| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliertWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.01.2013, 12:17
| #1 |
 |  TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert Hallo zusammen, ich habe gestern von einer vermeintlich vertrauenswürdigen Seite eine Datei heruntergeladen, die sich allerdings nicht installieren ließ, da Avira den Trojaner erkannt und in Quarantäne gestellt hat. Es hat sich trotzdem anscheinend etwas installieren können, denn seitdem lässt sich das Windows Sicherheitscenter und das Avira Control Center nicht mehr aktivieren. Des Weiteren wurde ich bei Googlesuchen immer wieder auf falsche Internetadressen gelotst (u.a. ihavenet.com). Dies hat sich nun gegeben, nachdem ich meine gesamten Dateien mit Avira gescannt habe und nun hoffentlich alle Teile des Trojaners eingefangen habe. Weitere Scans mit Eset online scan und Malwarebytes Anti-Malware führten nach der Isolierung zu keinem weiteren Fund einer infizierten Datei. Leider bekomme ich von Avira keine Datei erstellt, in denen der Trojaner näher bezeichnet ist. Nun würde ich aber gerne diesen Trojaner möglichst schnell wieder loswerden und benötige dabei eure Hilfe. Leider kann ich mein Netbook nicht formatieren, da mir erstens ein CD-Laufwerk fehlt und zweitens die dazu passende CD. Vielen Dank im Vorfeld für eure Mühen Dakur OTL.txt Code:
ATTFilter OTL logfile created on: 1/15/2013 1:36:04 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Danny\Desktop Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1014.12 Mb Total Physical Memory | 491.21 Mb Available Physical Memory | 48.44% Memory free 1.99 Gb Paging File | 1.13 Gb Available in Paging File | 56.81% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 100.00 Gb Total Space | 55.73 Gb Free Space | 55.73% Space Free | Partition Type: NTFS Drive D: | 117.87 Gb Total Space | 30.19 Gb Free Space | 25.61% Space Free | Partition Type: NTFS Computer Name: DANNY-PC | User Name: Danny | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/01/15 01:29:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Danny\Desktop\OTL.exe PRC - [2012/12/11 16:07:46 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012/12/11 16:07:33 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2012/12/11 16:07:31 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012/12/11 16:07:31 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012/11/30 03:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012/11/23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE PRC - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011/05/27 15:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/05/28 06:47:44 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2010/05/17 22:49:26 | 001,242,544 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe PRC - [2010/04/16 16:56:44 | 000,644,384 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe PRC - [2010/04/03 01:45:20 | 000,407,552 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\SHE\SuperHybridEngine.exe PRC - [2010/04/02 00:52:34 | 000,445,344 | ---- | M] (ASUS) -- C:\Program Files\EeePC\CapsHook\CapsHook.exe PRC - [2010/03/23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe PRC - [2010/02/04 13:05:32 | 007,350,912 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe PRC - [2009/09/11 19:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe PRC - [2009/08/19 01:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe PRC - [2009/06/19 09:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe PRC - [2009/06/15 16:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe PRC - [2009/06/05 03:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009/06/05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe ========== Modules (No Company Name) ========== MOD - [2013/01/10 10:59:15 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b95e7795ea5951d09521cddfc03b5c4e\Microsoft.VisualBasic.ni.dll MOD - [2013/01/10 10:58:19 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll MOD - [2013/01/10 10:23:54 | 001,840,640 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\aa0c82eddc6cc12961a92835f777dcc0\System.Web.Services.ni.dll MOD - [2013/01/10 10:23:16 | 000,628,224 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll MOD - [2013/01/10 10:23:14 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll MOD - [2013/01/10 10:23:11 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll MOD - [2013/01/10 10:21:12 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll MOD - [2013/01/10 10:20:34 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013/01/10 10:20:18 | 000,025,600 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll MOD - [2013/01/10 10:18:57 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013/01/10 10:18:42 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013/01/10 10:18:38 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013/01/10 10:18:07 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2011/03/31 18:31:02 | 000,066,856 | ---- | M] () -- C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll MOD - [2010/11/13 01:02:21 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010/11/05 02:58:05 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2010/05/28 07:05:49 | 000,030,032 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\SqliteShared\1.0.3726.20828__0d0f4b69e50e559b\SqliteShared.dll MOD - [2010/05/28 07:05:48 | 000,839,680 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll MOD - [2010/03/16 02:48:46 | 000,148,816 | ---- | M] () -- C:\Program Files\ASUS\ASUS WebStorage\EcaremeDLL.dll MOD - [2009/06/10 22:23:19 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2009/05/28 22:02:28 | 000,054,272 | ---- | M] () -- C:\Program Files\BatteryBar\BarExplorerHook.dll ========== Services (SafeList) ========== SRV - [2013/01/10 20:10:31 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/01/09 22:10:34 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/12/11 16:07:46 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/12/11 16:07:31 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011/05/27 15:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) [Auto | Running] -- C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater) SRV - [2010/04/16 16:56:44 | 000,644,384 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2010/03/23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2009/08/19 01:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService) SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2009/06/15 16:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009/06/05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) SRV - [2007/05/31 15:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007/05/31 15:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV - [2012/12/11 16:07:50 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012/12/11 16:07:50 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012/11/13 17:16:36 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012/08/27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2011/10/01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol) DRV - [2011/10/01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir) DRV - [2011/10/01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay) DRV - [2011/10/01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs) DRV - [2011/08/19 11:25:25 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSPADataCardusbser.sys -- (HSPADataCardusbser) DRV - [2011/08/19 11:25:25 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSPADataCardusbnmea.sys -- (HSPADataCardusbnmea) DRV - [2011/08/19 11:25:25 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSPADataCardusbmdm.sys -- (HSPADataCardusbmdm) DRV - [2011/08/19 11:25:25 | 000,010,240 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter) DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB) DRV - [2010/04/22 04:59:09 | 000,065,576 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) DRV - [2010/04/19 06:43:57 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2010/03/31 02:40:20 | 000,011,520 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO) DRV - [2010/03/23 12:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2009/12/15 03:46:26 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM) DRV - [2009/12/15 03:46:18 | 000,013,184 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad) DRV - [2009/07/13 23:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009/07/06 14:33:40 | 000,015,616 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw95rc.sys -- (hcw95rc) DRV - [2009/07/06 14:30:58 | 000,573,440 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw95bda.sys -- (hcw95bda) DRV - [2008/11/16 17:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2007/01/18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://eeepc.asus.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825 IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official" FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.6.2 FF - prefs.js..extensions.enabledAddons: ff-bmboc%40bytemobile.com:4.2.2 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKCU\Software\MozillaPlugins\intel.com/AppUp: C:\Program Files\Intel\IntelAppStore\bin\npAppUp.dll (Intel) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011/06/09 17:50:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\congstar\Internet-Manager\Bin\addon [2010/04/01 13:29:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/10 20:10:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/10 20:10:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Program Files\Mein Gutscheincode Finder\Firefox [2011/08/15 21:48:37 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/08/17 00:09:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny\AppData\Roaming\mozilla\Extensions [2010/08/17 00:09:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012/11/25 20:00:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny\AppData\Roaming\mozilla\Firefox\Profiles\xnh2q9it.default\extensions [2012/07/19 16:41:16 | 000,000,000 | ---D | M] ("DHL Toolbar") -- C:\Users\Danny\AppData\Roaming\mozilla\Firefox\Profiles\xnh2q9it.default\extensions\{edc0b8a5-c050-4bb2-b785-a623b4515abf} [2011/03/12 22:38:07 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Danny\AppData\Roaming\mozilla\Firefox\Profiles\xnh2q9it.default\extensions\personas@christopher.beard [2012/11/25 20:00:10 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Danny\AppData\Roaming\mozilla\firefox\profiles\xnh2q9it.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011/08/15 21:48:38 | 000,001,123 | ---- | M] () -- C:\Users\Danny\AppData\Roaming\mozilla\firefox\profiles\xnh2q9it.default\searchplugins\conduit.xml [2013/01/10 20:10:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2013/01/10 20:10:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2010/04/01 13:29:34 | 000,000,000 | ---D | M] (Bytemobile Optimization Client) -- C:\PROGRAM FILES\CONGSTAR\INTERNET-MANAGER\BIN\ADDON [2013/01/10 20:10:31 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/07/17 19:00:14 | 000,170,624 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2012/10/24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/10/24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/10/24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012/10/24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012/10/24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012/10/24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS) O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [OOBESetup] C:\Program Files\asus\OOBERegBackup\OOBERegBackup.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKCU..\Run: [ShowBatteryBar] C:\Program Files\BatteryBar\ShowBatteryBar.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.7.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.30.3.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{983A5790-0C7D-48E8-BE1E-1DD96D3025A2}: DhcpNameServer = 172.30.3.254 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/01/15 01:29:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Danny\Desktop\OTL.exe [2013/01/14 20:09:34 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2013/01/10 20:10:19 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013/01/08 20:50:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird ========== Files - Modified Within 30 Days ========== [2013/01/15 01:33:24 | 000,000,000 | ---- | M] () -- C:\Users\Danny\defogger_reenable [2013/01/15 01:30:36 | 000,365,568 | ---- | M] () -- C:\Users\Danny\Desktop\gmer-2.0.18444.exe [2013/01/15 01:29:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Danny\Desktop\OTL.exe [2013/01/15 01:28:36 | 000,050,477 | ---- | M] () -- C:\Users\Danny\Desktop\Defogger.exe [2013/01/15 01:10:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013/01/14 17:10:12 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/01/14 17:10:12 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/01/14 17:02:16 | 000,000,302 | ---- | M] () -- C:\windows\tasks\Zzfyf.job [2013/01/14 17:02:08 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013/01/14 17:01:56 | 797,532,160 | -HS- | M] () -- C:\hiberfil.sys [2013/01/10 10:15:43 | 000,288,296 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2013/01/10 10:04:23 | 000,659,448 | ---- | M] () -- C:\windows\System32\perfh007.dat [2013/01/10 10:04:23 | 000,620,594 | ---- | M] () -- C:\windows\System32\perfh009.dat [2013/01/10 10:04:23 | 000,132,728 | ---- | M] () -- C:\windows\System32\perfc007.dat [2013/01/10 10:04:23 | 000,108,518 | ---- | M] () -- C:\windows\System32\perfc009.dat [2013/01/09 22:23:30 | 000,118,879 | ---- | M] () -- C:\Users\Danny\Desktop\Nr 22 - 22102010 Bachelorprüfungsordnung Phil Fak 4 Satzung zur Änderung.pdf [2013/01/09 22:22:31 | 001,647,871 | ---- | M] () -- C:\Users\Danny\Desktop\Nr 46 - 30092009 Bachelorstudiengänge 3 Satzung zur Änderung der Neufassung der.pdf [2013/01/09 22:21:54 | 000,053,596 | ---- | M] () -- C:\Users\Danny\Desktop\Nr 25 - 15052009 Bachelorprüfungsordnung Phil Fak 2 Satzung zur Änderung der N.pdf [2013/01/09 22:16:10 | 002,050,882 | ---- | M] () -- C:\Users\Danny\Desktop\Nr 35 - 08102007 Bachelorprüfungsordnung Phil Fak Neufassung.pdf [2013/01/04 10:40:51 | 000,040,752 | ---- | M] () -- C:\Users\Danny\Desktop\Nr 06 - 14032006 Satzung der Ethikkommission Med Fak.pdf [2013/01/04 10:40:26 | 000,720,571 | ---- | M] () -- C:\Users\Danny\Desktop\Nr 25 - 05102006 Bachelorstudiengänge der Phil Fak Prüfungsordnung.pdf [2012/12/30 19:38:48 | 000,001,187 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk [2012/12/30 15:51:14 | 000,069,206 | ---- | M] () -- C:\Users\Danny\Desktop\Merkblatt_Einzureichende_Belege_ab_VZ2011_Ansichts-PDF.pdf ========== Files Created - No Company Name ========== [2013/01/15 01:33:24 | 000,000,000 | ---- | C] () -- C:\Users\Danny\defogger_reenable [2013/01/15 01:30:36 | 000,365,568 | ---- | C] () -- C:\Users\Danny\Desktop\gmer-2.0.18444.exe [2013/01/15 01:28:34 | 000,050,477 | ---- | C] () -- C:\Users\Danny\Desktop\Defogger.exe [2013/01/14 12:45:22 | 000,000,302 | ---- | C] () -- C:\windows\tasks\Zzfyf.job [2013/01/09 22:23:30 | 000,118,879 | ---- | C] () -- C:\Users\Danny\Desktop\Nr 22 - 22102010 Bachelorprüfungsordnung Phil Fak 4 Satzung zur Änderung.pdf [2013/01/09 22:22:29 | 001,647,871 | ---- | C] () -- C:\Users\Danny\Desktop\Nr 46 - 30092009 Bachelorstudiengänge 3 Satzung zur Änderung der Neufassung der.pdf [2013/01/09 22:21:54 | 000,053,596 | ---- | C] () -- C:\Users\Danny\Desktop\Nr 25 - 15052009 Bachelorprüfungsordnung Phil Fak 2 Satzung zur Änderung der N.pdf [2013/01/09 22:16:07 | 002,050,882 | ---- | C] () -- C:\Users\Danny\Desktop\Nr 35 - 08102007 Bachelorprüfungsordnung Phil Fak Neufassung.pdf [2013/01/04 10:40:50 | 000,040,752 | ---- | C] () -- C:\Users\Danny\Desktop\Nr 06 - 14032006 Satzung der Ethikkommission Med Fak.pdf [2013/01/04 10:40:26 | 000,720,571 | ---- | C] () -- C:\Users\Danny\Desktop\Nr 25 - 05102006 Bachelorstudiengänge der Phil Fak Prüfungsordnung.pdf [2012/12/30 19:38:48 | 000,001,187 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk [2012/12/30 15:50:58 | 000,069,206 | ---- | C] () -- C:\Users\Danny\Desktop\Merkblatt_Einzureichende_Belege_ab_VZ2011_Ansichts-PDF.pdf [2012/10/19 00:37:36 | 000,116,224 | ---- | C] () -- C:\windows\System32\redmonnt.dll [2012/10/19 00:37:36 | 000,045,056 | ---- | C] () -- C:\windows\System32\unredmon.exe [2011/07/04 15:32:45 | 000,007,621 | ---- | C] () -- C:\Users\Danny\AppData\Local\Resmon.ResmonCfg [2011/04/21 08:46:39 | 000,393,256 | ---- | C] () -- C:\windows\System32\CNQ4809N.DAT [2011/03/23 15:13:41 | 000,009,704 | ---- | C] () -- C:\windows\HCWPNP.INI [2010/05/28 06:50:35 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2010/08/17 19:42:09 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Asus [2010/05/28 07:06:05 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\ASUS WebStorage [2012/09/04 22:07:35 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\BatteryBar [2012/05/09 23:29:07 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Broken Sword 2.5 [2011/11/24 20:47:25 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Canon [2010/08/17 00:49:36 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1 [2010/08/18 16:17:58 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\DeltaVision [2012/11/26 13:22:49 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Dropbox [2010/08/17 01:38:06 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\EeeStorageUploader [2012/01/02 14:02:14 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\elsterformular [2012/10/19 13:16:05 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\FreePDF [2010/12/27 12:06:37 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\GetRightToGo [2010/08/17 01:17:09 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\GoBoingo [2010/11/13 19:26:02 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\ICAClient [2012/07/24 07:31:03 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Internet-Manager [2010/12/27 12:09:06 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\MS-Buchhalter [2011/08/15 21:48:25 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\OCS [2010/08/18 07:48:41 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\OpenOffice.org [2011/08/15 21:48:39 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Opera [2011/09/28 15:17:01 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Rovio [2011/05/17 21:55:28 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\SoftGrid Client [2011/08/01 22:49:24 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Swiss Academic Software [2011/06/26 21:51:22 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Synaptics [2010/08/17 01:38:28 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\temp [2010/08/17 00:09:00 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Thunderbird [2011/05/13 12:15:30 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\TP [2010/08/18 21:24:40 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Windows Live Writer [2012/08/14 14:25:41 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\yWorks ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:AB689DEA < End of report > Code:
ATTFilter OTL Extras logfile created on: 1/15/2013 1:36:04 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Danny\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1014.12 Mb Total Physical Memory | 491.21 Mb Available Physical Memory | 48.44% Memory free
1.99 Gb Paging File | 1.13 Gb Available in Paging File | 56.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 55.73 Gb Free Space | 55.73% Space Free | Partition Type: NTFS
Drive D: | 117.87 Gb Total Space | 30.19 Gb Free Space | 25.61% Space Free | Partition Type: NTFS
Computer Name: DANNY-PC | User Name: Danny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.scr [@ = scrfile] -- "%1" /S "%3"
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S "%3"
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12D9827D-E68C-4A4D-B547-27C5276AAF5B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1F02B523-A70A-4521-8F7A-E01404740443}" = rport=445 | protocol=6 | dir=out | app=system |
"{2EF29DF8-05B4-4F18-8F18-D4DA7CE99308}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary |
"{3F15569D-A990-4D60-8326-AB55DF0F6269}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{44F30C2C-CE31-4718-91EA-90BF79F345A9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{606A869D-535C-4168-8D3C-24BB9C53E868}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6E6299B2-885E-4471-9DA3-7E29B97DF87E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7AC75C99-C85A-4477-83F8-D997E30B0B1A}" = lport=445 | protocol=6 | dir=in | app=system |
"{7CC8D969-6294-4FD2-BA04-C9CA60D3FD24}" = rport=139 | protocol=6 | dir=out | app=system |
"{7EB19E55-7D19-4D2F-91E4-616F3B75C560}" = lport=138 | protocol=17 | dir=in | app=system |
"{8C85562E-1268-438A-987D-4653E7DE1998}" = lport=139 | protocol=6 | dir=in | app=system |
"{9189FDB7-0F60-4908-B508-6130B7218258}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{98A04DAA-33EA-4072-83AE-0A28D2597E45}" = lport=137 | protocol=17 | dir=in | app=system |
"{9A4E19BF-A3F7-4545-8DE2-3F8370CB8ADB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A0D91D61-B780-4B5E-B7A6-F4A7F3F94AC3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A201FC9F-0B87-4AAE-88C6-80B7722C7E49}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{A90BCA1A-751B-4A2E-B2AB-4EE026B8DA17}" = rport=137 | protocol=17 | dir=out | app=system |
"{AE6079B6-C825-4B5C-99FC-A64C2E4C90CB}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |
"{B083AE7B-D4C5-4E88-A094-9980757C5F96}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B404BAD4-7943-4FFD-B96E-DE0E99482E28}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BA1E8C6A-C8EC-41EB-8EBF-3EA5B5BB1B12}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BF1DD50F-9977-4324-B735-5C7C671C1483}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CA7192D2-FC1C-4C78-8B67-EB3A8012B8F5}" = rport=138 | protocol=17 | dir=out | app=system |
"{E156E7AD-C325-4FE8-8535-35F5D5DC0231}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E87D5E42-F192-4B89-8043-4EDFDE0B5163}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F4C27420-1C5E-4414-80EF-4ED97A3F1A6A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F5A4E98C-03D8-41DF-8300-C9DF24636CE7}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary |
"{FD20F2E3-A591-4139-9004-566DA8B82ED6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0517116C-D0E8-446C-9C72-98123591A900}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0ACD9B26-9673-4C28-8AF3-D10D8AA61A35}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{241089C1-E410-4CF4-B48B-83884243BCFD}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{26BBAD95-E06E-449D-A416-E3CA0E08433B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{28FC1FEB-090C-49D2-BDDF-CDE888044866}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{2D6EFA0F-7B28-41B7-995D-AFC2345914A1}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{32CA4C7C-C449-4B03-BE7F-C99E1B79B825}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{3EBA39D7-7BB4-4ADD-A61B-DA6307CD1063}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{48585F49-2409-46D6-B375-A4A5D2AC14DF}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{52A610A9-10A2-42EB-8B0A-169818C1C967}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{78922A2F-9BE4-4294-AF0E-67F3281DF894}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A143D63E-5D1C-42A0-9E82-3893F22F195F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A247D571-E068-4F61-95D0-EBA8528955DB}" = protocol=17 | dir=in | app=c:\users\danny\appdata\roaming\dropbox\bin\dropbox.exe |
"{A852C37D-A086-4679-98BC-B03E751601AD}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AEB71E96-77D9-4C0F-AD7D-5FBAA896E132}" = protocol=6 | dir=in | app=c:\users\danny\appdata\roaming\dropbox\bin\dropbox.exe |
"{AEC030CA-707B-4096-93CF-15CB1864B35E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BA5A977C-EE74-4850-BFDF-B786688E8B0E}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{C1AC876F-D3C3-4E4E-97F9-F5D0734E35C7}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{CF73E322-2C16-483A-B54C-FD0920A8F599}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{EEDD54AB-9237-4512-A167-B8393C321B12}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F309993C-29DE-49E3-BA03-16288AD5C542}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"TCP Query User{3BFCAEA8-2FF6-4F74-B368-54600AA6D82B}C:\program files\yworks\yed\yed.exe" = protocol=6 | dir=in | app=c:\program files\yworks\yed\yed.exe |
"TCP Query User{A02200B6-46B5-4E85-B1B5-6F54F4F319EE}C:\users\danny\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\danny\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{C384783C-A4D5-44CC-9C50-7C6316CD530A}C:\program files\yworks\yed\yed.exe" = protocol=6 | dir=in | app=c:\program files\yworks\yed\yed.exe |
"UDP Query User{9B2D190F-942D-42EB-994E-E396F5A6868D}C:\program files\yworks\yed\yed.exe" = protocol=17 | dir=in | app=c:\program files\yworks\yed\yed.exe |
"UDP Query User{A10B38BD-61BD-4F2B-8376-3E786C845DF3}C:\users\danny\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\danny\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{FA5C925D-06D0-4047-AB1C-3550B015D68C}C:\program files\yworks\yed\yed.exe" = protocol=17 | dir=in | app=c:\program files\yworks\yed\yed.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4809" = CanoScan LiDE 210 Scanner Driver
"{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}" = Synaptics Gesture Suite featuring SYNAPTICS | Scrybe
"{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"{1E11EE30-C0D4-46BC-9142-27EB4C37BE35}" = Angry Birds
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{27D28586-BEF1-4E06-8787-3B1FC3A41489}" = congstar Internet-Manager
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook
"{4FCBCF89-1823-4D97-A6F2-0E8DD66E273A}" = Broadcom Wireless Network Adapter
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{84C2B80B-64A2-4B22-93EC-F30C3D6BF7D8}" = Boingo Wi-Fi
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AC7CCB3C-8E86-4165-9363-30B7CCCD9742}" = Angry Birds Rio
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{D44AA979-47C2-4BC0-A860-09A54224EA44}_is1" = Game Park Console
"{D802DD00-16A8-4A58-AFC9-020C2380ECDA}" = EeeSplendid
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3D2DEDC-4732-4188-8A3A-1A3FFBD4D6C8}" = ebi.BookReader3J
"{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}" = LocaleMe
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"3309-7404-0599-8908" = yEd Graph Editor 3.10
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASUS VIBE" = ASUS VIBE
"ASUS WebStorage" = ASUS WebStorage
"Avira AntiVir Desktop" = Avira Free Antivirus
"BatteryBar" = BatteryBar (remove only)
"Broken Sword 2.5_is1" = Broken Sword 2.5
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CCleaner" = CCleaner
"Citrix ICA Web Client" = Citrix ICA Web Client
"Dirty Split" = Dirty Split (remove only)
"Eee Docking_is1" = Eee Docking 3.7.0
"ElsterFormular" = ElsterFormular
"ESET Online Scanner" = ESET Online Scanner v3
"Eye of the Kraken_is1" = Eye of the Kraken
"FormatFactory" = FormatFactory 2.96
"GPL Ghostscript 9.04" = GPL Ghostscript
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Im Dschungel der kleinsten Teilchen" = Im Dschungel der kleinsten Teilchen
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"Intel AppUp(SM) center 28264" = Intel AppUp(SM) center
"lgx4.lgx.server" = G DATA Logox4 Speechengine
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"MS-Buchhalter Start" = MS-Buchhalter Start 3.0
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"OOBERegBackup_is1" = OOBERegBackup
"Opera 12.01.1532" = Opera 12.01
"Patrimonium_is1" = Patrimonium 1.04
"Pushy & the magic blocks_is1" = Pushy 1.0
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"ScreenSaverPatch_is1" = ScreenSaverPatch
"Sudoku Generator" = Sudoku Generator 2.63
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 2/6/2012 3:50:47 AM | Computer Name = Danny-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed:
Error - 2/17/2012 4:36:46 AM | Computer Name = Danny-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed:
Error - 2/17/2012 6:46:27 AM | Computer Name = Danny-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed:
Error - 2/17/2012 8:10:29 AM | Computer Name = Danny-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed:
Error - 2/18/2012 2:14:44 PM | Computer Name = Danny-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed:
Error - 3/10/2012 6:24:34 PM | Computer Name = Danny-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed:
Error - 3/15/2012 4:26:36 AM | Computer Name = Danny-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed:
Error - 3/19/2012 2:21:33 AM | Computer Name = Danny-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed:
Error - 4/3/2012 8:18:40 AM | Computer Name = Danny-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed:
Error - 4/3/2012 10:25:16 AM | Computer Name = Danny-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed:
[ System Events ]
Error - 1/10/2013 6:22:47 AM | Computer Name = Danny-PC | Source = DCOM | ID = 10010
Description =
Error - 1/10/2013 6:26:40 AM | Computer Name = Danny-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 1/10/2013 2:21:19 PM | Computer Name = Danny-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 1/13/2013 3:21:06 PM | Computer Name = Danny-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 1/13/2013 5:41:34 PM | Computer Name = Danny-PC | Source = DCOM | ID = 10010
Description =
Error - 1/14/2013 7:14:38 AM | Computer Name = Danny-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 1/14/2013 11:23:56 AM | Computer Name = Danny-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 1/14/2013 12:03:03 PM | Computer Name = Danny-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 1/14/2013 12:03:21 PM | Computer Name = Danny-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473535.
Error - 1/14/2013 12:03:21 PM | Computer Name = Danny-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
< End of report >
Code:
ATTFilter GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-15 02:33:47
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST925031 rev.0003 232,89GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\Danny\AppData\Local\Temp\fgloapog.sys
---- Kernel code sections - GMER 2.0 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 81C54A49 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81C8E4D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
---- Registry - GMER 2.0 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd61e3759
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06da05c07
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd61e3759 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06da05c07 (not active ControlSet)
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intel\xae Matrix Storage Manager\Intel\xae Matrix Storage Console.lnk 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\xae Matrix Storage Manager\Intel\xae Matrix Storage Console.lnk 1
---- EOF - GMER 2.0 ----
Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.15.07 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Danny :: DANNY-PC [Administrator] 15.01.2013 09:52:23 mbam-log-2013-01-15 (09-52-23).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 315302 Laufzeit: 1 Stunde(n), 55 Minute(n), 10 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
18.01.2013, 15:25
| #2 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™   | TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert Zitat:
 Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520 Bitte alles nach Möglichkeit hier in CODE-Tags posten.
__________________ |
|
18.01.2013, 21:59
| #3 |
| | TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert Hallo Cosinus,
__________________Danke schon einmal im Voraus für Deine Hilfe. Ich würde Dir liebend gerne Logdateien zur Verfügung stellen. Leider weiß ich nicht, wie ich an eine Logdatei von dem Trojaner kommen soll. Bei Avira ist unter der Angabe des Trojaners im Bericht keine Logdatei gespeichert worden. Des Weiteren kann ich jetzt seit der Isolierung keinen neuen Scan mit Avira durchführen, da wie oben beschrieben das Avira Control Center nicht mehr funtioniert und die anderen Scanprogramme den Trojaner in der Quarantäne nicht mehr erkennen. Muss ich nun, damit ich an eine Logdatei herankomme, den Trojaner wiederherstellen, um ihn mit z.B. Malwarebytes erkennen zu können. Ich dachte, die anderen Programmen und deren erstellte Logdateien reichen aus, den Trojaner nachzuweisen. Nun bin ich leider etwas ratlos, wie ich an eine Logdatei des Trojaners herankommen soll. Viele Grüße Dakur |
|
20.01.2013, 19:15
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert Ok, dann keine Logs von Avira Hast du noch weitere von Malwarebytes, welche mit Funden? Wenn ja bitte alle posten!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
21.01.2013, 12:46
| #5 |
| | TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert Anbei nun doch unverhofft eine Logdatei von Avira. Falls diese Daten nicht reichen sollten, kann ich noch eine vollständige Systemprüfung laufen lassen, dann wird die Logdatei allerdings so groß, dass ich sie hier nicht mehr einfügen kann. Des Weiteren habe ich Dir den Ereignistext der Isolierung und eine Art Quarantänebericht gepostet. Vielleicht helfen Dir diese auch noch weiter. Avira Logdatei Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Montag, 21. Januar 2013 06:37
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Starter
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : DANNY-PC
Versionsinformationen:
BUILD.DAT : 13.0.0.2890 48567 Bytes 05.12.2012 17:11:00
AVSCAN.EXE : 13.6.0.402 639264 Bytes 11.12.2012 15:07:33
AVSCANRC.DLL : 13.4.0.360 64800 Bytes 11.12.2012 15:07:33
LUKE.DLL : 13.6.0.400 67360 Bytes 11.12.2012 15:07:46
AVSCPLR.DLL : 13.6.0.402 93984 Bytes 11.12.2012 09:03:34
AVREG.DLL : 13.6.0.406 248096 Bytes 11.12.2012 09:03:34
avlode.dll : 13.6.1.402 428832 Bytes 11.12.2012 09:03:34
avlode.rdf : 13.0.0.26 7958 Bytes 11.12.2012 09:03:34
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 13:50:29
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 13:50:31
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 13:50:34
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 13:50:36
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 13:50:37
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 13:42:40
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 13:42:40
VBASE007.VDF : 7.11.50.230 3904512 Bytes 22.11.2012 18:57:42
VBASE008.VDF : 7.11.55.142 2214912 Bytes 03.01.2013 11:31:58
VBASE009.VDF : 7.11.55.143 2048 Bytes 03.01.2013 11:31:58
VBASE010.VDF : 7.11.55.144 2048 Bytes 03.01.2013 11:31:58
VBASE011.VDF : 7.11.55.145 2048 Bytes 03.01.2013 11:31:58
VBASE012.VDF : 7.11.55.146 2048 Bytes 03.01.2013 11:31:58
VBASE013.VDF : 7.11.55.196 260096 Bytes 04.01.2013 09:18:46
VBASE014.VDF : 7.11.56.23 206848 Bytes 07.01.2013 19:21:53
VBASE015.VDF : 7.11.56.83 186880 Bytes 08.01.2013 19:21:53
VBASE016.VDF : 7.11.56.145 135168 Bytes 09.01.2013 20:58:27
VBASE017.VDF : 7.11.56.211 139776 Bytes 11.01.2013 19:25:33
VBASE018.VDF : 7.11.57.11 153088 Bytes 13.01.2013 19:25:34
VBASE019.VDF : 7.11.57.75 165888 Bytes 15.01.2013 20:36:45
VBASE020.VDF : 7.11.57.163 190976 Bytes 17.01.2013 20:07:08
VBASE021.VDF : 7.11.57.219 119808 Bytes 18.01.2013 20:24:28
VBASE022.VDF : 7.11.57.220 2048 Bytes 18.01.2013 20:24:28
VBASE023.VDF : 7.11.57.221 2048 Bytes 18.01.2013 20:24:28
VBASE024.VDF : 7.11.57.222 2048 Bytes 18.01.2013 20:24:28
VBASE025.VDF : 7.11.57.223 2048 Bytes 18.01.2013 20:24:28
VBASE026.VDF : 7.11.57.224 2048 Bytes 18.01.2013 20:24:28
VBASE027.VDF : 7.11.57.225 2048 Bytes 18.01.2013 20:24:28
VBASE028.VDF : 7.11.57.226 2048 Bytes 18.01.2013 20:24:28
VBASE029.VDF : 7.11.57.227 2048 Bytes 18.01.2013 20:24:28
VBASE030.VDF : 7.11.57.228 2048 Bytes 18.01.2013 20:24:29
VBASE031.VDF : 7.11.57.250 115200 Bytes 20.01.2013 19:46:40
Engineversion : 8.2.10.232
AEVDF.DLL : 8.1.2.10 102772 Bytes 19.09.2012 13:42:55
AESCRIPT.DLL : 8.1.4.82 467323 Bytes 17.01.2013 20:07:09
AESCN.DLL : 8.1.10.0 131445 Bytes 13.12.2012 16:24:51
AESBX.DLL : 8.2.5.12 606578 Bytes 28.08.2012 15:58:06
AERDL.DLL : 8.2.0.88 643444 Bytes 10.01.2013 18:26:21
AEPACK.DLL : 8.3.1.2 819574 Bytes 20.12.2012 22:34:16
AEOFFICE.DLL : 8.1.2.50 201084 Bytes 05.11.2012 15:21:29
AEHEUR.DLL : 8.1.4.174 5615991 Bytes 10.01.2013 18:26:20
AEHELP.DLL : 8.1.25.2 258423 Bytes 17.10.2012 09:22:33
AEGEN.DLL : 8.1.6.14 434548 Bytes 10.01.2013 18:26:16
AEEXP.DLL : 8.3.0.10 188789 Bytes 17.01.2013 20:07:09
AEEMU.DLL : 8.1.3.2 393587 Bytes 19.09.2012 13:42:55
AECORE.DLL : 8.1.30.0 201079 Bytes 13.12.2012 16:24:49
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 15:21:12
AVWINLL.DLL : 13.4.0.163 25888 Bytes 19.09.2012 17:09:30
AVPREF.DLL : 13.4.0.360 50464 Bytes 11.12.2012 15:07:32
AVREP.DLL : 13.4.0.360 177952 Bytes 11.12.2012 09:03:34
AVARKT.DLL : 13.6.0.402 260384 Bytes 11.12.2012 15:07:25
AVEVTLOG.DLL : 13.6.0.400 167200 Bytes 11.12.2012 15:07:28
SQLITE3.DLL : 3.7.0.1 397088 Bytes 19.09.2012 17:17:40
AVSMTP.DLL : 13.4.0.163 62240 Bytes 19.09.2012 17:08:54
NETNT.DLL : 13.4.0.360 15648 Bytes 11.12.2012 15:07:46
RCIMAGE.DLL : 13.4.0.360 4780832 Bytes 11.12.2012 15:07:23
RCTEXT.DLL : 13.4.0.360 68384 Bytes 11.12.2012 15:07:23
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Schnelle Systemprüfung
Konfigurationsdatei...................: C:\Program Files\Avira\AntiVir Desktop\quicksysscan.avp
Protokollierung.......................: erweitert
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +JOKE,+PCK,
Beginn des Suchlaufs: Montag, 21. Januar 2013 06:37
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '104' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '98' Modul(e) wurden durchsucht
Durchsuche Prozess 'TrustedInstaller.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPHelper.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxsrvc.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'CapsHook.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'SuperHybridEngine.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'HotkeyService.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'HotKeyMon.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'AsScrPro.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAAnotif.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'ATKOSD2.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'HControlUser.exe' - '13' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxtray.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '235' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAANTMon.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'ScrybeUpdater.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'cvpnd.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'btwdins.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'AsusService.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLANExt.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'ASLDRSrv.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '159' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '100' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
C:\windows\system32\
C:\Program Files\asus\OOBERegBackup\
C:\Program Files\ASUS\ATK Hotkey\
C:\Program Files\ASUS\ATKOSD2\
C:\windows\system32\
C:\Program Files\EeePC\HotkeyService\
C:\Program Files\EeePC\CapsHook\
C:\Program Files\EeePC\SHE\
C:\Program Files\Intel\Intel Matrix Storage Manager\
C:\Program Files\ASUS\APRP\
C:\Program Files\Synaptics\SynTP\
C:\windows\
C:\Program Files\Avira\AntiVir Desktop\
C:\Program Files\Windows Sidebar\
C:\Program Files\BatteryBar\
C:\windows\
C:\windows\system32\
C:\Program Files\Windows Mail\
C:\windows\system32\
C:\windows\
C:\windows\system32\
C:\Program Files\Tracker Software\Shell Extensions\
C:\windows\system32\
C:\Program Files\Avira\AntiVir Desktop\
C:\Program Files\Malwarebytes' Anti-Malware\
C:\Program Files\WIDCOMM\Bluetooth Software\
C:\windows\system32\
C:\Program Files\ASUS\ASUS WebStorage\SERVICE\
C:\windows\WindowsMobile\
C:\Program Files\FreeTime\FormatFactory\FFModules\Filters\
C:\Program Files\FreeTime\FormatFactory\FFModules\Filters\ffdshow\
C:\Program Files\FreeTime\FormatFactory\FFModules\Filters\
C:\Program Files\FreeTime\FormatFactory\FFModules\Filters\Haali\
C:\Program Files\FreeTime\FormatFactory\FFModules\AviSynthPlugins\
C:\Program Files\FreeTime\FormatFactory\FFModules\Filters\
C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
C:\Program Files\Java\jre7\bin\
C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\
C:\windows\system32\
C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\
C:\windows\system32\
C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\
C:\windows\system32\
C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\
C:\windows\system32\
C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\
C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\
C:\windows\system32\
C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\
C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\
C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner\
C:\Program Files\CCleaner\
C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner\
C:\Program Files\CCleaner\
C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\
C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\
C:\Users\Danny\AppData\Roaming\Dropbox\bin\
C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\
C:\Users\Danny\AppData\Roaming\Dropbox\bin\
C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory\
C:\Program Files\FreeTime\FormatFactory\
C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory\
C:\windows\system32\
C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory\
C:\Program Files\FreeTime\FormatFactory\
C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\
C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\yEd Graph Editor\
C:\Program Files\yWorks\yEd\
C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\yEd Graph Editor\
C:\Program Files\yWorks\yEd\
C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\
C:\Users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\
C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\
C:\windows\Speech\Common\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\
C:\windows\system32\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\
C:\windows\system32\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\
C:\windows\system32\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\
C:\windows\system32\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\
C:\windows\system32\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\
C:\windows\System32\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\
C:\windows\system32\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\
C:\windows\system32\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\
C:\windows\system32\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\
C:\windows\system32\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\
C:\windows\system32\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\
C:\windows\system32\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\
C:\windows\system32\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\
C:\windows\system32\migwiz\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\
C:\windows\system32\migwiz\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\
C:\windows\system32\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\
C:\windows\system32\WindowsPowerShell\v1.0\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\
C:\windows\system32\WindowsPowerShell\v1.0\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\
C:\Program Files\Windows NT\Accessories\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\
C:\windows\system32\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\
C:\windows\system32\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\
C:\windows\system32\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\
C:\windows\system32\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\
C:\windows\system32\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\
C:\windows\system32\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\
C:\windows\system32\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\
C:\windows\system32\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\
C:\windows\system32\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\
C:\windows\system32\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUS VIBE\
C:\Program Files\ASUS\ASUS VIBE\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUS VIBE\
C:\Program Files\ASUS\ASUS VIBE\1.0.188\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUS WebStorage\
C:\Program Files\ASUS\ASUS WebStorage\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUSUpdate for Eee PC\
C:\Program Files\ASUS\ASUSUpdate for Eee PC\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUSUpdate for Eee PC\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\Eee Docking\
C:\Program Files\ASUS\Eee Docking\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\Eee Docking\
C:\Program Files\ASUS\Eee Docking\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\Eee Splendid\
C:\Program Files\ASUS\EeeSplendid\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\Eee Splendid\
C:\Program Files\InstallShield Installation Information\{6333FC29-BFE5-4024-AC78-958A1A7555D1}\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\EeePC\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\EeePC\Super Hybrid Engine\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\FontResizer\
C:\Program Files\ASUS\FontResizer\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\FontResizer\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AsusTek Computer\Hotkey Service\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Desktop\
C:\Program Files\Avira\AntiVir Desktop\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Desktop\
C:\Program Files\Avira\AntiVir Desktop\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Desktop\
C:\Program Files\Avira\AntiVir Desktop\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Desktop\
C:\Program Files\Avira\AntiVir Desktop\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon CanoScan LiDE 210 Manual\
C:\Program Files\Canon\IJ Manual\Easy Guide Viewer\
C:\PROGRAM FILES\Canon\IJ Manual\CANON CANOSCAN LIDE 210\German\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon CanoScan LiDE 210 Manual\
C:\Program Files\Canon\IJ Manual\CANON CANOSCAN LIDE 210\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\MP Navigator EX 4.0\
C:\Program Files\Canon\MP Navigator EX 4.0\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\MP Navigator EX 4.0\
C:\Program Files\Canon\MP Navigator EX 4.0\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\MP Navigator EX 4.0\
C:\Program Files\Canon\MP Navigator EX 4.0\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\Solution Menu EX\
C:\Program Files\Canon\Solution Menu EX\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\Solution Menu EX\
C:\Program Files\Canon\Solution Menu EX\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\Solution Menu EX\
C:\Program Files\Canon\Solution Menu EX\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CanoScan LiDE 210\
C:\Program Files\CanonBJ\IJScan\CNQ4809\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CanoScan LiDE 210\
C:\Windows\System32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4809\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Systems VPN Client\
C:\Windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Systems VPN Client\
C:\Windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 3\
C:\Program Files\Citavi 3\bin\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\congstar Internet-Manager\
C:\Program Files\congstar\Internet-Manager\Bin\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\congstar Internet-Manager\
C:\Windows\System32\SupportAppZXH\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\2007-2008 NE\
C:\Program Files\ElsterFormular\2007-2008 NE\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\2007-2008 NE\
C:\Program Files\ElsterFormular\2007-2008 NE\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\2007-2008 NE\
C:\Program Files\ElsterFormular\2007-2008 NE\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\2007-2008 NE\
C:\Program Files\ElsterFormular\2007-2008 NE\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\2008-2009\
C:\Program Files\ElsterFormular\2008-2009\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\2008-2009\
C:\Program Files\ElsterFormular\2008-2009\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\2008-2009\
C:\Program Files\ElsterFormular\2008-2009\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\2008-2009\
C:\Program Files\ElsterFormular\2008-2009\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\
C:\ProgramData\elsterformular\setup\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\
C:\Program Files\ElsterFormular\bin\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\
C:\Program Files\ElsterFormular\bin\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\
C:\Program Files\ElsterFormular\bin\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\
C:\Program Files\ElsterFormular\bin\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\
C:\Program Files\ElsterFormular\bin\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\
C:\Program Files\ElsterFormular\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel AppUp(SM) center\
C:\Program Files\Intel\IntelAppStore\bin\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel AppUp(SM) center\
C:\Program Files\Intel\IntelAppStore\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Matrix Storage Manager\
C:\Program Files\Intel\Intel Matrix Storage Manager\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\
C:\windows\system32\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\
C:\windows\system32\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\
C:\Program Files\Malwarebytes' Anti-Malware\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\
C:\Program Files\Malwarebytes' Anti-Malware\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\
C:\Program Files\Malwarebytes' Anti-Malware\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools\
C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\
C:\Program Files\Mozilla Firefox\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\
C:\Program Files\Mozilla Thunderbird\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1\
C:\Program Files\OpenOffice.org 3\program\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1\
C:\Program Files\OpenOffice.org 3\program\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1\
C:\Program Files\OpenOffice.org 3\program\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1\
C:\Program Files\OpenOffice.org 3\program\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1\
C:\Program Files\OpenOffice.org 3\program\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1\
C:\Program Files\OpenOffice.org 3\program\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1\
C:\Program Files\OpenOffice.org 3\program\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer\
C:\Program Files\Tracker Software\Live Update\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer\
C:\Program Files\Tracker Software\PDF Viewer\Help\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer\
C:\Program Files\Tracker Software\PDF Viewer\Help\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer\
C:\Program Files\Tracker Software\PDF Viewer\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer\
C:\Program Files\Tracker Software\PDF Viewer\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24\
C:\Program Files\PDF24\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24\
C:\Program Files\PDF24\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rovio\Angry Birds\
C:\Program Files\Rovio\Angry Birds\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rovio\Angry Birds Rio\
C:\Windows\Installer\{AC7CCB3C-8E86-4165-9363-30B7CCCD9742}\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scrybe\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sudoku Generator 2.63\
C:\Program Files\Sudoku Generator\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sudoku Generator 2.63\
C:\windows\
C:\Program Files\Sudoku Generator\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sudoku Generator 2.63\
C:\Program Files\Sudoku Generator\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\
C:\windows\system32\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\
C:\windows\system32\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\
C:\Program Files\Windows Media Player\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\
C:\windows\system32\
C:\ProgramData\Microsoft\Windows\Start Menu\
C:\windows\system32\
C:\Program Files\Synaptics\SynTP\
C:\Program Files\Mozilla Thunderbird\uninstall\
C:\Users\Danny\Downloads\
C:\windows\system32\wbem\
C:\windows\system32\drivers\
C:\Program Files\Common Files\Adobe\ARM\1.0\
C:\windows\system32\Macromed\Flash\
C:\windows\system32\DRIVERS\
C:\windows\system32\
C:\windows\system32\drivers\
C:\windows\System32\
C:\windows\system32\drivers\
C:\Program Files\Avira\AntiVir Desktop\
C:\windows\system32\drivers\
C:\Program Files\ASUS\ATK Hotkey\
C:\windows\system32\drivers\
C:\Windows\System32\
C:\windows\system32\DRIVERS\
C:\Program Files\WIDCOMM\Bluetooth Software\
C:\windows\system32\DRIVERS\
C:\windows\system32\
C:\windows\Microsoft.NET\Framework\v2.0.50727\
C:\windows\Microsoft.NET\Framework\v4.0.30319\
C:\windows\system32\DRIVERS\
C:\windows\system32\
C:\windows\system32\DRIVERS\
C:\Program Files\Cisco Systems\VPN Client\
C:\windows\system32\Drivers\
C:\windows\system32\
C:\windows\system32\Drivers\
C:\windows\System32\
C:\windows\system32\DRIVERS\
C:\windows\system32\
C:\windows\system32\DRIVERS\
C:\windows\Microsoft.Net\Framework\v3.0\WPF\
C:\windows\system32\drivers\
C:\Program Files\Intel\Intel Matrix Storage Manager\
C:\windows\system32\DRIVERS\
C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\
C:\windows\system32\DRIVERS\
C:\Program Files\Mozilla Maintenance Service\
C:\windows\system32\drivers\
C:\windows\System32\
C:\windows\System32\drivers\
C:\windows\system32\
C:\windows\system32\drivers\
C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\
C:\windows\system32\DRIVERS\
C:\windows\system32\
C:\windows\system32\DRIVERS\
C:\windows\system32\
C:\windows\system32\DRIVERS\
C:\Program Files\Synaptics\Scrybe\Service\
C:\windows\system32\
C:\windows\system32\DRIVERS\
C:\windows\System32\
C:\windows\system32\DRIVERS\
C:\windows\system32\
C:\windows\system32\DRIVERS\
C:\windows\servicing\
C:\windows\system32\DRIVERS\
C:\windows\system32\
C:\windows\system32\drivers\
C:\windows\System32\
C:\windows\system32\DRIVERS\
C:\windows\system32\
C:\windows\system32\DRIVERS\
C:\windows\system32\
C:\windows\system32\DRIVERS\
C:\windows\system32\wbem\
C:\Program Files\Windows Media Player\
C:\windows\system32\drivers\
C:\windows\system32\
C:\windows\system32\drivers\
C:\windows\System32\
C:\windows\WindowsMobile\
C:\windows\System32\
C:\windows\WindowsMobile\
C:\windows\System32\
C:\Program Files\Windows Defender\
C:\windows\system32\
C:\windows\system32\wbem\
C:\windows\system32\
Die Registry wurde durchsucht ( '4488' Dateien ).
Ende des Suchlaufs: Montag, 21. Januar 2013 06:39
Benötigte Zeit: 01:24 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
5121 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
5121 Dateien ohne Befall
28 Archive wurden durchsucht
0 Warnungen
0 Hinweise
Code:
ATTFilter
Typ: Datei
Quelle: C:\Windows\System32\wmidxu.dll
Status: Infiziert
Quarantäne-Objekt: 59f2d647.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.232
Virendefinitionsdatei: 7.11.57.230
Meldung: TR/Crypt.ZPACK.Gen8
Datum/Uhrzeit: 18.01.2013, 21:37
Typ: Datei
Quelle: C:\Windows\System32\wmidxu.dll
Status: Infiziert
Quarantäne-Objekt: 45e64408.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.230
Virendefinitionsdatei: 7.11.57.44
Meldung: TR/Crypt.ZPACK.Gen8
Datum/Uhrzeit: 14.01.2013, 12:47
Typ: Datei
Quelle: C:\Windows\System32\wmidxu.dll
Status: Infiziert
Quarantäne-Objekt: 5d716040.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.230
Virendefinitionsdatei: 7.11.57.44
Meldung: TR/Crypt.ZPACK.Gen8
Datum/Uhrzeit: 14.01.2013, 12:47
Code:
ATTFilter Exportierte Ereignisse:
Exportierte Ereignisse:
14.01.2013 22:21 [System-Scanner] Malware gefunden
Die Datei 'C:\Windows\System32\wmidxu.dll'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen8' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '59f2d647.qua'
verschoben!
14.01.2013 12:47 [System-Scanner] Malware gefunden
Die Datei 'C:\Windows\System32\wmidxu.dll'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen8' [trojan].
Durchgeführte Aktion(en):
Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler
aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26003.
Die Datei konnte nicht gelöscht werden!
Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
Die Datei konnte nicht gelöscht werden!
14.01.2013 12:45 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Windows\System32\wmidxu.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen8' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
Geändert von Dakur (21.01.2013 um 12:52 Uhr) Grund: Ergänzung des Ereignistextes |
|
21.01.2013, 13:01
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ --> TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert |
|
21.01.2013, 13:51
| #7 |
| | TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert Hier nun die combofix logdatei. Den Antivir konnte ich irgendwie nicht ganz abschalten. Ich habe aber den Echtzeitscanner und alle Funktionen des Antispy ausgeschaltet. Es gab keine Warnmeldungen. Ich hoffe, das Programm konnte ungehindert arbeiten. Code:
ATTFilter ComboFix 13-01-21.01 - Danny 21.01.2013 13:20:30.1.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.49.1031.18.1014.418 [GMT 1:00]
ausgeführt von:: c:\users\Danny\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\FullRemove.exe
c:\users\Danny\4.0
c:\users\Danny\AppData\Local\assembly\tmp
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-21 bis 2013-01-21 ))))))))))))))))))))))))))))))
.
.
2013-01-21 12:34 . 2013-01-21 12:34 -------- d-----w- c:\users\Danny\AppData\Local\temp
2013-01-21 12:34 . 2013-01-21 12:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-15 22:37 . 2013-01-15 22:37 -------- d-----w- c:\users\Danny\AppData\Local\Tracker Software
2013-01-15 22:31 . 2013-01-12 02:30 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-15 01:55 . 2013-01-15 01:55 -------- d-----w- c:\users\Danny\AppData\Roaming\Malwarebytes
2013-01-15 01:54 . 2013-01-15 01:54 -------- d-----w- c:\programdata\Malwarebytes
2013-01-15 01:54 . 2013-01-15 01:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-15 01:54 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-15 01:54 . 2013-01-15 01:54 -------- d-----w- c:\users\Danny\AppData\Local\Programs
2013-01-14 19:09 . 2013-01-14 19:09 -------- d-----w- c:\program files\ESET
2013-01-10 07:48 . 2012-12-07 12:20 2576384 ----a-w- c:\windows\system32\gameux.dll
2013-01-10 07:47 . 2012-11-20 04:51 220160 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-10 07:47 . 2012-11-23 02:48 49152 ----a-w- c:\windows\system32\taskhost.exe
2013-01-08 19:50 . 2013-01-09 20:55 -------- d-----w- c:\program files\Mozilla Thunderbird
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 21:10 . 2012-06-12 18:58 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-09 21:10 . 2012-06-12 18:58 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-16 14:13 . 2012-12-21 00:47 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 00:47 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-11 15:07 . 2012-10-17 09:18 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-12-11 15:07 . 2012-10-17 09:18 134336 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-11-14 02:09 . 2012-12-12 11:42 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-12 11:42 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 11:42 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-12 11:42 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 11:42 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-12 11:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-13 16:16 . 2012-10-17 09:18 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-11-09 04:42 . 2012-12-12 11:22 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-08 10:29 . 2012-11-08 10:29 1402312 ----a-w- c:\windows\system32\msxml4.dll
2012-11-02 05:11 . 2012-12-12 11:22 376832 ----a-w- c:\windows\system32\dpnet.dll
2013-01-18 20:42 . 2013-01-18 20:41 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Danny\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Danny\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Danny\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2009-05-28 90624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-10 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-10 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-10 150552]
"OOBESetup"="c:\program files\asus\OOBERegBackup\OOBERegBackup.exe" [2009-12-11 334848]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2010-02-04 7350912]
"HotkeyMon"="AsusSender.exe" [2010-03-03 29184]
"HotkeyService"="AsusSender.exe" [2010-03-03 29184]
"CapsHook"="AsusSender.exe" [2010-03-03 29184]
"SuperHybridEngine"="AsusSender.exe" [2010-03-03 29184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2010-05-28 2018032]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-03-31 2221352]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2010-05-28 3058304]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-12-11 384800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MCtlSvc.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MCtlSvc.lnk
backup=c:\windows\pss\MCtlSvc.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scrybe.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Scrybe.lnk
backup=c:\windows\pss\Scrybe.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Danny^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Danny^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk]
path=c:\users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.4.1.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Danny^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.lnk]
path=c:\users\Danny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.lnk
backup=c:\windows\pss\OpenOffice.org 3.4.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS WebStorage]
2010-03-16 01:48 1754448 ----a-w- c:\program files\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2012-12-11 15:07 384800 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
2010-12-02 13:12 1316248 ----a-w- c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eee Docking]
2010-03-29 23:29 415920 ----a-w- c:\program files\ASUS\Eee Docking\Eee Docking.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intel AppUp(SM) center]
2011-11-01 16:52 1328 ----a-w- c:\program files\Intel\IntelAppStore\bin\ismagent.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intel AppUp(SM) center_Nagware]
2011-11-01 16:52 2205 ----a-w- c:\program files\Intel\IntelAppStore\bin\AppUp.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveUpdate]
2010-03-03 05:21 29184 ----a-w- c:\windows\System32\AsusSender.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ocs_SM]
2011-08-15 20:48 106496 ----a-w- c:\users\Danny\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2012-09-06 11:12 162408 ----a-w- c:\program files\PDF24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2010-04-22 03:57 8546848 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 07:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 07:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe
.
R2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\Drivers\hcw95bda.sys [x]
R3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\DRIVERS\hcw95rc.sys [x]
R3 HSPADataCardusbmdm;HSPADataCard Proprietary USB Driver;c:\windows\system32\DRIVERS\HSPADataCardusbmdm.sys [x]
R3 HSPADataCardusbnmea;HSPADataCard NMEA Port;c:\windows\system32\DRIVERS\HSPADataCardusbnmea.sys [x]
R3 HSPADataCardusbser;HSPADataCard Diagnostic Port;c:\windows\system32\DRIVERS\HSPADataCardusbser.sys [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys [x]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 ScrybeUpdater;Scrybe-Updateprogramm;c:\program files\Synaptics\Scrybe\Service\ScrybeUpdater.exe [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-25 21:10]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\xnh2q9it.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - (no file)
Toolbar-Locked - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-Boingo Wi-Fi - c:\program files\Boingo\Boingo Wi-Fi\Boingo.lnk
MSConfigStartUp-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil10n_Plugin.exe
MSConfigStartUp-FreePDF Assistant - c:\program files\FreePDF_XP\fpassist.exe
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-UCam_Menu - c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-21 13:38:24
ComboFix-quarantined-files.txt 2013-01-21 12:38
.
Vor Suchlauf: 7 Verzeichnis(se), 65.548.406.784 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 65.533.534.208 Bytes frei
.
- - End Of File - - 7CA61A5D03D796AB76F4E2B2C9F89CC3
|
|
21.01.2013, 14:06
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert Malwarebytes Anti-Rootkit  Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.01.2013, 10:37
| #9 |
| | TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert Hier nun der Meldetext von Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org
Database version: v2013.01.22.02
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Danny :: DANNY-PC [administrator]
22.01.2013 10:33:44
mbar-log-2013-01-22 (10-33-44).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27627
Time elapsed: 19 minute(s), 13 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
22.01.2013, 10:43
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.01.2013, 11:38
| #11 |
| | TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert Anbei nun die Ergebnisse aswMBR Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-22 11:10:19
-----------------------------
11:10:19.236 OS Version: Windows 6.1.7601 Service Pack 1
11:10:19.236 Number of processors: 2 586 0x1C0A
11:10:19.236 ComputerName: DANNY-PC UserName: Danny
11:10:21.342 Initialize success
11:12:48.858 AVAST engine defs: 13012101
11:13:03.459 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
11:13:03.459 Disk 0 Vendor: ST925031 0003 Size: 238475MB BusType: 3
11:13:03.522 Disk 0 MBR read successfully
11:13:03.522 Disk 0 MBR scan
11:13:03.615 Disk 0 Windows 7 default MBR code
11:13:03.631 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 102400 MB offset 2048
11:13:03.693 Disk 0 Partition 2 00 1B Hidd FAT32 MSDOS5.0 15360 MB offset 209717248
11:13:03.724 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 120694 MB offset 241174528
11:13:03.787 Disk 0 Partition 4 00 EF EFI FAT 20 MB offset 488355840
11:13:03.849 Disk 0 scanning sectors +488397168
11:13:03.943 Disk 0 scanning C:\windows\system32\drivers
11:13:25.674 Service scanning
11:14:07.700 Modules scanning
11:14:36.966 Disk 0 trace - called modules:
11:14:37.013 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
11:14:37.028 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84c4f030]
11:14:37.059 3 CLASSPNP.SYS[8699559e] -> nt!IofCallDriver -> [0x84234ec8]
11:14:37.075 5 ACPI.sys[862bc3d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84221028]
11:14:37.839 AVAST engine scan C:\windows
11:14:44.267 AVAST engine scan C:\windows\system32
11:20:17.920 AVAST engine scan C:\windows\system32\drivers
11:20:45.501 AVAST engine scan C:\Users\Danny
11:26:09.732 AVAST engine scan C:\ProgramData
11:26:45.596 Scan finished successfully
11:27:43.753 Disk 0 MBR has been saved successfully to "C:\Users\Danny\Desktop\MBR.dat"
11:27:43.769 The log file has been saved successfully to "C:\Users\Danny\Desktop\aswMBR.txt"
Code:
ATTFilter 11:29:53.0726 2024 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
11:29:54.0412 2024 ============================================================
11:29:54.0412 2024 Current date / time: 2013/01/22 11:29:54.0412
11:29:54.0412 2024 SystemInfo:
11:29:54.0412 2024
11:29:54.0412 2024 OS Version: 6.1.7601 ServicePack: 1.0
11:29:54.0412 2024 Product type: Workstation
11:29:54.0412 2024 ComputerName: DANNY-PC
11:29:54.0412 2024 UserName: Danny
11:29:54.0412 2024 Windows directory: C:\windows
11:29:54.0412 2024 System windows directory: C:\windows
11:29:54.0412 2024 Processor architecture: Intel x86
11:29:54.0428 2024 Number of processors: 2
11:29:54.0428 2024 Page size: 0x1000
11:29:54.0428 2024 Boot type: Normal boot
11:29:54.0428 2024 ============================================================
11:29:56.0253 2024 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:29:56.0253 2024 ============================================================
11:29:56.0253 2024 \Device\Harddisk0\DR0:
11:29:56.0253 2024 MBR partitions:
11:29:56.0253 2024 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC800000
11:29:56.0253 2024 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xE600800, BlocksNum 0xEBBB000
11:29:56.0253 2024 ============================================================
11:29:56.0268 2024 C: <-> \Device\Harddisk0\DR0\Partition1
11:29:56.0315 2024 D: <-> \Device\Harddisk0\DR0\Partition2
11:29:56.0346 2024 ============================================================
11:29:56.0346 2024 Initialize success
11:29:56.0346 2024 ============================================================
11:31:08.0496 3272 ============================================================
11:31:08.0496 3272 Scan started
11:31:08.0496 3272 Mode: Manual; SigCheck; TDLFS;
11:31:08.0496 3272 ============================================================
11:31:08.0777 3272 ================ Scan system memory ========================
11:31:08.0777 3272 System memory - ok
11:31:08.0777 3272 ================ Scan services =============================
11:31:08.0980 3272 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
11:31:09.0230 3272 1394ohci - ok
11:31:09.0261 3272 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\windows\system32\drivers\ACPI.sys
11:31:09.0323 3272 ACPI - ok
11:31:09.0354 3272 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
11:31:09.0448 3272 AcpiPmi - ok
11:31:09.0604 3272 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
11:31:09.0635 3272 AdobeARMservice - ok
11:31:09.0729 3272 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:31:09.0776 3272 AdobeFlashPlayerUpdateSvc - ok
11:31:09.0838 3272 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
11:31:09.0900 3272 adp94xx - ok
11:31:09.0947 3272 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
11:31:09.0994 3272 adpahci - ok
11:31:10.0025 3272 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
11:31:10.0072 3272 adpu320 - ok
11:31:10.0119 3272 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
11:31:10.0197 3272 AeLookupSvc - ok
11:31:10.0244 3272 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\windows\system32\drivers\afd.sys
11:31:10.0322 3272 AFD - ok
11:31:10.0368 3272 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\windows\system32\drivers\agp440.sys
11:31:10.0400 3272 agp440 - ok
11:31:10.0446 3272 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\windows\system32\DRIVERS\djsvs.sys
11:31:10.0493 3272 aic78xx - ok
11:31:10.0540 3272 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\windows\System32\alg.exe
11:31:10.0618 3272 ALG - ok
11:31:10.0649 3272 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\windows\system32\drivers\aliide.sys
11:31:10.0696 3272 aliide - ok
11:31:10.0743 3272 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\windows\system32\drivers\amdagp.sys
11:31:10.0774 3272 amdagp - ok
11:31:10.0805 3272 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\windows\system32\drivers\amdide.sys
11:31:10.0836 3272 amdide - ok
11:31:10.0883 3272 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
11:31:10.0961 3272 AmdK8 - ok
11:31:10.0992 3272 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
11:31:11.0055 3272 AmdPPM - ok
11:31:11.0102 3272 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\windows\system32\drivers\amdsata.sys
11:31:11.0164 3272 amdsata - ok
11:31:11.0211 3272 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
11:31:11.0258 3272 amdsbs - ok
11:31:11.0289 3272 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\windows\system32\drivers\amdxata.sys
11:31:11.0320 3272 amdxata - ok
11:31:11.0429 3272 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
11:31:11.0460 3272 AntiVirSchedulerService - ok
11:31:11.0507 3272 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
11:31:11.0538 3272 AntiVirService - ok
11:31:11.0585 3272 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\windows\system32\drivers\appid.sys
11:31:11.0757 3272 AppID - ok
11:31:11.0804 3272 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\windows\System32\appidsvc.dll
11:31:11.0897 3272 AppIDSvc - ok
11:31:11.0944 3272 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\windows\System32\appinfo.dll
11:31:12.0053 3272 Appinfo - ok
11:31:12.0131 3272 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\windows\system32\DRIVERS\arc.sys
11:31:12.0178 3272 arc - ok
11:31:12.0209 3272 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
11:31:12.0256 3272 arcsas - ok
11:31:12.0334 3272 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
11:31:12.0599 3272 ASLDRService - ok
11:31:12.0630 3272 [ 561D6B76C045311691B870F6B3F19EAB ] AsUpIO C:\windows\system32\drivers\AsUpIO.sys
11:31:12.0864 3272 AsUpIO - ok
11:31:12.0927 3272 [ C4FB2613D3C75364BB159B9C23A00E7A ] AsusService C:\Windows\System32\AsusService.exe
11:31:12.0958 3272 AsusService ( UnsignedFile.Multi.Generic ) - warning
11:31:12.0958 3272 AsusService - detected UnsignedFile.Multi.Generic (1)
11:31:13.0005 3272 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
11:31:13.0145 3272 AsyncMac - ok
11:31:13.0192 3272 [ 338C86357871C167A96AB976519BF59E ] atapi C:\windows\system32\drivers\atapi.sys
11:31:13.0239 3272 atapi - ok
11:31:13.0301 3272 [ 76BAB0C824E2D05B940C4DD40A9B08BF ] athr C:\windows\system32\DRIVERS\athr.sys
11:31:13.0426 3272 athr - ok
11:31:13.0504 3272 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
11:31:13.0644 3272 AudioEndpointBuilder - ok
11:31:13.0691 3272 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\windows\System32\Audiosrv.dll
11:31:13.0785 3272 Audiosrv - ok
11:31:13.0863 3272 [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt C:\windows\system32\DRIVERS\avgntflt.sys
11:31:14.0097 3272 avgntflt - ok
11:31:14.0128 3272 [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb C:\windows\system32\DRIVERS\avipbb.sys
11:31:14.0378 3272 avipbb - ok
11:31:14.0409 3272 [ FFB78D74E1EA5F811341A6E7AC547A46 ] avkmgr C:\windows\system32\DRIVERS\avkmgr.sys
11:31:14.0658 3272 avkmgr - ok
11:31:14.0705 3272 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\windows\System32\AxInstSV.dll
11:31:14.0814 3272 AxInstSV - ok
11:31:14.0861 3272 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\windows\system32\DRIVERS\bxvbdx.sys
11:31:14.0970 3272 b06bdrv - ok
11:31:15.0017 3272 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\windows\system32\DRIVERS\b57nd60x.sys
11:31:15.0080 3272 b57nd60x - ok
11:31:15.0236 3272 [ 80D944F8240A5A80CCA5DD575AD4E6E4 ] BCM43XX C:\windows\system32\DRIVERS\bcmwl6.sys
11:31:15.0688 3272 BCM43XX - ok
11:31:15.0828 3272 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\windows\System32\bdesvc.dll
11:31:15.0922 3272 BDESVC - ok
11:31:15.0969 3272 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\windows\system32\drivers\Beep.sys
11:31:16.0062 3272 Beep - ok
11:31:16.0125 3272 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\windows\System32\bfe.dll
11:31:16.0265 3272 BFE - ok
11:31:16.0312 3272 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\windows\System32\qmgr.dll
11:31:16.0452 3272 BITS - ok
11:31:16.0484 3272 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
11:31:16.0530 3272 blbdrive - ok
11:31:16.0593 3272 [ 70CD6D71FC48BBBD1385D7B35AEADECC ] BMLoad C:\windows\system32\drivers\BMLoad.sys
11:31:16.0842 3272 BMLoad ( UnsignedFile.Multi.Generic ) - warning
11:31:16.0842 3272 BMLoad - detected UnsignedFile.Multi.Generic (1)
11:31:16.0874 3272 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\windows\system32\DRIVERS\bowser.sys
11:31:16.0952 3272 bowser - ok
11:31:16.0983 3272 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
11:31:17.0045 3272 BrFiltLo - ok
11:31:17.0061 3272 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
11:31:17.0123 3272 BrFiltUp - ok
11:31:17.0170 3272 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
11:31:17.0279 3272 BridgeMP - ok
11:31:17.0326 3272 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\windows\System32\browser.dll
11:31:17.0420 3272 Browser - ok
11:31:17.0435 3272 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\windows\System32\Drivers\Brserid.sys
11:31:17.0513 3272 Brserid - ok
11:31:17.0544 3272 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
11:31:17.0638 3272 BrSerWdm - ok
11:31:17.0669 3272 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
11:31:17.0732 3272 BrUsbMdm - ok
11:31:17.0732 3272 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
11:31:17.0810 3272 BrUsbSer - ok
11:31:17.0872 3272 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
11:31:18.0028 3272 BthEnum - ok
11:31:18.0059 3272 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
11:31:18.0122 3272 BTHMODEM - ok
11:31:18.0153 3272 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
11:31:18.0215 3272 BthPan - ok
11:31:18.0278 3272 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
11:31:18.0371 3272 BTHPORT - ok
11:31:18.0418 3272 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\windows\system32\bthserv.dll
11:31:18.0527 3272 bthserv - ok
11:31:18.0558 3272 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
11:31:18.0621 3272 BTHUSB - ok
11:31:18.0668 3272 [ AD1AA3B85F1B9125E31935DF98266B37 ] btwampfl C:\windows\system32\drivers\btwampfl.sys
11:31:18.0917 3272 btwampfl - ok
11:31:18.0933 3272 [ D146B5897A47500444BFA1F2CB2E3173 ] btwaudio C:\windows\system32\drivers\btwaudio.sys
11:31:19.0182 3272 btwaudio - ok
11:31:19.0214 3272 [ 1F9CD885F1C548BE93962CCABDB632E4 ] btwavdt C:\windows\system32\DRIVERS\btwavdt.sys
11:31:19.0448 3272 btwavdt - ok
11:31:19.0510 3272 [ 765C410D031B9D55BFE09FE3F233262A ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
11:31:19.0588 3272 btwdins - ok
11:31:19.0619 3272 [ DE53089F0678CB5F0AFEB867ACB0FB05 ] btwl2cap C:\windows\system32\DRIVERS\btwl2cap.sys
11:31:19.0853 3272 btwl2cap - ok
11:31:19.0884 3272 [ A2D6C7B7B62A6C42DCB01204A6BD6FC2 ] btwrchid C:\windows\system32\DRIVERS\btwrchid.sys
11:31:20.0118 3272 btwrchid - ok
11:31:20.0212 3272 catchme - ok
11:31:20.0243 3272 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
11:31:20.0352 3272 cdfs - ok
11:31:20.0384 3272 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
11:31:20.0446 3272 cdrom - ok
11:31:20.0508 3272 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\windows\System32\certprop.dll
11:31:20.0602 3272 CertPropSvc - ok
11:31:20.0633 3272 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\windows\system32\DRIVERS\circlass.sys
11:31:20.0696 3272 circlass - ok
11:31:20.0727 3272 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\windows\system32\CLFS.sys
11:31:20.0789 3272 CLFS - ok
11:31:20.0867 3272 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:31:20.0914 3272 clr_optimization_v2.0.50727_32 - ok
11:31:20.0992 3272 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:31:21.0039 3272 clr_optimization_v4.0.30319_32 - ok
11:31:21.0070 3272 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
11:31:21.0117 3272 CmBatt - ok
11:31:21.0132 3272 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\windows\system32\drivers\cmdide.sys
11:31:21.0179 3272 cmdide - ok
11:31:21.0242 3272 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\windows\system32\Drivers\cng.sys
11:31:21.0335 3272 CNG - ok
11:31:21.0382 3272 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
11:31:21.0429 3272 Compbatt - ok
11:31:21.0460 3272 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
11:31:21.0522 3272 CompositeBus - ok
11:31:21.0554 3272 COMSysApp - ok
11:31:21.0585 3272 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
11:31:21.0632 3272 crcdisk - ok
11:31:21.0678 3272 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\windows\system32\cryptsvc.dll
11:31:21.0741 3272 CryptSvc - ok
11:31:21.0772 3272 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\windows\system32\DRIVERS\CVirtA.sys
11:31:21.0834 3272 CVirtA - ok
11:31:21.0944 3272 [ 66257CB4E4FB69887CDDC71663741435 ] CVPND C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
11:31:22.0100 3272 CVPND - ok
11:31:22.0162 3272 [ 18994842386FD3039279D7865740ABBD ] CVPNDRVA C:\windows\system32\Drivers\CVPNDRVA.sys
11:31:22.0193 3272 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
11:31:22.0193 3272 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
11:31:22.0256 3272 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\windows\system32\rpcss.dll
11:31:22.0365 3272 DcomLaunch - ok
11:31:22.0412 3272 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\windows\System32\defragsvc.dll
11:31:22.0505 3272 defragsvc - ok
11:31:22.0552 3272 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\windows\system32\Drivers\dfsc.sys
11:31:22.0661 3272 DfsC - ok
11:31:22.0708 3272 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\windows\system32\dhcpcore.dll
11:31:22.0802 3272 Dhcp - ok
11:31:22.0833 3272 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\windows\system32\drivers\discache.sys
11:31:22.0942 3272 discache - ok
11:31:22.0989 3272 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\windows\system32\DRIVERS\disk.sys
11:31:23.0036 3272 Disk - ok
11:31:23.0082 3272 [ B5AA5AA5AC327BD7C1AEC0C58F0C1144 ] DNE C:\windows\system32\DRIVERS\dne2000.sys
11:31:23.0145 3272 DNE - ok
11:31:23.0192 3272 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\windows\System32\dnsrslvr.dll
11:31:23.0270 3272 Dnscache - ok
11:31:23.0316 3272 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\windows\System32\dot3svc.dll
11:31:23.0426 3272 dot3svc - ok
11:31:23.0472 3272 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\windows\system32\dps.dll
11:31:23.0582 3272 DPS - ok
11:31:23.0613 3272 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
11:31:23.0675 3272 drmkaud - ok
11:31:23.0738 3272 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
11:31:23.0831 3272 DXGKrnl - ok
11:31:23.0878 3272 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\windows\System32\eapsvc.dll
11:31:23.0987 3272 EapHost - ok
11:31:24.0112 3272 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\windows\system32\DRIVERS\evbdx.sys
11:31:24.0299 3272 ebdrv - ok
11:31:24.0330 3272 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\windows\System32\lsass.exe
11:31:24.0408 3272 EFS - ok
11:31:24.0455 3272 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
11:31:24.0533 3272 elxstor - ok
11:31:24.0564 3272 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\windows\system32\drivers\errdev.sys
11:31:24.0611 3272 ErrDev - ok
11:31:24.0689 3272 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\windows\system32\es.dll
11:31:24.0814 3272 EventSystem - ok
11:31:24.0830 3272 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\windows\system32\drivers\exfat.sys
11:31:24.0939 3272 exfat - ok
11:31:24.0954 3272 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\windows\system32\drivers\fastfat.sys
11:31:25.0064 3272 fastfat - ok
11:31:25.0126 3272 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\windows\system32\fxssvc.exe
11:31:25.0251 3272 Fax - ok
11:31:25.0282 3272 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\windows\system32\DRIVERS\fdc.sys
11:31:25.0344 3272 fdc - ok
11:31:25.0376 3272 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\windows\system32\fdPHost.dll
11:31:25.0485 3272 fdPHost - ok
11:31:25.0516 3272 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\windows\system32\fdrespub.dll
11:31:25.0610 3272 FDResPub - ok
11:31:25.0641 3272 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
11:31:25.0688 3272 FileInfo - ok
11:31:25.0719 3272 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\windows\system32\drivers\filetrace.sys
11:31:25.0812 3272 Filetrace - ok
11:31:25.0844 3272 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
11:31:25.0890 3272 flpydisk - ok
11:31:25.0922 3272 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
11:31:25.0984 3272 FltMgr - ok
11:31:26.0046 3272 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\windows\system32\FntCache.dll
11:31:26.0171 3272 FontCache - ok
11:31:26.0234 3272 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:31:26.0265 3272 FontCache3.0.0.0 - ok
11:31:26.0296 3272 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\windows\system32\drivers\FsDepends.sys
11:31:26.0343 3272 FsDepends - ok
11:31:26.0374 3272 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
11:31:26.0405 3272 Fs_Rec - ok
11:31:26.0468 3272 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
11:31:26.0530 3272 fvevol - ok
11:31:26.0577 3272 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
11:31:26.0608 3272 gagp30kx - ok
11:31:26.0670 3272 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\windows\System32\gpsvc.dll
11:31:26.0795 3272 gpsvc - ok
11:31:26.0826 3272 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
11:31:26.0904 3272 hcw85cir - ok
11:31:26.0982 3272 [ A9157AFE4B6F32DCCE9BD18FECD53A0D ] hcw95bda C:\windows\system32\Drivers\hcw95bda.sys
11:31:27.0076 3272 hcw95bda - ok
11:31:27.0107 3272 [ EB77F3C96C62E65CC25F04220B9A204A ] hcw95rc C:\windows\system32\DRIVERS\hcw95rc.sys
11:31:27.0154 3272 hcw95rc - ok
11:31:27.0216 3272 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
11:31:27.0279 3272 HdAudAddService - ok
11:31:27.0326 3272 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
11:31:27.0404 3272 HDAudBus - ok
11:31:27.0435 3272 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
11:31:27.0482 3272 HidBatt - ok
11:31:27.0497 3272 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
11:31:27.0560 3272 HidBth - ok
11:31:27.0575 3272 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\windows\system32\DRIVERS\hidir.sys
11:31:27.0653 3272 HidIr - ok
11:31:27.0684 3272 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\windows\System32\hidserv.dll
11:31:27.0778 3272 hidserv - ok
11:31:27.0809 3272 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
11:31:27.0872 3272 HidUsb - ok
11:31:27.0918 3272 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\windows\system32\kmsvc.dll
11:31:28.0012 3272 hkmsvc - ok
11:31:28.0059 3272 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\windows\system32\ListSvc.dll
11:31:28.0137 3272 HomeGroupListener - ok
11:31:28.0184 3272 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\windows\system32\provsvc.dll
11:31:28.0277 3272 HomeGroupProvider - ok
11:31:28.0324 3272 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
11:31:28.0371 3272 HpSAMD - ok
11:31:28.0418 3272 [ 9ABBF69E625B62080E080750EC524181 ] HSPADataCardusbmdm C:\windows\system32\DRIVERS\HSPADataCardusbmdm.sys
11:31:28.0496 3272 HSPADataCardusbmdm - ok
11:31:28.0542 3272 [ 9ABBF69E625B62080E080750EC524181 ] HSPADataCardusbnmea C:\windows\system32\DRIVERS\HSPADataCardusbnmea.sys
11:31:28.0574 3272 HSPADataCardusbnmea - ok
11:31:28.0620 3272 [ 9ABBF69E625B62080E080750EC524181 ] HSPADataCardusbser C:\windows\system32\DRIVERS\HSPADataCardusbser.sys
11:31:28.0652 3272 HSPADataCardusbser - ok
11:31:28.0714 3272 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\windows\system32\drivers\HTTP.sys
11:31:28.0823 3272 HTTP - ok
11:31:28.0870 3272 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
11:31:28.0901 3272 hwpolicy - ok
11:31:28.0964 3272 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
11:31:29.0010 3272 i8042prt - ok
11:31:29.0104 3272 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
11:31:29.0354 3272 IAANTMON - ok
11:31:29.0400 3272 [ D483687EACE0C065EE772481A96E05F5 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
11:31:29.0650 3272 iaStor - ok
11:31:29.0681 3272 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\windows\system32\drivers\iaStorV.sys
11:31:29.0744 3272 iaStorV - ok
11:31:29.0837 3272 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:31:29.0931 3272 idsvc - ok
11:31:30.0102 3272 [ D0074897C6BC132F3980EA4654BF7FB9 ] igfx C:\windows\system32\DRIVERS\igdkmd32.sys
11:31:30.0383 3272 igfx - ok
11:31:30.0430 3272 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
11:31:30.0477 3272 iirsp - ok
11:31:30.0555 3272 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\windows\System32\ikeext.dll
11:31:30.0680 3272 IKEEXT - ok
11:31:30.0820 3272 [ C5DF8A7FDC75019BF8D8AA4B56BE85C0 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys
11:31:31.0241 3272 IntcAzAudAddService - ok
11:31:31.0397 3272 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\windows\system32\drivers\intelide.sys
11:31:31.0444 3272 intelide - ok
11:31:31.0475 3272 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
11:31:31.0538 3272 intelppm - ok
11:31:31.0569 3272 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\windows\system32\ipbusenum.dll
11:31:31.0678 3272 IPBusEnum - ok
11:31:31.0709 3272 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
11:31:31.0818 3272 IpFilterDriver - ok
11:31:31.0881 3272 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\windows\System32\iphlpsvc.dll
11:31:31.0974 3272 iphlpsvc - ok
11:31:32.0021 3272 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
11:31:32.0084 3272 IPMIDRV - ok
11:31:32.0115 3272 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\windows\system32\drivers\ipnat.sys
11:31:32.0224 3272 IPNAT - ok
11:31:32.0255 3272 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\windows\system32\drivers\irenum.sys
11:31:32.0349 3272 IRENUM - ok
11:31:32.0396 3272 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\windows\system32\drivers\isapnp.sys
11:31:32.0442 3272 isapnp - ok
11:31:32.0474 3272 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
11:31:32.0520 3272 iScsiPrt - ok
11:31:32.0552 3272 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
11:31:32.0598 3272 kbdclass - ok
11:31:32.0630 3272 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
11:31:32.0676 3272 kbdhid - ok
11:31:32.0739 3272 [ 3EB803312987FF44265C87CB960DF6AB ] kbfiltr C:\windows\system32\DRIVERS\kbfiltr.sys
11:31:32.0973 3272 kbfiltr - ok
11:31:33.0004 3272 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\windows\system32\lsass.exe
11:31:33.0051 3272 KeyIso - ok
11:31:33.0098 3272 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
11:31:33.0129 3272 KSecDD - ok
11:31:33.0176 3272 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
11:31:33.0223 3272 KSecPkg - ok
11:31:33.0269 3272 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\windows\system32\msdtckrm.dll
11:31:33.0379 3272 KtmRm - ok
11:31:33.0441 3272 [ 6EF8146358452995A4A9335E44ABB015 ] L1C C:\windows\system32\DRIVERS\L1C62x86.sys
11:31:33.0675 3272 L1C - ok
11:31:33.0722 3272 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\windows\System32\srvsvc.dll
11:31:33.0847 3272 LanmanServer - ok
11:31:33.0878 3272 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
11:31:33.0987 3272 LanmanWorkstation - ok
11:31:34.0034 3272 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
11:31:34.0127 3272 lltdio - ok
11:31:34.0174 3272 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\windows\System32\lltdsvc.dll
11:31:34.0283 3272 lltdsvc - ok
11:31:34.0315 3272 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\windows\System32\lmhsvc.dll
11:31:34.0408 3272 lmhosts - ok
11:31:34.0471 3272 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
11:31:34.0517 3272 LSI_FC - ok
11:31:34.0533 3272 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
11:31:34.0595 3272 LSI_SAS - ok
11:31:34.0611 3272 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
11:31:34.0658 3272 LSI_SAS2 - ok
11:31:34.0673 3272 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
11:31:34.0720 3272 LSI_SCSI - ok
11:31:34.0751 3272 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\windows\system32\drivers\luafv.sys
11:31:34.0845 3272 luafv - ok
11:31:34.0923 3272 [ D5673785903639D186DC345FF86F423F ] massfilter C:\windows\system32\drivers\massfilter.sys
11:31:34.0985 3272 massfilter - ok
11:31:35.0017 3272 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\windows\system32\DRIVERS\megasas.sys
11:31:35.0063 3272 megasas - ok
11:31:35.0110 3272 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
11:31:35.0157 3272 MegaSR - ok
11:31:35.0188 3272 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\windows\system32\mmcss.dll
11:31:35.0297 3272 MMCSS - ok
11:31:35.0329 3272 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\windows\system32\drivers\modem.sys
11:31:35.0422 3272 Modem - ok
11:31:35.0453 3272 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\windows\system32\DRIVERS\monitor.sys
11:31:35.0516 3272 monitor - ok
11:31:35.0547 3272 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
11:31:35.0594 3272 mouclass - ok
11:31:35.0609 3272 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
11:31:35.0672 3272 mouhid - ok
11:31:35.0719 3272 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\windows\system32\drivers\mountmgr.sys
11:31:35.0750 3272 mountmgr - ok
11:31:35.0828 3272 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:31:35.0875 3272 MozillaMaintenance - ok
11:31:35.0921 3272 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\windows\system32\drivers\mpio.sys
11:31:35.0968 3272 mpio - ok
11:31:36.0015 3272 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
11:31:36.0109 3272 mpsdrv - ok
11:31:36.0155 3272 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\windows\system32\mpssvc.dll
11:31:36.0280 3272 MpsSvc - ok
11:31:36.0327 3272 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
11:31:36.0389 3272 MRxDAV - ok
11:31:36.0436 3272 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
11:31:36.0514 3272 mrxsmb - ok
11:31:36.0561 3272 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
11:31:36.0686 3272 mrxsmb10 - ok
11:31:36.0717 3272 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
11:31:36.0764 3272 mrxsmb20 - ok
11:31:36.0795 3272 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\windows\system32\drivers\msahci.sys
11:31:36.0826 3272 msahci - ok
11:31:36.0857 3272 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\windows\system32\drivers\msdsm.sys
11:31:36.0904 3272 msdsm - ok
11:31:36.0935 3272 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\windows\System32\msdtc.exe
11:31:36.0998 3272 MSDTC - ok
11:31:37.0045 3272 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\windows\system32\drivers\Msfs.sys
11:31:37.0154 3272 Msfs - ok
11:31:37.0185 3272 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
11:31:37.0279 3272 mshidkmdf - ok
11:31:37.0310 3272 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\windows\system32\drivers\msisadrv.sys
11:31:37.0357 3272 msisadrv - ok
11:31:37.0403 3272 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\windows\system32\iscsiexe.dll
11:31:37.0513 3272 MSiSCSI - ok
11:31:37.0528 3272 msiserver - ok
11:31:37.0559 3272 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
11:31:37.0653 3272 MSKSSRV - ok
11:31:37.0684 3272 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
11:31:37.0778 3272 MSPCLOCK - ok
11:31:37.0809 3272 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
11:31:37.0903 3272 MSPQM - ok
11:31:37.0934 3272 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
11:31:37.0996 3272 MsRPC - ok
11:31:38.0043 3272 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
11:31:38.0074 3272 mssmbios - ok
11:31:38.0090 3272 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
11:31:38.0183 3272 MSTEE - ok
11:31:38.0199 3272 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
11:31:38.0261 3272 MTConfig - ok
11:31:38.0293 3272 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\windows\system32\Drivers\mup.sys
11:31:38.0339 3272 Mup - ok
11:31:38.0386 3272 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\windows\system32\qagentRT.dll
11:31:38.0511 3272 napagent - ok
11:31:38.0558 3272 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
11:31:38.0620 3272 NativeWifiP - ok
11:31:38.0667 3272 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\windows\system32\drivers\ndis.sys
11:31:38.0761 3272 NDIS - ok
11:31:38.0792 3272 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
11:31:38.0885 3272 NdisCap - ok
11:31:38.0917 3272 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
11:31:39.0010 3272 NdisTapi - ok
11:31:39.0073 3272 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
11:31:39.0151 3272 Ndisuio - ok
11:31:39.0182 3272 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
11:31:39.0275 3272 NdisWan - ok
11:31:39.0322 3272 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
11:31:39.0431 3272 NDProxy - ok
11:31:39.0494 3272 [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:\windows\system32\HPZinw12.dll
11:31:39.0509 3272 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
11:31:39.0509 3272 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
11:31:39.0541 3272 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
11:31:39.0650 3272 NetBIOS - ok
11:31:39.0697 3272 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
11:31:39.0790 3272 NetBT - ok
11:31:39.0821 3272 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\windows\system32\lsass.exe
11:31:39.0868 3272 Netlogon - ok
11:31:39.0915 3272 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\windows\System32\netman.dll
11:31:40.0055 3272 Netman - ok
11:31:40.0087 3272 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\windows\System32\netprofm.dll
11:31:40.0227 3272 netprofm - ok
11:31:40.0258 3272 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:31:40.0289 3272 NetTcpPortSharing - ok
11:31:40.0352 3272 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
11:31:40.0383 3272 nfrd960 - ok
11:31:40.0430 3272 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\windows\System32\nlasvc.dll
11:31:40.0492 3272 NlaSvc - ok
11:31:40.0523 3272 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\windows\system32\drivers\Npfs.sys
11:31:40.0617 3272 Npfs - ok
11:31:40.0648 3272 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\windows\system32\nsisvc.dll
11:31:40.0742 3272 nsi - ok
11:31:40.0757 3272 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
11:31:40.0851 3272 nsiproxy - ok
11:31:40.0913 3272 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
11:31:41.0038 3272 Ntfs - ok
11:31:41.0069 3272 [ F9756A98D69098DCA8945D62858A812C ] Null C:\windows\system32\drivers\Null.sys
11:31:41.0179 3272 Null - ok
11:31:41.0225 3272 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\windows\system32\drivers\nvraid.sys
11:31:41.0272 3272 nvraid - ok
11:31:41.0319 3272 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\windows\system32\drivers\nvstor.sys
11:31:41.0366 3272 nvstor - ok
11:31:41.0397 3272 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\windows\system32\drivers\nv_agp.sys
11:31:41.0444 3272 nv_agp - ok
11:31:41.0475 3272 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
11:31:41.0522 3272 ohci1394 - ok
11:31:41.0569 3272 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\windows\system32\pnrpsvc.dll
11:31:41.0647 3272 p2pimsvc - ok
11:31:41.0678 3272 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\windows\system32\p2psvc.dll
11:31:41.0756 3272 p2psvc - ok
11:31:41.0787 3272 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\windows\system32\DRIVERS\parport.sys
11:31:41.0834 3272 Parport - ok
11:31:41.0865 3272 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\windows\system32\drivers\partmgr.sys
11:31:41.0912 3272 partmgr - ok
11:31:41.0927 3272 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\windows\system32\DRIVERS\parvdm.sys
11:31:41.0990 3272 Parvdm - ok
11:31:42.0037 3272 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\windows\System32\pcasvc.dll
11:31:42.0099 3272 PcaSvc - ok
11:31:42.0130 3272 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\windows\system32\drivers\pci.sys
11:31:42.0177 3272 pci - ok
11:31:42.0208 3272 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\windows\system32\drivers\pciide.sys
11:31:42.0239 3272 pciide - ok
11:31:42.0286 3272 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
11:31:42.0333 3272 pcmcia - ok
11:31:42.0349 3272 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\windows\system32\drivers\pcw.sys
11:31:42.0395 3272 pcw - ok
11:31:42.0427 3272 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\windows\system32\drivers\peauth.sys
11:31:42.0583 3272 PEAUTH - ok
11:31:42.0707 3272 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\windows\system32\pla.dll
11:31:42.0879 3272 pla - ok
11:31:42.0926 3272 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\windows\system32\umpnpmgr.dll
11:31:43.0019 3272 PlugPlay - ok
11:31:43.0066 3272 [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:\windows\system32\HPZipm12.dll
11:31:43.0097 3272 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
11:31:43.0097 3272 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
11:31:43.0144 3272 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
11:31:43.0207 3272 PNRPAutoReg - ok
11:31:43.0238 3272 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\windows\system32\pnrpsvc.dll
11:31:43.0300 3272 PNRPsvc - ok
11:31:43.0347 3272 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\windows\System32\ipsecsvc.dll
11:31:43.0441 3272 PolicyAgent - ok
11:31:43.0503 3272 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\windows\system32\umpo.dll
11:31:43.0612 3272 Power - ok
11:31:43.0643 3272 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
11:31:43.0737 3272 PptpMiniport - ok
11:31:43.0768 3272 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\windows\system32\DRIVERS\processr.sys
11:31:43.0831 3272 Processor - ok
11:31:43.0877 3272 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\windows\system32\profsvc.dll
11:31:43.0955 3272 ProfSvc - ok
11:31:43.0987 3272 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\windows\system32\lsass.exe
11:31:44.0033 3272 ProtectedStorage - ok
11:31:44.0065 3272 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\windows\system32\DRIVERS\pacer.sys
11:31:44.0189 3272 Psched - ok
11:31:44.0252 3272 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
11:31:44.0377 3272 ql2300 - ok
11:31:44.0408 3272 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
11:31:44.0455 3272 ql40xx - ok
11:31:44.0501 3272 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\windows\system32\qwave.dll
11:31:44.0579 3272 QWAVE - ok
11:31:44.0626 3272 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
11:31:44.0673 3272 QWAVEdrv - ok
11:31:44.0735 3272 [ 8F97D374AD1857E1EED85A79F29A1D3D ] RapiMgr C:\windows\WindowsMobile\rapimgr.dll
11:31:44.0782 3272 RapiMgr - ok
11:31:44.0798 3272 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
11:31:44.0891 3272 RasAcd - ok
11:31:44.0923 3272 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
11:31:45.0001 3272 RasAgileVpn - ok
11:31:45.0032 3272 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\windows\System32\rasauto.dll
11:31:45.0141 3272 RasAuto - ok
11:31:45.0157 3272 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
11:31:45.0266 3272 Rasl2tp - ok
11:31:45.0344 3272 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\windows\System32\rasmans.dll
11:31:45.0453 3272 RasMan - ok
11:31:45.0484 3272 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
11:31:45.0593 3272 RasPppoe - ok
11:31:45.0640 3272 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
11:31:45.0749 3272 RasSstp - ok
11:31:45.0796 3272 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
11:31:45.0890 3272 rdbss - ok
11:31:45.0921 3272 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
11:31:45.0983 3272 rdpbus - ok
11:31:46.0030 3272 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
11:31:46.0108 3272 RDPCDD - ok
11:31:46.0155 3272 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
11:31:46.0233 3272 RDPENCDD - ok
11:31:46.0264 3272 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
11:31:46.0358 3272 RDPREFMP - ok
11:31:46.0405 3272 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
11:31:46.0498 3272 RDPWD - ok
11:31:46.0561 3272 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
11:31:46.0607 3272 rdyboost - ok
11:31:46.0639 3272 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\windows\System32\mprdim.dll
11:31:46.0732 3272 RemoteAccess - ok
11:31:46.0779 3272 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\windows\system32\regsvc.dll
11:31:46.0873 3272 RemoteRegistry - ok
11:31:46.0904 3272 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
11:31:46.0951 3272 RFCOMM - ok
11:31:46.0982 3272 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
11:31:47.0091 3272 RpcEptMapper - ok
11:31:47.0122 3272 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\windows\system32\locator.exe
11:31:47.0185 3272 RpcLocator - ok
11:31:47.0231 3272 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\windows\system32\rpcss.dll
11:31:47.0325 3272 RpcSs - ok
11:31:47.0372 3272 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
11:31:47.0465 3272 rspndr - ok
11:31:47.0497 3272 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\windows\system32\lsass.exe
11:31:47.0543 3272 SamSs - ok
11:31:47.0575 3272 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\windows\system32\drivers\sbp2port.sys
11:31:47.0621 3272 sbp2port - ok
11:31:47.0668 3272 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\windows\System32\SCardSvr.dll
11:31:47.0777 3272 SCardSvr - ok
11:31:47.0809 3272 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
11:31:47.0902 3272 scfilter - ok
11:31:47.0965 3272 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\windows\system32\schedsvc.dll
11:31:48.0105 3272 Schedule - ok
11:31:48.0136 3272 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\windows\System32\certprop.dll
11:31:48.0214 3272 SCPolicySvc - ok
11:31:48.0308 3272 [ B60E9769655DDEE8368E3ABB6668E076 ] ScrybeUpdater C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe
11:31:48.0433 3272 ScrybeUpdater - ok
11:31:48.0479 3272 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\windows\System32\SDRSVC.dll
11:31:48.0573 3272 SDRSVC - ok
11:31:48.0620 3272 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\windows\system32\drivers\secdrv.sys
11:31:48.0729 3272 secdrv - ok
11:31:48.0760 3272 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\windows\system32\seclogon.dll
11:31:48.0869 3272 seclogon - ok
11:31:48.0901 3272 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\windows\system32\sens.dll
11:31:48.0994 3272 SENS - ok
11:31:49.0057 3272 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\windows\system32\DRIVERS\serenum.sys
11:31:49.0088 3272 Serenum - ok
11:31:49.0135 3272 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\windows\system32\DRIVERS\serial.sys
11:31:49.0181 3272 Serial - ok
11:31:49.0228 3272 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
11:31:49.0275 3272 sermouse - ok
11:31:49.0353 3272 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\windows\system32\sessenv.dll
11:31:49.0478 3272 SessionEnv - ok
11:31:49.0509 3272 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\windows\system32\drivers\sffdisk.sys
11:31:49.0587 3272 sffdisk - ok
11:31:49.0603 3272 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
11:31:49.0649 3272 sffp_mmc - ok
11:31:49.0665 3272 [ A0708BBD07D245C06FF9DE549CA47185 ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
11:31:49.0727 3272 sffp_sd - ok
11:31:49.0743 3272 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
11:31:49.0805 3272 sfloppy - ok
11:31:49.0852 3272 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\windows\System32\ipnathlp.dll
11:31:49.0977 3272 SharedAccess - ok
11:31:50.0039 3272 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\windows\System32\shsvcs.dll
11:31:50.0133 3272 ShellHWDetection - ok
11:31:50.0195 3272 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\windows\system32\drivers\sisagp.sys
11:31:50.0242 3272 sisagp - ok
11:31:50.0289 3272 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
11:31:50.0320 3272 SiSRaid2 - ok
11:31:50.0351 3272 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
11:31:50.0398 3272 SiSRaid4 - ok
11:31:50.0445 3272 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\windows\system32\DRIVERS\smb.sys
11:31:50.0554 3272 Smb - ok
11:31:50.0601 3272 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\windows\System32\snmptrap.exe
11:31:50.0663 3272 SNMPTRAP - ok
11:31:50.0695 3272 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\windows\system32\drivers\spldr.sys
11:31:50.0741 3272 spldr - ok
11:31:50.0804 3272 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\windows\System32\spoolsv.exe
11:31:50.0897 3272 Spooler - ok
11:31:51.0022 3272 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\windows\system32\sppsvc.exe
11:31:51.0256 3272 sppsvc - ok
11:31:51.0303 3272 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\windows\system32\sppuinotify.dll
11:31:51.0397 3272 sppuinotify - ok
11:31:51.0428 3272 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\windows\system32\DRIVERS\srv.sys
11:31:51.0506 3272 srv - ok
11:31:51.0537 3272 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\windows\system32\DRIVERS\srv2.sys
11:31:51.0615 3272 srv2 - ok
11:31:51.0646 3272 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
11:31:51.0709 3272 srvnet - ok
11:31:51.0740 3272 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
11:31:51.0849 3272 SSDPSRV - ok
11:31:51.0896 3272 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\windows\system32\DRIVERS\ssmdrv.sys
11:31:51.0927 3272 ssmdrv - ok
11:31:51.0958 3272 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\windows\system32\sstpsvc.dll
11:31:52.0052 3272 SstpSvc - ok
11:31:52.0083 3272 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
11:31:52.0130 3272 stexstor - ok
11:31:52.0177 3272 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\windows\System32\wiaservc.dll
11:31:52.0286 3272 StiSvc - ok
11:31:52.0333 3272 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\windows\system32\drivers\swenum.sys
11:31:52.0379 3272 swenum - ok
11:31:52.0426 3272 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\windows\System32\swprv.dll
11:31:52.0551 3272 swprv - ok
11:31:52.0645 3272 [ 2185CC5BE9922562108CF87F42E4BBAF ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
11:31:52.0957 3272 SynTP - ok
11:31:53.0035 3272 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\windows\system32\sysmain.dll
11:31:53.0159 3272 SysMain - ok
11:31:53.0206 3272 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\windows\System32\TabSvc.dll
11:31:53.0269 3272 TabletInputService - ok
11:31:53.0315 3272 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\windows\System32\tapisrv.dll
11:31:53.0440 3272 TapiSrv - ok
11:31:53.0487 3272 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\windows\System32\tbssvc.dll
11:31:53.0581 3272 TBS - ok
11:31:53.0659 3272 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\windows\system32\drivers\tcpip.sys
11:31:53.0783 3272 Tcpip - ok
11:31:53.0846 3272 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
11:31:53.0955 3272 TCPIP6 - ok
11:31:54.0002 3272 [ 74905EBCBB8CBDB1F3C0B1778BBCB4BC ] tcpipBM C:\windows\system32\drivers\tcpipBM.sys
11:31:54.0251 3272 tcpipBM ( UnsignedFile.Multi.Generic ) - warning
11:31:54.0251 3272 tcpipBM - detected UnsignedFile.Multi.Generic (1)
11:31:54.0298 3272 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
11:31:54.0345 3272 tcpipreg - ok
11:31:54.0407 3272 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
11:31:54.0470 3272 TDPIPE - ok
11:31:54.0501 3272 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
11:31:54.0563 3272 TDTCP - ok
11:31:54.0595 3272 [ B459575348C20E8121D6039DA063C704 ] tdx C:\windows\system32\DRIVERS\tdx.sys
11:31:54.0688 3272 tdx - ok
11:31:54.0719 3272 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\windows\system32\drivers\termdd.sys
11:31:54.0766 3272 TermDD - ok
11:31:54.0829 3272 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\windows\System32\termsrv.dll
11:31:54.0953 3272 TermService - ok
11:31:55.0000 3272 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\windows\system32\themeservice.dll
11:31:55.0078 3272 Themes - ok
11:31:55.0094 3272 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\windows\system32\mmcss.dll
11:31:55.0187 3272 THREADORDER - ok
11:31:55.0219 3272 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\windows\System32\trkwks.dll
11:31:55.0328 3272 TrkWks - ok
11:31:55.0406 3272 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
11:31:55.0515 3272 TrustedInstaller - ok
11:31:55.0546 3272 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
11:31:55.0624 3272 tssecsrv - ok
11:31:55.0671 3272 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
11:31:55.0733 3272 TsUsbFlt - ok
11:31:55.0796 3272 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
11:31:55.0905 3272 tunnel - ok
11:31:55.0936 3272 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
11:31:55.0983 3272 uagp35 - ok
11:31:56.0030 3272 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\windows\system32\DRIVERS\udfs.sys
11:31:56.0139 3272 udfs - ok
11:31:56.0186 3272 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\windows\system32\UI0Detect.exe
11:31:56.0264 3272 UI0Detect - ok
11:31:56.0311 3272 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
11:31:56.0357 3272 uliagpkx - ok
11:31:56.0389 3272 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\windows\system32\DRIVERS\umbus.sys
11:31:56.0451 3272 umbus - ok
11:31:56.0498 3272 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\windows\system32\DRIVERS\umpass.sys
11:31:56.0560 3272 UmPass - ok
11:31:56.0591 3272 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\windows\System32\upnphost.dll
11:31:56.0732 3272 upnphost - ok
11:31:56.0763 3272 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
11:31:56.0825 3272 usbccgp - ok
11:31:56.0872 3272 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\windows\system32\drivers\usbcir.sys
11:31:56.0935 3272 usbcir - ok
11:31:56.0981 3272 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\windows\system32\drivers\usbehci.sys
11:31:57.0013 3272 usbehci - ok
11:31:57.0059 3272 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
11:31:57.0122 3272 usbhub - ok
11:31:57.0169 3272 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\windows\system32\drivers\usbohci.sys
11:31:57.0247 3272 usbohci - ok
11:31:57.0278 3272 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
11:31:57.0325 3272 usbprint - ok
11:31:57.0371 3272 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
11:31:57.0418 3272 usbscan - ok
11:31:57.0465 3272 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
11:31:57.0543 3272 USBSTOR - ok
11:31:57.0590 3272 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\windows\system32\drivers\usbuhci.sys
11:31:57.0637 3272 usbuhci - ok
11:31:57.0668 3272 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
11:31:57.0730 3272 usbvideo - ok
11:31:57.0777 3272 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\windows\System32\uxsms.dll
11:31:57.0871 3272 UxSms - ok
11:31:57.0902 3272 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\windows\system32\lsass.exe
11:31:57.0949 3272 VaultSvc - ok
11:31:57.0995 3272 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
11:31:58.0027 3272 vdrvroot - ok
11:31:58.0089 3272 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\windows\System32\vds.exe
11:31:58.0229 3272 vds - ok
11:31:58.0261 3272 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\windows\system32\DRIVERS\vgapnp.sys
11:31:58.0323 3272 vga - ok
11:31:58.0354 3272 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\windows\System32\drivers\vga.sys
11:31:58.0448 3272 VgaSave - ok
11:31:58.0495 3272 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\windows\system32\drivers\vhdmp.sys
11:31:58.0541 3272 vhdmp - ok
11:31:58.0573 3272 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\windows\system32\drivers\viaagp.sys
11:31:58.0619 3272 viaagp - ok
11:31:58.0651 3272 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\windows\system32\DRIVERS\viac7.sys
11:31:58.0713 3272 ViaC7 - ok
11:31:58.0744 3272 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\windows\system32\drivers\viaide.sys
11:31:58.0775 3272 viaide - ok
11:31:58.0807 3272 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\windows\system32\drivers\volmgr.sys
11:31:58.0853 3272 volmgr - ok
11:31:58.0885 3272 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\windows\system32\drivers\volmgrx.sys
11:31:58.0931 3272 volmgrx - ok
11:31:58.0978 3272 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\windows\system32\drivers\volsnap.sys
11:31:59.0025 3272 volsnap - ok
11:31:59.0072 3272 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
11:31:59.0119 3272 vsmraid - ok
11:31:59.0181 3272 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\windows\system32\vssvc.exe
11:31:59.0337 3272 VSS - ok
11:31:59.0368 3272 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
11:31:59.0415 3272 vwifibus - ok
11:31:59.0446 3272 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
11:31:59.0509 3272 vwififlt - ok
11:31:59.0555 3272 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\windows\system32\w32time.dll
11:31:59.0680 3272 W32Time - ok
11:31:59.0727 3272 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
11:31:59.0774 3272 WacomPen - ok
11:31:59.0805 3272 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
11:31:59.0899 3272 WANARP - ok
11:31:59.0914 3272 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
11:31:59.0992 3272 Wanarpv6 - ok
11:32:00.0070 3272 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\windows\system32\wbengine.exe
11:32:00.0226 3272 wbengine - ok
11:32:00.0273 3272 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
11:32:00.0351 3272 WbioSrvc - ok
11:32:00.0398 3272 [ 59E19BD13C3BDB857646B9E436BA27F7 ] WcesComm C:\windows\WindowsMobile\wcescomm.dll
11:32:00.0460 3272 WcesComm - ok
11:32:00.0507 3272 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\windows\System32\wcncsvc.dll
11:32:00.0616 3272 wcncsvc - ok
11:32:00.0647 3272 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
11:32:00.0725 3272 WcsPlugInService - ok
11:32:00.0772 3272 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\windows\system32\DRIVERS\wd.sys
11:32:00.0819 3272 Wd - ok
11:32:00.0866 3272 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
11:32:00.0944 3272 Wdf01000 - ok
11:32:00.0991 3272 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\windows\system32\wdi.dll
11:32:01.0084 3272 WdiServiceHost - ok
11:32:01.0100 3272 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\windows\system32\wdi.dll
11:32:01.0162 3272 WdiSystemHost - ok
11:32:01.0209 3272 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\windows\System32\webclnt.dll
11:32:01.0287 3272 WebClient - ok
11:32:01.0318 3272 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\windows\system32\wecsvc.dll
11:32:01.0443 3272 Wecsvc - ok
11:32:01.0459 3272 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\windows\System32\wercplsupport.dll
11:32:01.0552 3272 wercplsupport - ok
11:32:01.0599 3272 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\windows\System32\WerSvc.dll
11:32:01.0708 3272 WerSvc - ok
11:32:01.0755 3272 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
11:32:01.0833 3272 WfpLwf - ok
11:32:01.0864 3272 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\windows\system32\drivers\wimmount.sys
11:32:01.0895 3272 WIMMount - ok
11:32:01.0973 3272 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
11:32:02.0067 3272 WinDefend - ok
11:32:02.0083 3272 WinHttpAutoProxySvc - ok
11:32:02.0145 3272 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
11:32:02.0254 3272 Winmgmt - ok
11:32:02.0332 3272 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\windows\system32\WsmSvc.dll
11:32:02.0488 3272 WinRM - ok
11:32:02.0551 3272 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WINUSB C:\windows\system32\DRIVERS\WinUSB.SYS
11:32:02.0613 3272 WINUSB - ok
11:32:02.0675 3272 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\windows\System32\wlansvc.dll
11:32:02.0785 3272 Wlansvc - ok
11:32:02.0816 3272 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
11:32:02.0878 3272 WmiAcpi - ok
11:32:02.0941 3272 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
11:32:02.0987 3272 wmiApSrv - ok
11:32:03.0081 3272 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
11:32:03.0237 3272 WMPNetworkSvc - ok
11:32:03.0284 3272 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\windows\System32\wpcsvc.dll
11:32:03.0362 3272 WPCSvc - ok
11:32:03.0409 3272 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
11:32:03.0487 3272 WPDBusEnum - ok
11:32:03.0533 3272 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
11:32:03.0611 3272 ws2ifsl - ok
11:32:03.0643 3272 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\windows\System32\wscsvc.dll
11:32:03.0705 3272 wscsvc - ok
11:32:03.0721 3272 WSearch - ok
11:32:03.0845 3272 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\windows\system32\wuaueng.dll
11:32:04.0001 3272 wuauserv - ok
11:32:04.0048 3272 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
11:32:04.0111 3272 WudfPf - ok
11:32:04.0157 3272 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
11:32:04.0220 3272 WUDFRd - ok
11:32:04.0251 3272 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\windows\System32\WUDFSvc.dll
11:32:04.0313 3272 wudfsvc - ok
11:32:04.0360 3272 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\windows\System32\wwansvc.dll
11:32:04.0438 3272 WwanSvc - ok
11:32:04.0501 3272 ================ Scan global ===============================
11:32:04.0547 3272 [ DAB748AE0439955ED2FA22357533DDDB ] C:\windows\system32\basesrv.dll
11:32:04.0594 3272 [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\windows\system32\winsrv.dll
11:32:04.0625 3272 [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\windows\system32\winsrv.dll
11:32:04.0672 3272 [ 364455805E64882844EE9ACB72522830 ] C:\windows\system32\sxssrv.dll
11:32:04.0703 3272 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\windows\system32\services.exe
11:32:04.0719 3272 [Global] - ok
11:32:04.0719 3272 ================ Scan MBR ==================================
11:32:04.0735 3272 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:32:05.0140 3272 \Device\Harddisk0\DR0 - ok
11:32:05.0140 3272 ================ Scan VBR ==================================
11:32:05.0156 3272 [ 88C27101F087FAC1B0898091DEC94390 ] \Device\Harddisk0\DR0\Partition1
11:32:05.0156 3272 \Device\Harddisk0\DR0\Partition1 - ok
11:32:05.0187 3272 [ E561D3855E7409F40C075F86402524CE ] \Device\Harddisk0\DR0\Partition2
11:32:05.0203 3272 \Device\Harddisk0\DR0\Partition2 - ok
11:32:05.0203 3272 ============================================================
11:32:05.0203 3272 Scan finished
11:32:05.0203 3272 ============================================================
11:32:05.0234 1484 Detected object count: 6
11:32:05.0234 1484 Actual detected object count: 6
11:33:20.0036 1484 AsusService ( UnsignedFile.Multi.Generic ) - skipped by user
11:33:20.0036 1484 AsusService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:33:20.0051 1484 BMLoad ( UnsignedFile.Multi.Generic ) - skipped by user
11:33:20.0051 1484 BMLoad ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:33:20.0051 1484 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
11:33:20.0051 1484 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:33:20.0051 1484 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
11:33:20.0051 1484 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:33:20.0051 1484 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
11:33:20.0051 1484 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:33:20.0067 1484 tcpipBM ( UnsignedFile.Multi.Generic ) - skipped by user
11:33:20.0067 1484 tcpipBM ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
22.01.2013, 11:49
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.01.2013, 11:51
| #13 |
| | TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert Nun diese Ergebnisse adwcleaner Code:
ATTFilter # AdwCleaner v2.107 - Datei am 22/01/2013 um 11:54:40 erstellt
# Aktualisiert am 21/01/2013 von Xplode
# Betriebssystem : Windows 7 Starter Service Pack 1 (32 bits)
# Benutzer : Danny - DANNY-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Danny\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\xnh2q9it.default\searchplugins\Conduit.xml
Ordner Gefunden : C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\xnh2q9it.default\Conduit
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gefunden : HKU\S-1-5-21-844154740-1618517215-3757599251-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
-\\ Mozilla Firefox v18.0.1 (de)
Datei : C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\xnh2q9it.default\prefs.js
Gefunden : user_pref("CT2319825.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gefunden : user_pref("CT2319825.CTID", "CT2319825");
Gefunden : user_pref("CT2319825.CurrentServerDate", "18-8-2010");
Gefunden : user_pref("CT2319825.DialogsAlignMode", "LTR");
Gefunden : user_pref("CT2319825.EMailNotifierPollDate", "Wed Aug 18 2010 17:22:58 GMT+0200");
Gefunden : user_pref("CT2319825.FeedLastCount129056115025381886", 10);
Gefunden : user_pref("CT2319825.FeedPollDate11908299", "Wed Aug 18 2010 17:11:21 GMT+0200");
Gefunden : user_pref("CT2319825.FeedPollDate129056115025381886", "Wed Aug 18 2010 17:11:18 GMT+0200");
Gefunden : user_pref("CT2319825.FirstServerDate", "18-8-2010");
Gefunden : user_pref("CT2319825.FirstTime", true);
Gefunden : user_pref("CT2319825.FirstTimeFF3", true);
Gefunden : user_pref("CT2319825.FixPageNotFoundErrors", true);
Gefunden : user_pref("CT2319825.GroupingServerCheckInterval", 1440);
Gefunden : user_pref("CT2319825.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gefunden : user_pref("CT2319825.Initialize", true);
Gefunden : user_pref("CT2319825.InitializeCommonPrefs", true);
Gefunden : user_pref("CT2319825.InstalledDate", "Wed Aug 18 2010 17:11:16 GMT+0200");
Gefunden : user_pref("CT2319825.InvalidateCache", false);
Gefunden : user_pref("CT2319825.IsGrouping", false);
Gefunden : user_pref("CT2319825.IsMulticommunity", false);
Gefunden : user_pref("CT2319825.IsOpenThankYouPage", false);
Gefunden : user_pref("CT2319825.IsOpenUninstallPage", true);
Gefunden : user_pref("CT2319825.LanguagePackLastCheckTime", "Wed Aug 18 2010 17:11:19 GMT+0200");
Gefunden : user_pref("CT2319825.LanguagePackReloadIntervalMM", 1440);
Gefunden : user_pref("CT2319825.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gefunden : user_pref("CT2319825.LastLogin_2.5.8.6", "Wed Aug 18 2010 17:11:17 GMT+0200");
Gefunden : user_pref("CT2319825.LatestVersion", "2.7.2.0");
Gefunden : user_pref("CT2319825.Locale", "de");
Gefunden : user_pref("CT2319825.LoginCache", 4);
Gefunden : user_pref("CT2319825.MCDetectTooltipHeight", "83");
Gefunden : user_pref("CT2319825.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gefunden : user_pref("CT2319825.MCDetectTooltipWidth", "295");
Gefunden : user_pref("CT2319825.RadioIsPodcast", false);
Gefunden : user_pref("CT2319825.RadioLastCheckTime", "Wed Aug 18 2010 17:11:20 GMT+0200");
Gefunden : user_pref("CT2319825.RadioLastUpdateIPServer", "3");
Gefunden : user_pref("CT2319825.RadioLastUpdateServer", "129224641269630000");
Gefunden : user_pref("CT2319825.RadioMediaID", "11949532");
Gefunden : user_pref("CT2319825.RadioMediaType", "Media Player");
Gefunden : user_pref("CT2319825.RadioMenuSelectedID", "EBRadioMenu_CT231982511949532");
Gefunden : user_pref("CT2319825.RadioStationName", "1Live");
Gefunden : user_pref("CT2319825.RadioStationURL", "hxxp://gffstream.ic.llnwd.net/stream/gffstream_stream_wdr_ei[...]
Gefunden : user_pref("CT2319825.SHRINK_TOOLBAR", 1);
Gefunden : user_pref("CT2319825.SavedHomepage", "resource:/browserconfig.properties");
Gefunden : user_pref("CT2319825.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gefunden : user_pref("CT2319825.SearchFromAddressBarIsInit", true);
Gefunden : user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT231[...]
Gefunden : user_pref("CT2319825.SearchInNewTabEnabled", true);
Gefunden : user_pref("CT2319825.SearchInNewTabIntervalMM", 1440);
Gefunden : user_pref("CT2319825.SearchInNewTabLastCheckTime", "Wed Aug 18 2010 17:11:19 GMT+0200");
Gefunden : user_pref("CT2319825.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gefunden : user_pref("CT2319825.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gefunden : user_pref("CT2319825.SettingsCheckIntervalMin", 120);
Gefunden : user_pref("CT2319825.SettingsLastCheckTime", "Wed Aug 18 2010 17:11:15 GMT+0200");
Gefunden : user_pref("CT2319825.SettingsLastUpdate", "1282056409");
Gefunden : user_pref("CT2319825.ThirdPartyComponentsInterval", 504);
Gefunden : user_pref("CT2319825.ThirdPartyComponentsLastCheck", "Wed Aug 18 2010 17:11:15 GMT+0200");
Gefunden : user_pref("CT2319825.ThirdPartyComponentsLastUpdate", "1255348257");
Gefunden : user_pref("CT2319825.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Gefunden : user_pref("CT2319825.Uninstall", true);
Gefunden : user_pref("CT2319825.UserID", "UN13354327081739115");
Gefunden : user_pref("CT2319825.WeatherNetwork", "");
Gefunden : user_pref("CT2319825.WeatherPollDate", "Wed Aug 18 2010 17:11:22 GMT+0200");
Gefunden : user_pref("CT2319825.WeatherUnit", "C");
Gefunden : user_pref("CT2319825.alertChannelId", "715912");
Gefunden : user_pref("CT2319825.clientLogIsEnabled", true);
Gefunden : user_pref("CT2319825.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gefunden : user_pref("CT2319825.myStuffEnabled", true);
Gefunden : user_pref("CT2319825.myStuffPublihserMinWidth", 400);
Gefunden : user_pref("CT2319825.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gefunden : user_pref("CT2319825.myStuffServiceIntervalMM", 1440);
Gefunden : user_pref("CT2319825.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gefunden : user_pref("CT2319825.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gefunden : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Gefunden : user_pref("CommunityToolbar.ToolbarsList", "CT2319825");
Gefunden : user_pref("CommunityToolbar.ToolbarsList2", "CT2319825");
Gefunden : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Aug 18 2010 17:11:21 GMT+0200");
Gefunden : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2319825");
Gefunden : user_pref("browser.search.defaultthis.engineName", "Winload Customized Web Search");
Gefunden : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&Sea[...]
Gefunden : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=");
-\\ Opera v [Version kann nicht ermittelt werden]
Datei : C:\Users\Danny\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [8262 octets] - [22/01/2013 11:54:40]
########## EOF - C:\AdwCleaner[R1].txt - [8322 octets] ##########
|
|
22.01.2013, 12:25
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.01.2013, 13:19
| #15 |
| | TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert Neue Ergebnisse adwCleaner Code:
ATTFilter # AdwCleaner v2.107 - Datei am 22/01/2013 um 12:29:42 erstellt
# Aktualisiert am 21/01/2013 von Xplode
# Betriebssystem : Windows 7 Starter Service Pack 1 (32 bits)
# Benutzer : Danny - DANNY-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Danny\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\xnh2q9it.default\searchplugins\Conduit.xml
Ordner Gelöscht : C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\xnh2q9it.default\Conduit
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825 --> hxxp://www.google.com
-\\ Mozilla Firefox v18.0.1 (de)
Datei : C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\xnh2q9it.default\prefs.js
Gelöscht : user_pref("CT2319825.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2319825.CTID", "CT2319825");
Gelöscht : user_pref("CT2319825.CurrentServerDate", "18-8-2010");
Gelöscht : user_pref("CT2319825.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2319825.EMailNotifierPollDate", "Wed Aug 18 2010 17:22:58 GMT+0200");
Gelöscht : user_pref("CT2319825.FeedLastCount129056115025381886", 10);
Gelöscht : user_pref("CT2319825.FeedPollDate11908299", "Wed Aug 18 2010 17:11:21 GMT+0200");
Gelöscht : user_pref("CT2319825.FeedPollDate129056115025381886", "Wed Aug 18 2010 17:11:18 GMT+0200");
Gelöscht : user_pref("CT2319825.FirstServerDate", "18-8-2010");
Gelöscht : user_pref("CT2319825.FirstTime", true);
Gelöscht : user_pref("CT2319825.FirstTimeFF3", true);
Gelöscht : user_pref("CT2319825.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2319825.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2319825.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2319825.Initialize", true);
Gelöscht : user_pref("CT2319825.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2319825.InstalledDate", "Wed Aug 18 2010 17:11:16 GMT+0200");
Gelöscht : user_pref("CT2319825.InvalidateCache", false);
Gelöscht : user_pref("CT2319825.IsGrouping", false);
Gelöscht : user_pref("CT2319825.IsMulticommunity", false);
Gelöscht : user_pref("CT2319825.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2319825.IsOpenUninstallPage", true);
Gelöscht : user_pref("CT2319825.LanguagePackLastCheckTime", "Wed Aug 18 2010 17:11:19 GMT+0200");
Gelöscht : user_pref("CT2319825.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2319825.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2319825.LastLogin_2.5.8.6", "Wed Aug 18 2010 17:11:17 GMT+0200");
Gelöscht : user_pref("CT2319825.LatestVersion", "2.7.2.0");
Gelöscht : user_pref("CT2319825.Locale", "de");
Gelöscht : user_pref("CT2319825.LoginCache", 4);
Gelöscht : user_pref("CT2319825.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2319825.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2319825.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2319825.RadioIsPodcast", false);
Gelöscht : user_pref("CT2319825.RadioLastCheckTime", "Wed Aug 18 2010 17:11:20 GMT+0200");
Gelöscht : user_pref("CT2319825.RadioLastUpdateIPServer", "3");
Gelöscht : user_pref("CT2319825.RadioLastUpdateServer", "129224641269630000");
Gelöscht : user_pref("CT2319825.RadioMediaID", "11949532");
Gelöscht : user_pref("CT2319825.RadioMediaType", "Media Player");
Gelöscht : user_pref("CT2319825.RadioMenuSelectedID", "EBRadioMenu_CT231982511949532");
Gelöscht : user_pref("CT2319825.RadioStationName", "1Live");
Gelöscht : user_pref("CT2319825.RadioStationURL", "hxxp://gffstream.ic.llnwd.net/stream/gffstream_stream_wdr_ei[...]
Gelöscht : user_pref("CT2319825.SHRINK_TOOLBAR", 1);
Gelöscht : user_pref("CT2319825.SavedHomepage", "resource:/browserconfig.properties");
Gelöscht : user_pref("CT2319825.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gelöscht : user_pref("CT2319825.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT231[...]
Gelöscht : user_pref("CT2319825.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2319825.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2319825.SearchInNewTabLastCheckTime", "Wed Aug 18 2010 17:11:19 GMT+0200");
Gelöscht : user_pref("CT2319825.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2319825.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gelöscht : user_pref("CT2319825.SettingsCheckIntervalMin", 120);
Gelöscht : user_pref("CT2319825.SettingsLastCheckTime", "Wed Aug 18 2010 17:11:15 GMT+0200");
Gelöscht : user_pref("CT2319825.SettingsLastUpdate", "1282056409");
Gelöscht : user_pref("CT2319825.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2319825.ThirdPartyComponentsLastCheck", "Wed Aug 18 2010 17:11:15 GMT+0200");
Gelöscht : user_pref("CT2319825.ThirdPartyComponentsLastUpdate", "1255348257");
Gelöscht : user_pref("CT2319825.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Gelöscht : user_pref("CT2319825.Uninstall", true);
Gelöscht : user_pref("CT2319825.UserID", "UN13354327081739115");
Gelöscht : user_pref("CT2319825.WeatherNetwork", "");
Gelöscht : user_pref("CT2319825.WeatherPollDate", "Wed Aug 18 2010 17:11:22 GMT+0200");
Gelöscht : user_pref("CT2319825.WeatherUnit", "C");
Gelöscht : user_pref("CT2319825.alertChannelId", "715912");
Gelöscht : user_pref("CT2319825.clientLogIsEnabled", true);
Gelöscht : user_pref("CT2319825.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gelöscht : user_pref("CT2319825.myStuffEnabled", true);
Gelöscht : user_pref("CT2319825.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2319825.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2319825.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2319825.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2319825.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2319825");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2319825");
Gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Aug 18 2010 17:11:21 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2319825");
Gelöscht : user_pref("browser.search.defaultthis.engineName", "Winload Customized Web Search");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&Sea[...]
Gelöscht : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=");
-\\ Opera v [Version kann nicht ermittelt werden]
Datei : C:\Users\Danny\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [8391 octets] - [22/01/2013 11:54:40]
AdwCleaner[S1].txt - [8199 octets] - [22/01/2013 12:29:42]
########## EOF - C:\AdwCleaner[S1].txt - [8259 octets] ##########
Code:
ATTFilter OTL logfile created on: 1/22/2013 12:36:50 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Danny\Desktop Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1014.12 Mb Total Physical Memory | 207.13 Mb Available Physical Memory | 20.42% Memory free 1.99 Gb Paging File | 1.11 Gb Available in Paging File | 55.83% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 100.00 Gb Total Space | 60.91 Gb Free Space | 60.91% Space Free | Partition Type: NTFS Drive D: | 117.87 Gb Total Space | 52.17 Gb Free Space | 44.27% Space Free | Partition Type: NTFS Computer Name: DANNY-PC | User Name: Danny | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Danny\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe (Synaptics, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\AsScrPro.exe (ASUS) PRC - C:\Program Files\EeePC\HotkeyService\HotkeyService.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) PRC - C:\Program Files\EeePC\SHE\SuperHybridEngine.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files\EeePC\CapsHook\CapsHook.exe (ASUS) PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) PRC - C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe (ASUSTeK Computer Inc.) PRC - C:\Windows\System32\AsusService.exe () PRC - C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (ASUS) PRC - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe (ASUS) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) ========== Modules (No Company Name) ========== MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b95e7795ea5951d09521cddfc03b5c4e\Microsoft.VisualBasic.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\aa0c82eddc6cc12961a92835f777dcc0\System.Web.Services.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Program Files\Mozilla Thunderbird\mozjs.dll () MOD - C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll () MOD - C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll () MOD - C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll () MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\windows\assembly\GAC_MSIL\SqliteShared\1.0.3726.20828__0d0f4b69e50e559b\SqliteShared.dll () MOD - C:\windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll () MOD - C:\Program Files\ASUS\ASUS WebStorage\EcaremeDLL.dll () MOD - C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (ScrybeUpdater) -- C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe (Synaptics, Inc.) SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (AsusService) -- C:\Windows\System32\AsusService.exe () SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (ASLDRService) -- C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe (ASUS) SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (catchme) -- C:\Users\Danny\AppData\Local\Temp\catchme.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (HSPADataCardusbser) -- C:\Windows\System32\drivers\HSPADataCardusbser.sys (HSPADataCard Incorporated) DRV - (HSPADataCardusbnmea) -- C:\Windows\System32\drivers\HSPADataCardusbnmea.sys (HSPADataCard Incorporated) DRV - (HSPADataCardusbmdm) -- C:\Windows\System32\drivers\HSPADataCardusbmdm.sys (HSPADataCard Incorporated) DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.) DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( ) DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys () DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.) DRV - (BMLoad) -- C:\Windows\System32\drivers\BMLoad.sys (Bytemobile, Inc.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (hcw95rc) -- C:\Windows\System32\drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.) DRV - (hcw95bda) -- C:\Windows\System32\drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-844154740-1618517215-3757599251-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data] IE - HKU\S-1-5-21-844154740-1618517215-3757599251-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-844154740-1618517215-3757599251-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-844154740-1618517215-3757599251-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKU\S-1-5-21-844154740-1618517215-3757599251-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-844154740-1618517215-3757599251-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official" FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.6.2 FF - prefs.js..extensions.enabledAddons: ff-bmboc%40bytemobile.com:4.2.2 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKCU\Software\MozillaPlugins\intel.com/AppUp: C:\Program Files\Intel\IntelAppStore\bin\npAppUp.dll (Intel) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011/06/09 17:50:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\congstar\Internet-Manager\Bin\addon [2010/04/01 13:29:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/18 21:42:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/18 21:41:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Program Files\Mein Gutscheincode Finder\Firefox FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/18 21:42:01 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/18 21:41:54 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/08/17 00:09:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny\AppData\Roaming\mozilla\Extensions [2010/08/17 00:09:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012/11/25 20:00:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny\AppData\Roaming\mozilla\Firefox\Profiles\xnh2q9it.default\extensions [2012/07/19 16:41:16 | 000,000,000 | ---D | M] ("DHL Toolbar") -- C:\Users\Danny\AppData\Roaming\mozilla\Firefox\Profiles\xnh2q9it.default\extensions\{edc0b8a5-c050-4bb2-b785-a623b4515abf} [2011/03/12 22:38:07 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Danny\AppData\Roaming\mozilla\Firefox\Profiles\xnh2q9it.default\extensions\personas@christopher.beard [2012/11/25 20:00:10 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Danny\AppData\Roaming\mozilla\firefox\profiles\xnh2q9it.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013/01/20 11:23:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2010/04/01 13:29:34 | 000,000,000 | ---D | M] (Bytemobile Optimization Client) -- C:\PROGRAM FILES\CONGSTAR\INTERNET-MANAGER\BIN\ADDON [2013/01/18 21:42:01 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/11/12 11:41:04 | 000,171,136 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2012/10/24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/10/24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/10/24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012/10/24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012/10/24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012/10/24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013/01/21 13:34:15 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKU\S-1-5-21-844154740-1618517215-3757599251-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS) O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [OOBESetup] C:\Program Files\asus\OOBERegBackup\OOBERegBackup.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKU\S-1-5-21-844154740-1618517215-3757599251-1000..\Run: [ShowBatteryBar] C:\Program Files\BatteryBar\ShowBatteryBar.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-844154740-1618517215-3757599251-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-844154740-1618517215-3757599251-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-844154740-1618517215-3757599251-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 10.11.2) O16 - DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 1.7.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 1.7.0_11) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{983A5790-0C7D-48E8-BE1E-1DD96D3025A2}: DhcpNameServer = 192.168.178.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/01/22 11:06:42 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Danny\Desktop\tdsskiller.exe [2013/01/22 11:04:28 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Danny\Desktop\aswMBR.exe [2013/01/21 14:17:09 | 000,000,000 | ---D | C] -- C:\Users\Danny\Desktop\mbar-1.01.0.1016 [2013/01/21 13:38:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/01/21 13:38:27 | 000,000,000 | ---D | C] -- C:\Users\Danny\AppData\Local\temp [2013/01/21 13:17:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe [2013/01/21 13:17:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe [2013/01/21 13:17:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe [2013/01/21 13:08:33 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/01/21 13:07:56 | 000,000,000 | ---D | C] -- C:\windows\erdnt [2013/01/21 13:06:37 | 005,024,380 | R--- | C] (Swearware) -- C:\Users\Danny\Desktop\ComboFix.exe [2013/01/20 11:34:48 | 000,000,000 | ---D | C] -- C:\Config.Msi [2013/01/18 21:41:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013/01/15 23:37:11 | 000,000,000 | ---D | C] -- C:\Users\Danny\AppData\Local\Tracker Software [2013/01/15 23:31:25 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaw.exe [2013/01/15 23:31:25 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\System32\java.exe [2013/01/15 23:31:25 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll [2013/01/15 23:30:43 | 000,261,024 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaws.exe [2013/01/15 02:55:14 | 000,000,000 | ---D | C] -- C:\Users\Danny\AppData\Roaming\Malwarebytes [2013/01/15 02:54:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/01/15 02:54:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/01/15 02:54:53 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2013/01/15 02:54:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013/01/15 02:54:20 | 000,000,000 | ---D | C] -- C:\Users\Danny\AppData\Local\Programs [2013/01/15 01:29:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Danny\Desktop\OTL.exe [2013/01/14 20:09:34 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2013/01/10 08:49:55 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys [2013/01/10 08:49:14 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\conhost.exe [2013/01/10 08:49:14 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winsrv.dll [2013/01/10 08:49:14 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-file-l1-1-0.dll [2013/01/10 08:49:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2013/01/10 08:49:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2013/01/10 08:49:13 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-security-base-l1-1-0.dll [2013/01/10 08:49:13 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2013/01/10 08:49:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2013/01/10 08:49:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-synch-l1-1-0.dll [2013/01/10 08:49:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-misc-l1-1-0.dll [2013/01/10 08:49:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2013/01/10 08:49:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2013/01/10 08:49:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2013/01/10 08:49:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2013/01/10 08:49:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-memory-l1-1-0.dll [2013/01/10 08:49:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2013/01/10 08:49:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2013/01/10 08:49:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-heap-l1-1-0.dll [2013/01/10 08:49:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-util-l1-1-0.dll [2013/01/10 08:49:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-string-l1-1-0.dll [2013/01/10 08:49:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-profile-l1-1-0.dll [2013/01/10 08:49:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-io-l1-1-0.dll [2013/01/10 08:49:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-handle-l1-1-0.dll [2013/01/10 08:49:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2013/01/10 08:49:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-debug-l1-1-0.dll [2013/01/10 08:49:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2013/01/10 08:49:12 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2013/01/10 08:49:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-localization-l1-1-0.dll [2013/01/10 08:49:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2013/01/10 08:49:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-console-l1-1-0.dll [2013/01/10 08:48:03 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\gameux.dll [2013/01/10 08:48:03 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\System32\fpb.rs [2013/01/10 08:48:03 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\System32\oflc-nz.rs [2013/01/10 08:48:03 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\System32\pegibbfc.rs [2013/01/10 08:48:03 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\System32\csrr.rs [2013/01/10 08:48:03 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\System32\cob-au.rs [2013/01/10 08:48:03 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\System32\usk.rs [2013/01/10 08:48:03 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\System32\grb.rs [2013/01/10 08:48:03 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\System32\pegi-pt.rs [2013/01/10 08:48:03 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\System32\pegi.rs [2013/01/10 08:48:03 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\System32\djctq.rs [2013/01/10 08:48:02 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Wpc.dll [2013/01/10 08:48:00 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\System32\cero.rs [2013/01/10 08:48:00 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\System32\esrb.rs [2013/01/10 08:48:00 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\System32\oflc.rs [2013/01/10 08:48:00 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\System32\pegi-fi.rs [2013/01/10 08:47:33 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ncrypt.dll [2013/01/10 08:47:31 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskhost.exe [2013/01/08 20:50:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird ========== Files - Modified Within 30 Days ========== [2013/01/22 12:39:51 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/01/22 12:39:51 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/01/22 12:31:58 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013/01/22 12:31:46 | 797,532,160 | -HS- | M] () -- C:\hiberfil.sys [2013/01/22 12:10:02 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013/01/22 11:54:06 | 000,574,315 | ---- | M] () -- C:\Users\Danny\Desktop\adwcleaner.exe [2013/01/22 11:27:43 | 000,000,512 | ---- | M] () -- C:\Users\Danny\Desktop\MBR.dat [2013/01/22 11:06:43 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Danny\Desktop\tdsskiller.exe [2013/01/22 11:05:22 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Danny\Desktop\aswMBR.exe [2013/01/21 14:14:42 | 013,462,931 | ---- | M] () -- C:\Users\Danny\Desktop\mbar-1.01.0.1016.zip [2013/01/21 13:34:15 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts [2013/01/21 13:06:41 | 005,024,380 | R--- | M] (Swearware) -- C:\Users\Danny\Desktop\ComboFix.exe [2013/01/20 12:01:00 | 000,000,000 | ---- | M] () -- C:\UnInstall.dat [2013/01/20 11:37:51 | 000,000,020 | ---- | M] () -- C:\windows\øt [2013/01/20 11:35:01 | 000,659,056 | ---- | M] () -- C:\windows\System32\perfh007.dat [2013/01/20 11:35:01 | 000,620,202 | ---- | M] () -- C:\windows\System32\perfh009.dat [2013/01/20 11:35:01 | 000,132,594 | ---- | M] () -- C:\windows\System32\perfc007.dat [2013/01/20 11:35:01 | 000,108,384 | ---- | M] () -- C:\windows\System32\perfc009.dat [2013/01/15 01:33:24 | 000,000,000 | ---- | M] () -- C:\Users\Danny\defogger_reenable [2013/01/15 01:30:36 | 000,365,568 | ---- | M] () -- C:\Users\Danny\Desktop\gmer-2.0.18444.exe [2013/01/15 01:29:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Danny\Desktop\OTL.exe [2013/01/15 01:28:36 | 000,050,477 | ---- | M] () -- C:\Users\Danny\Desktop\Defogger.exe [2013/01/12 03:30:20 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll [2013/01/12 03:26:19 | 000,261,024 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaws.exe [2013/01/12 03:26:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaw.exe [2013/01/12 03:24:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\System32\java.exe [2013/01/10 10:15:43 | 000,288,296 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2013/01/09 22:23:30 | 000,118,879 | ---- | M] () -- C:\Users\Danny\Desktop\Nr 22 - 22102010 Bachelorprüfungsordnung Phil Fak 4 Satzung zur Änderung.pdf [2013/01/09 22:22:31 | 001,647,871 | ---- | M] () -- C:\Users\Danny\Desktop\Nr 46 - 30092009 Bachelorstudiengänge 3 Satzung zur Änderung der Neufassung der.pdf [2013/01/09 22:21:54 | 000,053,596 | ---- | M] () -- C:\Users\Danny\Desktop\Nr 25 - 15052009 Bachelorprüfungsordnung Phil Fak 2 Satzung zur Änderung der N.pdf [2013/01/09 22:16:10 | 002,050,882 | ---- | M] () -- C:\Users\Danny\Desktop\Nr 35 - 08102007 Bachelorprüfungsordnung Phil Fak Neufassung.pdf [2013/01/09 22:10:33 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe [2013/01/09 22:10:33 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl [2013/01/04 10:40:51 | 000,040,752 | ---- | M] () -- C:\Users\Danny\Desktop\Nr 06 - 14032006 Satzung der Ethikkommission Med Fak.pdf [2013/01/04 10:40:26 | 000,720,571 | ---- | M] () -- C:\Users\Danny\Desktop\Nr 25 - 05102006 Bachelorstudiengänge der Phil Fak Prüfungsordnung.pdf [2012/12/30 19:38:48 | 000,001,187 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk [2012/12/30 15:51:14 | 000,069,206 | ---- | M] () -- C:\Users\Danny\Desktop\Merkblatt_Einzureichende_Belege_ab_VZ2011_Ansichts-PDF.pdf ========== Files Created - No Company Name ========== [2013/01/22 11:54:03 | 000,574,315 | ---- | C] () -- C:\Users\Danny\Desktop\adwcleaner.exe [2013/01/22 11:27:43 | 000,000,512 | ---- | C] () -- C:\Users\Danny\Desktop\MBR.dat [2013/01/21 14:14:39 | 013,462,931 | ---- | C] () -- C:\Users\Danny\Desktop\mbar-1.01.0.1016.zip [2013/01/21 13:17:39 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2013/01/21 13:17:39 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2013/01/21 13:17:39 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2013/01/21 13:17:39 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2013/01/21 13:17:39 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2013/01/20 11:37:51 | 000,000,020 | ---- | C] () -- C:\windows\øt [2013/01/20 11:15:20 | 000,000,000 | ---- | C] () -- C:\UnInstall.dat [2013/01/15 01:33:24 | 000,000,000 | ---- | C] () -- C:\Users\Danny\defogger_reenable [2013/01/15 01:30:36 | 000,365,568 | ---- | C] () -- C:\Users\Danny\Desktop\gmer-2.0.18444.exe [2013/01/15 01:28:34 | 000,050,477 | ---- | C] () -- C:\Users\Danny\Desktop\Defogger.exe [2013/01/09 22:23:30 | 000,118,879 | ---- | C] () -- C:\Users\Danny\Desktop\Nr 22 - 22102010 Bachelorprüfungsordnung Phil Fak 4 Satzung zur Änderung.pdf [2013/01/09 22:22:29 | 001,647,871 | ---- | C] () -- C:\Users\Danny\Desktop\Nr 46 - 30092009 Bachelorstudiengänge 3 Satzung zur Änderung der Neufassung der.pdf [2013/01/09 22:21:54 | 000,053,596 | ---- | C] () -- C:\Users\Danny\Desktop\Nr 25 - 15052009 Bachelorprüfungsordnung Phil Fak 2 Satzung zur Änderung der N.pdf [2013/01/09 22:16:07 | 002,050,882 | ---- | C] () -- C:\Users\Danny\Desktop\Nr 35 - 08102007 Bachelorprüfungsordnung Phil Fak Neufassung.pdf [2013/01/04 10:40:50 | 000,040,752 | ---- | C] () -- C:\Users\Danny\Desktop\Nr 06 - 14032006 Satzung der Ethikkommission Med Fak.pdf [2013/01/04 10:40:26 | 000,720,571 | ---- | C] () -- C:\Users\Danny\Desktop\Nr 25 - 05102006 Bachelorstudiengänge der Phil Fak Prüfungsordnung.pdf [2012/12/30 19:38:48 | 000,001,187 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk [2012/12/30 15:50:58 | 000,069,206 | ---- | C] () -- C:\Users\Danny\Desktop\Merkblatt_Einzureichende_Belege_ab_VZ2011_Ansichts-PDF.pdf [2012/10/19 00:37:36 | 000,116,224 | ---- | C] () -- C:\windows\System32\redmonnt.dll [2012/10/19 00:37:36 | 000,045,056 | ---- | C] () -- C:\windows\System32\unredmon.exe [2011/07/04 15:32:45 | 000,007,621 | ---- | C] () -- C:\Users\Danny\AppData\Local\Resmon.ResmonCfg [2011/04/21 08:46:39 | 000,393,256 | ---- | C] () -- C:\windows\System32\CNQ4809N.DAT [2011/03/23 15:13:41 | 000,009,704 | ---- | C] () -- C:\windows\HCWPNP.INI ========== ZeroAccess Check ========== [2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:AB689DEA < End of report > Code:
ATTFilter OTL Extras logfile created on: 1/22/2013 12:36:50 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Danny\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1014.12 Mb Total Physical Memory | 207.13 Mb Available Physical Memory | 20.42% Memory free
1.99 Gb Paging File | 1.11 Gb Available in Paging File | 55.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 60.91 Gb Free Space | 60.91% Space Free | Partition Type: NTFS
Drive D: | 117.87 Gb Total Space | 52.17 Gb Free Space | 44.27% Space Free | Partition Type: NTFS
Computer Name: DANNY-PC | User Name: Danny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-844154740-1618517215-3757599251-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12D9827D-E68C-4A4D-B547-27C5276AAF5B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1F02B523-A70A-4521-8F7A-E01404740443}" = rport=445 | protocol=6 | dir=out | app=system |
"{2EF29DF8-05B4-4F18-8F18-D4DA7CE99308}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary |
"{3F15569D-A990-4D60-8326-AB55DF0F6269}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{606A869D-535C-4168-8D3C-24BB9C53E868}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6E6299B2-885E-4471-9DA3-7E29B97DF87E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7AC75C99-C85A-4477-83F8-D997E30B0B1A}" = lport=445 | protocol=6 | dir=in | app=system |
"{7CC8D969-6294-4FD2-BA04-C9CA60D3FD24}" = rport=139 | protocol=6 | dir=out | app=system |
"{7EB19E55-7D19-4D2F-91E4-616F3B75C560}" = lport=138 | protocol=17 | dir=in | app=system |
"{8C85562E-1268-438A-987D-4653E7DE1998}" = lport=139 | protocol=6 | dir=in | app=system |
"{9189FDB7-0F60-4908-B508-6130B7218258}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{98A04DAA-33EA-4072-83AE-0A28D2597E45}" = lport=137 | protocol=17 | dir=in | app=system |
"{9A4E19BF-A3F7-4545-8DE2-3F8370CB8ADB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A0D91D61-B780-4B5E-B7A6-F4A7F3F94AC3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A201FC9F-0B87-4AAE-88C6-80B7722C7E49}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{A90BCA1A-751B-4A2E-B2AB-4EE026B8DA17}" = rport=137 | protocol=17 | dir=out | app=system |
"{AE6079B6-C825-4B5C-99FC-A64C2E4C90CB}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |
"{B083AE7B-D4C5-4E88-A094-9980757C5F96}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{BA1E8C6A-C8EC-41EB-8EBF-3EA5B5BB1B12}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BF1DD50F-9977-4324-B735-5C7C671C1483}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CA7192D2-FC1C-4C78-8B67-EB3A8012B8F5}" = rport=138 | protocol=17 | dir=out | app=system |
"{E156E7AD-C325-4FE8-8535-35F5D5DC0231}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E87D5E42-F192-4B89-8043-4EDFDE0B5163}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F4C27420-1C5E-4414-80EF-4ED97A3F1A6A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F5A4E98C-03D8-41DF-8300-C9DF24636CE7}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary |
"{FD20F2E3-A591-4139-9004-566DA8B82ED6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0517116C-D0E8-446C-9C72-98123591A900}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{241089C1-E410-4CF4-B48B-83884243BCFD}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3EBA39D7-7BB4-4ADD-A61B-DA6307CD1063}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{52A610A9-10A2-42EB-8B0A-169818C1C967}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{78922A2F-9BE4-4294-AF0E-67F3281DF894}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A143D63E-5D1C-42A0-9E82-3893F22F195F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A247D571-E068-4F61-95D0-EBA8528955DB}" = protocol=17 | dir=in | app=c:\users\danny\appdata\roaming\dropbox\bin\dropbox.exe |
"{A852C37D-A086-4679-98BC-B03E751601AD}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AEB71E96-77D9-4C0F-AD7D-5FBAA896E132}" = protocol=6 | dir=in | app=c:\users\danny\appdata\roaming\dropbox\bin\dropbox.exe |
"{AEC030CA-707B-4096-93CF-15CB1864B35E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{EEDD54AB-9237-4512-A167-B8393C321B12}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F309993C-29DE-49E3-BA03-16288AD5C542}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"TCP Query User{3BFCAEA8-2FF6-4F74-B368-54600AA6D82B}C:\program files\yworks\yed\yed.exe" = protocol=6 | dir=in | app=c:\program files\yworks\yed\yed.exe |
"TCP Query User{A02200B6-46B5-4E85-B1B5-6F54F4F319EE}C:\users\danny\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\danny\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{C384783C-A4D5-44CC-9C50-7C6316CD530A}C:\program files\yworks\yed\yed.exe" = protocol=6 | dir=in | app=c:\program files\yworks\yed\yed.exe |
"UDP Query User{9B2D190F-942D-42EB-994E-E396F5A6868D}C:\program files\yworks\yed\yed.exe" = protocol=17 | dir=in | app=c:\program files\yworks\yed\yed.exe |
"UDP Query User{A10B38BD-61BD-4F2B-8376-3E786C845DF3}C:\users\danny\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\danny\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{FA5C925D-06D0-4047-AB1C-3550B015D68C}C:\program files\yworks\yed\yed.exe" = protocol=17 | dir=in | app=c:\program files\yworks\yed\yed.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4809" = CanoScan LiDE 210 Scanner Driver
"{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}" = Synaptics Gesture Suite featuring SYNAPTICS | Scrybe
"{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"{1E11EE30-C0D4-46BC-9142-27EB4C37BE35}" = Angry Birds
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 11
"{27D28586-BEF1-4E06-8787-3B1FC3A41489}" = congstar Internet-Manager
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook
"{4FCBCF89-1823-4D97-A6F2-0E8DD66E273A}" = Broadcom Wireless Network Adapter
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AC7CCB3C-8E86-4165-9363-30B7CCCD9742}" = Angry Birds Rio
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{D802DD00-16A8-4A58-AFC9-020C2380ECDA}" = EeeSplendid
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3D2DEDC-4732-4188-8A3A-1A3FFBD4D6C8}" = ebi.BookReader3J
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"3309-7404-0599-8908" = yEd Graph Editor 3.10
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASUS VIBE" = ASUS VIBE
"ASUS WebStorage" = ASUS WebStorage
"Avira AntiVir Desktop" = Avira Free Antivirus
"BatteryBar" = BatteryBar (remove only)
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CCleaner" = CCleaner
"Citrix ICA Web Client" = Citrix ICA Web Client
"Eee Docking_is1" = Eee Docking 3.7.0
"ElsterFormular" = ElsterFormular
"ESET Online Scanner" = ESET Online Scanner v3
"FormatFactory" = FormatFactory 2.96
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"Intel AppUp(SM) center 28264" = Intel AppUp(SM) center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"OOBERegBackup_is1" = OOBERegBackup
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"ScreenSaverPatch_is1" = ScreenSaverPatch
"Sudoku Generator" = Sudoku Generator 2.63
"SynTPDeinstKey" = Synaptics Pointing Device Driver
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-844154740-1618517215-3757599251-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 1/27/2012 10:49:43 AM | Computer Name = Danny-PC | Source = CVHSVC | ID = 100
Description =
Error - 2/6/2012 3:50:47 AM | Computer Name = Danny-PC | Source = CVHSVC | ID = 100
Description =
Error - 2/17/2012 4:36:46 AM | Computer Name = Danny-PC | Source = CVHSVC | ID = 100
Description =
Error - 2/17/2012 6:46:27 AM | Computer Name = Danny-PC | Source = CVHSVC | ID = 100
Description =
Error - 2/17/2012 8:10:29 AM | Computer Name = Danny-PC | Source = CVHSVC | ID = 100
Description =
Error - 2/18/2012 2:14:44 PM | Computer Name = Danny-PC | Source = CVHSVC | ID = 100
Description =
Error - 3/10/2012 6:24:34 PM | Computer Name = Danny-PC | Source = CVHSVC | ID = 100
Description =
Error - 3/15/2012 4:26:36 AM | Computer Name = Danny-PC | Source = CVHSVC | ID = 100
Description =
Error - 3/19/2012 2:21:33 AM | Computer Name = Danny-PC | Source = CVHSVC | ID = 100
Description =
Error - 4/3/2012 8:18:40 AM | Computer Name = Danny-PC | Source = CVHSVC | ID = 100
Description =
[ System Events ]
Error - 1/20/2013 3:42:35 PM | Computer Name = Danny-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 1/20/2013 8:19:53 PM | Computer Name = Danny-PC | Source = volsnap | ID = 393251
Description = Die Schattenkopien von Volume "D:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht vergrößert werden kann.
Error - 1/21/2013 6:22:15 AM | Computer Name = Danny-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 1/21/2013 8:20:02 AM | Computer Name = Danny-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Asus Launcher Service" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 1/21/2013 8:20:12 AM | Computer Name = Danny-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 1/21/2013 8:27:02 AM | Computer Name = Danny-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 1/21/2013 8:34:25 AM | Computer Name = Danny-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 1/21/2013 8:43:43 AM | Computer Name = Danny-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 1/22/2013 4:55:10 AM | Computer Name = Danny-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 1/22/2013 7:32:34 AM | Computer Name = Danny-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
< End of report >
|
|
| Themen zu TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert |
| .com, 32 bit, antivir, application/pdf:, avira, bho, bingbar, eeepc, error, failed, fehler, firefox, flash player, helper, install.exe, installation, logfile, loswerden, microsoft office starter 2010, mozilla, plug-in, realtek, registry, rundll, security, software, svchost.exe, system, tracker, trojaner, udp, windows, wrapper |
Linear-Darstellung
