| |
| |||||||
Log-Analyse und Auswertung: Anhang von Fake-Rechnung.zip geöffnet - Trojaner und WormsWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
09.03.2013, 18:00
| #1 |
| |  Anhang von Fake-Rechnung.zip geöffnet - Trojaner und Worms Hi Trojaner-Board, ich versuche an einem anderen Laptop zu helfen: Dort wurde vor zwei Wochen eine Fake-Email mit Rechnung als Zipdatei im Anhang unwissendlich geöffnet und nun kommen ständig Virenmeldungen, ADWARE/Yontoo.Gen und Yontoo.Gen2, WORM/Vonfus.2785289 wurden bisher von Antivir gefunden. Könnt ihr mir bitte helfen? Es wurde schon mal ein Antimalware-Scan durchgeführt letzte Woche, hier der Scan: Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.03.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Ralf :: RALF-PC [Administrator] 03.03.2013 20:15:43 mbam-log-2013-03-03 (20-15-43).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 208251 Laufzeit: 9 Minute(n), 16 Sekunde(n) Infizierte Speicherprozesse: 1 C:\Users\Ralf\AppData\Roaming\Cykahu\enen.exe (Trojan.Agent.MU) -> 5436 -> Löschen bei Neustart. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Eridiksu (Trojan.Agent.MU) -> Daten: C:\Users\Ralf\AppData\Roaming\Cykahu\enen.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Ralf\AppData\Roaming\Cykahu\enen.exe (Trojan.Agent.MU) -> Löschen bei Neustart. (Ende) Hier die folgenden Scans: Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.09.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Ralf :: RALF-PC [Administrator] 09.03.2013 16:04:36 mbam-log-2013-03-09 (16-04-36).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 348842 Laufzeit: 1 Stunde(n), 46 Minute(n), 3 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Gleich gibts die restlichen!OTL Logfile: Code:
ATTFilter OTL logfile created on: 09.03.2013 18:06:37 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ralf\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 59,07% Memory free 7,99 Gb Paging File | 6,11 Gb Available in Paging File | 76,49% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 283,40 Gb Total Space | 212,27 Gb Free Space | 74,90% Space Free | Partition Type: NTFS Computer Name: RALF-PC | User Name: Ralf | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.09 16:55:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ralf\Desktop\OTL.exe PRC - [2013.02.27 20:20:27 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013.02.19 19:20:37 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe PRC - [2013.02.15 12:39:28 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.02.15 12:38:07 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.02.15 12:38:06 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.06.21 04:01:58 | 000,092,632 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe PRC - [2011.09.06 18:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe PRC - [2011.08.18 16:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe PRC - [2011.08.18 16:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe PRC - [2011.08.01 18:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe PRC - [2009.06.24 23:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe PRC - [2009.06.09 17:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe PRC - [2009.06.05 02:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.06.05 02:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2009.05.21 15:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe PRC - [2009.05.21 15:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe ========== Modules (No Company Name) ========== MOD - [2013.02.27 20:20:03 | 003,067,288 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013.02.15 15:01:19 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013.01.11 19:17:02 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll MOD - [2013.01.10 21:10:56 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll MOD - [2013.01.10 21:10:05 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll MOD - [2013.01.10 21:09:36 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.10 21:09:31 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll MOD - [2013.01.10 21:09:13 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013.01.10 21:08:56 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.10 21:08:46 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.01.10 21:08:35 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.10 21:08:03 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2011.08.18 16:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.07.14 18:58:15 | 000,167,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2009.07.17 02:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc) SRV:64bit: - [2009.06.29 05:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV) SRV:64bit: - [2009.06.25 11:48:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2013.02.27 20:20:27 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.27 20:11:17 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.15 12:39:28 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.02.15 12:38:07 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.01.27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2013.01.27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.06.21 04:01:58 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2011.08.18 16:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.29 05:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe -- (STacSV) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.09 17:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService) SRV - [2009.06.05 02:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2009.05.21 15:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.01.20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.12.12 18:10:02 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.12.12 18:09:53 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.09.24 08:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.06.15 08:10:14 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.03.09 19:23:47 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2009.09.28 08:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.07.17 02:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY) DRV:64bit: - [2009.07.17 02:06:16 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.07.09 11:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009.06.29 05:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2009.06.25 12:24:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.06.15 20:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.08 09:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009.02.05 12:54:10 | 000,225,328 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2006.11.01 19:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {EAC7CBC3-0D54-4A17-B78A-F1929C00C73F} IE:64bit: - HKLM\..\SearchScopes\{EAC7CBC3-0D54-4A17-B78A-F1929C00C73F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {8581C9B1-082F-4860-8CC2-A054E862C727} IE - HKLM\..\SearchScopes\{8581C9B1-082F-4860-8CC2-A054E862C727}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\SearchScopes,DefaultScope = {8581C9B1-082F-4860-8CC2-A054E862C727} IE - HKCU\..\SearchScopes\{AF5AEC55-9EF4-41DF-9162-C0370835616B}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=5569C61D-ACE4-4D5B-890B-5BB57BAA28D7&apn_sauid=0B26DE56-6009-428F-8CAD-F42BCC71CE11 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.8.20100713041928 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.27 20:20:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.27 20:19:53 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.27 20:20:27 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.27 20:19:53 | 000,000,000 | ---D | M] [2012.07.01 18:45:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ralf\AppData\Roaming\mozilla\Extensions [2012.07.01 18:45:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ralf\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2013.03.03 20:09:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ralf\AppData\Roaming\mozilla\Firefox\Profiles\i5tegyxn.default\extensions [2013.03.03 20:06:16 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Ralf\AppData\Roaming\mozilla\firefox\profiles\i5tegyxn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.09.09 18:24:24 | 000,002,299 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\mozilla\firefox\profiles\i5tegyxn.default\searchplugins\askcom.xml [2013.02.27 20:19:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013.02.27 20:19:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.02.27 20:20:27 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{143BBB14-0BDE-4E42-8EBD-DCD620BF51FA}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{071abbaf-2ba9-11df-a795-a4badb93e580}\Shell - "" = AutoRun O33 - MountPoints2\{071abbaf-2ba9-11df-a795-a4badb93e580}\Shell\AutoRun\command - "" = F:\SETUP.EXE O33 - MountPoints2\{071abbaf-2ba9-11df-a795-a4badb93e580}\Shell\configure\command - "" = F:\SETUP.EXE O33 - MountPoints2\{071abbaf-2ba9-11df-a795-a4badb93e580}\Shell\install\command - "" = F:\SETUP.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.09 16:54:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ralf\Desktop\OTL.exe [2013.03.03 20:14:34 | 000,000,000 | ---D | C] -- C:\Users\Ralf\AppData\Roaming\Malwarebytes [2013.03.03 20:14:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.03 20:14:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.03 20:14:00 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.03.03 20:13:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.03.03 20:13:44 | 000,000,000 | ---D | C] -- C:\Users\Ralf\AppData\Local\Programs [2013.03.03 11:31:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013.02.27 20:19:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.02.27 20:15:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.02.27 20:14:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.02.26 17:16:49 | 000,000,000 | ---D | C] -- C:\Users\Ralf\AppData\Roaming\Uxmyy [2013.02.26 17:16:49 | 000,000,000 | ---D | C] -- C:\Users\Ralf\AppData\Roaming\Ovov [2013.02.26 17:16:49 | 000,000,000 | ---D | C] -- C:\Users\Ralf\AppData\Roaming\Cykahu [2013.02.17 17:20:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2013.02.17 17:20:48 | 000,000,000 | ---D | C] -- C:\Users\Ralf\AppData\Local\Google ========== Files - Modified Within 30 Days ========== [2013.03.09 18:10:19 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.09 18:10:19 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.09 18:06:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.09 18:02:45 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.09 18:02:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.09 18:02:13 | 3218,358,272 | -HS- | M] () -- C:\hiberfil.sys [2013.03.09 17:25:05 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.09 17:00:49 | 000,377,856 | ---- | M] () -- C:\Users\Ralf\Desktop\q1v34tnk.exe [2013.03.09 16:55:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ralf\Desktop\OTL.exe [2013.03.09 16:46:52 | 000,000,020 | ---- | M] () -- C:\Users\Ralf\defogger_reenable [2013.03.09 16:46:02 | 000,050,477 | ---- | M] () -- C:\Users\Ralf\Desktop\Defogger.exe [2013.03.06 20:37:50 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2013.03.06 20:34:57 | 000,058,429 | ---- | M] () -- C:\Users\Ralf\Desktop\TP VO - Terminplan Vorstand - Rev.2.pdf [2013.03.06 20:29:19 | 000,133,181 | ---- | M] () -- C:\Users\Ralf\Desktop\2013_Spielgemeinschaftsvertrag - Rev 6.pdf [2013.03.03 11:31:32 | 000,002,214 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2013.03.01 13:40:02 | 000,279,205 | ---- | M] () -- C:\Users\Ralf\Desktop\basic_kassette_02.jpg [2013.02.28 11:27:03 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.28 11:27:03 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.28 11:27:03 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.28 11:27:03 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.28 11:27:03 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.15 14:56:01 | 000,426,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013.03.09 17:00:41 | 000,377,856 | ---- | C] () -- C:\Users\Ralf\Desktop\q1v34tnk.exe [2013.03.09 16:46:52 | 000,000,020 | ---- | C] () -- C:\Users\Ralf\defogger_reenable [2013.03.09 16:45:47 | 000,050,477 | ---- | C] () -- C:\Users\Ralf\Desktop\Defogger.exe [2013.03.06 20:34:56 | 000,058,429 | ---- | C] () -- C:\Users\Ralf\Desktop\TP VO - Terminplan Vorstand - Rev.2.pdf [2013.03.06 20:29:17 | 000,133,181 | ---- | C] () -- C:\Users\Ralf\Desktop\2013_Spielgemeinschaftsvertrag - Rev 6.pdf [2013.03.03 11:31:32 | 000,002,214 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2013.03.01 13:40:01 | 000,279,205 | ---- | C] () -- C:\Users\Ralf\Desktop\basic_kassette_02.jpg [2013.02.17 17:21:00 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.17 17:20:59 | 000,001,102 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.03.15 12:46:37 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.03.03 20:27:13 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Cykahu [2010.03.09 19:28:20 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\DAEMON Tools Pro [2010.04.16 16:29:07 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Farm Mania [2013.02.27 19:40:48 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Ovov [2012.07.01 18:45:19 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\TomTom [2013.02.26 17:16:49 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Uxmyy ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 09.03.2013 18:06:37 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ralf\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 59,07% Memory free
7,99 Gb Paging File | 6,11 Gb Available in Paging File | 76,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283,40 Gb Total Space | 212,27 Gb Free Space | 74,90% Space Free | Partition Type: NTFS
Computer Name: RALF-PC | User Name: Ralf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02624CB4-E449-4FE6-87A6-6F50F407B04A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{27B7A65C-9FAE-45B2-90B9-2B25F731F098}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{362E47F7-9AD0-4274-B5E7-3484DD533C45}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3974E8CC-C5E3-42B2-9CD4-837986C988C8}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{50612DD8-8771-4BEA-911D-73A7CF7EF7B1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{62FEE83C-F409-4620-8320-AA54D93E1C16}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8CDBA6C5-EB36-45E7-A8D3-C48EC92A2AB4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{A1979084-23EB-4D9E-A288-7D4E93733F01}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BAB79D3B-2B85-4B97-A066-41D3D58B209C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{BF715C35-834B-4E22-842A-A99F5F296320}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E04A1E65-7E82-4024-A47A-3EBEFB658C2F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F3C9908-FA68-4D67-A3DA-8006DE89240D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{0FE1C16D-34CF-47CE-82CF-116156898A7A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1FBEB50A-9F6F-43E8-A0BD-B758469ABEAD}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{226422D8-62C4-489E-A40C-71151AC33373}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{2AD90CE5-46B1-4FD8-800A-BE243758EE37}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{2C8744E4-9C8A-443B-988B-0ECA97D28EB4}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{3EAD7A67-CC94-4380-8376-630DA2ADD172}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{419224B8-BB29-44C0-83F7-E5C752D33638}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{45096A6D-B88D-4866-A62D-9D2074959146}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5852C020-F4C9-4698-97FB-A8770D4A22EF}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe |
"{5AFBCE11-B423-4C39-A05E-232D1E02B56B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{675360AE-8827-45E6-B0B4-360B980EE057}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{8C04383A-62D9-4DBF-A454-206A3BD4227B}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{91586AF1-57A5-469B-924D-C7357526598D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A4372234-4EA2-4DB1-B0E2-B31899B02F62}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{CCA81D7E-1FD8-4073-8B6C-E98DFC989062}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{D88E6283-F0E9-4A9E-98E7-80F92DD924EA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"TCP Query User{2103E472-FEE2-4EDD-81B7-CFF7372ED10A}C:\users\ralf\appdata\roaming\cykahu\enen.exe" = protocol=6 | dir=in | app=c:\users\ralf\appdata\roaming\cykahu\enen.exe |
"UDP Query User{20E1C10D-973B-44FC-839C-DCE237745E3A}C:\users\ralf\appdata\roaming\cykahu\enen.exe" = protocol=17 | dir=in | app=c:\users\ralf\appdata\roaming\cykahu\enen.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{E461C0B2-523B-2940-C5DF-D174284CE609}" = ccc-utility64
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03CFDC67-5B03-EE5C-4176-F545B0D2F485}" = CCC Help Korean
"{04F3038E-4120-44CC-B330-E05F737246A5}" = Roxio Update Manager
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0A2AC888-61DC-CD55-5969-8602A7E9716D}" = CCC Help Italian
"{0CF884B6-C6D8-EB7B-D2BF-2877C6F49EBC}" = CCC Help Swedish
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{185CC275-907C-0D83-B0C2-7B065C5108D8}" = CCC Help Chinese Traditional
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{26CE484D-2E8E-40D5-B251-158133114C69}" = TomTom HOME
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2ED967AD-FBB0-5355-F5F2-E7A03AAD4F71}" = Catalyst Control Center Localization All
"{30FA0F5C-B1A9-39EB-8148-3D574C0C8332}" = Catalyst Control Center Graphics Previews Common
"{35852FDE-7263-23EA-435F-44E4B61996D0}" = CCC Help Japanese
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A07247E-0645-8BCF-8419-FD857790108D}" = Skins
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{445F6C1F-C48F-0CC9-A030-040D3EA42C93}" = Catalyst Control Center Graphics Full New
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{46E08E5F-02B4-E854-CD4F-ED3E4FEBE122}" = CCC Help French
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5A841BCF-1C5B-E3DA-9475-892CA6576425}" = CCC Help Finnish
"{5B8741B6-4BEA-47D3-DB77-959C7FF35B39}" = Catalyst Control Center Graphics Full Existing
"{5FA16D15-FA5B-7F0F-7CBB-369E1E2937C9}" = CCC Help Spanish
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{61F27C5E-5274-0DB8-67CC-5253C6CF2B93}" = CCC Help Dutch
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6625CE8F-6E89-561F-D828-1B8535DEEBB6}" = Catalyst Control Center Core Implementation
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}" = Catalyst Control Center - Branding
"{6D2CCC4B-007D-EEE7-3E69-578B178A7B91}" = Catalyst Control Center Graphics Previews Vista
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E3D92F-2C51-B4E9-F2B6-EAF89C33E580}" = CCC Help Portuguese
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F218D6-EAF4-402C-36B1-C3F0EC62598D}" = ccc-core-static
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{86C527CC-4AF2-903C-7BFF-5975272CC645}" = Catalyst Control Center InstallProxy
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8DDFDDE9-C206-F32E-66AD-D17558D7677E}" = CCC Help German
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2A4AC67-DC60-A92B-DD50-65BEE8FA8D71}" = CCC Help Russian
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B9C5005C-56CA-38E4-A093-79F22ECA0427}" = CCC Help Norwegian
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{DC93F14E-D2C9-D6D1-31B6-D31AC2AD3BB0}" = Catalyst Control Center Graphics Light
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6E0F53B-B7B8-E052-5C32-76C885536A3E}" = CCC Help Danish
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F7FE3C6E-ECB8-0853-584F-BE19BA05B1B8}" = CCC Help Chinese Standard
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FCC49808-C684-FEFA-3C02-46A04A7C9EBD}" = CCC Help English
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Avira AntiVir Desktop" = Avira Free Antivirus
"Dell Webcam Central" = Dell Webcam Central
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"TomTom HOME" = TomTom HOME 2.8.3.2499
"WinLiveSuite_Wave3" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.02.2013 15:40:43 | Computer Name = Ralf-PC | Source = TOASTER.EXE | ID = 0
Description = An Unhandled Exception occured. Die Datei "C:\Users\Ralf\AppData\local\\softthinks\scheduler.xml"
ist bereits vorhanden. bei System.IO.__Error.WinIOError(Int32 errorCode, String
maybeFullPath) bei System.IO.File.InternalCopy(String sourceFileName, String
destFileName, Boolean overwrite) bei System.IO.File.Copy(String sourceFileName,
String destFileName) bei Toaster.SchedulerReader.read() bei Toaster.Notifications.FullSystemBackup.FsbHelper.IsFsbScheduledNow()
bei Toaster.Notifications.FullSystemBackup.FsbHelper.CheckReminder() bei Toaster.Helper.CheckReminders(ObservableCollection`1
notificationHelpers) bei Toaster.MainWindowViewModel.NotificationsTimerTick(Object
sender, EventArgs e) bei System.Windows.Threading.DispatcherTimer.FireTick(Object
unused) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Error - 05.02.2013 15:57:41 | Computer Name = Ralf-PC | Source = TOASTER.EXE | ID = 0
Description = An Unhandled Exception occured. Die Datei "C:\Users\Ralf\AppData\local\\softthinks\scheduler.xml"
ist bereits vorhanden. bei System.IO.__Error.WinIOError(Int32 errorCode, String
maybeFullPath) bei System.IO.File.InternalCopy(String sourceFileName, String
destFileName, Boolean overwrite) bei System.IO.File.Copy(String sourceFileName,
String destFileName) bei Toaster.SchedulerReader.read() bei Toaster.Notifications.FullSystemBackup.FsbHelper.IsFsbScheduledNow()
bei Toaster.Notifications.FullSystemBackup.FsbHelper.CheckReminder() bei Toaster.Helper.CheckReminders(ObservableCollection`1
notificationHelpers) bei Toaster.MainWindowViewModel.NotificationsTimerTick(Object
sender, EventArgs e) bei System.Windows.Threading.DispatcherTimer.FireTick(Object
unused) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Error - 06.02.2013 13:32:50 | Computer Name = Ralf-PC | Source = TOASTER.EXE | ID = 0
Description = An Unhandled Exception occured. Die Datei "C:\Users\Ralf\AppData\local\\softthinks\scheduler.xml"
ist bereits vorhanden. bei System.IO.__Error.WinIOError(Int32 errorCode, String
maybeFullPath) bei System.IO.File.InternalCopy(String sourceFileName, String
destFileName, Boolean overwrite) bei System.IO.File.Copy(String sourceFileName,
String destFileName) bei Toaster.SchedulerReader.read() bei Toaster.Notifications.FullSystemBackup.FsbHelper.IsFsbScheduledNow()
bei Toaster.Notifications.FullSystemBackup.FsbHelper.CheckReminder() bei Toaster.Helper.CheckReminders(ObservableCollection`1
notificationHelpers) bei Toaster.MainWindowViewModel.NotificationsTimerTick(Object
sender, EventArgs e) bei System.Windows.Threading.DispatcherTimer.FireTick(Object
unused) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Error - 07.02.2013 12:18:41 | Computer Name = Ralf-PC | Source = TOASTER.EXE | ID = 0
Description = An Unhandled Exception occured. Die Datei "C:\Users\Ralf\AppData\local\\softthinks\scheduler.xml"
ist bereits vorhanden. bei System.IO.__Error.WinIOError(Int32 errorCode, String
maybeFullPath) bei System.IO.File.InternalCopy(String sourceFileName, String
destFileName, Boolean overwrite) bei System.IO.File.Copy(String sourceFileName,
String destFileName) bei Toaster.SchedulerReader.read() bei Toaster.Notifications.FullSystemBackup.FsbHelper.IsFsbScheduledNow()
bei Toaster.Notifications.FullSystemBackup.FsbHelper.CheckReminder() bei Toaster.Helper.CheckReminders(ObservableCollection`1
notificationHelpers) bei Toaster.MainWindowViewModel.NotificationsTimerTick(Object
sender, EventArgs e) bei System.Windows.Threading.DispatcherTimer.FireTick(Object
unused) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Error - 07.02.2013 12:55:53 | Computer Name = Ralf-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 10.02.2013 12:40:29 | Computer Name = Ralf-PC | Source = TOASTER.EXE | ID = 0
Description = An Unhandled Exception occured. Die Datei "C:\Users\Ralf\AppData\local\\softthinks\scheduler.xml"
ist bereits vorhanden. bei System.IO.__Error.WinIOError(Int32 errorCode, String
maybeFullPath) bei System.IO.File.InternalCopy(String sourceFileName, String
destFileName, Boolean overwrite) bei System.IO.File.Copy(String sourceFileName,
String destFileName) bei Toaster.SchedulerReader.read() bei Toaster.Notifications.FullSystemBackup.FsbHelper.IsFsbScheduledNow()
bei Toaster.Notifications.FullSystemBackup.FsbHelper.CheckReminder() bei Toaster.Helper.CheckReminders(ObservableCollection`1
notificationHelpers) bei Toaster.MainWindowViewModel.NotificationsTimerTick(Object
sender, EventArgs e) bei System.Windows.Threading.DispatcherTimer.FireTick(Object
unused) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Error - 10.02.2013 16:12:58 | Computer Name = Ralf-PC | Source = TOASTER.EXE | ID = 0
Description = An Unhandled Exception occured. Die Datei "C:\Users\Ralf\AppData\local\\softthinks\scheduler.xml"
ist bereits vorhanden. bei System.IO.__Error.WinIOError(Int32 errorCode, String
maybeFullPath) bei System.IO.File.InternalCopy(String sourceFileName, String
destFileName, Boolean overwrite) bei System.IO.File.Copy(String sourceFileName,
String destFileName) bei Toaster.SchedulerReader.read() bei Toaster.Notifications.FullSystemBackup.FsbHelper.IsFsbScheduledNow()
bei Toaster.Notifications.FullSystemBackup.FsbHelper.CheckReminder() bei Toaster.Helper.CheckReminders(ObservableCollection`1
notificationHelpers) bei Toaster.MainWindowViewModel.NotificationsTimerTick(Object
sender, EventArgs e) bei System.Windows.Threading.DispatcherTimer.FireTick(Object
unused) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Error - 15.02.2013 07:38:08 | Computer Name = Ralf-PC | Source = TOASTER.EXE | ID = 0
Description = An Unhandled Exception occured. Die Datei "C:\Users\Ralf\AppData\local\\softthinks\scheduler.xml"
ist bereits vorhanden. bei System.IO.__Error.WinIOError(Int32 errorCode, String
maybeFullPath) bei System.IO.File.InternalCopy(String sourceFileName, String
destFileName, Boolean overwrite) bei System.IO.File.Copy(String sourceFileName,
String destFileName) bei Toaster.SchedulerReader.read() bei Toaster.Notifications.FullSystemBackup.FsbHelper.IsFsbScheduledNow()
bei Toaster.Notifications.FullSystemBackup.FsbHelper.CheckReminder() bei Toaster.Helper.CheckReminders(ObservableCollection`1
notificationHelpers) bei Toaster.MainWindowViewModel.NotificationsTimerTick(Object
sender, EventArgs e) bei System.Windows.Threading.DispatcherTimer.FireTick(Object
unused) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Error - 15.02.2013 10:09:18 | Computer Name = Ralf-PC | Source = TOASTER.EXE | ID = 0
Description = An Unhandled Exception occured. Die Datei "C:\Users\Ralf\AppData\local\\softthinks\scheduler.xml"
ist bereits vorhanden. bei System.IO.__Error.WinIOError(Int32 errorCode, String
maybeFullPath) bei System.IO.File.InternalCopy(String sourceFileName, String
destFileName, Boolean overwrite) bei System.IO.File.Copy(String sourceFileName,
String destFileName) bei Toaster.SchedulerReader.read() bei Toaster.Notifications.FullSystemBackup.FsbHelper.IsFsbScheduledNow()
bei Toaster.Notifications.FullSystemBackup.FsbHelper.CheckReminder() bei Toaster.Helper.CheckReminders(ObservableCollection`1
notificationHelpers) bei Toaster.MainWindowViewModel.NotificationsTimerTick(Object
sender, EventArgs e) bei System.Windows.Threading.DispatcherTimer.FireTick(Object
unused) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Error - 17.02.2013 11:15:38 | Computer Name = Ralf-PC | Source = TOASTER.EXE | ID = 0
Description = An Unhandled Exception occured. Die Datei "C:\Users\Ralf\AppData\local\\softthinks\scheduler.xml"
ist bereits vorhanden. bei System.IO.__Error.WinIOError(Int32 errorCode, String
maybeFullPath) bei System.IO.File.InternalCopy(String sourceFileName, String
destFileName, Boolean overwrite) bei System.IO.File.Copy(String sourceFileName,
String destFileName) bei Toaster.SchedulerReader.read() bei Toaster.Notifications.FullSystemBackup.FsbHelper.IsFsbScheduledNow()
bei Toaster.Notifications.FullSystemBackup.FsbHelper.CheckReminder() bei Toaster.Helper.CheckReminders(ObservableCollection`1
notificationHelpers) bei Toaster.MainWindowViewModel.NotificationsTimerTick(Object
sender, EventArgs e) bei System.Windows.Threading.DispatcherTimer.FireTick(Object
unused) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
[ Broadcom Wireless LAN Events ]
Error - 26.12.2012 12:33:20 | Computer Name = Ralf-PC | Source = WLAN-Tray | ID = 0
Description = 17:33:20, Wed, Dec 26, 12 Error - Unable to decode string, error 13
[ Dell Events ]
Error - 19.12.2010 06:50:42 | Computer Name = Ralf-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 27.02.2011 14:04:14 | Computer Name = Ralf-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 27.02.2011 14:04:14 | Computer Name = Ralf-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 28.02.2011 14:32:35 | Computer Name = Ralf-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 28.02.2011 14:32:35 | Computer Name = Ralf-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 02.06.2011 07:01:25 | Computer Name = Ralf-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 02.06.2011 07:01:25 | Computer Name = Ralf-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 02.06.2011 13:55:47 | Computer Name = Ralf-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 02.06.2011 13:55:47 | Computer Name = Ralf-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 14.07.2011 05:46:26 | Computer Name = Ralf-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
[ Media Center Events ]
Error - 09.03.2010 14:57:48 | Computer Name = Ralf-PC | Source = MCUpdate | ID = 0
Description = 19:57:48 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde
liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
keine Vertrauensstellung hergestellt werden..)
[ System Events ]
Error - 03.03.2013 15:20:23 | Computer Name = Ralf-PC | Source = Microsoft Antimalware | ID = 1119
Description = Beim Anwenden von Aktionen auf Schadsoftware und potenziell unerwünschte
Software wurde von %%860 ein schwerwiegender Fehler festgestellt. Weitere Informationen
finden Sie hier: hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Matsnu.gen!A&threatid=2147652606
Name:
Trojan:Win32/Matsnu.gen!A ID: 2147652606 Schweregrad: Schwerwiegend Kategorie: Trojaner
Pfad:
containerfile:_C:\Users\Ralf\AppData\Local\Temp\wrmslthknx.pre;file:_C:\Users\Ralf\AppData\Local\Temp\wrmslthknx.pre->[DynDrop]->(UPX)
Ursprung
der Erkennung: %%845 Typ der Erkennung: %%823 Quelle der Erkennung: %%820 Benutzer:
NT-AUTORITÄT\SYSTEM Prozessname: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
Aktion:
%%809 Aktionsstatus: No additional actions required Fehlercode: 0x80070021 Fehlerbeschreibung:
Der Prozess kann nicht auf die Datei zugreifen, da ein anderer Prozess einen Teil
der Datei gesperrt hat. Signaturversion: AV: 1.145.961.0, AS: 1.145.961.0, NIS:
18.36.0.0 Modulversion: AM: 1.1.9203.0, NIS: 2.1.8904.0
Error - 03.03.2013 15:28:21 | Computer Name = Ralf-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 03.03.2013 15:28:51 | Computer Name = Ralf-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 03.03.2013 15:37:07 | Computer Name = Ralf-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error - 03.03.2013 15:52:36 | Computer Name = Ralf-PC | Source = volsnap | ID = 393224
Description = Das Zeitlimit für den Lösch- und Speicherschreibvorgang für Volume
"C:" wurde beim Warten auf eine Schreibvorgangfreigabe überschritten.
Error - 06.03.2013 14:34:13 | Computer Name = Ralf-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 06.03.2013 14:34:43 | Computer Name = Ralf-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 09.03.2013 10:54:47 | Computer Name = Ralf-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 09.03.2013 10:55:20 | Computer Name = Ralf-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 09.03.2013 13:03:15 | Computer Name = Ralf-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
< End of report >
GMER Logfile: Code:
ATTFilter GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-09 19:09:05
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST932032 rev.0003 298,09GB
Running: q1v34tnk.exe; Driver: C:\Users\Ralf\AppData\Local\Temp\pxldrpob.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[1044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075981465 2 bytes [98, 75]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[1044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759814bb 2 bytes [98, 75]
.text ... * 2
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xF0 0x53 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8B 0xDD 0x3A 0x65 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xF0 0x53 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8B 0xDD 0x3A 0x65 ...
---- EOF - GMER 2.1 ----
ich vergaß defogger_disable by jpshortstuff (23.02.10.1) Log created at 16:46 on 09/03/2013 (Ralf) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... SPTD -> Disabled (Service running -> reboot required) -=E.O.F=- Geändert von tom1223 (09.03.2013 um 18:32 Uhr) |
|
10.03.2013, 21:03
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Anhang von Fake-Rechnung.zip geöffnet - Trojaner und Worms Hallo und
__________________ Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
10.03.2013, 22:57
| #3 |
| | Anhang von Fake-Rechnung.zip geöffnet - Trojaner und Worms Vielen Dank für den Auftrag, hier die Ergebnisse!
__________________Malwarebytes Anti-Rootkit BETA 1.01.0.1021 www.malwarebytes.org Database version: v2013.03.10.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Ralf :: RALF-PC [administrator] 10.03.2013 22:00:19 mbar-log-2013-03-10 (22-00-19).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 27662 Time elapsed: 18 minute(s), 53 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2013-03-10 22:06:15 ----------------------------- 22:06:16.011 OS Version: Windows x64 6.1.7601 Service Pack 1 22:06:16.011 Number of processors: 2 586 0x170A 22:06:16.011 ComputerName: RALF-PC UserName: Ralf 22:06:17.430 Initialize success 22:18:36.391 AVAST engine defs: 13031001 22:18:51.211 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 22:18:51.226 Disk 0 Vendor: ST932032 0003 Size: 305245MB BusType: 3 22:18:51.242 Disk 0 MBR read successfully 22:18:51.242 Disk 0 MBR scan 22:18:51.273 Disk 0 Windows VISTA default MBR code 22:18:51.273 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63 22:18:51.320 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920 22:18:51.351 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290204 MB offset 30801920 22:18:51.429 Disk 0 scanning C:\Windows\system32\drivers 22:19:17.138 Service scanning 22:20:01.457 Modules scanning 22:20:01.457 Disk 0 trace - called modules: 22:20:01.489 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 22:20:02.003 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800433b3f0] 22:20:02.003 3 CLASSPNP.SYS[fffff88001c4243f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80040e8050] 22:20:03.439 AVAST engine scan C:\Windows 22:20:06.715 AVAST engine scan C:\Windows\system32 22:27:11.613 AVAST engine scan C:\Windows\system32\drivers 22:27:39.677 AVAST engine scan C:\Users\Ralf 22:45:36.344 AVAST engine scan C:\ProgramData 22:47:37.588 Scan finished successfully 22:48:02.501 Disk 0 MBR has been saved successfully to "C:\Users\Ralf\Desktop\MBR.dat" 22:48:02.501 The log file has been saved successfully to "C:\Users\Ralf\Desktop\aswMBR.txt" 22:51:46.0242 4872 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 22:51:46.0460 4872 ============================================================ 22:51:46.0460 4872 Current date / time: 2013/03/10 22:51:46.0460 22:51:46.0460 4872 SystemInfo: 22:51:46.0460 4872 22:51:46.0460 4872 OS Version: 6.1.7601 ServicePack: 1.0 22:51:46.0460 4872 Product type: Workstation 22:51:46.0460 4872 ComputerName: RALF-PC 22:51:46.0460 4872 UserName: Ralf 22:51:46.0460 4872 Windows directory: C:\Windows 22:51:46.0460 4872 System windows directory: C:\Windows 22:51:46.0460 4872 Running under WOW64 22:51:46.0460 4872 Processor architecture: Intel x64 22:51:46.0460 4872 Number of processors: 2 22:51:46.0460 4872 Page size: 0x1000 22:51:46.0460 4872 Boot type: Normal boot 22:51:46.0460 4872 ============================================================ 22:51:47.0303 4872 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 22:51:47.0318 4872 ============================================================ 22:51:47.0318 4872 \Device\Harddisk0\DR0: 22:51:47.0318 4872 MBR partitions: 22:51:47.0318 4872 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000 22:51:47.0318 4872 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x236CE2B0 22:51:47.0318 4872 ============================================================ 22:51:47.0365 4872 C: <-> \Device\Harddisk0\DR0\Partition2 22:51:47.0365 4872 ============================================================ 22:51:47.0365 4872 Initialize success 22:51:47.0365 4872 ============================================================ 22:51:55.0181 2664 ============================================================ 22:51:55.0181 2664 Scan started 22:51:55.0181 2664 Mode: Manual; SigCheck; TDLFS; 22:51:55.0181 2664 ============================================================ 22:51:55.0618 2664 ================ Scan system memory ======================== 22:51:55.0618 2664 System memory - ok 22:51:55.0633 2664 ================ Scan services ============================= 22:51:55.0805 2664 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 22:51:55.0883 2664 1394ohci - ok 22:51:55.0961 2664 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 22:51:55.0976 2664 ACPI - ok 22:51:56.0039 2664 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 22:51:56.0070 2664 AcpiPmi - ok 22:51:56.0226 2664 [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 22:51:56.0257 2664 AdobeFlashPlayerUpdateSvc - ok 22:51:56.0320 2664 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 22:51:56.0351 2664 adp94xx - ok 22:51:56.0413 2664 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 22:51:56.0444 2664 adpahci - ok 22:51:56.0491 2664 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 22:51:56.0522 2664 adpu320 - ok 22:51:56.0554 2664 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 22:51:56.0616 2664 AeLookupSvc - ok 22:51:56.0678 2664 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 22:51:56.0710 2664 AFD - ok 22:51:56.0756 2664 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 22:51:56.0788 2664 agp440 - ok 22:51:56.0803 2664 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 22:51:56.0819 2664 ALG - ok 22:51:56.0866 2664 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 22:51:56.0881 2664 aliide - ok 22:51:56.0928 2664 [ 9A5495EDEBE7D6B3F7E9A86EBE5EA248 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 22:51:56.0975 2664 AMD External Events Utility - ok 22:51:56.0990 2664 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 22:51:57.0006 2664 amdide - ok 22:51:57.0053 2664 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 22:51:57.0068 2664 AmdK8 - ok 22:51:57.0068 2664 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 22:51:57.0084 2664 AmdPPM - ok 22:51:57.0146 2664 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 22:51:57.0178 2664 amdsata - ok 22:51:57.0224 2664 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 22:51:57.0256 2664 amdsbs - ok 22:51:57.0271 2664 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 22:51:57.0287 2664 amdxata - ok 22:51:57.0396 2664 [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 22:51:57.0412 2664 AntiVirSchedulerService - ok 22:51:57.0474 2664 [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 22:51:57.0490 2664 AntiVirService - ok 22:51:57.0536 2664 [ 1412E9A88FE1F7E35CE6058A2EF03664 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys 22:51:57.0568 2664 ApfiltrService - ok 22:51:57.0630 2664 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 22:51:57.0677 2664 AppID - ok 22:51:57.0708 2664 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 22:51:57.0770 2664 AppIDSvc - ok 22:51:57.0817 2664 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 22:51:57.0864 2664 Appinfo - ok 22:51:57.0911 2664 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 22:51:57.0942 2664 arc - ok 22:51:57.0958 2664 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 22:51:57.0973 2664 arcsas - ok 22:51:58.0020 2664 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 22:51:58.0067 2664 AsyncMac - ok 22:51:58.0114 2664 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 22:51:58.0129 2664 atapi - ok 22:51:58.0332 2664 [ A08339AE90972E268B9622C668F450E8 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys 22:51:58.0410 2664 atikmdag - ok 22:51:58.0504 2664 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 22:51:58.0550 2664 AudioEndpointBuilder - ok 22:51:58.0597 2664 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 22:51:58.0660 2664 AudioSrv - ok 22:51:58.0706 2664 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 22:51:58.0722 2664 avgntflt - ok 22:51:58.0784 2664 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 22:51:58.0800 2664 avipbb - ok 22:51:58.0816 2664 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 22:51:58.0831 2664 avkmgr - ok 22:51:58.0894 2664 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 22:51:58.0925 2664 AxInstSV - ok 22:51:58.0987 2664 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 22:51:59.0018 2664 b06bdrv - ok 22:51:59.0081 2664 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 22:51:59.0112 2664 b57nd60a - ok 22:51:59.0159 2664 [ E001DD475A7C27EBE5A0DB45C11BAD71 ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys 22:51:59.0174 2664 BCM42RLY - ok 22:51:59.0284 2664 [ F4CD5F52850BF2C978DE178F256BA372 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys 22:51:59.0362 2664 BCM43XX - ok 22:51:59.0408 2664 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 22:51:59.0440 2664 BDESVC - ok 22:51:59.0486 2664 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 22:51:59.0549 2664 Beep - ok 22:51:59.0627 2664 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 22:51:59.0689 2664 BFE - ok 22:51:59.0736 2664 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 22:51:59.0798 2664 BITS - ok 22:51:59.0814 2664 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 22:51:59.0845 2664 blbdrive - ok 22:51:59.0892 2664 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 22:51:59.0923 2664 bowser - ok 22:51:59.0970 2664 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 22:52:00.0001 2664 BrFiltLo - ok 22:52:00.0017 2664 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 22:52:00.0032 2664 BrFiltUp - ok 22:52:00.0079 2664 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 22:52:00.0095 2664 Browser - ok 22:52:00.0126 2664 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 22:52:00.0142 2664 Brserid - ok 22:52:00.0157 2664 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 22:52:00.0173 2664 BrSerWdm - ok 22:52:00.0204 2664 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 22:52:00.0235 2664 BrUsbMdm - ok 22:52:00.0251 2664 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 22:52:00.0266 2664 BrUsbSer - ok 22:52:00.0298 2664 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 22:52:00.0329 2664 BTHMODEM - ok 22:52:00.0391 2664 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 22:52:00.0438 2664 bthserv - ok 22:52:00.0454 2664 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 22:52:00.0500 2664 cdfs - ok 22:52:00.0547 2664 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys 22:52:00.0578 2664 cdrom - ok 22:52:00.0641 2664 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 22:52:00.0688 2664 CertPropSvc - ok 22:52:00.0734 2664 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 22:52:00.0766 2664 circlass - ok 22:52:00.0812 2664 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 22:52:00.0844 2664 CLFS - ok 22:52:00.0922 2664 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 22:52:00.0953 2664 clr_optimization_v2.0.50727_32 - ok 22:52:01.0015 2664 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 22:52:01.0031 2664 clr_optimization_v2.0.50727_64 - ok 22:52:01.0124 2664 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 22:52:01.0156 2664 clr_optimization_v4.0.30319_32 - ok 22:52:01.0171 2664 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 22:52:01.0187 2664 clr_optimization_v4.0.30319_64 - ok 22:52:01.0218 2664 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 22:52:01.0249 2664 CmBatt - ok 22:52:01.0280 2664 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 22:52:01.0312 2664 cmdide - ok 22:52:01.0343 2664 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 22:52:01.0390 2664 CNG - ok 22:52:01.0436 2664 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 22:52:01.0468 2664 Compbatt - ok 22:52:01.0546 2664 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 22:52:01.0577 2664 CompositeBus - ok 22:52:01.0592 2664 COMSysApp - ok 22:52:01.0624 2664 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 22:52:01.0639 2664 crcdisk - ok 22:52:01.0702 2664 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 22:52:01.0733 2664 CryptSvc - ok 22:52:01.0780 2664 [ ED5CF92396A62F4C15110DCDB5E854D9 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys 22:52:01.0795 2664 CtClsFlt - ok 22:52:01.0873 2664 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 22:52:01.0936 2664 DcomLaunch - ok 22:52:01.0951 2664 dcxlekan - ok 22:52:01.0998 2664 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 22:52:02.0060 2664 defragsvc - ok 22:52:02.0107 2664 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 22:52:02.0170 2664 DfsC - ok 22:52:02.0232 2664 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 22:52:02.0263 2664 Dhcp - ok 22:52:02.0294 2664 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 22:52:02.0341 2664 discache - ok 22:52:02.0388 2664 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 22:52:02.0404 2664 Disk - ok 22:52:02.0450 2664 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 22:52:02.0482 2664 Dnscache - ok 22:52:02.0591 2664 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe 22:52:02.0622 2664 DockLoginService ( UnsignedFile.Multi.Generic ) - warning 22:52:02.0622 2664 DockLoginService - detected UnsignedFile.Multi.Generic (1) 22:52:02.0669 2664 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 22:52:02.0716 2664 dot3svc - ok 22:52:02.0762 2664 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 22:52:02.0809 2664 DPS - ok 22:52:02.0856 2664 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 22:52:02.0872 2664 drmkaud - ok 22:52:02.0934 2664 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 22:52:02.0981 2664 DXGKrnl - ok 22:52:03.0028 2664 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 22:52:03.0090 2664 EapHost - ok 22:52:03.0199 2664 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 22:52:03.0246 2664 ebdrv - ok 22:52:03.0277 2664 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 22:52:03.0293 2664 EFS - ok 22:52:03.0371 2664 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 22:52:03.0402 2664 ehRecvr - ok 22:52:03.0418 2664 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 22:52:03.0433 2664 ehSched - ok 22:52:03.0480 2664 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 22:52:03.0511 2664 elxstor - ok 22:52:03.0527 2664 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 22:52:03.0542 2664 ErrDev - ok 22:52:03.0620 2664 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 22:52:03.0683 2664 EventSystem - ok 22:52:03.0698 2664 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 22:52:03.0745 2664 exfat - ok 22:52:03.0761 2664 ezymbumc - ok 22:52:03.0792 2664 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 22:52:03.0839 2664 fastfat - ok 22:52:03.0901 2664 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 22:52:03.0948 2664 Fax - ok 22:52:03.0995 2664 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 22:52:04.0026 2664 fdc - ok 22:52:04.0088 2664 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 22:52:04.0135 2664 fdPHost - ok 22:52:04.0151 2664 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 22:52:04.0182 2664 FDResPub - ok 22:52:04.0213 2664 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 22:52:04.0229 2664 FileInfo - ok 22:52:04.0260 2664 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 22:52:04.0291 2664 Filetrace - ok 22:52:04.0322 2664 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 22:52:04.0354 2664 flpydisk - ok 22:52:04.0400 2664 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 22:52:04.0432 2664 FltMgr - ok 22:52:04.0494 2664 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 22:52:04.0541 2664 FontCache - ok 22:52:04.0619 2664 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 22:52:04.0634 2664 FontCache3.0.0.0 - ok 22:52:04.0681 2664 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 22:52:04.0712 2664 FsDepends - ok 22:52:04.0744 2664 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 22:52:04.0759 2664 Fs_Rec - ok 22:52:04.0822 2664 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 22:52:04.0853 2664 fvevol - ok 22:52:04.0900 2664 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 22:52:04.0931 2664 gagp30kx - ok 22:52:04.0946 2664 gnngvszs - ok 22:52:04.0993 2664 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 22:52:05.0056 2664 gpsvc - ok 22:52:05.0118 2664 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 22:52:05.0149 2664 gupdate - ok 22:52:05.0180 2664 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 22:52:05.0212 2664 gupdatem - ok 22:52:05.0258 2664 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 22:52:05.0274 2664 hcw85cir - ok 22:52:05.0336 2664 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 22:52:05.0368 2664 HDAudBus - ok 22:52:05.0368 2664 hekhvrcx - ok 22:52:05.0383 2664 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 22:52:05.0399 2664 HidBatt - ok 22:52:05.0414 2664 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 22:52:05.0430 2664 HidBth - ok 22:52:05.0446 2664 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 22:52:05.0461 2664 HidIr - ok 22:52:05.0492 2664 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 22:52:05.0539 2664 hidserv - ok 22:52:05.0602 2664 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys 22:52:05.0617 2664 HidUsb - ok 22:52:05.0664 2664 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 22:52:05.0711 2664 hkmsvc - ok 22:52:05.0758 2664 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 22:52:05.0789 2664 HomeGroupListener - ok 22:52:05.0836 2664 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 22:52:05.0867 2664 HomeGroupProvider - ok 22:52:05.0914 2664 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 22:52:05.0945 2664 HpSAMD - ok 22:52:05.0992 2664 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 22:52:06.0054 2664 HTTP - ok 22:52:06.0070 2664 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 22:52:06.0070 2664 hwpolicy - ok 22:52:06.0132 2664 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 22:52:06.0163 2664 i8042prt - ok 22:52:06.0257 2664 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe 22:52:06.0288 2664 IAANTMON - ok 22:52:06.0319 2664 [ 4F6FB2CDBDEEFC47E7D2066E78254580 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 22:52:06.0350 2664 iaStor - ok 22:52:06.0428 2664 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 22:52:06.0460 2664 iaStorV - ok 22:52:06.0538 2664 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 22:52:06.0569 2664 idsvc - ok 22:52:06.0631 2664 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 22:52:06.0647 2664 iirsp - ok 22:52:06.0725 2664 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 22:52:06.0787 2664 IKEEXT - ok 22:52:06.0803 2664 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 22:52:06.0818 2664 intelide - ok 22:52:06.0850 2664 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 22:52:06.0881 2664 intelppm - ok 22:52:06.0928 2664 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 22:52:06.0990 2664 IPBusEnum - ok 22:52:07.0037 2664 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 22:52:07.0084 2664 IpFilterDriver - ok 22:52:07.0146 2664 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 22:52:07.0177 2664 iphlpsvc - ok 22:52:07.0208 2664 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 22:52:07.0224 2664 IPMIDRV - ok 22:52:07.0255 2664 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 22:52:07.0302 2664 IPNAT - ok 22:52:07.0333 2664 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 22:52:07.0364 2664 IRENUM - ok 22:52:07.0411 2664 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 22:52:07.0427 2664 isapnp - ok 22:52:07.0474 2664 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 22:52:07.0505 2664 iScsiPrt - ok 22:52:07.0520 2664 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 22:52:07.0552 2664 kbdclass - ok 22:52:07.0598 2664 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 22:52:07.0630 2664 kbdhid - ok 22:52:07.0630 2664 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 22:52:07.0661 2664 KeyIso - ok 22:52:07.0676 2664 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 22:52:07.0692 2664 KSecDD - ok 22:52:07.0723 2664 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 22:52:07.0754 2664 KSecPkg - ok 22:52:07.0801 2664 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 22:52:07.0848 2664 ksthunk - ok 22:52:07.0895 2664 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 22:52:07.0957 2664 KtmRm - ok 22:52:08.0020 2664 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 22:52:08.0066 2664 LanmanServer - ok 22:52:08.0113 2664 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 22:52:08.0176 2664 LanmanWorkstation - ok 22:52:08.0222 2664 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 22:52:08.0269 2664 lltdio - ok 22:52:08.0300 2664 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 22:52:08.0363 2664 lltdsvc - ok 22:52:08.0378 2664 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 22:52:08.0410 2664 lmhosts - ok 22:52:08.0456 2664 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 22:52:08.0472 2664 LSI_FC - ok 22:52:08.0488 2664 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 22:52:08.0503 2664 LSI_SAS - ok 22:52:08.0519 2664 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 22:52:08.0534 2664 LSI_SAS2 - ok 22:52:08.0566 2664 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 22:52:08.0581 2664 LSI_SCSI - ok 22:52:08.0612 2664 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 22:52:08.0659 2664 luafv - ok 22:52:08.0690 2664 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 22:52:08.0722 2664 Mcx2Svc - ok 22:52:08.0737 2664 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 22:52:08.0753 2664 megasas - ok 22:52:08.0784 2664 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 22:52:08.0800 2664 MegaSR - ok 22:52:08.0893 2664 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe 22:52:08.0909 2664 Microsoft Office Groove Audit Service - ok 22:52:08.0956 2664 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 22:52:09.0002 2664 MMCSS - ok 22:52:09.0018 2664 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 22:52:09.0065 2664 Modem - ok 22:52:09.0112 2664 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 22:52:09.0143 2664 monitor - ok 22:52:09.0174 2664 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys 22:52:09.0205 2664 mouclass - ok 22:52:09.0236 2664 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 22:52:09.0268 2664 mouhid - ok 22:52:09.0299 2664 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 22:52:09.0330 2664 mountmgr - ok 22:52:09.0408 2664 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 22:52:09.0424 2664 MozillaMaintenance - ok 22:52:09.0502 2664 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys 22:52:09.0533 2664 MpFilter - ok 22:52:09.0564 2664 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 22:52:09.0595 2664 mpio - ok 22:52:09.0626 2664 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 22:52:09.0689 2664 mpsdrv - ok 22:52:09.0751 2664 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 22:52:09.0814 2664 MpsSvc - ok 22:52:09.0845 2664 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 22:52:09.0892 2664 MRxDAV - ok 22:52:09.0938 2664 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 22:52:09.0954 2664 mrxsmb - ok 22:52:10.0001 2664 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 22:52:10.0016 2664 mrxsmb10 - ok 22:52:10.0048 2664 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 22:52:10.0063 2664 mrxsmb20 - ok 22:52:10.0094 2664 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 22:52:10.0110 2664 msahci - ok 22:52:10.0157 2664 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 22:52:10.0172 2664 msdsm - ok 22:52:10.0219 2664 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 22:52:10.0250 2664 MSDTC - ok 22:52:10.0313 2664 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 22:52:10.0360 2664 Msfs - ok 22:52:10.0375 2664 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 22:52:10.0422 2664 mshidkmdf - ok 22:52:10.0438 2664 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 22:52:10.0453 2664 msisadrv - ok 22:52:10.0500 2664 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 22:52:10.0562 2664 MSiSCSI - ok 22:52:10.0562 2664 msiserver - ok 22:52:10.0609 2664 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 22:52:10.0687 2664 MSKSSRV - ok 22:52:10.0781 2664 [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe 22:52:10.0796 2664 MsMpSvc - ok 22:52:10.0812 2664 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 22:52:10.0859 2664 MSPCLOCK - ok 22:52:10.0859 2664 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 22:52:10.0906 2664 MSPQM - ok 22:52:10.0937 2664 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 22:52:10.0968 2664 MsRPC - ok 22:52:11.0015 2664 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 22:52:11.0030 2664 mssmbios - ok 22:52:11.0077 2664 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 22:52:11.0140 2664 MSTEE - ok 22:52:11.0155 2664 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 22:52:11.0171 2664 MTConfig - ok 22:52:11.0202 2664 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 22:52:11.0233 2664 Mup - ok 22:52:11.0280 2664 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 22:52:11.0327 2664 napagent - ok 22:52:11.0405 2664 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 22:52:11.0436 2664 NativeWifiP - ok 22:52:11.0452 2664 ncnkzisy - ok 22:52:11.0514 2664 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 22:52:11.0545 2664 NDIS - ok 22:52:11.0608 2664 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 22:52:11.0654 2664 NdisCap - ok 22:52:11.0686 2664 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 22:52:11.0748 2664 NdisTapi - ok 22:52:11.0779 2664 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 22:52:11.0826 2664 Ndisuio - ok 22:52:11.0857 2664 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 22:52:11.0904 2664 NdisWan - ok 22:52:11.0935 2664 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 22:52:11.0982 2664 NDProxy - ok 22:52:12.0044 2664 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 22:52:12.0107 2664 NetBIOS - ok 22:52:12.0138 2664 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 22:52:12.0169 2664 NetBT - ok 22:52:12.0185 2664 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 22:52:12.0200 2664 Netlogon - ok 22:52:12.0247 2664 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 22:52:12.0310 2664 Netman - ok 22:52:12.0325 2664 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 22:52:12.0372 2664 netprofm - ok 22:52:12.0403 2664 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 22:52:12.0434 2664 NetTcpPortSharing - ok 22:52:12.0466 2664 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 22:52:12.0497 2664 nfrd960 - ok 22:52:12.0622 2664 [ 162100E0BC8377710F9D170631921C03 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys 22:52:12.0653 2664 NisDrv - ok 22:52:12.0700 2664 [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe 22:52:12.0731 2664 NisSrv - ok 22:52:12.0762 2664 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 22:52:12.0793 2664 NlaSvc - ok 22:52:12.0793 2664 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 22:52:12.0840 2664 Npfs - ok 22:52:12.0840 2664 nqwvgemn - ok 22:52:12.0887 2664 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 22:52:12.0949 2664 nsi - ok 22:52:12.0980 2664 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 22:52:13.0043 2664 nsiproxy - ok 22:52:13.0121 2664 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 22:52:13.0168 2664 Ntfs - ok 22:52:13.0183 2664 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 22:52:13.0214 2664 Null - ok 22:52:13.0261 2664 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 22:52:13.0277 2664 nvraid - ok 22:52:13.0308 2664 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 22:52:13.0324 2664 nvstor - ok 22:52:13.0370 2664 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 22:52:13.0402 2664 nv_agp - ok 22:52:13.0464 2664 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 22:52:13.0495 2664 odserv - ok 22:52:13.0542 2664 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 22:52:13.0573 2664 ohci1394 - ok 22:52:13.0620 2664 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 22:52:13.0636 2664 ose - ok 22:52:13.0667 2664 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 22:52:13.0698 2664 p2pimsvc - ok 22:52:13.0745 2664 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 22:52:13.0776 2664 p2psvc - ok 22:52:13.0823 2664 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 22:52:13.0838 2664 Parport - ok 22:52:13.0885 2664 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 22:52:13.0901 2664 partmgr - ok 22:52:13.0916 2664 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 22:52:13.0932 2664 PcaSvc - ok 22:52:13.0963 2664 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 22:52:13.0994 2664 pci - ok 22:52:14.0026 2664 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 22:52:14.0041 2664 pciide - ok 22:52:14.0088 2664 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 22:52:14.0119 2664 pcmcia - ok 22:52:14.0135 2664 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 22:52:14.0150 2664 pcw - ok 22:52:14.0166 2664 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 22:52:14.0213 2664 PEAUTH - ok 22:52:14.0306 2664 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 22:52:14.0338 2664 PerfHost - ok 22:52:14.0416 2664 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 22:52:14.0494 2664 pla - ok 22:52:14.0540 2664 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 22:52:14.0572 2664 PlugPlay - ok 22:52:14.0618 2664 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 22:52:14.0650 2664 PNRPAutoReg - ok 22:52:14.0665 2664 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 22:52:14.0696 2664 PNRPsvc - ok 22:52:14.0728 2664 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 22:52:14.0759 2664 PolicyAgent - ok 22:52:14.0806 2664 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 22:52:14.0837 2664 Power - ok 22:52:14.0899 2664 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 22:52:14.0962 2664 PptpMiniport - ok 22:52:14.0993 2664 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 22:52:15.0024 2664 Processor - ok 22:52:15.0071 2664 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 22:52:15.0086 2664 ProfSvc - ok 22:52:15.0102 2664 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 22:52:15.0118 2664 ProtectedStorage - ok 22:52:15.0149 2664 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 22:52:15.0196 2664 Psched - ok 22:52:15.0242 2664 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys 22:52:15.0258 2664 PxHlpa64 - ok 22:52:15.0320 2664 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 22:52:15.0352 2664 ql2300 - ok 22:52:15.0398 2664 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 22:52:15.0430 2664 ql40xx - ok 22:52:15.0461 2664 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 22:52:15.0492 2664 QWAVE - ok 22:52:15.0492 2664 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 22:52:15.0523 2664 QWAVEdrv - ok 22:52:15.0539 2664 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 22:52:15.0570 2664 RasAcd - ok 22:52:15.0601 2664 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 22:52:15.0648 2664 RasAgileVpn - ok 22:52:15.0664 2664 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 22:52:15.0710 2664 RasAuto - ok 22:52:15.0757 2664 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 22:52:15.0820 2664 Rasl2tp - ok 22:52:15.0866 2664 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 22:52:15.0913 2664 RasMan - ok 22:52:15.0960 2664 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 22:52:16.0007 2664 RasPppoe - ok 22:52:16.0038 2664 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 22:52:16.0100 2664 RasSstp - ok 22:52:16.0132 2664 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 22:52:16.0194 2664 rdbss - ok 22:52:16.0210 2664 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 22:52:16.0225 2664 rdpbus - ok 22:52:16.0241 2664 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 22:52:16.0303 2664 RDPCDD - ok 22:52:16.0334 2664 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 22:52:16.0397 2664 RDPENCDD - ok 22:52:16.0412 2664 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 22:52:16.0459 2664 RDPREFMP - ok 22:52:16.0506 2664 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 22:52:16.0522 2664 RDPWD - ok 22:52:16.0600 2664 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 22:52:16.0631 2664 rdyboost - ok 22:52:16.0662 2664 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 22:52:16.0724 2664 RemoteAccess - ok 22:52:16.0756 2664 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 22:52:16.0818 2664 RemoteRegistry - ok 22:52:16.0834 2664 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 22:52:16.0865 2664 RpcEptMapper - ok 22:52:16.0880 2664 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 22:52:16.0896 2664 RpcLocator - ok 22:52:16.0958 2664 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 22:52:17.0005 2664 RpcSs - ok 22:52:17.0052 2664 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 22:52:17.0114 2664 rspndr - ok 22:52:17.0161 2664 [ 4A25DC970C58104602ED274DACAFD784 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys 22:52:17.0177 2664 RSUSBSTOR - ok 22:52:17.0208 2664 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 22:52:17.0224 2664 SamSs - ok 22:52:17.0255 2664 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 22:52:17.0286 2664 sbp2port - ok 22:52:17.0317 2664 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 22:52:17.0364 2664 SCardSvr - ok 22:52:17.0411 2664 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 22:52:17.0473 2664 scfilter - ok 22:52:17.0536 2664 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 22:52:17.0598 2664 Schedule - ok 22:52:17.0645 2664 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 22:52:17.0692 2664 SCPolicySvc - ok 22:52:17.0707 2664 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 22:52:17.0723 2664 SDRSVC - ok 22:52:17.0770 2664 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 22:52:17.0816 2664 secdrv - ok 22:52:17.0848 2664 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 22:52:17.0879 2664 seclogon - ok 22:52:17.0926 2664 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 22:52:17.0972 2664 SENS - ok 22:52:18.0004 2664 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 22:52:18.0019 2664 SensrSvc - ok 22:52:18.0082 2664 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 22:52:18.0097 2664 Serenum - ok 22:52:18.0144 2664 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 22:52:18.0175 2664 Serial - ok 22:52:18.0206 2664 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 22:52:18.0238 2664 sermouse - ok 22:52:18.0284 2664 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 22:52:18.0347 2664 SessionEnv - ok 22:52:18.0362 2664 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 22:52:18.0378 2664 sffdisk - ok 22:52:18.0394 2664 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 22:52:18.0409 2664 sffp_mmc - ok 22:52:18.0425 2664 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 22:52:18.0440 2664 sffp_sd - ok 22:52:18.0472 2664 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 22:52:18.0503 2664 sfloppy - ok 22:52:18.0596 2664 [ 74EC60E20516AAA573BE74F31175270F ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE 22:52:18.0643 2664 SftService - ok 22:52:18.0690 2664 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 22:52:18.0752 2664 SharedAccess - ok 22:52:18.0784 2664 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 22:52:18.0846 2664 ShellHWDetection - ok 22:52:18.0877 2664 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 22:52:18.0893 2664 SiSRaid2 - ok 22:52:18.0924 2664 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 22:52:18.0940 2664 SiSRaid4 - ok 22:52:19.0018 2664 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 22:52:19.0049 2664 SkypeUpdate - ok 22:52:19.0080 2664 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 22:52:19.0127 2664 Smb - ok 22:52:19.0174 2664 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 22:52:19.0205 2664 SNMPTRAP - ok 22:52:19.0236 2664 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 22:52:19.0267 2664 spldr - ok 22:52:19.0314 2664 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 22:52:19.0330 2664 Spooler - ok 22:52:19.0454 2664 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 22:52:19.0548 2664 sppsvc - ok 22:52:19.0579 2664 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 22:52:19.0610 2664 sppuinotify - ok 22:52:19.0688 2664 [ D630B6F2E8379B6F10DC16E82A426552 ] sprtsvc_DellSupportCenter C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe 22:52:19.0720 2664 sprtsvc_DellSupportCenter - ok 22:52:19.0782 2664 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\System32\Drivers\sptd.sys 22:52:19.0813 2664 sptd - ok 22:52:19.0876 2664 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 22:52:19.0907 2664 srv - ok 22:52:19.0954 2664 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 22:52:19.0985 2664 srv2 - ok 22:52:20.0000 2664 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 22:52:20.0016 2664 srvnet - ok 22:52:20.0078 2664 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 22:52:20.0125 2664 SSDPSRV - ok 22:52:20.0141 2664 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 22:52:20.0188 2664 SstpSvc - ok 22:52:20.0312 2664 [ 444109453A2B87E6C16BCDA5953E81A9 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe 22:52:20.0344 2664 STacSV - ok 22:52:20.0375 2664 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 22:52:20.0390 2664 stexstor - ok 22:52:20.0453 2664 [ 02E784FA49032F84964DB90A3ED81890 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys 22:52:20.0484 2664 STHDA - ok 22:52:20.0531 2664 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 22:52:20.0562 2664 stisvc - ok 22:52:20.0609 2664 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 22:52:20.0624 2664 swenum - ok 22:52:20.0687 2664 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 22:52:20.0749 2664 swprv - ok 22:52:20.0827 2664 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 22:52:20.0874 2664 SysMain - ok 22:52:20.0905 2664 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 22:52:20.0936 2664 TabletInputService - ok 22:52:20.0983 2664 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 22:52:21.0046 2664 TapiSrv - ok 22:52:21.0092 2664 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 22:52:21.0139 2664 TBS - ok 22:52:21.0217 2664 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 22:52:21.0280 2664 Tcpip - ok 22:52:21.0358 2664 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 22:52:21.0404 2664 TCPIP6 - ok 22:52:21.0451 2664 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 22:52:21.0467 2664 tcpipreg - ok 22:52:21.0498 2664 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 22:52:21.0498 2664 TDPIPE - ok 22:52:21.0545 2664 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 22:52:21.0560 2664 TDTCP - ok 22:52:21.0607 2664 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 22:52:21.0670 2664 tdx - ok 22:52:21.0701 2664 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 22:52:21.0716 2664 TermDD - ok 22:52:21.0763 2664 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 22:52:21.0826 2664 TermService - ok 22:52:21.0872 2664 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 22:52:21.0904 2664 Themes - ok 22:52:21.0935 2664 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 22:52:21.0982 2664 THREADORDER - ok 22:52:22.0075 2664 [ E9CA6ED72EA9F56BD6E98C7042092A1C ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe 22:52:22.0091 2664 TomTomHOMEService - ok 22:52:22.0138 2664 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 22:52:22.0184 2664 TrkWks - ok 22:52:22.0247 2664 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 22:52:22.0309 2664 TrustedInstaller - ok 22:52:22.0465 2664 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 22:52:22.0512 2664 tssecsrv - ok 22:52:22.0574 2664 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 22:52:22.0606 2664 TsUsbFlt - ok 22:52:22.0652 2664 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 22:52:22.0699 2664 tunnel - ok 22:52:22.0746 2664 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 22:52:22.0762 2664 uagp35 - ok 22:52:22.0808 2664 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 22:52:22.0855 2664 udfs - ok 22:52:22.0902 2664 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 22:52:22.0933 2664 UI0Detect - ok 22:52:22.0964 2664 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 22:52:22.0980 2664 uliagpkx - ok 22:52:23.0011 2664 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys 22:52:23.0042 2664 umbus - ok 22:52:23.0074 2664 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 22:52:23.0105 2664 UmPass - ok 22:52:23.0136 2664 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 22:52:23.0183 2664 upnphost - ok 22:52:23.0198 2664 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 22:52:23.0214 2664 usbccgp - ok 22:52:23.0245 2664 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 22:52:23.0276 2664 usbcir - ok 22:52:23.0292 2664 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 22:52:23.0308 2664 usbehci - ok 22:52:23.0339 2664 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 22:52:23.0370 2664 usbhub - ok 22:52:23.0386 2664 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 22:52:23.0401 2664 usbohci - ok 22:52:23.0448 2664 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 22:52:23.0479 2664 usbprint - ok 22:52:23.0495 2664 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 22:52:23.0510 2664 USBSTOR - ok 22:52:23.0510 2664 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 22:52:23.0526 2664 usbuhci - ok 22:52:23.0573 2664 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 22:52:23.0588 2664 usbvideo - ok 22:52:23.0635 2664 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys 22:52:23.0666 2664 usb_rndisx - ok 22:52:23.0698 2664 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 22:52:23.0744 2664 UxSms - ok 22:52:23.0760 2664 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 22:52:23.0776 2664 VaultSvc - ok 22:52:23.0807 2664 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 22:52:23.0838 2664 vdrvroot - ok 22:52:23.0885 2664 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 22:52:23.0947 2664 vds - ok 22:52:23.0994 2664 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 22:52:24.0025 2664 vga - ok 22:52:24.0041 2664 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 22:52:24.0072 2664 VgaSave - ok 22:52:24.0103 2664 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 22:52:24.0134 2664 vhdmp - ok 22:52:24.0181 2664 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 22:52:24.0197 2664 viaide - ok 22:52:24.0228 2664 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 22:52:24.0244 2664 volmgr - ok 22:52:24.0290 2664 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 22:52:24.0322 2664 volmgrx - ok 22:52:24.0353 2664 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 22:52:24.0368 2664 volsnap - ok 22:52:24.0415 2664 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 22:52:24.0446 2664 vsmraid - ok 22:52:24.0524 2664 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 22:52:24.0618 2664 VSS - ok 22:52:24.0634 2664 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 22:52:24.0649 2664 vwifibus - ok 22:52:24.0680 2664 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 22:52:24.0712 2664 vwififlt - ok 22:52:24.0758 2664 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 22:52:24.0821 2664 W32Time - ok 22:52:24.0852 2664 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 22:52:24.0868 2664 WacomPen - ok 22:52:24.0930 2664 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 22:52:24.0992 2664 WANARP - ok 22:52:25.0024 2664 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 22:52:25.0086 2664 Wanarpv6 - ok 22:52:25.0195 2664 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 22:52:25.0226 2664 WatAdminSvc - ok 22:52:25.0320 2664 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 22:52:25.0351 2664 wbengine - ok 22:52:25.0398 2664 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 22:52:25.0429 2664 WbioSrvc - ok 22:52:25.0476 2664 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 22:52:25.0507 2664 wcncsvc - ok 22:52:25.0538 2664 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 22:52:25.0554 2664 WcsPlugInService - ok 22:52:25.0585 2664 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 22:52:25.0616 2664 Wd - ok 22:52:25.0663 2664 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 22:52:25.0710 2664 Wdf01000 - ok 22:52:25.0726 2664 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 22:52:25.0757 2664 WdiServiceHost - ok 22:52:25.0757 2664 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 22:52:25.0788 2664 WdiSystemHost - ok 22:52:25.0835 2664 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 22:52:25.0866 2664 WebClient - ok 22:52:25.0882 2664 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 22:52:25.0928 2664 Wecsvc - ok 22:52:25.0928 2664 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 22:52:25.0975 2664 wercplsupport - ok 22:52:26.0006 2664 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 22:52:26.0053 2664 WerSvc - ok 22:52:26.0084 2664 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 22:52:26.0147 2664 WfpLwf - ok 22:52:26.0209 2664 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys 22:52:26.0225 2664 WimFltr - ok 22:52:26.0272 2664 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 22:52:26.0287 2664 WIMMount - ok 22:52:26.0318 2664 WinDefend - ok 22:52:26.0334 2664 WinHttpAutoProxySvc - ok 22:52:26.0396 2664 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 22:52:26.0443 2664 Winmgmt - ok 22:52:26.0537 2664 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 22:52:26.0599 2664 WinRM - ok 22:52:26.0646 2664 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 22:52:26.0677 2664 WinUsb - ok 22:52:26.0724 2664 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 22:52:26.0771 2664 Wlansvc - ok 22:52:26.0849 2664 [ 13B0A570E1AE451C92DA550085D72CF3 ] wltrysvc C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE 22:52:26.0864 2664 wltrysvc ( UnsignedFile.Multi.Generic ) - warning 22:52:26.0864 2664 wltrysvc - detected UnsignedFile.Multi.Generic (1) 22:52:26.0896 2664 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 22:52:26.0927 2664 WmiAcpi - ok 22:52:26.0974 2664 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 22:52:27.0005 2664 wmiApSrv - ok 22:52:27.0036 2664 WMPNetworkSvc - ok 22:52:27.0067 2664 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 22:52:27.0083 2664 WPCSvc - ok 22:52:27.0114 2664 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 22:52:27.0145 2664 WPDBusEnum - ok 22:52:27.0192 2664 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 22:52:27.0239 2664 ws2ifsl - ok 22:52:27.0254 2664 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 22:52:27.0286 2664 wscsvc - ok 22:52:27.0286 2664 WSearch - ok 22:52:27.0395 2664 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 22:52:27.0442 2664 wuauserv - ok 22:52:27.0488 2664 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 22:52:27.0504 2664 WudfPf - ok 22:52:27.0551 2664 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 22:52:27.0582 2664 WUDFRd - ok 22:52:27.0598 2664 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 22:52:27.0613 2664 wudfsvc - ok 22:52:27.0660 2664 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 22:52:27.0691 2664 WwanSvc - ok 22:52:27.0754 2664 [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys 22:52:27.0785 2664 yukonw7 - ok 22:52:27.0800 2664 ================ Scan global =============================== 22:52:27.0832 2664 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 22:52:27.0863 2664 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 22:52:27.0878 2664 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 22:52:27.0910 2664 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 22:52:27.0941 2664 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 22:52:27.0941 2664 [Global] - ok 22:52:27.0956 2664 ================ Scan MBR ================================== 22:52:27.0972 2664 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0 22:52:28.0378 2664 \Device\Harddisk0\DR0 - ok 22:52:28.0378 2664 ================ Scan VBR ================================== 22:52:28.0378 2664 [ AE22F4C4833673412566B08C397D046F ] \Device\Harddisk0\DR0\Partition1 22:52:28.0378 2664 \Device\Harddisk0\DR0\Partition1 - ok 22:52:28.0409 2664 [ 1F1DA62BB32C499844CC8F80A738893D ] \Device\Harddisk0\DR0\Partition2 22:52:28.0424 2664 \Device\Harddisk0\DR0\Partition2 - ok 22:52:28.0424 2664 ============================================================ 22:52:28.0424 2664 Scan finished 22:52:28.0424 2664 ============================================================ 22:52:28.0440 2064 Detected object count: 2 22:52:28.0440 2064 Actual detected object count: 2 22:52:32.0886 2064 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user 22:52:32.0886 2064 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:52:32.0886 2064 wltrysvc ( UnsignedFile.Multi.Generic ) - skipped by user 22:52:32.0886 2064 wltrysvc ( UnsignedFile.Multi.Generic ) - User select action: Skip |
|
11.03.2013, 09:37
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Anhang von Fake-Rechnung.zip geöffnet - Trojaner und Worms Die Logs bitte in CODE-Tags!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
11.03.2013, 21:12
| #5 |
| | Anhang von Fake-Rechnung.zip geöffnet - Trojaner und WormsCode:
ATTFilter ComboFix 13-03-11.01 - Ralf 11.03.2013 20:39:26.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4092.2209 [GMT 1:00]
ausgeführt von:: c:\users\Ralf\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-11 bis 2013-03-11 ))))))))))))))))))))))))))))))
.
.
2013-03-11 19:50 . 2013-03-11 19:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-10 21:51 . 2013-03-10 21:51 208216 ----a-w- c:\windows\system32\drivers\95411864.sys
2013-03-10 21:48 . 2013-03-10 21:48 208216 ----a-w- c:\windows\system32\drivers\44011593.sys
2013-03-10 20:40 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{19CFD013-5AF8-4A41-B3ED-26348995CEF0}\mpengine.dll
2013-03-09 15:05 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-03 19:14 . 2013-03-03 19:14 -------- d-----w- c:\users\Ralf\AppData\Roaming\Malwarebytes
2013-03-03 19:14 . 2013-03-03 19:14 -------- d-----w- c:\programdata\Malwarebytes
2013-03-03 19:14 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-03 19:13 . 2013-03-03 19:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-03 19:13 . 2013-03-03 19:13 -------- d-----w- c:\users\Ralf\AppData\Local\Programs
2013-02-27 19:15 . 2013-02-27 19:15 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-02-27 19:14 . 2013-02-27 19:14 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-27 19:14 . 2013-02-27 19:14 -------- d-----w- c:\program files (x86)\Java
2013-02-26 16:16 . 2013-03-03 19:27 -------- d-----w- c:\users\Ralf\AppData\Roaming\Cykahu
2013-02-26 16:16 . 2013-02-27 18:40 -------- d-----w- c:\users\Ralf\AppData\Roaming\Ovov
2013-02-26 16:16 . 2013-02-26 16:16 -------- d-----w- c:\users\Ralf\AppData\Roaming\Uxmyy
2013-02-17 16:20 . 2013-03-03 10:31 -------- d-----w- c:\program files (x86)\Google
2013-02-17 16:20 . 2013-02-17 16:26 -------- d-----w- c:\users\Ralf\AppData\Local\Google
2013-02-15 13:03 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-15 13:03 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-15 13:00 . 2013-01-09 01:48 17812992 ----a-w- c:\windows\system32\mshtml.dll
2013-02-15 13:00 . 2013-01-09 01:22 10925568 ----a-w- c:\windows\system32\ieframe.dll
2013-02-15 11:55 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-15 11:55 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-15 11:55 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-15 11:55 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-15 11:54 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-15 11:54 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-15 11:54 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-15 11:54 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-15 11:54 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-15 11:54 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-15 11:54 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-15 11:54 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-27 19:14 . 2012-09-07 11:37 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-02-27 19:14 . 2010-06-27 18:04 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-02-27 19:11 . 2012-07-02 18:42 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-27 19:11 . 2011-12-13 17:02 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-15 13:08 . 2010-07-20 09:28 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-01-30 10:53 . 2010-03-09 18:18 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-20 14:59 . 2013-01-20 14:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 14:59 . 2012-08-30 20:03 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-04 04:43 . 2013-02-15 11:54 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-22 13:08 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 13:08 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 13:08 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 13:08 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-12 17:10 . 2012-10-05 17:30 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-12-12 17:09 . 2012-10-05 17:30 99912 ----a-w- c:\windows\system32\drivers\avgntflt.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-26 98304]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-02-15 385248]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-09 559616]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 dcxlekan;dcxlekan;c:\windows\system32\drivers\dcxlekan.sys [x]
R1 ezymbumc;ezymbumc;c:\windows\system32\drivers\ezymbumc.sys [x]
R1 gnngvszs;gnngvszs;c:\windows\system32\drivers\gnngvszs.sys [x]
R1 hekhvrcx;hekhvrcx;c:\windows\system32\drivers\hekhvrcx.sys [x]
R1 ncnkzisy;ncnkzisy;c:\windows\system32\drivers\ncnkzisy.sys [x]
R1 nqwvgemn;nqwvgemn;c:\windows\system32\drivers\nqwvgemn.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-11 1255736]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-09 834544]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-06-25 203264]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-02-15 86752]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-06-21 92632]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-05-08 215552]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-02 19:11]
.
2013-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-17 16:20]
.
2013-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-17 16:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-01-23 305664]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\i5tegyxn.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.de
FF - ExtSQL: 2013-03-03 20:06; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\i5tegyxn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-11 21:09:31
ComboFix-quarantined-files.txt 2013-03-11 20:09
.
Vor Suchlauf: 12 Verzeichnis(se), 226.545.651.712 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 227.567.915.008 Bytes frei
.
- - End Of File - - A5E419718BAD30AABA5F05E2F18755E6
Windows Security Essentials habe ich noch bevor Combofix die Überprüfung gestartet hatte und der Hinweis kam, die Security Programme auszuschalten, auch deaktiviert. Es kam zu keinen Problemen bei der Ausführung von Combofix. Danke fürs Auswerten!  |
|
12.03.2013, 09:59
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Anhang von Fake-Rechnung.zip geöffnet - Trojaner und Worms Combofix-Skript
__________________ --> Anhang von Fake-Rechnung.zip geöffnet - Trojaner und Worms |
|
12.03.2013, 21:45
| #7 |
| | Anhang von Fake-Rechnung.zip geöffnet - Trojaner und Worms Hi, nach dem Neustart von Windows kam nach ca. 5 min eine Fehlermeldung von Toaster.exe, siehe Anhang. Ich habe auf Ok geklickt, aber Combofix schien davon nicht beeinflusst wurden zu sein. Code:
ATTFilter ComboFix 13-03-11.01 - Ralf 12.03.2013 21:02:47.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4092.2608 [GMT 1:00]
ausgeführt von:: c:\users\Ralf\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Ralf\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
FILE ::
"c:\windows\system32\drivers\dcxlekan.sys"
"c:\windows\system32\drivers\ezymbumc.sys"
"c:\windows\system32\drivers\gnngvszs.sys"
"c:\windows\system32\drivers\hekhvrcx.sys"
"c:\windows\system32\drivers\ncnkzisy.sys"
"c:\windows\system32\drivers\nqwvgemn.sys"
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ralf\AppData\Roaming\Cykahu
c:\users\Ralf\AppData\Roaming\Ovov
c:\users\Ralf\AppData\Roaming\Ovov\ugun.ikw
c:\users\Ralf\AppData\Roaming\Ovov\ugun.tmp
c:\users\Ralf\AppData\Roaming\Uxmyy
c:\users\Ralf\AppData\Roaming\Uxmyy\ugfuu.vya
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_dcxlekan
-------\Service_ezymbumc
-------\Service_gnngvszs
-------\Service_hekhvrcx
-------\Service_ncnkzisy
-------\Service_nqwvgemn
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-12 bis 2013-03-12 ))))))))))))))))))))))))))))))
.
.
2013-03-12 20:14 . 2013-03-12 20:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-11 20:14 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{94220DA1-C2CC-4A1C-9CED-A57DF314344F}\mpengine.dll
2013-03-10 21:51 . 2013-03-10 21:51 208216 ----a-w- c:\windows\system32\drivers\95411864.sys
2013-03-10 21:48 . 2013-03-10 21:48 208216 ----a-w- c:\windows\system32\drivers\44011593.sys
2013-03-09 15:05 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-03 19:14 . 2013-03-03 19:14 -------- d-----w- c:\users\Ralf\AppData\Roaming\Malwarebytes
2013-03-03 19:14 . 2013-03-03 19:14 -------- d-----w- c:\programdata\Malwarebytes
2013-03-03 19:14 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-03 19:13 . 2013-03-03 19:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-03 19:13 . 2013-03-03 19:13 -------- d-----w- c:\users\Ralf\AppData\Local\Programs
2013-02-27 19:15 . 2013-02-27 19:15 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-02-27 19:14 . 2013-02-27 19:14 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-27 19:14 . 2013-02-27 19:14 -------- d-----w- c:\program files (x86)\Java
2013-02-17 16:20 . 2013-03-03 10:31 -------- d-----w- c:\program files (x86)\Google
2013-02-17 16:20 . 2013-02-17 16:26 -------- d-----w- c:\users\Ralf\AppData\Local\Google
2013-02-15 13:03 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-15 13:03 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-15 13:00 . 2013-01-09 01:48 17812992 ----a-w- c:\windows\system32\mshtml.dll
2013-02-15 13:00 . 2013-01-09 01:22 10925568 ----a-w- c:\windows\system32\ieframe.dll
2013-02-15 11:55 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-15 11:55 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-15 11:55 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-15 11:55 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-15 11:54 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-15 11:54 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-15 11:54 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-15 11:54 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-15 11:54 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-15 11:54 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-15 11:54 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-15 11:54 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-27 19:14 . 2012-09-07 11:37 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-02-27 19:14 . 2010-06-27 18:04 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-02-27 19:11 . 2012-07-02 18:42 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-27 19:11 . 2011-12-13 17:02 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-15 13:08 . 2010-07-20 09:28 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-02-08 00:28 . 2013-03-12 20:27 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B5FEE1D8-FE10-4BC9-B1B2-92F93F0E5AD0}\mpengine.dll
2013-01-30 10:53 . 2010-03-09 18:18 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-20 14:59 . 2013-01-20 14:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 14:59 . 2012-08-30 20:03 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-04 04:43 . 2013-02-15 11:54 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-22 13:08 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 13:08 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 13:08 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 13:08 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\system32\drivers\44011593.sys ---
Company: Kaspersky Lab, GERT
File Description: Kaspersky Lab Mini Driver
File Version: 2.8.4.0 built by: WinDDK
Product Name: Kaspersky Lab Mini Driver
Copyright: Copyright (c) Kaspersky Lab, GERT
Original Filename: klmd.sys
File size: 208216
Created time: 2013-03-10 21:48
Modified time: 2013-03-10 21:48
MD5: F146E2BA475893DD77B2370DC1211FC6
SHA1: B34C5CDBC9597694131FD20562DB201F62E6D1FE
.
.
--- c:\windows\system32\drivers\95411864.sys ---
Company: Kaspersky Lab, GERT
File Description: Kaspersky Lab Mini Driver
File Version: 2.8.4.0 built by: WinDDK
Product Name: Kaspersky Lab Mini Driver
Copyright: Copyright (c) Kaspersky Lab, GERT
Original Filename: klmd.sys
File size: 208216
Created time: 2013-03-10 21:51
Modified time: 2013-03-10 21:51
MD5: F146E2BA475893DD77B2370DC1211FC6
SHA1: B34C5CDBC9597694131FD20562DB201F62E6D1FE
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-26 98304]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-02-15 385248]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-09 559616]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-11 1255736]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-09 834544]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-06-25 203264]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-02-15 86752]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-06-21 92632]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-05-08 215552]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-02 19:11]
.
2013-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-17 16:20]
.
2013-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-17 16:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-01-23 305664]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\i5tegyxn.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.de
FF - ExtSQL: 2013-03-03 20:06; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\i5tegyxn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-03-12 21:37:12 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-03-12 20:37
ComboFix2.txt 2013-03-11 20:09
.
Vor Suchlauf: 14 Verzeichnis(se), 227.659.952.128 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 227.116.138.496 Bytes frei
.
- - End Of File - - 85A8BAD343E6B6AE17B4A4792F6704F9
Vielen Dank schon mal für die Auswertung! |
|
12.03.2013, 23:52
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Anhang von Fake-Rechnung.zip geöffnet - Trojaner und Worms JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.03.2013, 22:06
| #9 |
| | Anhang von Fake-Rechnung.zip geöffnet - Trojaner und WormsCode:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.1 (03.12.2013:1)
OS: Windows 7 Home Premium x64
Ran by Ralf on 13.03.2013 at 21:38:22,66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_current_user\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\bundlesweetimsetup_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\bundlesweetimsetup_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\sweetim_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\sweetim_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\sweetpacksupdatemanager_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\sweetpacksupdatemanager_rasmancs
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
~~~ FireFox
Successfully deleted: [File] C:\Users\Ralf\AppData\Roaming\mozilla\firefox\profiles\i5tegyxn.default\user.js
Successfully deleted: [File] C:\Users\Ralf\AppData\Roaming\mozilla\firefox\profiles\i5tegyxn.default\searchplugins\askcom.xml
Successfully deleted the following from C:\Users\Ralf\AppData\Roaming\mozilla\firefox\profiles\i5tegyxn.default\prefs.js
user_pref("browser.search.order.1", "Ask.com");
Emptied folder: C:\Users\Ralf\AppData\Roaming\mozilla\firefox\profiles\i5tegyxn.default\minidumps [97 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.03.2013 at 21:47:17,49
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.114 - Datei am 13/03/2013 um 21:48:51 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Ralf - RALF-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Ralf\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\ProgramData\Ask
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16464
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v19.0.2 (de)
Datei : C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\i5tegyxn.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [1210 octets] - [13/03/2013 21:48:51]
########## EOF - C:\AdwCleaner[S1].txt - [1270 octets] ##########
Code:
ATTFilter OTL logfile created on: 13.03.2013 21:54:21 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ralf\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,64 Gb Available Physical Memory | 65,99% Memory free 7,99 Gb Paging File | 6,35 Gb Available in Paging File | 79,50% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 283,40 Gb Total Space | 211,52 Gb Free Space | 74,64% Space Free | Partition Type: NTFS Computer Name: RALF-PC | User Name: Ralf | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\Ralf\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell) PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe () PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS) PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (SoftThinks - Dell) PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) PRC - C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll () ========== Services (SafeList) ========== SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE () SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe (IDT, Inc.) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe (IDT, Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation) SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (sprtsvc_DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys () DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{EAC7CBC3-0D54-4A17-B78A-F1929C00C73F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{8581C9B1-082F-4860-8CC2-A054E862C727}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1202315440-3592242644-174231323-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-1202315440-3592242644-174231323-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1202315440-3592242644-174231323-1000\..\SearchScopes\{AF5AEC55-9EF4-41DF-9162-C0370835616B}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=5569C61D-ACE4-4D5B-890B-5BB57BAA28D7&apn_sauid=0B26DE56-6009-428F-8CAD-F42BCC71CE11 IE - HKU\S-1-5-21-1202315440-3592242644-174231323-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.8.20100713041928 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.10 21:46:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.10 21:46:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.10 21:46:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.10 21:46:20 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.10 21:46:53 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.10 21:46:20 | 000,000,000 | ---D | M] [2012.07.01 18:45:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ralf\AppData\Roaming\mozilla\Extensions [2012.07.01 18:45:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ralf\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2013.03.03 20:09:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ralf\AppData\Roaming\mozilla\Firefox\Profiles\i5tegyxn.default\extensions [2013.03.03 20:06:16 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Ralf\AppData\Roaming\mozilla\firefox\profiles\i5tegyxn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.03.10 21:46:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013.03.10 21:46:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.03.10 21:46:52 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.03.12 21:16:37 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-1202315440-3592242644-174231323-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1202315440-3592242644-174231323-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1202315440-3592242644-174231323-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{143BBB14-0BDE-4E42-8EBD-DCD620BF51FA}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.13 21:38:19 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.03.13 21:38:13 | 000,000,000 | ---D | C] -- C:\JRT [2013.03.13 21:32:48 | 000,550,572 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Ralf\Desktop\JRT.exe [2013.03.12 21:37:36 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.03.12 21:16:40 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2013.03.12 20:56:40 | 005,037,889 | R--- | C] (Swearware) -- C:\Users\Ralf\Desktop\ComboFix.exe [2013.03.11 20:38:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.03.11 20:38:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.03.11 20:38:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.03.11 20:34:32 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.03.11 20:33:56 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.03.10 22:51:46 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\95411864.sys [2013.03.10 22:48:54 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\44011593.sys [2013.03.10 21:46:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.03.09 19:32:24 | 000,000,000 | ---D | C] -- C:\Users\Ralf\Desktop\Neuer Ordner [2013.03.09 16:54:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ralf\Desktop\OTL.exe [2013.03.03 20:14:34 | 000,000,000 | ---D | C] -- C:\Users\Ralf\AppData\Roaming\Malwarebytes [2013.03.03 20:14:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.03 20:14:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.03 20:14:00 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.03.03 20:13:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.03.03 20:13:44 | 000,000,000 | ---D | C] -- C:\Users\Ralf\AppData\Local\Programs [2013.03.03 11:31:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013.02.27 20:15:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.02.27 20:15:10 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.02.27 20:14:47 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.02.27 20:14:47 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.02.27 20:14:47 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.02.27 20:14:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.02.17 17:20:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2013.02.17 17:20:48 | 000,000,000 | ---D | C] -- C:\Users\Ralf\AppData\Local\Google [2013.02.15 14:01:10 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.02.15 14:01:10 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.02.15 14:01:09 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.02.15 14:01:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.02.15 14:01:08 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.02.15 14:01:08 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.02.15 14:01:07 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.02.15 14:01:07 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.02.15 14:01:06 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.02.15 14:01:06 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.02.15 14:01:06 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.02.15 14:01:06 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.02.15 14:01:04 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.02.15 14:01:03 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.02.15 14:01:03 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.02.15 12:55:19 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.02.15 12:55:17 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.02.15 12:55:15 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.02.15 12:54:59 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.02.15 12:54:57 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.02.15 12:54:57 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.02.15 12:54:57 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.02.15 12:54:57 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.02.15 12:54:55 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.02.15 12:54:42 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS ========== Files - Modified Within 30 Days ========== [2013.03.13 21:57:59 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.13 21:57:59 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.13 21:50:18 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.13 21:49:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.13 21:49:44 | 3218,358,272 | -HS- | M] () -- C:\hiberfil.sys [2013.03.13 21:34:48 | 000,597,667 | ---- | M] () -- C:\Users\Ralf\Desktop\adwcleaner.exe [2013.03.13 21:33:03 | 000,550,572 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Ralf\Desktop\JRT.exe [2013.03.12 21:25:01 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.12 21:16:37 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.03.12 21:06:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.12 20:57:58 | 005,037,889 | R--- | M] (Swearware) -- C:\Users\Ralf\Desktop\ComboFix.exe [2013.03.10 22:51:46 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\95411864.sys [2013.03.10 22:48:54 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\44011593.sys [2013.03.09 16:55:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ralf\Desktop\OTL.exe [2013.03.09 16:46:52 | 000,000,020 | ---- | M] () -- C:\Users\Ralf\defogger_reenable [2013.03.06 20:37:50 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2013.03.06 20:34:57 | 000,058,429 | ---- | M] () -- C:\Users\Ralf\Desktop\TP VO - Terminplan Vorstand - Rev.2.pdf [2013.03.06 20:29:19 | 000,133,181 | ---- | M] () -- C:\Users\Ralf\Desktop\2013_Spielgemeinschaftsvertrag - Rev 6.pdf [2013.03.03 11:31:32 | 000,002,214 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2013.03.01 13:40:02 | 000,279,205 | ---- | M] () -- C:\Users\Ralf\Desktop\basic_kassette_02.jpg [2013.02.28 11:27:03 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.28 11:27:03 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.28 11:27:03 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.28 11:27:03 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.28 11:27:03 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.27 20:14:38 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.02.27 20:14:32 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.02.27 20:14:32 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.02.27 20:14:31 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.02.27 20:14:30 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll [2013.02.27 20:14:30 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.02.27 20:11:17 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.02.27 20:11:16 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.02.15 14:56:01 | 000,426,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013.03.13 21:34:33 | 000,597,667 | ---- | C] () -- C:\Users\Ralf\Desktop\adwcleaner.exe [2013.03.11 20:38:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.03.11 20:38:06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.03.11 20:38:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.03.11 20:38:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.03.11 20:38:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.03.09 16:46:52 | 000,000,020 | ---- | C] () -- C:\Users\Ralf\defogger_reenable [2013.03.06 20:34:56 | 000,058,429 | ---- | C] () -- C:\Users\Ralf\Desktop\TP VO - Terminplan Vorstand - Rev.2.pdf [2013.03.06 20:29:17 | 000,133,181 | ---- | C] () -- C:\Users\Ralf\Desktop\2013_Spielgemeinschaftsvertrag - Rev 6.pdf [2013.03.03 11:31:32 | 000,002,214 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2013.03.01 13:40:01 | 000,279,205 | ---- | C] () -- C:\Users\Ralf\Desktop\basic_kassette_02.jpg [2013.02.17 17:21:00 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.17 17:20:59 | 000,001,102 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.03.15 12:46:37 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 13.03.2013 21:54:21 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ralf\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,64 Gb Available Physical Memory | 65,99% Memory free
7,99 Gb Paging File | 6,35 Gb Available in Paging File | 79,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283,40 Gb Total Space | 211,52 Gb Free Space | 74,64% Space Free | Partition Type: NTFS
Computer Name: RALF-PC | User Name: Ralf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1202315440-3592242644-174231323-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02624CB4-E449-4FE6-87A6-6F50F407B04A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{27B7A65C-9FAE-45B2-90B9-2B25F731F098}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{362E47F7-9AD0-4274-B5E7-3484DD533C45}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3974E8CC-C5E3-42B2-9CD4-837986C988C8}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{50612DD8-8771-4BEA-911D-73A7CF7EF7B1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{62FEE83C-F409-4620-8320-AA54D93E1C16}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8CDBA6C5-EB36-45E7-A8D3-C48EC92A2AB4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{A1979084-23EB-4D9E-A288-7D4E93733F01}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BAB79D3B-2B85-4B97-A066-41D3D58B209C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{BF715C35-834B-4E22-842A-A99F5F296320}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E04A1E65-7E82-4024-A47A-3EBEFB658C2F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F3C9908-FA68-4D67-A3DA-8006DE89240D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{0FE1C16D-34CF-47CE-82CF-116156898A7A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1FBEB50A-9F6F-43E8-A0BD-B758469ABEAD}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{226422D8-62C4-489E-A40C-71151AC33373}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{2AD90CE5-46B1-4FD8-800A-BE243758EE37}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{2C8744E4-9C8A-443B-988B-0ECA97D28EB4}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{3EAD7A67-CC94-4380-8376-630DA2ADD172}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{419224B8-BB29-44C0-83F7-E5C752D33638}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{45096A6D-B88D-4866-A62D-9D2074959146}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5852C020-F4C9-4698-97FB-A8770D4A22EF}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe |
"{5AFBCE11-B423-4C39-A05E-232D1E02B56B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{675360AE-8827-45E6-B0B4-360B980EE057}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{8C04383A-62D9-4DBF-A454-206A3BD4227B}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{91586AF1-57A5-469B-924D-C7357526598D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A4372234-4EA2-4DB1-B0E2-B31899B02F62}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{CCA81D7E-1FD8-4073-8B6C-E98DFC989062}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{D88E6283-F0E9-4A9E-98E7-80F92DD924EA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"TCP Query User{2103E472-FEE2-4EDD-81B7-CFF7372ED10A}C:\users\ralf\appdata\roaming\cykahu\enen.exe" = protocol=6 | dir=in | app=c:\users\ralf\appdata\roaming\cykahu\enen.exe |
"UDP Query User{20E1C10D-973B-44FC-839C-DCE237745E3A}C:\users\ralf\appdata\roaming\cykahu\enen.exe" = protocol=17 | dir=in | app=c:\users\ralf\appdata\roaming\cykahu\enen.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{E461C0B2-523B-2940-C5DF-D174284CE609}" = ccc-utility64
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03CFDC67-5B03-EE5C-4176-F545B0D2F485}" = CCC Help Korean
"{04F3038E-4120-44CC-B330-E05F737246A5}" = Roxio Update Manager
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0A2AC888-61DC-CD55-5969-8602A7E9716D}" = CCC Help Italian
"{0CF884B6-C6D8-EB7B-D2BF-2877C6F49EBC}" = CCC Help Swedish
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{185CC275-907C-0D83-B0C2-7B065C5108D8}" = CCC Help Chinese Traditional
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{26CE484D-2E8E-40D5-B251-158133114C69}" = TomTom HOME
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2ED967AD-FBB0-5355-F5F2-E7A03AAD4F71}" = Catalyst Control Center Localization All
"{30FA0F5C-B1A9-39EB-8148-3D574C0C8332}" = Catalyst Control Center Graphics Previews Common
"{35852FDE-7263-23EA-435F-44E4B61996D0}" = CCC Help Japanese
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A07247E-0645-8BCF-8419-FD857790108D}" = Skins
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{445F6C1F-C48F-0CC9-A030-040D3EA42C93}" = Catalyst Control Center Graphics Full New
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{46E08E5F-02B4-E854-CD4F-ED3E4FEBE122}" = CCC Help French
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5A841BCF-1C5B-E3DA-9475-892CA6576425}" = CCC Help Finnish
"{5B8741B6-4BEA-47D3-DB77-959C7FF35B39}" = Catalyst Control Center Graphics Full Existing
"{5FA16D15-FA5B-7F0F-7CBB-369E1E2937C9}" = CCC Help Spanish
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{61F27C5E-5274-0DB8-67CC-5253C6CF2B93}" = CCC Help Dutch
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6625CE8F-6E89-561F-D828-1B8535DEEBB6}" = Catalyst Control Center Core Implementation
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}" = Catalyst Control Center - Branding
"{6D2CCC4B-007D-EEE7-3E69-578B178A7B91}" = Catalyst Control Center Graphics Previews Vista
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E3D92F-2C51-B4E9-F2B6-EAF89C33E580}" = CCC Help Portuguese
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F218D6-EAF4-402C-36B1-C3F0EC62598D}" = ccc-core-static
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{86C527CC-4AF2-903C-7BFF-5975272CC645}" = Catalyst Control Center InstallProxy
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8DDFDDE9-C206-F32E-66AD-D17558D7677E}" = CCC Help German
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2A4AC67-DC60-A92B-DD50-65BEE8FA8D71}" = CCC Help Russian
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B9C5005C-56CA-38E4-A093-79F22ECA0427}" = CCC Help Norwegian
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{DC93F14E-D2C9-D6D1-31B6-D31AC2AD3BB0}" = Catalyst Control Center Graphics Light
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6E0F53B-B7B8-E052-5C32-76C885536A3E}" = CCC Help Danish
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F7FE3C6E-ECB8-0853-584F-BE19BA05B1B8}" = CCC Help Chinese Standard
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FCC49808-C684-FEFA-3C02-46A04A7C9EBD}" = CCC Help English
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Avira AntiVir Desktop" = Avira Free Antivirus
"Dell Webcam Central" = Dell Webcam Central
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"TomTom HOME" = TomTom HOME 2.8.3.2499
"WinLiveSuite_Wave3" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 13.03.2013 16:57:17 | Computer Name = Ralf-PC | Source = TOASTER.EXE | ID = 0
Description = An Unhandled Exception occured. Die Datei "C:\Users\Ralf\AppData\local\\softthinks\scheduler.xml"
ist bereits vorhanden. bei System.IO.__Error.WinIOError(Int32 errorCode, String
maybeFullPath) bei System.IO.File.InternalCopy(String sourceFileName, String
destFileName, Boolean overwrite) bei System.IO.File.Copy(String sourceFileName,
String destFileName) bei Toaster.SchedulerReader.read() bei Toaster.Notifications.FullSystemBackup.FsbHelper.IsFsbScheduledNow()
bei Toaster.Notifications.FullSystemBackup.FsbHelper.CheckReminder() bei Toaster.Helper.CheckReminders(ObservableCollection`1
notificationHelpers) bei Toaster.MainWindowViewModel.NotificationsTimerTick(Object
sender, EventArgs e) bei System.Windows.Threading.DispatcherTimer.FireTick(Object
unused) bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
[ Broadcom Wireless LAN Events ]
Error - 26.12.2012 12:33:20 | Computer Name = Ralf-PC | Source = WLAN-Tray | ID = 0
Description = 17:33:20, Wed, Dec 26, 12 Error - Unable to decode string, error 13
[ Dell Events ]
Error - 19.12.2010 06:50:42 | Computer Name = Ralf-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 27.02.2011 14:04:14 | Computer Name = Ralf-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 27.02.2011 14:04:14 | Computer Name = Ralf-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 28.02.2011 14:32:35 | Computer Name = Ralf-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 28.02.2011 14:32:35 | Computer Name = Ralf-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 02.06.2011 07:01:25 | Computer Name = Ralf-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 02.06.2011 07:01:25 | Computer Name = Ralf-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 02.06.2011 13:55:47 | Computer Name = Ralf-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 02.06.2011 13:55:47 | Computer Name = Ralf-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 14.07.2011 05:46:26 | Computer Name = Ralf-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
[ System Events ]
Error - 13.03.2013 16:50:41 | Computer Name = Ralf-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 13.03.2013 16:51:11 | Computer Name = Ralf-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 13.03.2013 17:00:27 | Computer Name = Ralf-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 1.145.1655.0 Aktualisierungsquelle:
%%859 Aktualisierungsphase: %%852 Quellpfad: hxxp://www.microsoft.com Signaturtyp:
%%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion:
Vorherige Modulversion: 1.1.9203.0 Fehlercode: 0x8024402c Fehlerbeschreibung: Unerwartetes
Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates
oder zur Problembehandlung finden Sie unter "Hilfe und Support".
< End of report >
|
|
14.03.2013, 12:32
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Anhang von Fake-Rechnung.zip geöffnet - Trojaner und WormsFixen mit OTL
Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-1202315440-3592242644-174231323-1000\..\SearchScopes\{AF5AEC55-9EF4-41DF-9162-C0370835616B}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=5569C61D-ACE4-4D5B-890B-5BB57BAA28D7&apn_sauid=0B26DE56-6009-428F-8CAD-F42BCC71CE11
FF - user.js - File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1202315440-3592242644-174231323-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.03.2013, 21:13
| #11 |
| | Anhang von Fake-Rechnung.zip geöffnet - Trojaner und WormsCode:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-1202315440-3592242644-174231323-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AF5AEC55-9EF4-41DF-9162-C0370835616B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF5AEC55-9EF4-41DF-9162-C0370835616B}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1202315440-3592242644-174231323-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Ralf\Desktop\cmd.bat deleted successfully.
C:\Users\Ralf\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: Ralf
->Temp folder emptied: 54830 bytes
->Temporary Internet Files folder emptied: 11850440 bytes
->Java cache emptied: 33652368 bytes
->FireFox cache emptied: 66804814 bytes
->Flash cache emptied: 4055 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10310 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36065753 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 142,00 mb
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!
OTL by OldTimer - Version 3.2.69.0 log created on 03142013_210855
Files\Folders moved on Reboot...
C:\Users\Ralf\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
15.03.2013, 01:05
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Anhang von Fake-Rechnung.zip geöffnet - Trojaner und Worms Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.03.2013, 05:39
| #13 |
| | Anhang von Fake-Rechnung.zip geöffnet - Trojaner und WormsCode:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.15.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Ralf :: RALF-PC [Administrator] 15.03.2013 05:24:08 mbam-log-2013-03-15 (05-24-08).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 212777 Laufzeit: 7 Minute(n), 12 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) ESET log file folgt noch... Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=7687c35dfd85ea42b571ebc709d9e625
# engine=13391
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-15 05:47:44
# local_time=2013-03-15 06:47:44 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 8494 228749754 1252 0
# compatibility_mode=5893 16776574 100 94 13867370 114956314 0 0
# scanned=142195
# found=0
# cleaned=0
# scan_time=4080
|
|
15.03.2013, 12:31
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Anhang von Fake-Rechnung.zip geöffnet - Trojaner und Worms Sieht soweit ok aus Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.03.2013, 13:02
| #15 |
| | Anhang von Fake-Rechnung.zip geöffnet - Trojaner und Worms Also nicht, dass ich gerade dran sitze, aber er hatte auch schon vorgestern keine Funde mehr angezeigt. Ich denk, du hast den Laptop wieder hinbekommen. Danke für die Tipps mit den Cookies, ich werde das mal machen bei dem Laptop.  Herzlichen Dank für die Mühe, ich werd dem Board als Dank mal einen Obolus zukommen lassen! |
|
| Themen zu Anhang von Fake-Rechnung.zip geöffnet - Trojaner und Worms |
| administrator, anhang, anti-malware, antivir, appdata, autostart, dateien, explorer, folge, gelöscht, gen, install.exe, laptop, löschen, meldungen, microsoft, msiexec.exe, office 2007, plug-in, quarantäne, rechnung, required, richtlinie, roaming, service, software, speicher, trojaner, trojaner-board, version, visual studio, worm, worms, zipdatei |
Textbox. 
Linear-Darstellung
