45:00 | 000,904,192 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb) DRV - [2007.08.21 09:00:22 | 000,873,472 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WlanGZG.sys -- (XG762_VS) DRV - [2007.08.01 14:49:00 | 000,016,448 | ---- | M] (T-Systems Enterprise Services GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\dslmnlwf.sys -- (DslMNLwf) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5A 2E DA 97 A8 4A CB 01 [binary data] IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {8A0BACF6-CE30-4284-A51E-0405D60018AF} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{8A0BACF6-CE30-4284-A51E-0405D60018AF}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADRA_deDE395 IE - HKCU\..\SearchScopes\{FAFA8EBF-EA44-46C9-823C-9404E9E5CD2F}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=652E5B7F-9537-4FAA-A1A5-C62E58D54FB2&apn_sauid=A6ED621F-C0D0-4155-8603-6784821A30E6& IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.14 17:50:50 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\2.6.2\FF [2012.03.03 22:31:08 | 000,000,000 | ---D | M] [2012.03.14 17:50:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gieske\AppData\Roaming\mozilla\Extensions [2012.05.04 14:51:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gieske\AppData\Roaming\mozilla\Firefox\Profiles\yz3ltjcy.default\extensions [2012.03.14 17:50:50 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.03.13 05:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.03.13 06:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.13 06:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.03.13 06:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.03.13 06:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.13 06:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.13 06:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Bing (Enabled) CHR - default_search_provider: search_url = hxxp://www.bing.com/search?setmkt=de-DE&q={searchTerms} CHR - default_search_provider: suggest_url = hxxp://api.bing.com/osjson.aspx?query={searchTerms}&language={language} CHR - homepage: hxxp://www.google.com/ CHR - Extension: PriceGong = C:\Users\Gieske\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.2_0\ CHR - Extension: YouTube = C:\Users\Gieske\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: YouTube = C:\Users\Gieske\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\Gieske\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google-Suche = C:\Users\Gieske\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Google Mail = C:\Users\Gieske\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: Google Mail = C:\Users\Gieske\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Programme\PriceGong\2.6.2\PriceGongIE.dll (PriceGong) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe (SONIX) O4 - HKCU..\Run: [syshost32] C:\Users\Gieske\AppData\Local\{AFF6C721-3C92-F4CD-0922-36C5E90BBAB1}\syshost.exe () O4 - Startup: C:\Users\Gieske\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk = File not found O4 - Startup: C:\Users\Gieske\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: microsoft.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] * in Trusted sites) O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] * in Trusted sites) O15 - HKCU\..Trusted Domains: windowsupdate.com ([]* in Trusted sites) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31116BF8-057C-44C7-990E-B3A02309704D}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4BD9EE6B-B642-44BB-9FE9-C07A51D22CAB}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D940974-3B24-4ED4-85D2-954CBD761AF8}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF72BE95-631A-4864-BFC7-5D33E0DC5F90}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7E3C8F4-6BFD-4B4C-8A29-C6113049523D}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{5bc6ba27-feef-11e0-a3a8-00226869e1ea}\Shell - "" = AutoRun O33 - MountPoints2\{5bc6ba27-feef-11e0-a3a8-00226869e1ea}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\Start.hta O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.29 10:44:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Gieske\Desktop\OTL.exe [2012.12.28 17:42:05 | 000,000,000 | ---D | C] -- C:\Users\Gieske\AppData\Local\{AFF6C721-3C92-F4CD-0922-36C5E90BBAB1} [2012.12.28 11:40:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Age of Empires 3 [2012.12.28 11:39:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Games [2012.12.24 21:20:55 | 000,000,000 | -H-D | C] -- C:\Users\Gieske\Documents\Freemake_do_not_remove_this_folder634919808556983394 [2012.12.24 01:42:48 | 000,000,000 | ---D | C] -- C:\Users\Gieske\AppData\Roaming\TuneUp Software [2012.12.24 01:42:29 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2012.12.24 01:42:19 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2012.12.24 01:42:19 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.12.24 01:39:06 | 000,000,000 | -H-D | C] -- C:\Users\Gieske\Documents\Freemake_do_not_remove_this_folder [2012.12.24 01:38:16 | 000,000,000 | ---D | C] -- C:\Users\Gieske\Documents\Freemake [2012.12.24 01:38:15 | 000,000,000 | ---D | C] -- C:\Users\Gieske\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake [2012.12.24 01:38:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake [2012.12.24 01:38:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake [2012.12.24 01:38:03 | 000,000,000 | ---D | C] -- C:\Users\Gieske\AppData\Roaming\OpenCandy [2012.12.24 01:38:03 | 000,000,000 | ---D | C] -- C:\Program Files\Freemake [2012.12.23 23:55:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited [2012.12.23 23:55:00 | 000,000,000 | ---D | C] -- C:\Users\Gieske\AppData\Roaming\Canneverbe Limited [2012.12.23 23:51:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter [2012.12.23 23:51:00 | 000,000,000 | ---D | C] -- C:\Users\Gieske\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter [2012.12.23 23:51:00 | 000,000,000 | ---D | C] -- C:\Program Files\Haali [2012.12.23 23:50:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TSDoctor [2012.12.23 23:50:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Cypheros [2012.12.23 23:50:36 | 000,000,000 | ---D | C] -- C:\Program Files\Cypheros [2012.12.16 15:40:51 | 000,000,000 | ---D | C] -- C:\Users\Gieske\AppData\Local\Proxure [2012.12.16 15:40:42 | 000,000,000 | ---D | C] -- C:\ProgramData\ClubSanDisk [2012.12.14 14:30:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Holzfäller Simulator 2013 [2012.12.14 14:30:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2012.12.14 14:30:18 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies [2012.12.14 14:30:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\AGEIA [2012.12.14 14:30:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2012.12.14 14:29:01 | 000,000,000 | ---D | C] -- C:\Program Files\Woodcutter Simulator 2013 [2012.12.08 14:09:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Landwirtschafts Simulator 2013 [2012.12.08 14:07:00 | 000,000,000 | ---D | C] -- C:\Program Files\Landwirtschafts Simulator 2013 ========== Files - Modified Within 30 Days ========== [2012.12.29 10:46:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.29 10:44:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gieske\Desktop\OTL.exe [2012.12.29 10:43:05 | 000,000,000 | ---- | M] () -- C:\Users\Gieske\defogger_reenable [2012.12.29 10:41:49 | 000,050,477 | ---- | M] () -- C:\Users\Gieske\Desktop\Defogger.exe [2012.12.29 10:16:30 | 000,013,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.29 10:16:30 | 000,013,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.29 09:50:06 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.29 08:50:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.29 08:31:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.29 08:31:34 | 2213,945,344 | -HS- | M] () -- C:\hiberfil.sys [2012.12.26 21:13:07 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.24 20:51:01 | 000,654,150 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.12.24 20:51:01 | 000,616,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.12.24 20:51:01 | 000,130,022 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.12.24 20:51:01 | 000,106,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.12.24 01:38:15 | 000,001,282 | ---- | M] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk [2012.12.23 23:50:40 | 000,001,030 | ---- | M] () -- C:\Users\Public\Desktop\TSDoctor.lnk [2012.12.21 09:27:41 | 000,302,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.12.17 11:20:08 | 000,032,720 | ---- | M] () -- C:\Users\Gieske\Documents\Tannebaum.odt [2012.12.16 15:41:26 | 000,000,288 | ---- | M] () -- C:\Users\Gieske\AppData\Roaming\.backup.dm [2012.12.14 19:27:19 | 000,076,844 | ---- | M] () -- C:\Users\Gieske\Documents\weißkopfseeadler.odt [2012.12.14 14:30:28 | 000,002,030 | ---- | M] () -- C:\Users\Gieske\Desktop\Holzfäller Simulator 2013.lnk [2012.12.14 11:25:09 | 000,013,652 | ---- | M] () -- C:\Users\Gieske\Documents\Parkfriedhof Nutzungsrechte.odt [2012.12.14 11:25:09 | 000,000,102 | -H-- | M] () -- C:\Users\Gieske\Documents\.~lock.Parkfriedhof Nutzungsrechte.odt# [2012.12.13 19:55:17 | 000,002,324 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.12.08 14:09:09 | 000,001,245 | ---- | M] () -- C:\Users\Gieske\Desktop\Landwirtschafts Simulator 2013 .lnk [2012.12.08 12:08:52 | 000,013,376 | ---- | M] () -- C:\Users\Gieske\Documents\Wundertüte.odt [2012.12.05 14:16:40 | 000,017,349 | ---- | M] () -- C:\Users\Gieske\Documents\Advent.odt ========== Files Created - No Company Name ========== [2012.12.29 10:43:05 | 000,000,000 | ---- | C] () -- C:\Users\Gieske\defogger_reenable [2012.12.29 10:41:49 | 000,050,477 | ---- | C] () -- C:\Users\Gieske\Desktop\Defogger.exe [2012.12.24 01:38:15 | 000,001,282 | ---- | C] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk [2012.12.23 23:50:40 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\TSDoctor.lnk [2012.12.17 11:20:06 | 000,032,720 | ---- | C] () -- C:\Users\Gieske\Documents\Tannebaum.odt [2012.12.16 15:41:26 | 000,000,288 | ---- | C] () -- C:\Users\Gieske\AppData\Roaming\.backup.dm [2012.12.14 19:27:17 | 000,076,844 | ---- | C] () -- C:\Users\Gieske\Documents\weißkopfseeadler.odt [2012.12.14 14:30:28 | 000,002,030 | ---- | C] () -- C:\Users\Gieske\Desktop\Holzfäller Simulator 2013.lnk [2012.12.14 10:56:31 | 000,000,102 | -H-- | C] () -- C:\Users\Gieske\Documents\.~lock.Parkfriedhof Nutzungsrechte.odt# [2012.12.14 10:56:29 | 000,013,652 | ---- | C] () -- C:\Users\Gieske\Documents\Parkfriedhof Nutzungsrechte.odt [2012.12.08 14:09:09 | 000,001,245 | ---- | C] () -- C:\Users\Gieske\Desktop\Landwirtschafts Simulator 2013 .lnk [2012.12.05 14:24:53 | 000,013,376 | ---- | C] () -- C:\Users\Gieske\Documents\Wundertüte.odt [2012.12.05 14:16:39 | 000,017,349 | ---- | C] () -- C:\Users\Gieske\Documents\Advent.odt [2012.03.26 16:11:29 | 000,000,019 | ---- | C] () -- C:\Windows\TKKG_9.INI [2012.02.18 13:36:06 | 000,284,160 | ---- | C] () -- C:\Windows\uninst.exe [2011.12.24 15:26:37 | 000,004,608 | ---- | C] () -- C:\Users\Gieske\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.01 19:29:29 | 000,843,776 | ---- | C] () -- C:\Windows\vsnpstd3.exe [2011.11.01 19:29:29 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini [2011.11.01 19:29:28 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnpstd3.dll [2011.11.01 19:29:28 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll [2011.11.01 19:29:28 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll [2011.11.01 19:29:28 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll [2011.07.25 16:29:40 | 000,000,056 | ---- | C] () -- C:\Windows\TKKG_7.ini [2011.07.22 13:57:33 | 000,000,168 | ---- | C] () -- C:\Windows\Wendy3.ini ========== ZeroAccess Check ========== [2011.11.17 06:38:39 | 000,000,000 | -HSD | M] -- C:\Users\Gieske\AppData\Local\{725f5121-2ebf-fe7c-6f8a-bfe6380e9f70}\L [2011.11.17 06:38:39 | 000,000,000 | -HSD | M] -- C:\Users\Gieske\AppData\Local\{725f5121-2ebf-fe7c-6f8a-bfe6380e9f70}\U [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] "ThreadingModel" = Both "" = C:\$Recycle.Bin\S-1-5-21-132146776-3345195101-1586744503-1000\$725f51212ebffe7c6f8abfe6380e9f70\n. -- File not found [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.09.29 09:15:09 | 000,000,000 | ---D | M] -- C:\Users\Gieske\AppData\Roaming\.minecraft [2011.01.30 19:51:20 | 000,000,000 | ---D | M] -- C:\Users\Gieske\AppData\Roaming\Ashampoo [2010.12.27 18:47:06 | 000,000,000 | ---D | M] -- C:\Users\Gieske\AppData\Roaming\Baumaschinen Simulator 2011 [2011.09.20 15:48:37 | 000,000,000 | ---D | M] -- C:\Users\Gieske\AppData\Roaming\becker [2012.12.23 23:55:00 | 000,000,000 | ---D | M] -- C:\Users\Gieske\AppData\Roaming\Canneverbe Limited [2010.12.17 20:07:14 | 000,000,000 | ---D | M] -- C:\Users\Gieske\AppData\Roaming\Chirurgie Simulation [2011.11.01 19:28:45 | 000,000,000 | ---D | M] -- C:\Users\Gieske\AppData\Roaming\Engelmann Media [2010.09.01 20:00:50 | 000,000,000 | ---D | M] -- C:\Users\Gieske\AppData\Roaming\InterTrust [2012.12.24 01:38:03 | 000,000,000 | ---D | M] -- C:\Users\Gieske\AppData\Roaming\OpenCandy [2010.09.02 17:48:10 | 000,000,000 | ---D | M] -- C:\Users\Gieske\AppData\Roaming\OpenOffice.org [2012.04.01 06:14:59 | 000,000,000 | ---D | M] -- C:\Users\Gieske\AppData\Roaming\T-Online [2012.12.24 01:42:48 | 000,000,000 | ---D | M] -- C:\Users\Gieske\AppData\Roaming\TuneUp Software [2011.02.03 15:23:30 | 000,000,000 | ---D | M] -- C:\Users\Gieske\AppData\Roaming\TweakNow RegCleaner 2011 [2012.03.06 13:19:57 | 000,000,000 | ---D | M] -- C:\Users\Gieske\AppData\Roaming\Ukotg [2012.03.06 17:17:36 | 000,000,000 | ---D | M] -- C:\Users\Gieske\AppData\Roaming\Upwiu [2011.03.12 15:40:38 | 000,000,000 | ---D | M] -- C:\Users\Gieske\AppData\Roaming\Wildlife Park 2 [2011.03.12 15:23:29 | 000,000,000 | ---D | M] -- C:\Users\Gieske\AppData\Roaming\Wildlife Park 2 - Abenteuer auf der Ranch [2011.03.12 17:54:47 | 000,000,000 | ---D | M] -- C:\Users\Gieske\AppData\Roaming\Wildlife Park 2 - Crazy Zoo [2011.03.12 14:56:18 | 000,000,000 | ---D | M] -- C:\Users\Gieske\AppData\Roaming\Wildlife Park 2 - Farm World [2011.03.12 15:28:42 | 000,000,000 | ---D | M] -- C:\Users\Gieske\AppData\Roaming\Wildlife Park 2 - Marine World ========== Purity Check ========== < End of report > OTL Extras logfile created on: 29.12.2012 10:44:58 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gieske\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,75 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 57,96% Memory free 5,50 Gb Paging File | 4,29 Gb Available in Paging File | 78,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 342,02 Gb Total Space | 237,48 Gb Free Space | 69,43% Space Free | Partition Type: NTFS Drive D: | 341,97 Gb Total Space | 228,21 Gb Free Space | 66,73% Space Free | Partition Type: NTFS Computer Name: GIESKE-PC | User Name: Gieske | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04BCD8BE-5A0D-453E-BD59-117C5A54A869}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{1A0AE945-0DAF-438A-ADAE-952BDC897D9B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{1B676298-EA56-4A87-B093-713C41508E25}" = rport=445 | protocol=6 | dir=out | app=system | "{1D75D03B-C12D-4436-871D-E352B0187220}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{25227096-ADF6-4181-A4CC-9B6E37704FF0}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{28F92B40-36F8-4D60-BB7F-6F85EF431034}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{31CF4F8D-55CA-4D51-B612-7D5508EB5A6D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{38885871-B694-475D-8FDA-94D8C2717CAB}" = lport=2869 | protocol=6 | dir=in | app=system | "{4221DCC0-0DF9-46FF-96AF-3DB2F1CAA543}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4582BFA6-0428-4B4D-823F-EE1D4977BB7C}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{464978F6-FEAC-4F47-ADE6-CBD64B735401}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5C283D4C-60D6-4FBB-AD22-544EC0CAA63F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5DD670B2-E259-432D-AD7F-68BF418EE409}" = lport=445 | protocol=6 | dir=in | app=system | "{603D1CF7-6C18-4F96-AF4D-76D87CEB0DF5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6910E3F0-9310-4F94-A7BB-7BCA1B7EE768}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{69D2AE4C-77B4-4DEA-8495-230FEB066415}" = rport=138 | protocol=17 | dir=out | app=system | "{6E548F25-CD64-4B37-A9A7-888B7812D9A2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{70172EF1-6DD3-4ECD-8AA0-E7E1A18CE6F6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{768F4AD2-A19C-4A20-9101-B083F39D8018}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{7888E51D-1385-431F-971E-BA6D36D3D047}" = lport=2869 | protocol=6 | dir=in | app=system | "{7C9F42FB-7A57-4BD1-98A1-A2C546ACC6D4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8147DF4F-C183-438D-AC51-9393FF141B1E}" = lport=137 | protocol=17 | dir=in | app=system | "{8E85B8FF-15AE-4C41-923B-0AF2ACEBA844}" = rport=137 | protocol=17 | dir=out | app=system | "{9157C833-B394-4BB9-80BE-D7436B2F5485}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A43DE8C8-392F-441E-990A-28DE4D9D96D3}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{AA5F0D0C-49C4-4170-8697-CA0987ED4644}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{AECC0377-4324-4B20-B37D-55FA2CCE7BD4}" = rport=10243 | protocol=6 | dir=out | app=system | "{AFC6981F-3883-4116-9958-C2AFBB660D01}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B5F39ECD-4E9A-4000-A2D6-CEA5E4949978}" = lport=138 | protocol=17 | dir=in | app=system | "{BC75B75D-B5F3-4CC8-9666-B6C5AED7745D}" = rport=2869 | protocol=6 | dir=out | app=system | "{C001D24A-F574-4B09-AF3A-8BFDAB8B1345}" = rport=139 | protocol=6 | dir=out | app=system | "{C2ECFDE2-E6DD-4633-B8C5-677270803308}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C694D6E8-1290-45B5-A66F-2A1382B7A705}" = lport=139 | protocol=6 | dir=in | app=system | "{CB8903A4-9EDD-493B-9C36-8461E168AE78}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{E01C48F5-BBA8-460D-B894-69C65E4B42C5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E59C7EDA-956D-41B8-BC2A-A990A26E4DC8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{EB2103C8-5CED-4CEC-9EC8-A5614125CE66}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{EBEC9A09-B0B5-41B2-83B4-14BF86AE5D28}" = lport=10243 | protocol=6 | dir=in | app=system | "{F1230E72-AAE2-4240-A798-F03DE04BDACF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{110695E0-DF06-48D8-AD70-3954C6678733}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{1232D079-1DEB-40C6-A392-C9E309AC51D9}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2013\farmingsimulator2013game.exe | "{13ACBDEE-3C37-404E-8BD2-88B0483D014F}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe | "{169C4895-EA15-4801-B3AF-6252D9637097}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe | "{1C3BC58D-51FD-479D-8ABA-62D4CD7C0D75}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe | "{21B0CBAC-91D8-4222-8DE6-CA01E1A7035C}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe | "{2D7FD6B4-C267-4D58-A8D5-66790A31B42F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{332F7BC8-0D60-4C4B-9A54-350864FD66A5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{383C553A-0960-4D80-B0FD-66640F24F731}" = protocol=6 | dir=in | app=c:\program files\woodcutter simulator 2013\iupdate.dll | "{4CE21E39-B30B-4303-A4BC-81B79CE82533}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{513C21EC-2C5F-43B4-880F-2B8AC4F19E97}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{51594E13-2BF8-4D94-A00B-7A8773062D88}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe | "{586E6A13-21DB-442D-99B2-D8FE15B32765}" = protocol=6 | dir=out | app=system | "{5980C17C-3F9F-49B9-91C1-AF57E79B30E9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{663A1AC0-A101-44BE-A04C-2120B2E697E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{67122DE6-DE46-4B66-8907-AD493C8E04E5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{6ABB683C-91E7-47FC-8EB6-CB25602D340C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{74DFDDB9-206D-48E3-A93C-C19FC06AD141}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{7E394048-09DF-46C9-93CD-3592CA2AF03E}" = protocol=17 | dir=in | app=c:\program files\woodcutter simulator 2013\woodcutter2013.dll | "{831BF245-FA4D-49B1-A52F-28622BF834C9}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe | "{91E378D5-315E-4BAB-84B3-089EA1C695DB}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{923B50CC-2DD5-4674-B424-B3511E6FBE32}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{969039BF-3964-47EC-A943-72E19470F7C1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{9AF3448A-0E4D-4EFE-8808-FC2215C3FFA1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{A79AB58C-D5D3-48DF-AD18-F3C82EC4F6FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A97D8670-6121-4259-8FF0-0B5FEF0A72F3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{AD26C3EB-8308-4FEA-9BC0-B823FE2F63C4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{AF8A934A-395C-43D8-8DB5-FCDB34187B86}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2013\farmingsimulator2013.exe | "{B0BA9D01-7694-4E26-BBAE-DA3BB991114F}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{C81DF9C4-A3C4-441B-9509-10CC8F042839}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | "{CE1D30CA-9CEA-424D-9DAB-04D8920E2060}" = protocol=6 | dir=in | app=c:\program files\woodcutter simulator 2013\woodcutter2013.dll | "{DA851F06-17CC-4AF7-A772-154FD2CED362}" = protocol=17 | dir=in | app=c:\program files\woodcutter simulator 2013\iupdate.dll | "{DACBE3C1-3D82-4415-AB51-790EE86CA572}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{E166971C-13B9-4CFA-8B60-1714CE40C325}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{E9039C09-E92A-49ED-8F93-842A1E11E2EF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{E9512C71-1F11-4F4E-A50D-916911BD13DE}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2013\farmingsimulator2013.exe | "{ED626596-493D-4EFC-8BBB-D24F4F1DF4B9}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2013\farmingsimulator2013game.exe | "{EDF43FEC-D404-48D2-B08F-D5290B25189C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F0591DCA-F49B-4BC8-BBE2-FEE9D652E21A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{F69C03F0-50AA-41EE-AAA2-F832A8430539}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{FA6E50E6-86CA-457D-A6E3-756122C36F92}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | "TCP Query User{0DEF862D-4C5A-4179-9BC0-277AC44B2D4E}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{3D182DCD-72A6-4CDA-BBC0-92D437F8E355}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe | "TCP Query User{448532B0-85DE-4C0D-A726-314E88B13996}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | "TCP Query User{61B1129E-5EEE-4944-9990-007FA5AAF830}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{887759FA-CB7C-4F98-9E93-9301DB0075E4}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{A5245801-F2D7-41C3-9D15-83FD30327359}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{17A01AD2-D692-48B7-AE7D-5C74A6AF4256}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{2158A60C-5C84-40F7-AC8B-7D1D33F7A298}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{3F2293C7-9AC6-4BAF-9C23-32B977C031CE}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | "UDP Query User{7B63AADE-D3C4-48E4-BED9-A1050D737C8D}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe | "UDP Query User{7FA70033-A8FB-435E-9207-FE272243F0CB}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{B1D795FD-33D2-48B8-9F11-2F32E1DCA154}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack "{52602542-6E1A-4002-AB4C-9A4391103507}" = O&O PartitionManager Professional "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{537575D6-3B96-474C-BD8F-DFF667363DBD}" = Naviextras Toolbox Prerequesities "{581CE7EA-A30D-0000-1211-088635773309}" = MSI US54SE 802.11 b+g USB Stick "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter "{90A455A7-0FC8-4508-B7FA-8F135B8F041A}" = DSL-Manager "{923BC9EF-A7FC-4E6D-8056-F1534DFCE530}" = Steuer-Software 2011 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A00F8237-F496-44D2-0001-E3CCF8CD58AE}" = Photomizer "{A8CB4BF4-CD9C-49C0-92D2-7A85631C746D}_is1" = Baumaschinen Simulator 2011 Version 1.0 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{AF805B23-DCB3-44D5-A9A8-B44C7A80C8D7}_is1" = Gabelstapler Simulator 2009 "{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga "{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2 "{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = USB PC Camera Plus "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F19178B7-F232-4E97-8511-E4D37A339E9C}" = Steuer-Software 2012 "{F4BBEF26-9D37-411F-B0E0-221C680F7B9B}" = TSDoctor "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Age of Empires" = Microsoft Age of Empires "Age of Empires 2.0" = Microsoft Age of Empires II "Ashampoo Photo Commander 7_is1" = Ashampoo Photo Commander 7.60 "AutoBauDeinstKey" = Autos bauen mit Willy Werkel "Avira AntiVir Desktop" = Avira Free Antivirus "Content Manager 2" = Content Manager 2 "DemolitionCompanyDE_is1" = Demolition Company "Digital Editions" = Adobe Digital Editions "EPSON Printer and Utilities" = EPSON-Drucker-Software "Euro Truck Simulator" = Euro Truck Simulator 1.1 "FarmingSimulator2011DE_is1" = Landwirtschafts Simulator 2011 "FarmingSimulator2013DE_is1" = Landwirtschafts Simulator 2013 "Freemake Video Converter_is1" = Freemake Video Converter Version 3.2.1 "Google Chrome" = Google Chrome "HaaliMkx" = Haali Media Splitter "InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III "InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: Die Komplette Saga "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft Security Client" = Microsoft Security Essentials "Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de) "PokerStars" = PokerStars "PriceGong" = PriceGong 2.6.2 "QuickTime" = QuickTime "SBMWW" = Schiffe bauen mit Willy Werkel "TKKG 9" = TKKG 9 "TweakNow RegCleaner 2011_is1" = TweakNow RegCleaner 2011 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "WLP2_is1" = Wildlife Park 2 - Farm World v2.1 "Woodcutter Simulator 2013" = Holzfäller Simulator 2013 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 30.11.2012 15:27:25 | Computer Name = Gieske-PC | Source = Application Hang | ID = 1002 Description = Programm wlmail.exe, Version 14.0.8117.416 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 8d4 Startzeit: 01cdcf3078c39ecb Endzeit: 16 Anwendungspfad: C:\Program Files\Windows Live\Mail\wlmail.exe Berichts-ID: ecfc7e3e-3b23-11e2-b143-00226869e1ea Error - 02.12.2012 04:50:10 | Computer Name = Gieske-PC | Source = Application Hang | ID = 1002 Description = Programm game.exe, Version 4.1.6.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 748 Startzeit: 01cdd066b7b35a43 Endzeit: 245 Anwendungspfad: C:\Program Files\Landwirtschafts Simulator 2011\game.exe Berichts-ID: 41981ccc-3c5d-11e2-9b35-00226869e1ea Error - 14.12.2012 06:26:20 | Computer Name = Gieske-PC | Source = Application Hang | ID = 1002 Description = Programm soffice.bin, Version 3.2.9498.500 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 94c Startzeit: 01cdd9dc74f160e6 Endzeit: 9 Anwendungspfad: C:\Program Files\OpenOffice.org 3\program\soffice.bin Berichts-ID: a11f32f7-45d8-11e2-b9b2-00226869e1ea Error - 14.12.2012 09:29:26 | Computer Name = Gieske-PC | Source = VSS | ID = 8194 Description = Error - 23.12.2012 19:14:24 | Computer Name = Gieske-PC | Source = Application Hang | ID = 1002 Description = Programm wmplayer.exe, Version 12.0.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 140 Startzeit: 01cde162f96269b8 Endzeit: 16 Anwendungspfad: C:\Program Files\Windows Media Player\wmplayer.exe Berichts-ID: Error - 23.12.2012 19:44:33 | Computer Name = Gieske-PC | Source = Windows Backup | ID = 4104 Description = Error - 24.12.2012 15:58:49 | Computer Name = Gieske-PC | Source = TS-Doctor | ID = 2134 Description = Error - 24.12.2012 15:58:51 | Computer Name = Gieske-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: TSDoctor.exe, Version: 1.2.57.2901, Zeitstempel: 0x50cdd3d6 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x04a2f768 ID des fehlerhaften Prozesses: 0x1484 Startzeit der fehlerhaften Anwendung: 0x01cde2110d1d1b5e Pfad der fehlerhaften Anwendung: C:\Program Files\Cypheros\TSDoctor\TSDoctor.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 5621038a-4e04-11e2-8b71-00226869e1ea Error - 26.12.2012 16:03:47 | Computer Name = Gieske-PC | Source = Microsoft-Windows-RestartManager | ID = 10006 Description = Die Anwendung oder der Dienst "Windows-Explorer" konnte nicht heruntergefahren werden. Error - 28.12.2012 06:29:25 | Computer Name = Gieske-PC | Source = VSS | ID = 8194 Description = [ System Events ] Error - 28.12.2012 11:40:45 | Computer Name = Gieske-PC | Source = ipnathlp | ID = 31004 Description = Error - 28.12.2012 12:46:05 | Computer Name = Gieske-PC | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 28.12.2012 12:46:05 | Computer Name = Gieske-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 28.12.2012 14:26:16 | Computer Name = Gieske-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 28.12.2012 14:26:27 | Computer Name = Gieske-PC | Source = ipnathlp | ID = 31004 Description = Error - 29.12.2012 02:55:46 | Computer Name = Gieske-PC | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 29.12.2012 02:55:46 | Computer Name = Gieske-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 29.12.2012 03:31:42 | Computer Name = Gieske-PC | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 29.12.2012 03:31:42 | Computer Name = Gieske-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 29.12.2012 03:32:24 | Computer Name = Gieske-PC | Source = ipnathlp | ID = 31004 Description = < End of report > OTL Extras logfile created on: 29.12.2012 10:44:58 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gieske\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,75 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 57,96% Memory free 5,50 Gb Paging File | 4,29 Gb Available in Paging File | 78,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 342,02 Gb Total Space | 237,48 Gb Free Space | 69,43% Space Free | Partition Type: NTFS Drive D: | 341,97 Gb Total Space | 228,21 Gb Free Space | 66,73% Space Free | Partition Type: NTFS Computer Name: GIESKE-PC | User Name: Gieske | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04BCD8BE-5A0D-453E-BD59-117C5A54A869}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{1A0AE945-0DAF-438A-ADAE-952BDC897D9B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{1B676298-EA56-4A87-B093-713C41508E25}" = rport=445 | protocol=6 | dir=out | app=system | "{1D75D03B-C12D-4436-871D-E352B0187220}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{25227096-ADF6-4181-A4CC-9B6E37704FF0}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{28F92B40-36F8-4D60-BB7F-6F85EF431034}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{31CF4F8D-55CA-4D51-B612-7D5508EB5A6D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{38885871-B694-475D-8FDA-94D8C2717CAB}" = lport=2869 | protocol=6 | dir=in | app=system | "{4221DCC0-0DF9-46FF-96AF-3DB2F1CAA543}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4582BFA6-0428-4B4D-823F-EE1D4977BB7C}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{464978F6-FEAC-4F47-ADE6-CBD64B735401}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5C283D4C-60D6-4FBB-AD22-544EC0CAA63F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5DD670B2-E259-432D-AD7F-68BF418EE409}" = lport=445 | protocol=6 | dir=in | app=system | "{603D1CF7-6C18-4F96-AF4D-76D87CEB0DF5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6910E3F0-9310-4F94-A7BB-7BCA1B7EE768}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{69D2AE4C-77B4-4DEA-8495-230FEB066415}" = rport=138 | protocol=17 | dir=out | app=system | "{6E548F25-CD64-4B37-A9A7-888B7812D9A2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{70172EF1-6DD3-4ECD-8AA0-E7E1A18CE6F6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{768F4AD2-A19C-4A20-9101-B083F39D8018}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{7888E51D-1385-431F-971E-BA6D36D3D047}" = lport=2869 | protocol=6 | dir=in | app=system | "{7C9F42FB-7A57-4BD1-98A1-A2C546ACC6D4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8147DF4F-C183-438D-AC51-9393FF141B1E}" = lport=137 | protocol=17 | dir=in | app=system | "{8E85B8FF-15AE-4C41-923B-0AF2ACEBA844}" = rport=137 | protocol=17 | dir=out | app=system | "{9157C833-B394-4BB9-80BE-D7436B2F5485}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A43DE8C8-392F-441E-990A-28DE4D9D96D3}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{AA5F0D0C-49C4-4170-8697-CA0987ED4644}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{AECC0377-4324-4B20-B37D-55FA2CCE7BD4}" = rport=10243 | protocol=6 | dir=out | app=system | "{AFC6981F-3883-4116-9958-C2AFBB660D01}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B5F39ECD-4E9A-4000-A2D6-CEA5E4949978}" = lport=138 | protocol=17 | dir=in | app=system | "{BC75B75D-B5F3-4CC8-9666-B6C5AED7745D}" = rport=2869 | protocol=6 | dir=out | app=system | "{C001D24A-F574-4B09-AF3A-8BFDAB8B1345}" = rport=139 | protocol=6 | dir=out | app=system | "{C2ECFDE2-E6DD-4633-B8C5-677270803308}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C694D6E8-1290-45B5-A66F-2A1382B7A705}" = lport=139 | protocol=6 | dir=in | app=system | "{CB8903A4-9EDD-493B-9C36-8461E168AE78}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{E01C48F5-BBA8-460D-B894-69C65E4B42C5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E59C7EDA-956D-41B8-BC2A-A990A26E4DC8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{EB2103C8-5CED-4CEC-9EC8-A5614125CE66}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{EBEC9A09-B0B5-41B2-83B4-14BF86AE5D28}" = lport=10243 | protocol=6 | dir=in | app=system | "{F1230E72-AAE2-4240-A798-F03DE04BDACF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{110695E0-DF06-48D8-AD70-3954C6678733}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{1232D079-1DEB-40C6-A392-C9E309AC51D9}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2013\farmingsimulator2013game.exe | "{13ACBDEE-3C37-404E-8BD2-88B0483D014F}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe | "{169C4895-EA15-4801-B3AF-6252D9637097}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe | "{1C3BC58D-51FD-479D-8ABA-62D4CD7C0D75}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe | "{21B0CBAC-91D8-4222-8DE6-CA01E1A7035C}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe | "{2D7FD6B4-C267-4D58-A8D5-66790A31B42F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{332F7BC8-0D60-4C4B-9A54-350864FD66A5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{383C553A-0960-4D80-B0FD-66640F24F731}" = protocol=6 | dir=in | app=c:\program files\woodcutter simulator 2013\iupdate.dll | "{4CE21E39-B30B-4303-A4BC-81B79CE82533}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{513C21EC-2C5F-43B4-880F-2B8AC4F19E97}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{51594E13-2BF8-4D94-A00B-7A8773062D88}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe | "{586E6A13-21DB-442D-99B2-D8FE15B32765}" = protocol=6 | dir=out | app=system | "{5980C17C-3F9F-49B9-91C1-AF57E79B30E9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{663A1AC0-A101-44BE-A04C-2120B2E697E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{67122DE6-DE46-4B66-8907-AD493C8E04E5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{6ABB683C-91E7-47FC-8EB6-CB25602D340C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{74DFDDB9-206D-48E3-A93C-C19FC06AD141}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{7E394048-09DF-46C9-93CD-3592CA2AF03E}" = protocol=17 | dir=in | app=c:\program files\woodcutter simulator 2013\woodcutter2013.dll | "{831BF245-FA4D-49B1-A52F-28622BF834C9}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe | "{91E378D5-315E-4BAB-84B3-089EA1C695DB}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{923B50CC-2DD5-4674-B424-B3511E6FBE32}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{969039BF-3964-47EC-A943-72E19470F7C1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{9AF3448A-0E4D-4EFE-8808-FC2215C3FFA1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{A79AB58C-D5D3-48DF-AD18-F3C82EC4F6FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A97D8670-6121-4259-8FF0-0B5FEF0A72F3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{AD26C3EB-8308-4FEA-9BC0-B823FE2F63C4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{AF8A934A-395C-43D8-8DB5-FCDB34187B86}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2013\farmingsimulator2013.exe | "{B0BA9D01-7694-4E26-BBAE-DA3BB991114F}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{C81DF9C4-A3C4-441B-9509-10CC8F042839}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | "{CE1D30CA-9CEA-424D-9DAB-04D8920E2060}" = protocol=6 | dir=in | app=c:\program files\woodcutter simulator 2013\woodcutter2013.dll | "{DA851F06-17CC-4AF7-A772-154FD2CED362}" = protocol=17 | dir=in | app=c:\program files\woodcutter simulator 2013\iupdate.dll | "{DACBE3C1-3D82-4415-AB51-790EE86CA572}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{E166971C-13B9-4CFA-8B60-1714CE40C325}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{E9039C09-E92A-49ED-8F93-842A1E11E2EF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{E9512C71-1F11-4F4E-A50D-916911BD13DE}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2013\farmingsimulator2013.exe | "{ED626596-493D-4EFC-8BBB-D24F4F1DF4B9}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2013\farmingsimulator2013game.exe | "{EDF43FEC-D404-48D2-B08F-D5290B25189C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F0591DCA-F49B-4BC8-BBE2-FEE9D652E21A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{F69C03F0-50AA-41EE-AAA2-F832A8430539}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{FA6E50E6-86CA-457D-A6E3-756122C36F92}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | "TCP Query User{0DEF862D-4C5A-4179-9BC0-277AC44B2D4E}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{3D182DCD-72A6-4CDA-BBC0-92D437F8E355}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe | "TCP Query User{448532B0-85DE-4C0D-A726-314E88B13996}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | "TCP Query User{61B1129E-5EEE-4944-9990-007FA5AAF830}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{887759FA-CB7C-4F98-9E93-9301DB0075E4}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{A5245801-F2D7-41C3-9D15-83FD30327359}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{17A01AD2-D692-48B7-AE7D-5C74A6AF4256}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{2158A60C-5C84-40F7-AC8B-7D1D33F7A298}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{3F2293C7-9AC6-4BAF-9C23-32B977C031CE}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | "UDP Query User{7B63AADE-D3C4-48E4-BED9-A1050D737C8D}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe | "UDP Query User{7FA70033-A8FB-435E-9207-FE272243F0CB}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{B1D795FD-33D2-48B8-9F11-2F32E1DCA154}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack "{52602542-6E1A-4002-AB4C-9A4391103507}" = O&O PartitionManager Professional "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{537575D6-3B96-474C-BD8F-DFF667363DBD}" = Naviextras Toolbox Prerequesities "{581CE7EA-A30D-0000-1211-088635773309}" = MSI US54SE 802.11 b+g USB Stick "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter "{90A455A7-0FC8-4508-B7FA-8F135B8F041A}" = DSL-Manager "{923BC9EF-A7FC-4E6D-8056-F1534DFCE530}" = Steuer-Software 2011 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A00F8237-F496-44D2-0001-E3CCF8CD58AE}" = Photomizer "{A8CB4BF4-CD9C-49C0-92D2-7A85631C746D}_is1" = Baumaschinen Simulator 2011 Version 1.0 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{AF805B23-DCB3-44D5-A9A8-B44C7A80C8D7}_is1" = Gabelstapler Simulator 2009 "{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga "{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2 "{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = USB PC Camera Plus "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F19178B7-F232-4E97-8511-E4D37A339E9C}" = Steuer-Software 2012 "{F4BBEF26-9D37-411F-B0E0-221C680F7B9B}" = TSDoctor "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Age of Empires" = Microsoft Age of Empires "Age of Empires 2.0" = Microsoft Age of Empires II "Ashampoo Photo Commander 7_is1" = Ashampoo Photo Commander 7.60 "AutoBauDeinstKey" = Autos bauen mit Willy Werkel "Avira AntiVir Desktop" = Avira Free Antivirus "Content Manager 2" = Content Manager 2 "DemolitionCompanyDE_is1" = Demolition Company "Digital Editions" = Adobe Digital Editions "EPSON Printer and Utilities" = EPSON-Drucker-Software "Euro Truck Simulator" = Euro Truck Simulator 1.1 "FarmingSimulator2011DE_is1" = Landwirtschafts Simulator 2011 "FarmingSimulator2013DE_is1" = Landwirtschafts Simulator 2013 "Freemake Video Converter_is1" = Freemake Video Converter Version 3.2.1 "Google Chrome" = Google Chrome "HaaliMkx" = Haali Media Splitter "InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III "InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: Die Komplette Saga "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft Security Client" = Microsoft Security Essentials "Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de) "PokerStars" = PokerStars "PriceGong" = PriceGong 2.6.2 "QuickTime" = QuickTime "SBMWW" = Schiffe bauen mit Willy Werkel "TKKG 9" = TKKG 9 "TweakNow RegCleaner 2011_is1" = TweakNow RegCleaner 2011 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "WLP2_is1" = Wildlife Park 2 - Farm World v2.1 "Woodcutter Simulator 2013" = Holzfäller Simulator 2013 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 30.11.2012 15:27:25 | Computer Name = Gieske-PC | Source = Application Hang | ID = 1002 Description = Programm wlmail.exe, Version 14.0.8117.416 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 8d4 Startzeit: 01cdcf3078c39ecb Endzeit: 16 Anwendungspfad: C:\Program Files\Windows Live\Mail\wlmail.exe Berichts-ID: ecfc7e3e-3b23-11e2-b143-00226869e1ea Error - 02.12.2012 04:50:10 | Computer Name = Gieske-PC | Source = Application Hang | ID = 1002 Description = Programm game.exe, Version 4.1.6.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 748 Startzeit: 01cdd066b7b35a43 Endzeit: 245 Anwendungspfad: C:\Program Files\Landwirtschafts Simulator 2011\game.exe Berichts-ID: 41981ccc-3c5d-11e2-9b35-00226869e1ea Error - 14.12.2012 06:26:20 | Computer Name = Gieske-PC | Source = Application Hang | ID = 1002 Description = Programm soffice.bin, Version 3.2.9498.500 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 94c Startzeit: 01cdd9dc74f160e6 Endzeit: 9 Anwendungspfad: C:\Program Files\OpenOffice.org 3\program\soffice.bin Berichts-ID: a11f32f7-45d8-11e2-b9b2-00226869e1ea Error - 14.12.2012 09:29:26 | Computer Name = Gieske-PC | Source = VSS | ID = 8194 Description = Error - 23.12.2012 19:14:24 | Computer Name = Gieske-PC | Source = Application Hang | ID = 1002 Description = Programm wmplayer.exe, Version 12.0.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 140 Startzeit: 01cde162f96269b8 Endzeit: 16 Anwendungspfad: C:\Program Files\Windows Media Player\wmplayer.exe Berichts-ID: Error - 23.12.2012 19:44:33 | Computer Name = Gieske-PC | Source = Windows Backup | ID = 4104 Description = Error - 24.12.2012 15:58:49 | Computer Name = Gieske-PC | Source = TS-Doctor | ID = 2134 Description = Error - 24.12.2012 15:58:51 | Computer Name = Gieske-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: TSDoctor.exe, Version: 1.2.57.2901, Zeitstempel: 0x50cdd3d6 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x04a2f768 ID des fehlerhaften Prozesses: 0x1484 Startzeit der fehlerhaften Anwendung: 0x01cde2110d1d1b5e Pfad der fehlerhaften Anwendung: C:\Program Files\Cypheros\TSDoctor\TSDoctor.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 5621038a-4e04-11e2-8b71-00226869e1ea Error - 26.12.2012 16:03:47 | Computer Name = Gieske-PC | Source = Microsoft-Windows-RestartManager | ID = 10006 Description = Die Anwendung oder der Dienst "Windows-Explorer" konnte nicht heruntergefahren werden. Error - 28.12.2012 06:29:25 | Computer Name = Gieske-PC | Source = VSS | ID = 8194 Description = [ System Events ] Error - 28.12.2012 11:40:45 | Computer Name = Gieske-PC | Source = ipnathlp | ID = 31004 Description = Error - 28.12.2012 12:46:05 | Computer Name = Gieske-PC | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 28.12.2012 12:46:05 | Computer Name = Gieske-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 28.12.2012 14:26:16 | Computer Name = Gieske-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 28.12.2012 14:26:27 | Computer Name = Gieske-PC | Source = ipnathlp | ID = 31004 Description = Error - 29.12.2012 02:55:46 | Computer Name = Gieske-PC | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 29.12.2012 02:55:46 | Computer Name = Gieske-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 29.12.2012 03:31:42 | Computer Name = Gieske-PC | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 29.12.2012 03:31:42 | Computer Name = Gieske-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 29.12.2012 03:32:24 | Computer Name = Gieske-PC | Source = ipnathlp | ID = 31004 Description = < End of report > GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-12-29 12:19:58 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3750528AS rev.CC44 Running: 3jn7se1i.exe; Driver: C:\Users\Gieske\AppData\Local\Temp\pgriapoc.sys ---- System - GMER 1.0.15 ---- SSDT 90B3197E ZwCreateSection SSDT 90B31988 ZwRequestWaitReplyPort SSDT 90B31983 ZwSetContextThread SSDT 90B3198D ZwSetSecurityObject SSDT 90B31992 ZwSystemDebugControl SSDT 90B3191F ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 83248A49 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 832824D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 8328962C 4 Bytes [7E, 19, B3, 90] {JLE 0x1b; MOV BL, 0x90} .text ntkrnlpa.exe!KeRemoveQueueEx + 1553 83289988 4 Bytes [88, 19, B3, 90] {MOV [ECX], BL; MOV BL, 0x90} .text ntkrnlpa.exe!KeRemoveQueueEx + 1597 832899CC 4 Bytes [83, 19, B3, 90] {SBB DWORD [ECX], -0x4d; NOP } .text ntkrnlpa.exe!KeRemoveQueueEx + 1613 83289A48 4 Bytes [8D, 19, B3, 90] {LEA EBX, [ECX]; MOV BL, 0x90} .text ntkrnlpa.exe!KeRemoveQueueEx + 1667 83289A9C 4 Bytes [92, 19, B3, 90] .text ... .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9201B000, 0x2D5378, 0xE8000020] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[1692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [744B24CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [7449562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [744956EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [744B2546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [744A85AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [744A4D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [744A5105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [744A51DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [744A6707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [744A8301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [744A8850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [744A90B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [744AE254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1692] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [744A4C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1808] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7581FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1808] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7581FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1808] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7581FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1808] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7581FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1808] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [7581FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \Driver\ACPI_HAL \Device\00000049 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) ---- Threads - GMER 1.0.15 ---- Thread System [4:1484] 9E999F2E ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OOPM03.00.00.01PRO 5D58C566F90E9667CB9697C65318A8C86110B716643EACCA4B458A625417BAA5546AB77C4D4587CC6CD5C03CBF218491B752A801C5230A97342FA99B04A59C1AE6AEF8EFAA78B30125BC22 F77E3C9EC161F46C0FF0186F1A10014C09CFB67A0E9BB8F0A8F817E43F64225553AA2F4494D2B7EBA15CDACA28FDFD4E3C261A859159EE8B04BFA7AD7879B3761788D30875E6A89412A238 CDCB013B0E371C342FEE6C8CB7D3ACC2E1CE9B6F267FFB99BE04DD2D59A981936FC20122EEF268FBAF9DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFE BC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98088EDD5E5BE2F6E6675D575E7D6A3B9808A2D97226D213B555D490791B4D30260CD1E3EAA726CE5E6E379B64C7C7D1BC32798291D7 92C805B910E46C5059F82FC49D26F726CE15B03F1EA982757FD9C14E270D017EDC61C036C1316FF0555C2211C88E4E0A02116AD3D7E22502DD29BD20D4A51643155382E77FD18C7F58378C E48F81E903CFB0D8DE6ECFD6688D636238F5170F901D9A7B5BC278CF729E78406A9632C835EBF99044CE49281BD8C3225A5E82ABC47B439FD26BA94B368422D27FE6ABEC372E046721C7FE AC00321537FD485931B1597129C0BABC95298E4C20B4694BDD97137A79440FF37B6DAFBA1D4E5066681D845994CF57DFC89D64A245506FC325D3B99FA62 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F709BF6-5D31-43B9-9DDA-BCCCF79A8F75} Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BEAD2096-2814-41E0-AF79-3D70BC6918AF} Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F709BF6-5D31-43B9-9DDA-BCCCF79A8F75} Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F709BF6-5D31-43B9-9DDA-BCCCF79A8F75}@Path \Microsoft\Microsoft Antimalware\MpIdleTask Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F709BF6-5D31-43B9-9DDA-BCCCF79A8F75}@Hash 0x55 0x9C 0x68 0x8C ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F709BF6-5D31-43B9-9DDA-BCCCF79A8F75}@Triggers 0x15 0x00 0x00 0x00 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F709BF6-5D31-43B9-9DDA-BCCCF79A8F75}@DynamicInfo 0x03 0x00 0x00 0x00 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BEAD2096-2814-41E0-AF79-3D70BC6918AF} Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BEAD2096-2814-41E0-AF79-3D70BC6918AF}@Path \Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BEAD2096-2814-41E0-AF79-3D70BC6918AF}@Hash 0xCC 0x66 0xBE 0x0A ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BEAD2096-2814-41E0-AF79-3D70BC6918AF}@Triggers 0x15 0x00 0x00 0x00 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BEAD2096-2814-41E0-AF79-3D70BC6918AF}@DynamicInfo 0x03 0x00 0x00 0x00 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan@Id {BEAD2096-2814-41E0-AF79-3D70BC6918AF} Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Microsoft Antimalware\MpIdleTask@Id {2F709BF6-5D31-43B9-9DDA-BCCCF79A8F75} ---- EOF - GMER 1.0.15 ---- alwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.26.12 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Gieske :: GIESKE-PC [Administrator] 29.12.2012 10:59:51 mbam-log-2012-12-29 (10-59-51).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 193461 Laufzeit: 3 Minute(n), 48 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 1 HKCR\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InProcServer32| (Trojan.0Access) -> Bösartig: (C:\$Recycle.Bin\S-1-5-21-132146776-3345195101-1586744503-1000\$725f51212ebffe7c6f8abfe6380e9f70\n.) Gut: (shell32.dll) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\$Recycle.Bin\S-1-5-21-132146776-3345195101-1586744503-1000\$725f51212ebffe7c6f8abfe6380e9f70\n (Trojan.0Access) -> Löschen bei Neustart. C:\Users\Gieske\AppData\Local\Temp\msimg32.dll (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Gieske\AppData\Local\Temp\3706443.exe (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
29.12.2012, 12:58 | #2 | ||
/// TB-Ausbilder | tr/atraps.gen2 und andere Funde
Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich. Gelesen und verstanden? Schritt 1: Laufwerksemulationen abschalten mit Defogger Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop und starte es: Schritt 2: Scan mit aswMBR
Schritt 3: Scan mit dem TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.
Schritt 4: Scan mit DDS (+ attach) Downloade dir bitte DDS (von sUBs) von einem der folgenden Downloadspiegel und speichere die Datei auf deinem Desktop.
__________________ |
29.12.2012, 13:12 | #3 |
| tr/atraps.gen2 und andere Funde Dat ging ja schnell.
__________________defogger_disable by jpshortstuff (23.02.10.1) Log created at 10:43 on 29/12/2012 (Gieske) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Soll ich jeden Punkt einzeln Posten oder alles in eine Antwort packen?Wie gross ist den die Datei in Punkt 2 hab hier nur ne 1000 Leitung bin jetzt bei 30MB Danke |
29.12.2012, 13:18 | #4 |
/// TB-Ausbilder | tr/atraps.gen2 und andere Funde Gelesen und verstanden?
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
29.12.2012, 13:23 | #5 |
| tr/atraps.gen2 und andere Funde Ha, Ja gelesen und jetzt auch verstanden So bitte: Schritt 1 Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 13:43 on 29/12/2012 (Gieske) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2012-12-29 13:55:08 ----------------------------- 13:55:08.714 OS Version: Windows 6.1.7601 Service Pack 1 13:55:08.714 Number of processors: 2 586 0x6B02 13:55:08.714 ComputerName: GIESKE-PC UserName: Gieske 13:55:12.802 Initialize success 13:55:23.831 AVAST engine defs: 12122900 13:55:26.498 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 13:55:26.498 Disk 0 Vendor: ST3750528AS CC44 Size: 715404MB BusType: 3 13:55:26.748 Disk 0 MBR read successfully 13:55:26.748 Disk 0 MBR scan 13:55:26.764 Disk 0 Windows 7 default MBR code 13:55:26.904 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15000 MB offset 2048 13:55:26.998 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 350226 MB offset 30722048 13:55:27.107 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 350176 MB offset 747984896 13:55:27.310 Disk 0 scanning sectors +1465145344 13:55:28.121 Disk 0 scanning C:\Windows\system32\drivers 13:57:55.748 Service scanning 13:58:09.367 Service MpKsla2b99d2b c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{78E2287E-3CA6-4D1C-A1F3-F8DCF01D7F4A}\MpKsla2b99d2b.sys **LOCKED** 32 13:58:27.395 Modules scanning 14:01:28.901 Disk 0 trace - called modules: 14:01:28.932 14:01:32.785 AVAST engine scan C:\Windows 14:04:42.528 AVAST engine scan C:\Windows\system32 14:25:36.736 AVAST engine scan C:\Windows\system32\drivers 14:26:24.129 AVAST engine scan C:\Users\Gieske 14:50:34.132 File: C:\Users\Gieske\AppData\Local\{AFF6C721-3C92-F4CD-0922-36C5E90BBAB1}\syshost.exe **INFECTED** Win32:Malware-gen 15:08:45.428 AVAST engine scan C:\ProgramData 15:18:47.719 Scan finished successfully 15:19:26.919 Disk 0 MBR has been saved successfully to "C:\Users\Gieske\Desktop\MBR.dat" 15:19:27.013 The log file has been saved successfully to "C:\Users\Gieske\Desktop\aswMBR.txt" Schritt 3 Code:
ATTFilter 15:34:54.0900 4936 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 15:34:55.0166 4936 ============================================================ 15:34:55.0166 4936 Current date / time: 2012/12/29 15:34:55.0166 15:34:55.0166 4936 SystemInfo: 15:34:55.0166 4936 15:34:55.0166 4936 OS Version: 6.1.7601 ServicePack: 1.0 15:34:55.0166 4936 Product type: Workstation 15:34:55.0166 4936 ComputerName: GIESKE-PC 15:34:55.0166 4936 UserName: Gieske 15:34:55.0166 4936 Windows directory: C:\Windows 15:34:55.0166 4936 System windows directory: C:\Windows 15:34:55.0166 4936 Processor architecture: Intel x86 15:34:55.0166 4936 Number of processors: 2 15:34:55.0166 4936 Page size: 0x1000 15:34:55.0166 4936 Boot type: Normal boot 15:34:55.0166 4936 ============================================================ 15:34:56.0757 4936 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 15:34:56.0882 4936 ============================================================ 15:34:56.0882 4936 \Device\Harddisk0\DR0: 15:34:56.0882 4936 MBR partitions: 15:34:56.0882 4936 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D4C800, BlocksNum 0x2AC09000 15:34:56.0882 4936 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2C955800, BlocksNum 0x2ABF0000 15:34:56.0882 4936 ============================================================ 15:34:56.0913 4936 C: <-> \Device\Harddisk0\DR0\Partition1 15:34:57.0038 4936 D: <-> \Device\Harddisk0\DR0\Partition2 15:34:57.0038 4936 ============================================================ 15:34:57.0038 4936 Initialize success 15:34:57.0038 4936 ============================================================ 15:35:04.0479 5512 ============================================================ 15:35:04.0479 5512 Scan started 15:35:04.0479 5512 Mode: Manual; TDLFS; 15:35:04.0479 5512 ============================================================ 15:35:05.0150 5512 ================ Scan system memory ======================== 15:35:05.0150 5512 System memory - ok 15:35:05.0150 5512 ================ Scan services ============================= 15:35:05.0228 5512 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 15:35:05.0228 5512 1394ohci - ok 15:35:05.0321 5512 [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe 15:35:05.0321 5512 AAV UpdateService - ok 15:35:05.0368 5512 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys 15:35:05.0368 5512 ACPI - ok 15:35:05.0399 5512 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 15:35:05.0399 5512 AcpiPmi - ok 15:35:05.0462 5512 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 15:35:05.0462 5512 AdobeARMservice - ok 15:35:05.0508 5512 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 15:35:05.0508 5512 AdobeFlashPlayerUpdateSvc - ok 15:35:05.0540 5512 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 15:35:05.0540 5512 adp94xx - ok 15:35:05.0555 5512 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 15:35:05.0555 5512 adpahci - ok 15:35:05.0571 5512 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 15:35:05.0586 5512 adpu320 - ok 15:35:05.0602 5512 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 15:35:05.0602 5512 AeLookupSvc - ok 15:35:05.0633 5512 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys 15:35:05.0633 5512 AFD - ok 15:35:05.0664 5512 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys 15:35:05.0664 5512 agp440 - ok 15:35:05.0680 5512 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys 15:35:05.0680 5512 aic78xx - ok 15:35:05.0711 5512 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe 15:35:05.0711 5512 ALG - ok 15:35:05.0711 5512 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys 15:35:05.0711 5512 aliide - ok 15:35:05.0742 5512 [ B19505648F033393E907E2E419FDE8B3 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 15:35:05.0742 5512 AMD External Events Utility - ok 15:35:05.0758 5512 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys 15:35:05.0758 5512 amdagp - ok 15:35:05.0789 5512 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys 15:35:05.0789 5512 amdide - ok 15:35:05.0805 5512 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 15:35:05.0805 5512 AmdK8 - ok 15:35:05.0805 5512 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 15:35:05.0820 5512 AmdPPM - ok 15:35:05.0836 5512 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys 15:35:05.0836 5512 amdsata - ok 15:35:05.0836 5512 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 15:35:05.0852 5512 amdsbs - ok 15:35:05.0852 5512 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys 15:35:05.0852 5512 amdxata - ok 15:35:05.0930 5512 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe 15:35:05.0930 5512 AntiVirSchedulerService - ok 15:35:05.0976 5512 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe 15:35:05.0992 5512 AntiVirService - ok 15:35:06.0008 5512 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys 15:35:06.0023 5512 AppID - ok 15:35:06.0039 5512 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll 15:35:06.0039 5512 AppIDSvc - ok 15:35:06.0070 5512 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll 15:35:06.0070 5512 Appinfo - ok 15:35:06.0070 5512 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys 15:35:06.0070 5512 arc - ok 15:35:06.0101 5512 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 15:35:06.0101 5512 arcsas - ok 15:35:06.0101 5512 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 15:35:06.0101 5512 AsyncMac - ok 15:35:06.0117 5512 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys 15:35:06.0117 5512 atapi - ok 15:35:06.0164 5512 [ 44FA26470D4C8123CCF71F4200B782D3 ] athrusb C:\Windows\system32\DRIVERS\athrusb.sys 15:35:06.0164 5512 athrusb - ok 15:35:06.0288 5512 [ 04F09923A393E4E0E8453A8F78361E73 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys 15:35:06.0304 5512 atikmdag - ok 15:35:06.0413 5512 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 15:35:06.0413 5512 AudioEndpointBuilder - ok 15:35:06.0413 5512 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll 15:35:06.0429 5512 Audiosrv - ok 15:35:06.0444 5512 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 15:35:06.0444 5512 avgntflt - ok 15:35:06.0460 5512 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 15:35:06.0460 5512 avipbb - ok 15:35:06.0476 5512 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 15:35:06.0476 5512 avkmgr - ok 15:35:06.0507 5512 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll 15:35:06.0507 5512 AxInstSV - ok 15:35:06.0522 5512 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys 15:35:06.0538 5512 b06bdrv - ok 15:35:06.0554 5512 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys 15:35:06.0554 5512 b57nd60x - ok 15:35:06.0569 5512 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll 15:35:06.0569 5512 BDESVC - ok 15:35:06.0585 5512 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys 15:35:06.0585 5512 Beep - ok 15:35:06.0632 5512 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll 15:35:06.0632 5512 BFE - ok 15:35:06.0647 5512 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll 15:35:06.0647 5512 BITS - ok 15:35:06.0663 5512 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 15:35:06.0663 5512 blbdrive - ok 15:35:06.0678 5512 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 15:35:06.0678 5512 bowser - ok 15:35:06.0694 5512 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 15:35:06.0694 5512 BrFiltLo - ok 15:35:06.0710 5512 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 15:35:06.0710 5512 BrFiltUp - ok 15:35:06.0741 5512 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll 15:35:06.0741 5512 Browser - ok 15:35:06.0756 5512 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys 15:35:06.0756 5512 Brserid - ok 15:35:06.0788 5512 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 15:35:06.0788 5512 BrSerWdm - ok 15:35:06.0788 5512 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 15:35:06.0788 5512 BrUsbMdm - ok 15:35:06.0803 5512 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 15:35:06.0803 5512 BrUsbSer - ok 15:35:06.0803 5512 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 15:35:06.0803 5512 BTHMODEM - ok 15:35:06.0819 5512 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll 15:35:06.0819 5512 bthserv - ok 15:35:06.0834 5512 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 15:35:06.0834 5512 cdfs - ok 15:35:06.0866 5512 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 15:35:06.0866 5512 cdrom - ok 15:35:06.0897 5512 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll 15:35:06.0897 5512 CertPropSvc - ok 15:35:06.0912 5512 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys 15:35:06.0912 5512 circlass - ok 15:35:06.0944 5512 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys 15:35:06.0959 5512 CLFS - ok 15:35:07.0006 5512 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 15:35:07.0006 5512 clr_optimization_v2.0.50727_32 - ok 15:35:07.0084 5512 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 15:35:07.0084 5512 clr_optimization_v4.0.30319_32 - ok 15:35:07.0100 5512 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 15:35:07.0100 5512 CmBatt - ok 15:35:07.0115 5512 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys 15:35:07.0115 5512 cmdide - ok 15:35:07.0162 5512 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys 15:35:07.0162 5512 CNG - ok 15:35:07.0178 5512 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 15:35:07.0178 5512 Compbatt - ok 15:35:07.0224 5512 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 15:35:07.0224 5512 CompositeBus - ok 15:35:07.0224 5512 COMSysApp - ok 15:35:07.0240 5512 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 15:35:07.0240 5512 crcdisk - ok 15:35:07.0271 5512 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll 15:35:07.0271 5512 CryptSvc - ok 15:35:07.0318 5512 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll 15:35:07.0318 5512 DcomLaunch - ok 15:35:07.0334 5512 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll 15:35:07.0334 5512 defragsvc - ok 15:35:07.0349 5512 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 15:35:07.0349 5512 DfsC - ok 15:35:07.0380 5512 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll 15:35:07.0380 5512 Dhcp - ok 15:35:07.0396 5512 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys 15:35:07.0396 5512 discache - ok 15:35:07.0412 5512 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys 15:35:07.0412 5512 Disk - ok 15:35:07.0427 5512 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll 15:35:07.0443 5512 Dnscache - ok 15:35:07.0458 5512 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll 15:35:07.0474 5512 dot3svc - ok 15:35:07.0490 5512 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll 15:35:07.0490 5512 DPS - ok 15:35:07.0505 5512 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 15:35:07.0505 5512 drmkaud - ok 15:35:07.0536 5512 [ E577B5C4A6BE078E5445CDCFB65BE7AB ] DslMNLwf C:\Windows\system32\DRIVERS\dslmnlwf.sys 15:35:07.0536 5512 DslMNLwf - ok 15:35:07.0583 5512 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 15:35:07.0599 5512 DXGKrnl - ok 15:35:07.0630 5512 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll 15:35:07.0630 5512 EapHost - ok 15:35:07.0708 5512 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys 15:35:07.0739 5512 ebdrv - ok 15:35:07.0755 5512 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe 15:35:07.0770 5512 EFS - ok 15:35:07.0802 5512 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 15:35:07.0802 5512 ehRecvr - ok 15:35:07.0833 5512 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe 15:35:07.0833 5512 ehSched - ok 15:35:07.0848 5512 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 15:35:07.0848 5512 elxstor - ok 15:35:07.0895 5512 [ 8FE6AB59CAB8F2C038FEA9522A5EEBA7 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE 15:35:07.0895 5512 EPSON_PM_RPCV4_01 - ok 15:35:07.0911 5512 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys 15:35:07.0911 5512 ErrDev - ok 15:35:07.0942 5512 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll 15:35:07.0942 5512 EventSystem - ok 15:35:07.0958 5512 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys 15:35:07.0958 5512 exfat - ok 15:35:07.0973 5512 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys 15:35:07.0989 5512 fastfat - ok 15:35:08.0004 5512 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe 15:35:08.0004 5512 Fax - ok 15:35:08.0020 5512 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys 15:35:08.0020 5512 fdc - ok 15:35:08.0036 5512 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll 15:35:08.0036 5512 fdPHost - ok 15:35:08.0051 5512 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll 15:35:08.0051 5512 FDResPub - ok 15:35:08.0067 5512 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 15:35:08.0067 5512 FileInfo - ok 15:35:08.0067 5512 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 15:35:08.0067 5512 Filetrace - ok 15:35:08.0082 5512 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 15:35:08.0082 5512 flpydisk - ok 15:35:08.0098 5512 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 15:35:08.0098 5512 FltMgr - ok 15:35:08.0145 5512 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll 15:35:08.0160 5512 FontCache - ok 15:35:08.0207 5512 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 15:35:08.0207 5512 FontCache3.0.0.0 - ok 15:35:08.0285 5512 [ D40B85303BCFF96A717392B06FB015C4 ] Freemake Improver C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe 15:35:08.0301 5512 Freemake Improver - ok 15:35:08.0316 5512 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 15:35:08.0316 5512 FsDepends - ok 15:35:08.0348 5512 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 15:35:08.0348 5512 Fs_Rec - ok 15:35:08.0363 5512 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 15:35:08.0363 5512 fvevol - ok 15:35:08.0379 5512 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 15:35:08.0379 5512 gagp30kx - ok 15:35:08.0410 5512 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll 15:35:08.0410 5512 gpsvc - ok 15:35:08.0472 5512 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 15:35:08.0472 5512 gupdate - ok 15:35:08.0472 5512 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 15:35:08.0472 5512 gupdatem - ok 15:35:08.0504 5512 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 15:35:08.0504 5512 gusvc - ok 15:35:08.0519 5512 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 15:35:08.0519 5512 hcw85cir - ok 15:35:08.0550 5512 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 15:35:08.0550 5512 HdAudAddService - ok 15:35:08.0566 5512 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 15:35:08.0566 5512 HDAudBus - ok 15:35:08.0582 5512 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 15:35:08.0582 5512 HidBatt - ok 15:35:08.0597 5512 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 15:35:08.0597 5512 HidBth - ok 15:35:08.0613 5512 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 15:35:08.0613 5512 HidIr - ok 15:35:08.0628 5512 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll 15:35:08.0644 5512 hidserv - ok 15:35:08.0644 5512 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 15:35:08.0644 5512 HidUsb - ok 15:35:08.0675 5512 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll 15:35:08.0675 5512 hkmsvc - ok 15:35:08.0691 5512 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 15:35:08.0691 5512 HomeGroupListener - ok 15:35:08.0722 5512 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 15:35:08.0738 5512 HomeGroupProvider - ok 15:35:08.0753 5512 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 15:35:08.0753 5512 HpSAMD - ok 15:35:08.0769 5512 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys 15:35:08.0784 5512 HTTP - ok 15:35:08.0784 5512 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 15:35:08.0800 5512 hwpolicy - ok 15:35:08.0816 5512 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 15:35:08.0816 5512 i8042prt - ok 15:35:08.0831 5512 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 15:35:08.0847 5512 iaStorV - ok 15:35:08.0894 5512 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 15:35:08.0894 5512 idsvc - ok 15:35:08.0925 5512 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 15:35:08.0925 5512 iirsp - ok 15:35:08.0940 5512 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll 15:35:08.0956 5512 IKEEXT - ok 15:35:08.0972 5512 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys 15:35:08.0972 5512 intelide - ok 15:35:08.0972 5512 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 15:35:08.0972 5512 intelppm - ok 15:35:09.0003 5512 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 15:35:09.0003 5512 IPBusEnum - ok 15:35:09.0018 5512 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 15:35:09.0018 5512 IpFilterDriver - ok 15:35:09.0050 5512 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 15:35:09.0065 5512 iphlpsvc - ok 15:35:09.0065 5512 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 15:35:09.0065 5512 IPMIDRV - ok 15:35:09.0081 5512 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys 15:35:09.0081 5512 IPNAT - ok 15:35:09.0096 5512 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys 15:35:09.0096 5512 IRENUM - ok 15:35:09.0112 5512 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys 15:35:09.0112 5512 isapnp - ok 15:35:09.0128 5512 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 15:35:09.0128 5512 iScsiPrt - ok 15:35:09.0143 5512 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 15:35:09.0143 5512 kbdclass - ok 15:35:09.0159 5512 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 15:35:09.0159 5512 kbdhid - ok 15:35:09.0174 5512 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe 15:35:09.0174 5512 KeyIso - ok 15:35:09.0206 5512 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 15:35:09.0206 5512 KSecDD - ok 15:35:09.0206 5512 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 15:35:09.0206 5512 KSecPkg - ok 15:35:09.0237 5512 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll 15:35:09.0252 5512 KtmRm - ok 15:35:09.0268 5512 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll 15:35:09.0268 5512 LanmanServer - ok 15:35:09.0284 5512 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 15:35:09.0284 5512 LanmanWorkstation - ok 15:35:09.0299 5512 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 15:35:09.0299 5512 lltdio - ok 15:35:09.0315 5512 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll 15:35:09.0315 5512 lltdsvc - ok 15:35:09.0330 5512 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll 15:35:09.0330 5512 lmhosts - ok 15:35:09.0346 5512 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 15:35:09.0346 5512 LSI_FC - ok 15:35:09.0362 5512 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 15:35:09.0362 5512 LSI_SAS - ok 15:35:09.0377 5512 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 15:35:09.0377 5512 LSI_SAS2 - ok 15:35:09.0393 5512 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 15:35:09.0393 5512 LSI_SCSI - ok 15:35:09.0408 5512 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys 15:35:09.0408 5512 luafv - ok 15:35:09.0424 5512 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 15:35:09.0440 5512 Mcx2Svc - ok 15:35:09.0455 5512 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 15:35:09.0455 5512 megasas - ok 15:35:09.0471 5512 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 15:35:09.0471 5512 MegaSR - ok 15:35:09.0486 5512 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll 15:35:09.0486 5512 MMCSS - ok 15:35:09.0518 5512 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys 15:35:09.0518 5512 Modem - ok 15:35:09.0518 5512 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 15:35:09.0533 5512 monitor - ok 15:35:09.0549 5512 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys 15:35:09.0564 5512 mouclass - ok 15:35:09.0564 5512 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 15:35:09.0564 5512 mouhid - ok 15:35:09.0580 5512 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 15:35:09.0580 5512 mountmgr - ok 15:35:09.0627 5512 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys 15:35:09.0627 5512 MpFilter - ok 15:35:09.0658 5512 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys 15:35:09.0658 5512 mpio - ok 15:35:09.0736 5512 [ A69630D039C38018689190234F866D77 ] MpKsla2b99d2b c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{78E2287E-3CA6-4D1C-A1F3-F8DCF01D7F4A}\MpKsla2b99d2b.sys 15:35:09.0736 5512 MpKsla2b99d2b - ok 15:35:09.0767 5512 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 15:35:09.0767 5512 mpsdrv - ok 15:35:09.0814 5512 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll 15:35:09.0830 5512 MpsSvc - ok 15:35:09.0861 5512 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 15:35:09.0861 5512 MRxDAV - ok 15:35:09.0876 5512 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 15:35:09.0876 5512 mrxsmb - ok 15:35:09.0892 5512 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 15:35:09.0892 5512 mrxsmb10 - ok 15:35:09.0923 5512 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 15:35:09.0923 5512 mrxsmb20 - ok 15:35:09.0939 5512 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys 15:35:09.0939 5512 msahci - ok 15:35:09.0954 5512 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys 15:35:09.0954 5512 msdsm - ok 15:35:09.0970 5512 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe 15:35:09.0970 5512 MSDTC - ok 15:35:09.0986 5512 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys 15:35:09.0986 5512 Msfs - ok 15:35:10.0017 5512 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 15:35:10.0032 5512 mshidkmdf - ok 15:35:10.0032 5512 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 15:35:10.0032 5512 msisadrv - ok 15:35:10.0048 5512 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 15:35:10.0064 5512 MSiSCSI - ok 15:35:10.0064 5512 msiserver - ok 15:35:10.0079 5512 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 15:35:10.0079 5512 MSKSSRV - ok 15:35:10.0142 5512 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe 15:35:10.0142 5512 MsMpSvc - ok 15:35:10.0157 5512 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 15:35:10.0157 5512 MSPCLOCK - ok 15:35:10.0157 5512 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 15:35:10.0157 5512 MSPQM - ok 15:35:10.0173 5512 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 15:35:10.0173 5512 MsRPC - ok 15:35:10.0188 5512 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 15:35:10.0188 5512 mssmbios - ok 15:35:10.0188 5512 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 15:35:10.0188 5512 MSTEE - ok 15:35:10.0188 5512 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 15:35:10.0188 5512 MTConfig - ok 15:35:10.0204 5512 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys 15:35:10.0204 5512 Mup - ok 15:35:10.0235 5512 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll 15:35:10.0235 5512 napagent - ok 15:35:10.0251 5512 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 15:35:10.0266 5512 NativeWifiP - ok 15:35:10.0298 5512 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys 15:35:10.0298 5512 NDIS - ok 15:35:10.0313 5512 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 15:35:10.0313 5512 NdisCap - ok 15:35:10.0345 5512 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 15:35:10.0345 5512 NdisTapi - ok 15:35:10.0376 5512 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 15:35:10.0376 5512 Ndisuio - ok 15:35:10.0391 5512 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 15:35:10.0391 5512 NdisWan - ok 15:35:10.0407 5512 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 15:35:10.0407 5512 NDProxy - ok 15:35:10.0423 5512 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 15:35:10.0423 5512 NetBIOS - ok 15:35:10.0438 5512 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 15:35:10.0438 5512 NetBT - ok 15:35:10.0438 5512 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe 15:35:10.0438 5512 Netlogon - ok 15:35:10.0454 5512 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll 15:35:10.0469 5512 Netman - ok 15:35:10.0485 5512 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll 15:35:10.0485 5512 netprofm - ok 15:35:10.0501 5512 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 15:35:10.0501 5512 NetTcpPortSharing - ok 15:35:10.0501 5512 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 15:35:10.0501 5512 nfrd960 - ok 15:35:10.0563 5512 [ 2CD24A6AF497D0E9B9BF3DA924ED05E6 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys 15:35:10.0563 5512 NisDrv - ok 15:35:10.0594 5512 [ 3B846434055F80D9E89D0742F3ADAD34 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe 15:35:10.0594 5512 NisSrv - ok 15:35:10.0625 5512 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll 15:35:10.0641 5512 NlaSvc - ok 15:35:10.0641 5512 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys 15:35:10.0641 5512 Npfs - ok 15:35:10.0688 5512 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll 15:35:10.0688 5512 nsi - ok 15:35:10.0703 5512 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 15:35:10.0703 5512 nsiproxy - ok 15:35:10.0766 5512 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 15:35:10.0766 5512 Ntfs - ok 15:35:10.0781 5512 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys 15:35:10.0781 5512 Null - ok 15:35:10.0813 5512 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys 15:35:10.0813 5512 nvraid - ok 15:35:10.0828 5512 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys 15:35:10.0828 5512 nvstor - ok 15:35:10.0828 5512 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 15:35:10.0844 5512 nv_agp - ok 15:35:10.0859 5512 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 15:35:10.0859 5512 ohci1394 - ok 15:35:10.0891 5512 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 15:35:10.0891 5512 p2pimsvc - ok 15:35:10.0906 5512 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll 15:35:10.0906 5512 p2psvc - ok 15:35:10.0922 5512 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys 15:35:10.0937 5512 Parport - ok 15:35:10.0953 5512 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys 15:35:10.0953 5512 partmgr - ok 15:35:10.0969 5512 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys 15:35:10.0969 5512 Parvdm - ok 15:35:10.0984 5512 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll 15:35:11.0000 5512 PcaSvc - ok 15:35:11.0000 5512 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys 15:35:11.0000 5512 pci - ok 15:35:11.0015 5512 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys 15:35:11.0015 5512 pciide - ok 15:35:11.0031 5512 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 15:35:11.0031 5512 pcmcia - ok 15:35:11.0031 5512 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys 15:35:11.0031 5512 pcw - ok 15:35:11.0062 5512 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys 15:35:11.0062 5512 PEAUTH - ok 15:35:11.0125 5512 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll 15:35:11.0140 5512 pla - ok 15:35:11.0203 5512 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll 15:35:11.0203 5512 PlugPlay - ok 15:35:11.0218 5512 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 15:35:11.0218 5512 PNRPAutoReg - ok 15:35:11.0234 5512 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 15:35:11.0234 5512 PNRPsvc - ok 15:35:11.0265 5512 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 15:35:11.0265 5512 PolicyAgent - ok 15:35:11.0296 5512 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll 15:35:11.0312 5512 Power - ok 15:35:11.0327 5512 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 15:35:11.0327 5512 PptpMiniport - ok 15:35:11.0343 5512 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys 15:35:11.0343 5512 Processor - ok 15:35:11.0390 5512 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll 15:35:11.0390 5512 ProfSvc - ok 15:35:11.0421 5512 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe 15:35:11.0421 5512 ProtectedStorage - ok 15:35:11.0437 5512 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys 15:35:11.0437 5512 Psched - ok 15:35:11.0499 5512 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 15:35:11.0515 5512 ql2300 - ok 15:35:11.0515 5512 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 15:35:11.0515 5512 ql40xx - ok 15:35:11.0546 5512 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll 15:35:11.0546 5512 QWAVE - ok 15:35:11.0561 5512 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 15:35:11.0561 5512 QWAVEdrv - ok 15:35:11.0608 5512 [ 8F97D374AD1857E1EED85A79F29A1D3D ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll 15:35:11.0608 5512 RapiMgr - ok 15:35:11.0624 5512 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 15:35:11.0624 5512 RasAcd - ok 15:35:11.0639 5512 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 15:35:11.0639 5512 RasAgileVpn - ok 15:35:11.0655 5512 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll 15:35:11.0655 5512 RasAuto - ok 15:35:11.0671 5512 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 15:35:11.0671 5512 Rasl2tp - ok 15:35:11.0702 5512 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll 15:35:11.0702 5512 RasMan - ok 15:35:11.0717 5512 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 15:35:11.0717 5512 RasPppoe - ok 15:35:11.0717 5512 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 15:35:11.0717 5512 RasSstp - ok 15:35:11.0749 5512 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 15:35:11.0749 5512 rdbss - ok 15:35:11.0764 5512 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 15:35:11.0764 5512 rdpbus - ok 15:35:11.0780 5512 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 15:35:11.0780 5512 RDPCDD - ok 15:35:11.0795 5512 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 15:35:11.0795 5512 RDPENCDD - ok 15:35:11.0795 5512 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 15:35:11.0811 5512 RDPREFMP - ok 15:35:11.0842 5512 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 15:35:11.0842 5512 RDPWD - ok 15:35:11.0858 5512 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 15:35:11.0858 5512 rdyboost - ok 15:35:11.0889 5512 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll 15:35:11.0889 5512 RemoteAccess - ok 15:35:11.0905 5512 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll 15:35:11.0905 5512 RemoteRegistry - ok 15:35:11.0936 5512 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 15:35:11.0936 5512 RpcEptMapper - ok 15:35:11.0951 5512 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe 15:35:11.0951 5512 RpcLocator - ok 15:35:11.0967 5512 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll 15:35:11.0983 5512 RpcSs - ok 15:35:11.0983 5512 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 15:35:11.0983 5512 rspndr - ok 15:35:12.0029 5512 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe 15:35:12.0029 5512 SamSs - ok 15:35:12.0045 5512 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 15:35:12.0061 5512 sbp2port - ok 15:35:12.0076 5512 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll 15:35:12.0076 5512 SCardSvr - ok 15:35:12.0092 5512 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 15:35:12.0092 5512 scfilter - ok 15:35:12.0139 5512 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll 15:35:12.0154 5512 Schedule - ok 15:35:12.0170 5512 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll 15:35:12.0170 5512 SCPolicySvc - ok 15:35:12.0217 5512 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll 15:35:12.0217 5512 SDRSVC - ok 15:35:12.0263 5512 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 15:35:12.0263 5512 secdrv - ok 15:35:12.0279 5512 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll 15:35:12.0295 5512 seclogon - ok 15:35:12.0310 5512 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll 15:35:12.0326 5512 SENS - ok 15:35:12.0341 5512 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll 15:35:12.0341 5512 SensrSvc - ok 15:35:12.0357 5512 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 15:35:12.0357 5512 Serenum - ok 15:35:12.0373 5512 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys 15:35:12.0373 5512 Serial - ok 15:35:12.0388 5512 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 15:35:12.0388 5512 sermouse - ok 15:35:12.0435 5512 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll 15:35:12.0435 5512 SessionEnv - ok 15:35:12.0466 5512 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 15:35:12.0466 5512 sffdisk - ok 15:35:12.0482 5512 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 15:35:12.0482 5512 sffp_mmc - ok 15:35:12.0497 5512 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 15:35:12.0497 5512 sffp_sd - ok 15:35:12.0513 5512 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 15:35:12.0513 5512 sfloppy - ok 15:35:12.0544 5512 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll 15:35:12.0544 5512 SharedAccess - ok 15:35:12.0591 5512 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 15:35:12.0591 5512 ShellHWDetection - ok 15:35:12.0607 5512 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys 15:35:12.0607 5512 sisagp - ok 15:35:12.0622 5512 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 15:35:12.0622 5512 SiSRaid2 - ok 15:35:12.0638 5512 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 15:35:12.0638 5512 SiSRaid4 - ok 15:35:12.0638 5512 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys 15:35:12.0638 5512 Smb - ok 15:35:12.0669 5512 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 15:35:12.0669 5512 SNMPTRAP - ok 15:35:12.0669 5512 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys 15:35:12.0685 5512 spldr - ok 15:35:12.0716 5512 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe 15:35:12.0716 5512 Spooler - ok 15:35:12.0778 5512 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe 15:35:12.0809 5512 sppsvc - ok 15:35:12.0825 5512 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll 15:35:12.0841 5512 sppuinotify - ok 15:35:12.0856 5512 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys 15:35:12.0856 5512 srv - ok 15:35:12.0887 5512 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 15:35:12.0887 5512 srv2 - ok 15:35:12.0887 5512 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 15:35:12.0887 5512 srvnet - ok 15:35:12.0903 5512 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 15:35:12.0919 5512 SSDPSRV - ok 15:35:12.0950 5512 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys 15:35:12.0950 5512 ssmdrv - ok 15:35:12.0965 5512 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll 15:35:12.0965 5512 SstpSvc - ok 15:35:12.0981 5512 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 15:35:12.0981 5512 stexstor - ok 15:35:13.0028 5512 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll 15:35:13.0028 5512 StiSvc - ok 15:35:13.0059 5512 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys 15:35:13.0059 5512 swenum - ok 15:35:13.0075 5512 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll 15:35:13.0075 5512 swprv - ok 15:35:13.0121 5512 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll 15:35:13.0153 5512 SysMain - ok 15:35:13.0199 5512 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll 15:35:13.0199 5512 TabletInputService - ok 15:35:13.0231 5512 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll 15:35:13.0246 5512 TapiSrv - ok 15:35:13.0262 5512 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll 15:35:13.0262 5512 TBS - ok 15:35:13.0309 5512 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 15:35:13.0324 5512 Tcpip - ok 15:35:13.0355 5512 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 15:35:13.0371 5512 TCPIP6 - ok 15:35:13.0402 5512 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 15:35:13.0402 5512 tcpipreg - ok 15:35:13.0433 5512 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 15:35:13.0449 5512 TDPIPE - ok 15:35:13.0511 5512 [ 1226A953D4FDBDFD570DA5CEE66EAA55 ] TDslMgrService C:\Program Files\DSL-Manager\DslMgrSvc.exe 15:35:13.0511 5512 TDslMgrService - ok 15:35:13.0543 5512 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 15:35:13.0543 5512 TDTCP - ok 15:35:13.0574 5512 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 15:35:13.0574 5512 tdx - ok 15:35:13.0574 5512 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys 15:35:13.0589 5512 TermDD - ok 15:35:13.0605 5512 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll 15:35:13.0605 5512 TermService - ok 15:35:13.0621 5512 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll 15:35:13.0621 5512 Themes - ok 15:35:13.0621 5512 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll 15:35:13.0636 5512 THREADORDER - ok 15:35:13.0636 5512 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll 15:35:13.0652 5512 TrkWks - ok 15:35:13.0667 5512 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 15:35:13.0667 5512 TrustedInstaller - ok 15:35:13.0683 5512 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 15:35:13.0699 5512 tssecsrv - ok 15:35:13.0714 5512 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 15:35:13.0714 5512 TsUsbFlt - ok 15:35:13.0761 5512 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 15:35:13.0761 5512 tunnel - ok 15:35:13.0777 5512 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 15:35:13.0777 5512 uagp35 - ok 15:35:13.0808 5512 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys 15:35:13.0808 5512 udfs - ok 15:35:13.0823 5512 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 15:35:13.0823 5512 UI0Detect - ok 15:35:13.0855 5512 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 15:35:13.0855 5512 uliagpkx - ok 15:35:13.0870 5512 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys 15:35:13.0870 5512 umbus - ok 15:35:13.0886 5512 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 15:35:13.0886 5512 UmPass - ok 15:35:13.0901 5512 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll 15:35:13.0901 5512 upnphost - ok 15:35:13.0933 5512 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 15:35:13.0933 5512 usbccgp - ok 15:35:13.0948 5512 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys 15:35:13.0964 5512 usbcir - ok 15:35:13.0995 5512 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 15:35:13.0995 5512 usbehci - ok 15:35:13.0995 5512 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 15:35:14.0011 5512 usbhub - ok 15:35:14.0026 5512 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 15:35:14.0026 5512 usbohci - ok 15:35:14.0026 5512 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 15:35:14.0026 5512 usbprint - ok 15:35:14.0042 5512 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 15:35:14.0042 5512 usbscan - ok 15:35:14.0057 5512 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 15:35:14.0057 5512 USBSTOR - ok 15:35:14.0089 5512 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 15:35:14.0089 5512 usbuhci - ok 15:35:14.0135 5512 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 15:35:14.0135 5512 usbvideo - ok 15:35:14.0151 5512 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll 15:35:14.0151 5512 UxSms - ok 15:35:14.0167 5512 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe 15:35:14.0167 5512 VaultSvc - ok 15:35:14.0182 5512 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 15:35:14.0182 5512 vdrvroot - ok 15:35:14.0213 5512 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe 15:35:14.0213 5512 vds - ok 15:35:14.0245 5512 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 15:35:14.0245 5512 vga - ok 15:35:14.0260 5512 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys 15:35:14.0276 5512 VgaSave - ok 15:35:14.0276 5512 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 15:35:14.0291 5512 vhdmp - ok 15:35:14.0307 5512 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys 15:35:14.0307 5512 viaagp - ok 15:35:14.0307 5512 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys 15:35:14.0323 5512 ViaC7 - ok 15:35:14.0323 5512 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys 15:35:14.0323 5512 viaide - ok 15:35:14.0338 5512 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys 15:35:14.0338 5512 volmgr - ok 15:35:14.0338 5512 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 15:35:14.0338 5512 volmgrx - ok 15:35:14.0354 5512 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys 15:35:14.0354 5512 volsnap - ok 15:35:14.0385 5512 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 15:35:14.0401 5512 vsmraid - ok 15:35:14.0432 5512 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe 15:35:14.0447 5512 VSS - ok 15:35:14.0463 5512 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 15:35:14.0463 5512 vwifibus - ok 15:35:14.0479 5512 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll 15:35:14.0494 5512 W32Time - ok 15:35:14.0510 5512 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 15:35:14.0510 5512 WacomPen - ok 15:35:14.0541 5512 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 15:35:14.0541 5512 WANARP - ok 15:35:14.0541 5512 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 15:35:14.0541 5512 Wanarpv6 - ok 15:35:14.0572 5512 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe 15:35:14.0588 5512 wbengine - ok 15:35:14.0603 5512 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 15:35:14.0603 5512 WbioSrvc - ok 15:35:14.0635 5512 [ 59E19BD13C3BDB857646B9E436BA27F7 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll 15:35:14.0650 5512 WcesComm - ok 15:35:14.0681 5512 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll 15:35:14.0697 5512 wcncsvc - ok 15:35:14.0728 5512 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 15:35:14.0728 5512 WcsPlugInService - ok 15:35:14.0744 5512 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys 15:35:14.0744 5512 Wd - ok 15:35:14.0775 5512 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 15:35:14.0791 5512 Wdf01000 - ok 15:35:14.0806 5512 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll 15:35:14.0806 5512 WdiServiceHost - ok 15:35:14.0806 5512 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll 15:35:14.0822 5512 WdiSystemHost - ok 15:35:14.0837 5512 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll 15:35:14.0837 5512 WebClient - ok 15:35:14.0869 5512 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll 15:35:14.0869 5512 Wecsvc - ok 15:35:14.0884 5512 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll 15:35:14.0900 5512 wercplsupport - ok 15:35:14.0900 5512 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll 15:35:14.0915 5512 WerSvc - ok 15:35:14.0915 5512 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 15:35:14.0915 5512 WfpLwf - ok 15:35:14.0931 5512 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys 15:35:14.0931 5512 WIMMount - ok 15:35:14.0993 5512 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 15:35:15.0009 5512 WinDefend - ok 15:35:15.0009 5512 WinHttpAutoProxySvc - ok 15:35:15.0056 5512 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 15:35:15.0056 5512 Winmgmt - ok 15:35:15.0087 5512 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll 15:35:15.0087 5512 WinRM - ok 15:35:15.0149 5512 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WINUSB C:\Windows\system32\drivers\WinUSB.SYS 15:35:15.0149 5512 WINUSB - ok 15:35:15.0181 5512 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll 15:35:15.0181 5512 Wlansvc - ok 15:35:15.0196 5512 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 15:35:15.0196 5512 WmiAcpi - ok 15:35:15.0212 5512 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 15:35:15.0212 5512 wmiApSrv - ok 15:35:15.0243 5512 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 15:35:15.0259 5512 WMPNetworkSvc - ok 15:35:15.0274 5512 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll 15:35:15.0274 5512 WPCSvc - ok 15:35:15.0305 5512 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 15:35:15.0305 5512 WPDBusEnum - ok 15:35:15.0321 5512 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 15:35:15.0321 5512 ws2ifsl - ok 15:35:15.0337 5512 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll 15:35:15.0337 5512 wscsvc - ok 15:35:15.0337 5512 WSearch - ok 15:35:15.0399 5512 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 15:35:15.0415 5512 wuauserv - ok 15:35:15.0446 5512 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 15:35:15.0446 5512 WudfPf - ok 15:35:15.0461 5512 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 15:35:15.0461 5512 WUDFRd - ok 15:35:15.0477 5512 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 15:35:15.0477 5512 wudfsvc - ok 15:35:15.0493 5512 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll 15:35:15.0508 5512 WwanSvc - ok 15:35:15.0539 5512 [ BE701D39FB0543083DDF74227638BCF3 ] XG762_VS C:\Windows\system32\DRIVERS\WlanGZG.sys 15:35:15.0555 5512 XG762_VS - ok 15:35:15.0586 5512 [ 30B73EB97218A16CBC6DE535782A1B35 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x86.sys 15:35:15.0586 5512 yukonw7 - ok 15:35:15.0602 5512 ================ Scan global =============================== 15:35:15.0633 5512 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll 15:35:15.0680 5512 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll 15:35:15.0695 5512 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll 15:35:15.0727 5512 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll 15:35:15.0742 5512 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe 15:35:15.0742 5512 [Global] - ok 15:35:15.0742 5512 ================ Scan MBR ================================== 15:35:15.0758 5512 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 15:35:16.0148 5512 \Device\Harddisk0\DR0 - ok 15:35:16.0148 5512 ================ Scan VBR ================================== 15:35:16.0148 5512 [ 8F94CDFE32569CBA3CB2F7142322C838 ] \Device\Harddisk0\DR0\Partition1 15:35:16.0163 5512 \Device\Harddisk0\DR0\Partition1 - ok 15:35:16.0179 5512 [ 29400EB4E8665A9DB7F27A7B7C3D0149 ] \Device\Harddisk0\DR0\Partition2 15:35:16.0179 5512 \Device\Harddisk0\DR0\Partition2 - ok 15:35:16.0179 5512 ============================================================ 15:35:16.0179 5512 Scan finished 15:35:16.0179 5512 ============================================================ 15:35:16.0195 0364 Detected object count: 0 15:35:16.0195 0364 Actual detected object count: 0 DDS Logfile: DDS Logfile: Code:
ATTFilter DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16457 Run by Gieske at 15:27:47 on 2012-12-29 #Option MBR scan is disabled. Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.2815.1304 [GMT 1:00] . AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\atiesrxx.exe C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe C:\Windows\WindowsMobile\wmdc.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\MSI\US54SE_Utility\ZDWlan.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Windows\system32\conhost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\alg.exe c:\Program Files\Microsoft Security Client\NisSrv.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k WindowsMobile C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\svchost.exe -k SDRSVC . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.de/ uURLSearchHooks: {40c3cc16-7269-4b32-9531-17f2950fb06f} - <orphaned> BHO: Shopping Assistant Plugin: {1631550F-191D-4826-B069-D9439253D926} - c:\program files\pricegong\2.6.2\PriceGongIE.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Windows Live Anmelde-Hilfsprogramm: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [syshost32] c:\users\gieske\appdata\local\{aff6c721-3c92-f4cd-0922-36c5e90bbab1}\syshost.exe mRun: [Windows Mobile Device Center] c:\windows\windowsmobile\wmdc.exe mRun: [tsnpstd3] c:\windows\tsnpstd3.exe mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min StartupFolder: c:\users\gieske\appdata\roaming\micros~1\windows\startm~1\programs\startup\DSL-MA~1.LNK - StartupFolder: c:\users\gieske\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\msius5~1.lnk - c:\program files\msi\us54se_utility\ZDWlan.exe mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe Trusted Zone: microsoft.com Trusted Zone: windowsupdate.com DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 192.168.2.1 TCP: Interfaces\{31116BF8-057C-44C7-990E-B3A02309704D} : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{4BD9EE6B-B642-44BB-9FE9-C07A51D22CAB} : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{9D940974-3B24-4ED4-85D2-954CBD761AF8} : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{EF72BE95-631A-4864-BFC7-5D33E0DC5F90} : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{F7E3C8F4-6BFD-4B4C-8A29-C6113049523D} : DHCPNameServer = 192.168.2.1 SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - c:\users\gieske\appdata\roaming\mozilla\firefox\profiles\yz3ltjcy.default\ FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552] R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-3-16 36000] R1 DslMNLwf;DSL-Manager NDIS LightWeight Filter;c:\windows\system32\drivers\dslmnlwf.sys [2012-1-4 16448] R1 MpKsla2b99d2b;MpKsla2b99d2b;c:\programdata\microsoft\microsoft antimalware\definition updates\{78e2287e-3ca6-4d1c-a1f3-f8dcf01d7f4a}\MpKsla2b99d2b.sys [2012-12-29 29904] R2 AAV UpdateService;AAV UpdateService;c:\program files\akademische arbeitsgemeinschaft\aavupdatemanager\aavus.exe [2008-10-24 128296] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128] R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2012-3-16 86224] R2 AntiVirService;Avira Echtzeit Scanner;c:\program files\avira\antivir desktop\avguard.exe [2012-3-16 110032] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-3-16 83392] R2 Freemake Improver;Freemake Improver;c:\programdata\freemake\freemakeutilsservice\FreemakeUtilsService.exe [2012-12-24 100864] R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 99272] R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\drivers\athrusb.sys [2008-7-29 904192] R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 TDslMgrService;DSL-Manager;c:\program files\dsl-manager\DslMgrSvc.exe [2012-1-4 307200] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-12 52224] S3 XG762_VS;ZyXEL 802.11g XG762 1211 Vista Driver;c:\windows\system32\drivers\WlanGZG.sys [2010-9-2 873472] . =============== Created Last 30 ================ . 2012-12-29 10:12:28 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{78e2287e-3ca6-4d1c-a1f3-f8dcf01d7f4a}\MpKsla2b99d2b.sys 2012-12-29 10:08:08 60872 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{78e2287e-3ca6-4d1c-a1f3-f8dcf01d7f4a}\offreg.dll 2012-12-28 18:37:17 6812136 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{78e2287e-3ca6-4d1c-a1f3-f8dcf01d7f4a}\mpengine.dll 2012-12-28 16:42:05 -------- d-----w- c:\users\gieske\appdata\local\{AFF6C721-3C92-F4CD-0922-36C5E90BBAB1} 2012-12-28 10:40:48 -------- d-----w- c:\programdata\Age of Empires 3 2012-12-28 10:39:51 -------- d-----w- c:\program files\common files\Microsoft Games 2012-12-27 18:29:33 6812136 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2012-12-24 00:42:48 -------- d-----w- c:\users\gieske\appdata\roaming\TuneUp Software 2012-12-24 00:42:29 -------- d-----w- c:\programdata\TuneUp Software 2012-12-24 00:42:19 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} 2012-12-24 00:42:19 -------- d--h--w- c:\programdata\Common Files 2012-12-24 00:38:14 -------- d-----w- c:\programdata\Freemake 2012-12-24 00:38:03 -------- d-----w- c:\users\gieske\appdata\roaming\OpenCandy 2012-12-24 00:38:03 -------- d-----w- c:\program files\Freemake 2012-12-23 22:55:01 -------- d-----w- c:\programdata\Canneverbe Limited 2012-12-23 22:55:00 -------- d-----w- c:\users\gieske\appdata\roaming\Canneverbe Limited 2012-12-23 22:51:00 -------- d-----w- c:\program files\Haali 2012-12-23 22:50:36 -------- d-----w- c:\programdata\Cypheros 2012-12-23 22:50:36 -------- d-----w- c:\program files\Cypheros 2012-12-21 08:22:43 295424 ----a-w- c:\windows\system32\atmfd.dll 2012-12-21 08:22:42 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 14:40:51 -------- d-----w- c:\users\gieske\appdata\local\Proxure 2012-12-16 14:40:42 -------- d-----w- c:\programdata\ClubSanDisk 2012-12-14 13:30:18 -------- d-----w- c:\windows\system32\AGEIA 2012-12-14 13:30:00 -------- d-----w- c:\program files\common files\Wise Installation Wizard 2012-12-14 13:29:58 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll 2012-12-14 13:29:58 528216 ----a-w- c:\windows\system32\XAudio2_6.dll 2012-12-14 13:29:56 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2012-12-14 13:29:56 515416 ----a-w- c:\windows\system32\XAudio2_5.dll 2012-12-14 13:29:56 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll 2012-12-14 13:29:56 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll 2012-12-14 13:29:53 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll 2012-12-14 13:29:01 -------- d-----w- c:\program files\Woodcutter Simulator 2013 2012-12-12 07:09:07 2345984 ----a-w- c:\windows\system32\win32k.sys 2012-12-08 13:09:43 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll 2012-12-08 13:09:43 527192 ----a-w- c:\windows\system32\XAudio2_7.dll 2012-12-08 13:09:43 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll 2012-12-08 13:09:42 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll 2012-12-08 13:09:41 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll 2012-12-08 13:07:00 -------- d-----w- c:\program files\Landwirtschafts Simulator 2013 . ==================== Find3M ==================== . 2012-12-12 07:48:40 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-12 07:48:40 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-13 11:49:24 98304 ----a-w- c:\windows\system32\CmdLineExt.dll 2012-11-09 04:42:49 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-02 05:11:31 376832 ----a-w- c:\windows\system32\dpnet.dll 2012-10-16 07:39:52 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-09 17:40:31 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-10-09 17:40:31 193536 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-10-04 16:47:18 169984 ----a-w- c:\windows\system32\winsrv.dll 2012-10-04 16:43:05 293376 ----a-w- c:\windows\system32\KernelBase.dll 2012-10-04 14:57:58 271360 ----a-w- c:\windows\system32\conhost.exe 2012-10-04 14:41:50 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-10-04 14:41:50 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-10-04 14:41:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-10-04 14:41:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2012-10-03 16:58:30 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-10-03 16:42:26 52224 ----a-w- c:\windows\system32\nlaapi.dll 2012-10-03 16:42:26 242176 ----a-w- c:\windows\system32\nlasvc.dll 2012-10-03 16:42:24 18944 ----a-w- c:\windows\system32\netevent.dll 2012-10-03 16:42:24 175104 ----a-w- c:\windows\system32\netcorehc.dll 2012-10-03 16:42:23 156672 ----a-w- c:\windows\system32\ncsi.dll 2012-10-03 16:40:35 499712 ----a-w- c:\windows\system32\iphlpsvc.dll 2012-10-03 15:21:38 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys . ============= FINISH: 15:28:28,55 =============== --- --- --- --- --- --- Code:
ATTFilter . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 01.09.2010 09:35:31 System Uptime: 29.12.2012 11:06:43 (4 hours ago) . Motherboard: Acer | | RS740DVF Processor: AMD Athlon(tm) Dual Core Processor 5050e | AM2 | 1794/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 342 GiB total, 237,201 GiB free. D: is FIXED (NTFS) - 342 GiB total, 228,209 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e968-e325-11ce-bfc1-08002be10318} Description: ATI Radeon 2100 (Microsoft Corporation - WDDM) Device ID: PCI\VEN_1002&DEV_796E&SUBSYS_01551025&REV_00\4&38DE457&0&2808 Manufacturer: ATI Technologies Inc. Name: ATI Radeon 2100 (Microsoft Corporation - WDDM) PNP Device ID: PCI\VEN_1002&DEV_796E&SUBSYS_01551025&REV_00\4&38DE457&0&2808 Service: atikmdag . Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a} Description: USB CF Reader Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#2004888&1# Manufacturer: Generic Name: G:\ PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#2004888&1# Service: WUDFRd . Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a} Description: USB MS Reader Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_MS_READER&REV_1.03#2004888&3# Manufacturer: Generic Name: I:\ PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_MS_READER&REV_1.03#2004888&3# Service: WUDFRd . Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a} Description: USB SD Reader Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SD_READER&REV_1.00#2004888&0# Manufacturer: Generic Name: F:\ PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SD_READER&REV_1.00#2004888&0# Service: WUDFRd . Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a} Description: USB SM Reader Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SM_READER&REV_1.02#2004888&2# Manufacturer: Generic Name: H:\ PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SM_READER&REV_1.02#2004888&2# Service: WUDFRd . ==== System Restore Points =================== . RP633: 26.12.2012 21:02:39 - TuneUp Utilities 2013 wird entfernt RP634: 26.12.2012 21:04:07 - TuneUp Utilities Language Pack (de-DE) wird entfernt RP635: 27.12.2012 19:29:12 - Windows Update RP637: 28.12.2012 11:29:28 - Installiert Age of Empires III . ==== Installed Programs ====================== . AAVUpdateManager Adobe Digital Editions Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.4) - Deutsch Age of Empires III Ashampoo Photo Commander 7.60 Autos bauen mit Willy Werkel Avira Free Antivirus Baumaschinen Simulator 2011 Version 1.0 Content Manager 2 Demolition Company DSL-Manager EPSON-Drucker-Software Euro Truck Simulator 1.1 Freemake Video Converter Version 3.2.1 Gabelstapler Simulator 2009 Google Chrome Google Earth Google Toolbar for Internet Explorer Google Update Helper Haali Media Splitter Holzfäller Simulator 2013 Java Auto Updater Java(TM) 6 Update 29 Junk Mail filter update Landwirtschafts Simulator 2011 Landwirtschafts Simulator 2013 LEGO® Star Wars™: Die Komplette Saga LEGO® Star Wars™: The Complete Saga Malwarebytes Anti-Malware Version 1.65.1.1000 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Age of Empires Microsoft Age of Empires II Microsoft Antimalware Service DE-DE Language Pack Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Security Client Microsoft Security Client DE-DE Language Pack Microsoft Security Essentials Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mozilla Firefox 11.0 (x86 de) MSI US54SE 802.11 b+g USB Stick MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Naviextras Toolbox Prerequesities NVIDIA PhysX O&O PartitionManager Professional OpenOffice.org 3.2 Photomizer PokerStars PriceGong 2.6.2 QuickTime Schiffe bauen mit Willy Werkel Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870) Steuer-Software 2011 Steuer-Software 2012 Stronghold TKKG 9 TSDoctor TweakNow RegCleaner 2011 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) USB PC Camera Plus Wildlife Park 2 - Farm World v2.1 Windows Live-Uploadtool Windows Live Anmelde-Assistent Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Mobile-Gerätecenter WinRAR . ==== End Of File =========================== Geändert von Meister G. (29.12.2012 um 14:13 Uhr) |
29.12.2012, 15:55 | #6 | ||
/// TB-Ausbilder | tr/atraps.gen2 und andere Funde Dann gehts weiter: Schritt 1: Deinstallation von Programmen Schritt 2: AdwCleaner: Werbeprogramme suchen und löschen Schritt 3: Temporäre Dateien löschen mit TFC Schritt 4: Scan mit Combofix
__________________ --> tr/atraps.gen2 und andere Funde |
29.12.2012, 16:58 | #7 |
| tr/atraps.gen2 und andere Funde So Schritt 2 Code:
ATTFilter # AdwCleaner v2.103 - Datei am 29/12/2012 um 16:11:51 erstellt # Aktualisiert am 25/12/2012 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits) # Benutzer : Gieske - GIESKE-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Gieske\Downloads\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Ordner Gelöscht : C:\Program Files\Conduit Ordner Gelöscht : C:\Program Files\PriceGong Ordner Gelöscht : C:\ProgramData\Ask Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong Ordner Gelöscht : C:\Users\Gieske\AppData\Local\Conduit Ordner Gelöscht : C:\Users\Gieske\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok Ordner Gelöscht : C:\Users\Gieske\AppData\LocalLow\Conduit Ordner Gelöscht : C:\Users\Gieske\AppData\Roaming\OpenCandy ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\3e5f8339b341c9b2 Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926} Schlüssel Gelöscht : HKCU\Software\SweetIM Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB} Schlüssel Gelöscht : HKLM\Software\Conduit Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong Schlüssel Gelöscht : HKLM\Software\SweetIM Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{40C3CC16-7269-4B32-9531-17F2950FB06F}] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}] Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{8a9386b4-e958-4c4c-adf4-8f26db3e4829}] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v11.0 (de) Datei : C:\Users\Gieske\AppData\Roaming\Mozilla\Firefox\Profiles\yz3ltjcy.default\prefs.js [OK] Die Datei ist sauber. -\\ Google Chrome v23.0.1271.97 Datei : C:\Users\Gieske\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[S1].txt - [3520 octets] - [29/12/2012 16:11:51] ########## EOF - C:\AdwCleaner[S1].txt - [3580 octets] ########## Code:
ATTFilter ComboFix 12-12-29.02 - Gieske 29.12.2012 16:48:06.1.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.2815.1862 [GMT 1:00] ausgeführt von:: c:\users\Gieske\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Gieske\AppData\Local\{AFF6C721-3C92-F4CD-0922-36C5E90BBAB1}\syshost.exe c:\windows\IsUn0407.exe c:\windows\security\Database\tmp.edb c:\windows\system32\drivers\etc\hosts.ics c:\windows\system32\sysprep\cryptbase.dll c:\windows\unin0407.exe . . ((((((((((((((((((((((( Dateien erstellt von 2012-11-28 bis 2012-12-29 )))))))))))))))))))))))))))))) . . 2012-12-29 15:53 . 2012-12-29 15:53 -------- d-----w- c:\users\Gieske\AppData\Local\temp 2012-12-29 15:53 . 2012-12-29 15:53 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-29 15:43 . 2012-12-29 15:43 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{78E2287E-3CA6-4D1C-A1F3-F8DCF01D7F4A}\MpKslf2f95a95.sys 2012-12-29 15:15 . 2012-12-29 15:23 60872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{78E2287E-3CA6-4D1C-A1F3-F8DCF01D7F4A}\offreg.dll 2012-12-28 18:37 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{78E2287E-3CA6-4D1C-A1F3-F8DCF01D7F4A}\mpengine.dll 2012-12-28 10:40 . 2012-12-28 10:40 -------- d-----w- c:\programdata\Age of Empires 3 2012-12-28 10:39 . 2012-12-28 10:39 -------- d-----w- c:\program files\Common Files\Microsoft Games 2012-12-27 18:29 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-12-24 00:42 . 2012-12-24 00:42 -------- d-----w- c:\users\Gieske\AppData\Roaming\TuneUp Software 2012-12-24 00:42 . 2012-12-24 00:42 -------- d-----w- c:\programdata\TuneUp Software 2012-12-24 00:42 . 2012-12-25 22:24 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} 2012-12-24 00:42 . 2012-12-24 00:42 -------- d--h--w- c:\programdata\Common Files 2012-12-24 00:38 . 2012-12-24 00:39 -------- d-----w- c:\programdata\Freemake 2012-12-24 00:38 . 2012-12-24 00:38 -------- d-----w- c:\program files\Freemake 2012-12-23 22:55 . 2012-12-23 22:55 -------- d-----w- c:\programdata\Canneverbe Limited 2012-12-23 22:55 . 2012-12-23 22:55 -------- d-----w- c:\users\Gieske\AppData\Roaming\Canneverbe Limited 2012-12-23 22:51 . 2012-12-23 22:51 -------- d-----w- c:\program files\Haali 2012-12-23 22:50 . 2012-12-23 22:50 -------- d-----w- c:\programdata\Cypheros 2012-12-23 22:50 . 2012-12-23 22:50 -------- d-----w- c:\program files\Cypheros 2012-12-21 08:22 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll 2012-12-21 08:22 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 14:40 . 2012-12-16 14:40 -------- d-----w- c:\users\Gieske\AppData\Local\Proxure 2012-12-16 14:40 . 2012-12-16 14:40 -------- d-----w- c:\programdata\ClubSanDisk 2012-12-14 13:30 . 2012-12-14 13:30 -------- d-----w- c:\program files\AGEIA Technologies 2012-12-14 13:30 . 2012-12-14 13:30 -------- d-----w- c:\windows\system32\AGEIA 2012-12-14 13:30 . 2012-12-14 13:30 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2012-12-14 13:29 . 2010-02-04 09:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll 2012-12-14 13:29 . 2010-02-04 09:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll 2012-12-14 13:29 . 2009-09-04 16:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2012-12-14 13:29 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll 2012-12-14 13:29 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll 2012-12-14 13:29 . 2009-03-16 13:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll 2012-12-14 13:29 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll 2012-12-14 13:29 . 2012-12-14 13:43 -------- d-----w- c:\program files\Woodcutter Simulator 2013 2012-12-12 07:09 . 2012-11-22 02:56 2345984 ----a-w- c:\windows\system32\win32k.sys 2012-12-08 13:09 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll 2012-12-08 13:09 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll 2012-12-08 13:09 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll 2012-12-08 13:09 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll 2012-12-08 13:09 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll 2012-12-08 13:07 . 2012-12-14 14:45 -------- d-----w- c:\program files\Landwirtschafts Simulator 2013 . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-12 07:48 . 2012-05-06 07:38 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-12-12 07:48 . 2011-06-14 10:32 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-11-28 18:44 . 2012-11-28 18:44 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C06F06A6-12ED-4975-B3B6-6B927153F87D}\gapaengine.dll 2012-11-13 11:49 . 2012-11-13 11:49 98304 ----a-w- c:\windows\system32\CmdLineExt.dll 2012-10-16 07:39 . 2012-11-28 07:22 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-09 17:40 . 2012-11-16 06:38 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-10-09 17:40 . 2012-11-16 06:38 193536 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-10-03 16:58 . 2012-11-16 06:38 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-10-03 16:42 . 2012-11-16 06:38 52224 ----a-w- c:\windows\system32\nlaapi.dll 2012-10-03 16:42 . 2012-11-16 06:38 242176 ----a-w- c:\windows\system32\nlasvc.dll 2012-10-03 16:42 . 2012-11-16 06:38 175104 ----a-w- c:\windows\system32\netcorehc.dll 2012-10-03 16:42 . 2012-11-16 06:38 18944 ----a-w- c:\windows\system32\netevent.dll 2012-10-03 16:42 . 2012-11-16 06:38 156672 ----a-w- c:\windows\system32\ncsi.dll 2012-10-03 16:40 . 2012-11-16 06:38 499712 ----a-w- c:\windows\system32\iphlpsvc.dll 2012-10-03 15:21 . 2012-11-16 06:38 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2012-10-02 07:04 . 2011-03-25 12:20 740784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-03-13 04:38 . 2012-03-14 16:50 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-02 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072] "tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-03-30 262144] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664] . c:\users\Gieske\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ DSL-Manager.lnk - [N/A] OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ MSI US54SE 802.11b+g USB Stick Utility.lnk - c:\program files\MSI\US54SE_Utility\ZDWlan.exe [2010-9-1 483328] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ DSL-Manager.lnk - c:\program files\DSL-Manager\DslMgr.exe [2012-1-4 1085440] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "MSC"="c:\program files\Microsoft Security Client\mssecex.exe" -hide -runkey . R2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 TDslMgrService;DSL-Manager;c:\program files\DSL-Manager\DslMgrSvc.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 XG762_VS;ZyXEL 802.11g XG762 1211 Vista Driver;c:\windows\system32\DRIVERS\WlanGZG.sys [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x] S1 DslMNLwf;DSL-Manager NDIS LightWeight Filter;c:\windows\system32\DRIVERS\dslmnlwf.sys [x] S1 MpKslf2f95a95;MpKslf2f95a95;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{78E2287E-3CA6-4D1C-A1F3-F8DCF01D7F4A}\MpKslf2f95a95.sys [x] S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x] S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [x] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - MPKSLF2F95A95 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . Inhalt des "geplante Tasks" Ordners . 2012-12-29 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 07:48] . 2012-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-02 15:54] . 2012-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-02 15:54] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.de/ Trusted Zone: microsoft.com Trusted Zone: microsoft.com\*.update Trusted Zone: microsoft.com\*.windowsupdate Trusted Zone: windowsupdate.com TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Gieske\AppData\Roaming\Mozilla\Firefox\Profiles\yz3ltjcy.default\ . - - - - Entfernte verwaiste Registrierungseinträge - - - - . HKCU-Run-syshost32 - c:\users\Gieske\AppData\Local\{AFF6C721-3C92-F4CD-0922-36C5E90BBAB1}\syshost.exe AddRemove-AutoBauDeinstKey - c:\windows\unin0407.exe AddRemove-SBMWW - c:\windows\IsUn0407.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-132146776-3345195101-1586744503-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) "??"=hex:22,6b,47,3d,c1,af,c7,62,d2,a4,58,2a,66,89,df,6d,06,99,bf,46,aa,20,81, 5a,3c,86,62,4b,42,46,34,16,d0,98,73,de,55,d0,ad,9e,92,d3,41,15,18,7e,d3,9f,\ "??"=hex:66,41,61,5d,05,28,9b,19,cf,0e,59,d4,00,94,c2,e6 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] "OOPM03.00.00.01PRO"="5D58C566F90E9667CB9697C65318A8C86110B716643EACCA4B458A625417BAA5546AB77C4D4587CC6CD5C03CBF218491B752A801C5230A97342FA99B04A59C1AE6AEF8EFAA78B30125BC22F77E3C9EC161F46C0FF0186F1A10014C09CFB67A0E9BB8F0A8F817E43F64225553AA2F4494D2B7EBA15CDACA28FDFD4E3C261A859159EE8B04BFA7AD7879B3761788D30875E6A89412A238CDCB013B0E371C342FEE6C8CB7D3ACC2E1CE9B6F267FFB99BE04DD2D59A981936FC20122EEF268FBAF9DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98088EDD5E5BE2F6E6675D575E7D6A3B9808A2D97226D213B555D490791B4D30260CD1E3EAA726CE5E6E379B64C7C7D1BC32798291D792C805B910E46C5059F82FC49D26F726CE15B03F1EA982757FD9C14E270D017EDC61C036C1316FF0555C2211C88E4E0A02116AD3D7E22502DD29BD20D4A51643155382E77FD18C7F58378CE48F81E903CFB0D8DE6ECFD6688D636238F5170F901D9A7B5BC278CF729E78406A9632C835EBF99044CE49281BD8C3225A5E82ABC47B439FD26BA94B368422D27FE6ABEC372E046721C7FEAC00321537FD485931B1597129C0BABC95298E4C20B4694BDD97137A79440FF37B6DAFBA1D4E5066681D845994CF57DFC89D64A245506FC325D3B99FA62DBB7DB1B287A992ABF7439C40F0C723DACB94805CCFE3A4CBAB98D2E167C59095CB48EC1199699C28266020C93119DA7207AC609E3FE2645434A6792982D71FE61FD1D13B641A048D228046DC81C0835B5A548D93C6886F4B07192E84184FFC3E786D085C0EEAD4541ABDE88EBFC42A0FFD8631DF9C4EF14702F28D46563E1A700342BB105EA15EAEA08163E7EC3FA1390A14F7191B445F116809343093C6A982494A9CE8C397B5FE290D17E8AE5EFDB9FE22954A420EEDA5E107C57BC4A4A1AF3C545C6BCDBA325C0EF3698250E398A63D293F7235E118B6F9E8E9D409A0BD66B084358FB28A70938D1EC11ABE278EC70DF6AD85B98C9AAA20024AD99E1D7DC8DDCF61C2C91E5123C7C68C8A0B12C119172A1FE93BEB799AA7761522690E242D628120E6111F77BE427DBCA2ECA2D54CEBBAD47BC9F3F8D4C7C07D32F07BB71FBB393750A9C84CCDE627C323BDEB34C47C6E150895AB25581D2E3B88E102055CCF68EAC858EC7AEC837A1DC2FA920B9B1F632AD2772E4B5DA46207930CD01A57E6570A0C84F1F3EAC88244ABC6534B9C8E8ADF13E9ABFC4DC3D09FB8E2AC4AB72E9FE2CCBC506BCACBA1B87AE67AA9C9E8A708748C669143C1444A4E7EEEADD6B4B04A2E32965AC4860A014246EA9F563155F915A0B6A193C8DA4A221B039D43EF4D164BB7E37BC35643250A7099E92C4D7E8E080F078BC269066DF319693BC0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2012-12-29 16:54:43 ComboFix-quarantined-files.txt 2012-12-29 15:54 . Vor Suchlauf: 18 Verzeichnis(se), 254.949.658.624 Bytes frei Nach Suchlauf: 24 Verzeichnis(se), 255.195.807.744 Bytes frei . - - End Of File - - FC0537A9B3F18FAA358267E2E6BF7162 |
29.12.2012, 18:24 | #8 |
/// TB-Ausbilder | tr/atraps.gen2 und andere Funde So dann weiter: Schritt 1: Deinstalliere Security Essentials Schritt 2: zurück ans Netz Schritt 3: Scan mit MBAR Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
30.12.2012, 09:54 | #9 |
| tr/atraps.gen2 und andere Funde Hi in Schritt 3 wurden keine Funde angezeigt also auch kein Cleanup. Hier das Logfile Code:
ATTFilter --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1011 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x86 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 2.599000 GHz Memory total: 2951929856, free: 1853427712 ------------ Kernel report ------------ 12/30/2012 09:43:20 ------------ Loaded modules ----------- \SystemRoot\system32\ntkrnlpa.exe \SystemRoot\system32\halmacpi.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_AuthenticAMD.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\pciide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\dslmnlwf.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\ssmdrv.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\avkmgr.sys \SystemRoot\system32\DRIVERS\avipbb.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\amdk8.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\yk62x86.sys \SystemRoot\system32\drivers\1394ohci.sys \SystemRoot\system32\DRIVERS\usbohci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\drivers\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\drivers\mouclass.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\HdAudio.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\athrusb.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\avgntflt.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\System32\drivers\ipnat.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\system32\DRIVERS\asyncmac.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\usbscan.sys \SystemRoot\system32\DRIVERS\usbprint.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\normaliz.dll \Windows\System32\wininet.dll \Windows\System32\sechost.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk4\DR4 Upper Device Object: 0xffffffff8703dac8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000071\ Lower Device Object: 0xffffffff87034030 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR DriverEntry returned 0x0 Function returned 0x0 <<<1>>> Upper Device Name: \Device\Harddisk3\DR3 Upper Device Object: 0xffffffff8703d030 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000070\ Lower Device Object: 0xffffffff87028920 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk2\DR2 Upper Device Object: 0xffffffff8703cac8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000006f\ Lower Device Object: 0xffffffff87028ca8 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xffffffff8703c030 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000006e\ Lower Device Object: 0xffffffff87028030 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff863bd600 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\ Lower Device Object: 0xffffffff855ef908 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi DriverEntry returned 0x0 Function returned 0x0 Downloaded database version: v2012.12.30.05 Downloaded database version: v2012.12.27.02 Initializing... Done! <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff863bd600, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff863bd238, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff863bd600, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff862858d8, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffffffff855ef908, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\ ------------ End ---------- Upper DeviceData: 0xffffffffb0b37630, 0xffffffff863bd600, 0xffffffff85c30ac8 Lower DeviceData: 0xffffffffa7e1ffc0, 0xffffffff855ef908, 0xffffffff858e12f8 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\Windows\system32\drivers... Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: A2972EB Partition information: Partition 0 type is Other (0x27) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 30720000 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 30722048 Numsec = 717262848 Partition file system is NTFS Partition is bootable Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 747984896 Numsec = 717160448 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 750156374016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)... Physical Sector Size: 0 Drive: 1, DevicePointer: 0xffffffff8703c030, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff87034560, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff8703c030, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff87028030, DeviceName: \Device\0000006e\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 2, DevicePointer: 0xffffffff8703cac8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff86fa4340, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff8703cac8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff87028ca8, DeviceName: \Device\0000006f\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 3, DevicePointer: 0xffffffff8703d030, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8703c7a8, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff8703d030, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff87028920, DeviceName: \Device\00000070\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 4, DevicePointer: 0xffffffff8703dac8, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8703d7a8, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffffff8703dac8, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff87034030, DeviceName: \Device\00000071\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Done! Performing system, memory and registry scan... Done! Scan finished ======================================= Jetzt der Richtige Code:
ATTFilter Malwarebytes Anti-Rootkit 1.01.0.1011 www.malwarebytes.org Database version: v2012.12.30.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Gieske :: GIESKE-PC [administrator] 30.12.2012 09:51:18 mbar-log-2012-12-30 (09-51-18).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 27534 Time elapsed: 6 minute(s), 16 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Geändert von Meister G. (30.12.2012 um 10:03 Uhr) |
30.12.2012, 10:39 | #10 | |
/// TB-Ausbilder | tr/atraps.gen2 und andere Funde Gut! Soweit ich das sehe haben wir damit alles Schädliche entfernt. Um sicher sein zu können müssen jetzt noch ein paar Kontrollen machen und werden dann deinen Computer noch auf einen sicheren Stand bringen. Da diese Scans jetzt sehr lange dauern können bitte ich dich mir erst wieder zu schreiben, wenn du auch wirklich alles erledigt hast oder Probleme auftreten sollten. Schritt 1: Quick-Scan mit Malwarebytes Schritt 2: ESET Online Scanner Zitat:
Schritt 3: Scan mit SecurityCheck Downloade Dir bitte SecurityCheck: LINK1 LINK2
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
30.12.2012, 14:30 | #11 |
| tr/atraps.gen2 und andere Funde Schritt 1 kein Fund Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2012.12.30.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Gieske :: GIESKE-PC [Administrator] 30.12.2012 11:18:53 mbam-log-2012-12-30 (11-18-53).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 197602 Laufzeit: 3 Minute(n), 23 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Trial Creator\Export\SoftDMA_Trial\Autorun.inf INF/Autorun.gen worm C:\Qoobox\Quarantine\C\Users\Gieske\AppData\Local\{AFF6C721-3C92-F4CD-0922-36C5E90BBAB1}\syshost.exe.vir a variant of Win32/Kryptik.ARIW trojan Code:
ATTFilter Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.70.0.1100 Adobe Reader 10.1.4 Adobe Reader out of Date! Mozilla Firefox 11.0 Firefox out of Date! Google Chrome 22.0.1229.95 Google Chrome 23.0.1271.64 Google Chrome 23.0.1271.91 Google Chrome 23.0.1271.95 Google Chrome 23.0.1271.97 ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
30.12.2012, 16:35 | #12 | ||||
/// TB-Ausbilder | tr/atraps.gen2 und andere Funde Prima! Damit wären wir fertig. Wir räumen jetzt noch ein wenig auf und dann habe ich am Ende etwas Lesestoff für dich. Schritt 1: Tools deinstallieren
Schritt 2: ESET deinstallieren (Optional)
Schritt 3: Update: Firefox, Addons und Plugins
Schritt 4: Update: Adobe Reader
Probiere einen alternativen Viewer für pdf-Dokumente aus. Diese sind meist schlanker, schneller und schleusen sehr viel seltener Schädlinge ein. Mein Vorschlag:
Abschließend noch Tipps zu folgenden Themen:
Damit wünsche ich dir noch viel Spaß beim Surfen im Internet ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Eine Bitte: Gib mir eine kurze Rückmeldung, wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
31.12.2012, 15:22 | #13 |
| tr/atraps.gen2 und andere Funde Hi so habe alles ausgeführt,ausser das Secunia Psi versucht Firefox 11 Adobe Reader 9 und Powerpoint 2003 ständig upzudaten obwohl von allen die neuste Version on ist,ist alles ok.Habe sie auf ignorieren gestellt. Besten dank für deine Hilfe und Geduld,kann jetzt zugemacht werden.Guten Rutsch und Tschüss |
31.12.2012, 15:23 | #14 |
/// TB-Ausbilder | tr/atraps.gen2 und andere Funde Die sind auch alt. (FF und der Reader) Schön, dass wir helfen konnten Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen Falls du noch Lob oder Kritik loswerden möchtest, dann gibt es diesen Bereich hier: http://www.trojaner-board.de/lob-kritik-wuensche/
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
Themen zu tr/atraps.gen2 und andere Funde |
anti maleware, antivir, autorun, avg, avira, bho, error, euro, firefox, flash player, format, home, homepage, install.exe, installation, logfile, maleware, malware, msiexec.exe, object, plug-in, recycle.bin, registry, rundll, scan, security, software, svchost.exe, udp, windows, windows-explorer |