| |
| |||||||
Log-Analyse und Auswertung: TR/Crypt.ZPACK.Gen nach Anschließen vom Handy gefundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
23.04.2013, 21:38
| #1 |
| |  TR/Crypt.ZPACK.Gen nach Anschließen vom Handy gefunden Hallo zusammen, ich hoffe, ich bin hier im richtigen Unterforum. Also ich habe folgendes Problem: Ich habe eben ein altes Handy von einer Freundin an meinen Rechner angeschlossen. Daraufhin bekam ich zuerst von antivir die Nachricht, dass ein Autorun blockiert wurde. Als ich das Handy dann als Laufwerk im Explorer geöffnet habe (H  , hat antivir gemeldet den Trojaner TR/Crypt.ZPACK.Gen gefunden zu haben und ihn in Quarantäne gepackt. Hier ist das entsprechende Log:Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Dienstag, 23. April 2013 19:35
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Professional
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : ****-PC
Versionsinformationen:
BUILD.DAT : 13.0.0.3499 49286 Bytes 19.03.2013 16:29:00
AVSCAN.EXE : 13.6.0.986 639712 Bytes 02.04.2013 18:03:24
AVSCANRC.DLL : 13.4.0.360 64800 Bytes 28.11.2012 14:09:15
LUKE.DLL : 13.6.0.902 67808 Bytes 02.04.2013 18:03:30
AVSCPLR.DLL : 13.6.0.986 94944 Bytes 19.03.2013 16:53:52
AVREG.DLL : 13.6.0.940 250592 Bytes 19.03.2013 16:53:52
avlode.dll : 13.6.2.940 434912 Bytes 02.04.2013 18:03:24
avlode.rdf : 13.0.0.46 15591 Bytes 02.04.2013 18:03:33
VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 20:08:47
VBASE001.VDF : 7.11.70.1 2048 Bytes 04.04.2013 20:08:48
VBASE002.VDF : 7.11.70.2 2048 Bytes 04.04.2013 20:08:48
VBASE003.VDF : 7.11.70.3 2048 Bytes 04.04.2013 20:08:48
VBASE004.VDF : 7.11.70.4 2048 Bytes 04.04.2013 20:08:48
VBASE005.VDF : 7.11.70.5 2048 Bytes 04.04.2013 20:08:48
VBASE006.VDF : 7.11.70.6 2048 Bytes 04.04.2013 20:08:49
VBASE007.VDF : 7.11.70.7 2048 Bytes 04.04.2013 20:08:49
VBASE008.VDF : 7.11.70.8 2048 Bytes 04.04.2013 20:08:49
VBASE009.VDF : 7.11.70.9 2048 Bytes 04.04.2013 20:08:49
VBASE010.VDF : 7.11.70.10 2048 Bytes 04.04.2013 20:08:49
VBASE011.VDF : 7.11.70.11 2048 Bytes 04.04.2013 20:08:49
VBASE012.VDF : 7.11.70.12 2048 Bytes 04.04.2013 20:08:49
VBASE013.VDF : 7.11.70.13 2048 Bytes 04.04.2013 20:08:50
VBASE014.VDF : 7.11.70.103 136192 Bytes 05.04.2013 15:55:38
VBASE015.VDF : 7.11.70.183 183808 Bytes 06.04.2013 15:55:45
VBASE016.VDF : 7.11.71.9 145920 Bytes 08.04.2013 17:21:17
VBASE017.VDF : 7.11.71.115 169472 Bytes 10.04.2013 17:21:17
VBASE018.VDF : 7.11.71.197 172544 Bytes 11.04.2013 17:21:18
VBASE019.VDF : 7.11.72.17 135168 Bytes 12.04.2013 18:49:25
VBASE020.VDF : 7.11.72.103 158208 Bytes 15.04.2013 18:02:04
VBASE021.VDF : 7.11.72.137 152064 Bytes 15.04.2013 18:02:04
VBASE022.VDF : 7.11.72.223 159232 Bytes 16.04.2013 19:08:40
VBASE023.VDF : 7.11.73.59 204288 Bytes 18.04.2013 19:40:19
VBASE024.VDF : 7.11.73.133 164864 Bytes 19.04.2013 19:22:19
VBASE025.VDF : 7.11.73.134 2048 Bytes 19.04.2013 19:22:19
VBASE026.VDF : 7.11.73.135 2048 Bytes 19.04.2013 19:22:19
VBASE027.VDF : 7.11.73.136 2048 Bytes 19.04.2013 19:22:19
VBASE028.VDF : 7.11.73.137 2048 Bytes 19.04.2013 19:22:19
VBASE029.VDF : 7.11.73.138 2048 Bytes 19.04.2013 19:22:19
VBASE030.VDF : 7.11.73.139 2048 Bytes 19.04.2013 19:22:19
VBASE031.VDF : 7.11.73.192 153088 Bytes 21.04.2013 17:11:36
Engineversion : 8.2.12.30
AEVDF.DLL : 8.1.2.10 102772 Bytes 19.09.2012 13:42:55
AESCRIPT.DLL : 8.1.4.106 483709 Bytes 11.04.2013 17:21:20
AESCN.DLL : 8.1.10.4 131446 Bytes 02.04.2013 18:03:22
AESBX.DLL : 8.2.5.12 606578 Bytes 28.08.2012 15:58:06
AERDL.DLL : 8.2.0.88 643444 Bytes 10.01.2013 23:39:20
AEPACK.DLL : 8.3.2.6 827767 Bytes 02.04.2013 18:03:22
AEOFFICE.DLL : 8.1.2.56 205180 Bytes 09.03.2013 16:11:34
AEHEUR.DLL : 8.1.4.302 5890425 Bytes 18.04.2013 19:40:22
AEHELP.DLL : 8.1.25.2 258423 Bytes 12.10.2012 14:52:32
AEGEN.DLL : 8.1.7.2 442741 Bytes 02.04.2013 18:03:20
AEEXP.DLL : 8.4.0.22 196982 Bytes 18.04.2013 19:40:22
AEEMU.DLL : 8.1.3.2 393587 Bytes 19.09.2012 13:42:55
AECORE.DLL : 8.1.31.2 201080 Bytes 19.02.2013 19:00:08
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 14:00:38
AVWINLL.DLL : 13.6.0.480 26480 Bytes 16.02.2013 20:06:28
AVPREF.DLL : 13.6.0.480 51056 Bytes 16.02.2013 20:06:38
AVREP.DLL : 13.6.0.480 178544 Bytes 05.02.2013 18:25:51
AVARKT.DLL : 13.6.0.902 260832 Bytes 02.04.2013 18:03:22
AVEVTLOG.DLL : 13.6.0.902 167648 Bytes 02.04.2013 18:03:23
SQLITE3.DLL : 3.7.0.1 397088 Bytes 19.09.2012 17:17:40
AVSMTP.DLL : 13.6.0.480 62832 Bytes 16.02.2013 20:06:38
NETNT.DLL : 13.6.0.480 16240 Bytes 16.02.2013 20:06:45
RCIMAGE.DLL : 13.4.0.360 4780832 Bytes 28.11.2012 14:09:40
RCTEXT.DLL : 13.6.0.976 69344 Bytes 02.04.2013 18:03:18
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_5176c5f8\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+SPR,
Beginn des Suchlaufs: Dienstag, 23. April 2013 19:35
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'a2service.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '111' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '126' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'vpnagent.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'BingDesktopUpdater.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'HeciServer.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'jhi_service.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'Netzmanager_Service.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'ServiioService.exe' - '15' Modul(e) wurden durchsucht
Durchsuche Prozess 'ServiioService.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'Updater.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'viakaraokesrv.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '187' Modul(e) wurden durchsucht
Durchsuche Prozess 'StikyNot.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '156' Modul(e) wurden durchsucht
Durchsuche Prozess 'KiesPDLR.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'PureSyncTray.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'Kies.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'acrobat_sl.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'UltraMon.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'ONENOTEM.EXE' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'UltraMonTaskbar.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'VDeck.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'iusb3mon.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '95' Modul(e) wurden durchsucht
Durchsuche Prozess 'vpnui.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'MOM.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '92' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCC.exe' - '221' Modul(e) wurden durchsucht
Durchsuche Prozess 'WmiApSrv.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '118' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'opera.exe' - '132' Modul(e) wurden durchsucht
Durchsuche Prozess 'RTSHookInterop.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '109' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_7_700_169.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_7_700_169.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'jbUpdater.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '112' Modul(e) wurden durchsucht
Durchsuche Prozess 'UltraMonUiAcc.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'H:\Install.exe'
H:\Install.exe
[FUND] Ist das Trojanische Pferd TR/Crypt.ZPACK.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '53ac5892.qua' verschoben!
Ende des Suchlaufs: Dienstag, 23. April 2013 19:35
Benötigte Zeit: 00:05 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
1073 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
1072 Dateien ohne Befall
5 Archive wurden durchsucht
0 Warnungen
1 Hinweise
Ich hab schon wie hier empfohlen OTL und GMER laufen lassen. Dabei habe ich von GMER die Meldungen bekommen: "C:\Windows\system32\config\system: Der Prozess kann auf die Datei nicht zugreifen, da sie von einem anderen Prozess verwendet wird" und "C:\user\****\ntuser.dat: Der Prozess kann auf die Datei nicht zugreifen, da sie von einem anderen Prozess verwendet wird" Hier kommen die Logs: OTL: Code:
ATTFilter OTL logfile created on: 23.04.2013 21:37:46 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\****\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,96 Gb Total Physical Memory | 6,14 Gb Available Physical Memory | 77,09% Memory free 15,92 Gb Paging File | 13,45 Gb Available in Paging File | 84,50% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111,57 Gb Total Space | 57,44 Gb Free Space | 51,49% Space Free | Partition Type: NTFS Drive D: | 7,17 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive E: | 931,51 Gb Total Space | 761,46 Gb Free Space | 81,74% Space Free | Partition Type: NTFS Drive F: | 1363,01 Gb Total Space | 325,14 Gb Free Space | 23,85% Space Free | Partition Type: NTFS Drive G: | 500,00 Gb Total Space | 332,64 Gb Free Space | 66,53% Space Free | Partition Type: NTFS Computer Name: ****-PC | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.23 21:36:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe PRC - [2013.04.23 19:59:54 | 003,089,856 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe PRC - [2013.04.10 17:11:52 | 000,168,592 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe PRC - [2013.04.09 23:06:58 | 000,903,712 | ---- | M] (Jumping Bytes) -- C:\Program Files (x86)\PureSync\PureSyncTray.exe PRC - [2013.04.02 20:03:30 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.04.02 20:03:24 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.04.02 20:03:23 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.02.13 12:38:24 | 000,844,144 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2013.02.13 12:38:14 | 001,509,232 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.10.17 19:29:53 | 000,684,024 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe PRC - [2012.10.17 19:29:39 | 000,544,248 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe PRC - [2012.08.24 17:45:00 | 000,084,360 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe PRC - [2012.07.17 15:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.07.17 15:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.06.25 11:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.05.22 12:43:18 | 000,149,584 | ---- | M] (Jumping Bytes) -- C:\Program Files (x86)\Common Files\Jumping Bytes\jbUpdater.exe PRC - [2012.05.20 18:26:26 | 000,291,648 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe ========== Modules (No Company Name) ========== MOD - [2013.02.18 23:27:00 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll MOD - [2013.02.16 22:39:49 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e963e9f51746f8e23837be7760e187c6\System.Windows.Forms.ni.dll MOD - [2013.01.12 16:46:07 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\07753c0a8ed7f9bc61b0ee718f3c779d\System.Runtime.Remoting.ni.dll MOD - [2013.01.12 16:45:49 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll MOD - [2013.01.12 16:00:36 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll MOD - [2013.01.12 16:00:28 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll MOD - [2013.01.12 16:00:24 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll MOD - [2013.01.12 16:00:23 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll MOD - [2013.01.12 16:00:21 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll MOD - [2013.01.12 16:00:20 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78ecbee4a7444353dce52afb9d9d795c\System.Drawing.ni.dll MOD - [2013.01.12 16:00:20 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll MOD - [2013.01.12 16:00:19 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll MOD - [2013.01.12 16:00:16 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll MOD - [2012.10.17 19:30:22 | 000,062,968 | ---- | M] () -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.12.19 21:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012.08.03 07:27:50 | 000,027,792 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService) SRV:64bit: - [2010.04.06 17:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.04.23 19:59:54 | 003,089,856 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware) SRV - [2013.04.19 23:10:50 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.04.12 21:02:05 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.04.12 20:48:15 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.04.10 17:11:52 | 000,168,592 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate) SRV - [2013.04.02 20:03:30 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.04.02 20:03:24 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.01.12 15:29:55 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.19 18:04:06 | 000,348,160 | ---- | M] () [Auto | Running] -- C:\Programme\Serviio\bin\ServiioService.exe -- (Serviio) SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.10.17 19:29:39 | 000,544,248 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent) SRV - [2012.10.10 03:22:26 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.07.20 14:00:51 | 002,635,776 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- E:\Programme (x86, HDD)\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service) SRV - [2012.07.17 15:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.07.17 15:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.06.25 11:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.04.20 15:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.04.02 20:03:33 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.04.02 20:03:33 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.04.02 20:03:33 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.02.06 08:42:10 | 000,203,544 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2013.02.06 08:42:08 | 000,102,936 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2013.01.23 20:20:48 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2013.01.23 20:20:48 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2013.01.11 23:43:10 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt) DRV:64bit: - [2012.12.19 22:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.12.19 21:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.11.06 13:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.10.17 19:13:36 | 000,027,048 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva) DRV:64bit: - [2012.10.17 19:11:37 | 000,107,432 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock) DRV:64bit: - [2012.10.10 03:22:28 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.08.07 09:09:00 | 000,088,832 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI) DRV:64bit: - [2012.08.07 09:09:00 | 000,065,152 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3) DRV:64bit: - [2012.08.03 07:27:44 | 002,206,352 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2012.07.19 11:14:28 | 000,110,744 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2012.07.02 16:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012.06.19 16:40:51 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2012.05.20 18:25:32 | 000,789,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.05.20 18:25:32 | 000,357,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.05.20 18:25:32 | 000,019,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.11.02 11:48:26 | 000,021,616 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2013.04.23 20:00:00 | 000,026,176 | ---- | M] (Emsisoft GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys -- (A2DDA) DRV - [2013.02.05 10:54:40 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2012.08.24 17:45:54 | 000,020,512 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys -- (UltraMonUtility) DRV - [2012.04.30 18:45:28 | 000,066,320 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys -- (a2acc) DRV - [2010.09.16 17:02:59 | 000,045,664 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- E:\Programme (x86, HDD)\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys -- (TelekomNM6) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-617984047-1022462007-3006896860-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-617984047-1022462007-3006896860-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-617984047-1022462007-3006896860-1000\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}: "URL" = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb IE - HKU\S-1-5-21-617984047-1022462007-3006896860-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.de/search?q=" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "https://www.google.de/search?q=" FF - prefs.js..extensions.enabledAddons: %7B8AA36F4F-6DC7-4c06-77AF-5035170634FE%7D:2012.09.13 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.11.18 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=302398&p=" FF - prefs.js..network.proxy.type: 2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013.01.12 15:39:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 21:02:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.03 19:37:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 21:02:05 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.03 19:37:05 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013.01.11 01:45:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions [2013.04.12 21:02:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.01.12 15:39:54 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX [2013.04.12 21:02:05 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.03.07 21:54:33 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.03.07 21:54:33 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.03.07 21:54:33 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.03.07 21:54:33 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.07 21:54:33 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.03.07 21:54:33 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-617984047-1022462007-3006896860-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-617984047-1022462007-3006896860-1000..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKU\S-1-5-21-617984047-1022462007-3006896860-1000..\Run: [icq] C:\Users\****\AppData\Roaming\ICQM\icq.exe (ICQ) O4 - HKU\S-1-5-21-617984047-1022462007-3006896860-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - HKU\S-1-5-21-617984047-1022462007-3006896860-1000..\Run: [PureSync] C:\Program Files (x86)\PureSync\PureSyncTray.exe (Jumping Bytes) O4 - HKU\S-1-5-21-617984047-1022462007-3006896860-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: An vorhandenes PDF anfügen - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Auswahl in Adobe PDF konvertieren - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: An vorhandenes PDF anfügen - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F567656-F6F6-47E2-BD84-CD79F2FBE344}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.04.30 18:10:55 | 000,000,000 | R--D | M] - D:\Autorun -- [ UDF ] O32 - AutoRun File - [2008.10.10 16:51:07 | 001,586,176 | R--- | M] () - D:\autorun.dat -- [ UDF ] O32 - AutoRun File - [2008.10.10 16:51:06 | 000,447,752 | R--- | M] (Electronic Arts, Inc.) - D:\AutoRun.exe -- [ UDF ] O32 - AutoRun File - [2008.10.10 16:51:01 | 000,000,137 | R--- | M] () - D:\autorun.inf -- [ UDF ] O33 - MountPoints2\{1e3107d9-5bb2-11e2-9eb3-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{1e3107d9-5bb2-11e2-9eb3-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2008.10.10 16:51:06 | 000,447,752 | R--- | M] (Electronic Arts, Inc.) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.23 21:36:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2013.04.18 22:07:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.04.16 21:32:00 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Red Alert 3 [2013.04.16 21:31:53 | 000,000,000 | RH-D | C] -- C:\Users\****\AppData\Roaming\SecuROM [2013.04.12 21:02:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.04.12 20:46:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PureSync [2013.04.12 20:46:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PureSync [2013.04.12 20:46:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Jumping Bytes [2013.04.11 23:04:35 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.04.11 23:04:35 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.04.11 23:04:34 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.04.11 23:04:34 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.04.11 23:04:34 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.04.11 23:04:34 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.04.11 23:04:34 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.04.11 23:04:34 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.04.11 23:04:34 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.04.11 23:04:34 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.04.11 23:04:34 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.04.11 23:04:34 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.04.11 23:04:33 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.04.11 23:04:33 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.04.11 23:04:32 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.04.11 19:27:24 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.04.11 19:27:23 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.04.11 19:27:23 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.04.11 19:27:23 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2013.04.11 19:27:23 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013.04.11 19:27:23 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2013.04.03 21:02:17 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\hjsplit3 [2013.04.03 20:23:55 | 000,719,872 | -HS- | C] (Abysmal Software) -- C:\Windows\SysWow64\devil.dll [2013.04.03 20:23:54 | 000,369,152 | -HS- | C] (The Public) -- C:\Windows\SysWow64\avisynth.dll [2013.04.03 20:23:53 | 000,070,656 | -HS- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll [2013.04.03 20:23:53 | 000,070,656 | -HS- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\i420vfw.dll [2013.04.03 20:23:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5 [2013.04.03 20:21:35 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\eRightSoft [2013.04.03 20:21:26 | 000,327,749 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\drvc.dll [2013.04.03 20:21:26 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll [2013.04.03 19:56:51 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\vlc [2013.04.03 19:56:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.04.03 19:37:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.04.02 20:03:42 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.04.02 20:03:42 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.04.02 20:03:42 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys ========== Files - Modified Within 30 Days ========== [2013.04.23 21:36:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2013.04.23 21:34:21 | 000,000,111 | ---- | M] () -- C:\.dir [2013.04.23 21:33:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.23 21:00:00 | 000,011,666 | ---- | M] () -- C:\Users\****\Network_Meter_Data.js [2013.04.23 19:40:50 | 000,021,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.23 19:40:50 | 000,021,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.23 19:39:38 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.23 19:39:38 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.23 19:39:38 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.23 19:39:38 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.23 19:39:38 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.23 19:33:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.23 19:33:40 | 2114,625,535 | -HS- | M] () -- C:\hiberfil.sys [2013.04.21 23:03:32 | 000,000,024 | ---- | M] () -- C:\Users\****\AppData\Roaming\Network Meter_Usage.ini [2013.04.20 21:19:17 | 000,000,040 | ---- | M] () -- C:\ProgramData\ra3.ini [2013.04.12 20:48:15 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.04.12 20:48:15 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.04.12 20:43:40 | 000,418,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.11 19:32:27 | 000,001,340 | ---- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2013.04.04 05:35:05 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.04.04 05:30:10 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.04.04 05:29:44 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.04.02 23:32:09 | 000,000,274 | ---- | M] () -- C:\Windows\Brownie.ini [2013.04.02 23:32:06 | 000,000,600 | ---- | M] () -- C:\Users\****\AppData\Local\PUTTY.RND [2013.04.02 20:03:33 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.04.02 20:03:33 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.04.02 20:03:33 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys ========== Files Created - No Company Name ========== [2013.04.20 21:19:17 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini [2013.04.03 20:23:54 | 000,032,256 | -HS- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2013.03.23 20:12:17 | 000,000,600 | ---- | C] () -- C:\Users\****\AppData\Local\PUTTY.RND [2013.03.06 19:05:27 | 000,000,024 | ---- | C] () -- C:\Users\****\AppData\Roaming\Network Meter_Usage.ini [2013.03.06 19:02:51 | 000,011,666 | ---- | C] () -- C:\Users\****\Network_Meter_Data.js [2013.02.20 22:52:55 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDevice.Dll [2013.02.20 22:52:55 | 000,037,344 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDisk.Sys [2013.02.04 23:00:00 | 000,003,382 | ---- | C] () -- C:\ProgramData\Network_Meter_Data.csv [2013.02.03 19:55:31 | 000,000,531 | ---- | C] () -- C:\Windows\wiso.ini [2013.01.13 15:55:37 | 000,000,576 | ---- | C] () -- C:\Users\****\AppData\Roaming\All CPU MeterV3_Settings.ini [2013.01.12 16:19:04 | 000,000,252 | ---- | C] () -- C:\Users\****\AppData\Roaming\GPU MeterV2_Settings.ini [2013.01.12 16:17:44 | 000,001,130 | ---- | C] () -- C:\Users\****\AppData\Roaming\Network Meter_Settings.ini [2013.01.12 16:15:05 | 000,000,839 | ---- | C] () -- C:\Users\****\AppData\Roaming\Drives Meter_Settings.ini [2013.01.12 03:28:40 | 000,009,030 | ---- | C] () -- C:\Windows\HL-2030.INI [2013.01.12 03:28:40 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini [2013.01.12 03:28:40 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini [2013.01.12 03:28:22 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2013.01.12 03:27:15 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\bd2030.dat [2013.01.12 03:26:50 | 000,000,274 | ---- | C] () -- C:\Windows\Brownie.ini [2013.01.11 23:24:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2013.01.11 23:23:06 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2013.01.11 23:23:06 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2013.01.11 23:23:06 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2013.01.11 08:06:57 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.01.11 08:03:48 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2013.01.11 02:04:50 | 000,007,597 | ---- | C] () -- C:\Users\****\AppData\Local\Resmon.ResmonCfg [2012.12.18 11:06:10 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.12.18 11:06:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.12.18 11:06:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.12.18 11:06:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.12.18 11:06:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.10.10 03:22:34 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.10.10 03:22:32 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin [2012.10.10 03:22:16 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin [2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.04.20 14:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.02.03 19:56:09 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Buhl Data Service [2013.01.19 18:40:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\CrypTool [2013.01.19 20:07:06 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ICQ-Profile [2013.01.19 20:03:32 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ICQM [2013.04.12 20:46:28 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Jumping Bytes [2013.01.11 01:53:04 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Opera [2013.01.12 04:27:55 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Origin [2013.04.16 21:32:01 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Red Alert 3 [2013.02.20 22:51:02 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Samsung [2013.01.12 16:57:49 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Swiss Academic Software [2013.01.12 01:34:30 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Thunderbird [2013.01.11 23:47:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TrueCrypt [2013.02.22 22:22:55 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Ubisoft [2013.01.19 17:33:08 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\XMedia Recode ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 23.04.2013 21:37:46 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\****\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,96 Gb Total Physical Memory | 6,14 Gb Available Physical Memory | 77,09% Memory free
15,92 Gb Paging File | 13,45 Gb Available in Paging File | 84,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,57 Gb Total Space | 57,44 Gb Free Space | 51,49% Space Free | Partition Type: NTFS
Drive D: | 7,17 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 931,51 Gb Total Space | 761,46 Gb Free Space | 81,74% Space Free | Partition Type: NTFS
Drive F: | 1363,01 Gb Total Space | 325,14 Gb Free Space | 23,85% Space Free | Partition Type: NTFS
Drive G: | 500,00 Gb Total Space | 332,64 Gb Free Space | 66,53% Space Free | Partition Type: NTFS
Computer Name: ****-PC | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
[HKEY_USERS\S-1-5-21-617984047-1022462007-3006896860-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Programme (HDD)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Programme (HDD)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Programme (HDD)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Programme (HDD)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FBF198B-F15B-46BA-82FB-92FFA30D6F04}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{276528C3-138A-40E8-94E2-D4CE7915232C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2B7C1642-C074-4CD1-BC3C-9AA620B1D11A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{33419E14-F998-4B7D-A469-392C235B423E}" = lport=138 | protocol=17 | dir=in | app=system |
"{36863865-CBBF-4332-B77A-27AEF1FC2D29}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{41B6DA0D-FBA5-418C-8E44-1E27234799EC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{445B7FDB-640F-4AE2-800B-E1A4B1DD634B}" = lport=137 | protocol=17 | dir=in | app=system |
"{446BA78A-E9EE-439A-A766-869133DB011C}" = rport=137 | protocol=17 | dir=out | app=system |
"{6D90640A-80AD-497A-98B4-375D75B907F8}" = rport=445 | protocol=6 | dir=out | app=system |
"{7DDECE48-4282-439E-9DCE-280A73F2120B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{83473D52-B2FF-4320-95F3-68C3D97BE3D8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{977C4F7F-7CC7-4C31-945B-E63677D20320}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9A22A678-02DB-46C4-AC3D-B4F8ECB710CB}" = lport=445 | protocol=6 | dir=in | app=system |
"{B335EA8E-FA8C-48A2-8A2E-907589A99774}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B72162FF-9286-41FD-97C5-88EFFC22DA08}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BF139E0B-34AD-4742-9956-152ECB5F35B1}" = rport=138 | protocol=17 | dir=out | app=system |
"{CC78DAB5-72B3-4C4B-86F5-76110A887BCD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D1D0F3DC-3BF8-4D05-95D0-E83DBE06B701}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DAA03A09-9085-4486-869F-353AAE029215}" = lport=139 | protocol=6 | dir=in | app=system |
"{F147F9A6-DB05-4866-B041-253FD9014F20}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F7137B38-B7D9-4612-B40A-1E15D6AA362F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F787289C-744A-4DBD-AB24-9FA6E8410F94}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F9C9B2E8-D777-48A9-8F99-D7F4D8A00B3E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FC9DF6D5-C58D-4447-9B3D-09547C25D3D8}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03C3E11A-6316-42E7-807F-551758A16E75}" = protocol=17 | dir=in | app=e:\programme (x86, hdd)\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{04D1FF61-772E-4067-B24F-129E87C25F2F}" = protocol=17 | dir=in | app=c:\program files\serviio\bin\serviioservice.exe |
"{04FFCD75-C9CB-45F6-86D5-27609860036D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{082722F1-3FEF-4EB4-A02F-D5A7879079A8}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{1AD950F7-5A18-47DA-8848-697EF43D6C33}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2873A3CE-4070-4421-8378-36532BB1426E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2BFF4593-7BAD-42EA-9E0F-1BE15EB14982}" = protocol=6 | dir=in | app=e:\programme (x86, hdd)\ubisoft\related designs\anno 1404\anno4.exe |
"{2FF35E24-0B5F-4765-AF6B-9828431656CE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3E8715B4-6409-43EC-87AE-473BAE226FE4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{44770D65-590E-4D39-8904-36861AFA0A54}" = protocol=6 | dir=in | app=e:\programme (x86, hdd)\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"{4514F9C8-6470-4AA1-B9B1-679828C2B67C}" = protocol=6 | dir=in | app=e:\programme (x86, hdd)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{47EC13A9-1BC1-4C08-9F95-BA7499F98EA2}" = protocol=6 | dir=in | app=e:\programme (x86, hdd)\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{4F56AE84-2B70-4C22-B41C-82588963BF12}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5082D0AF-64D0-4D8A-AA05-9A8DC0EF514D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{53C17DAA-19C8-4653-843F-33DCA502F61E}" = protocol=17 | dir=in | app=e:\programme (x86, hdd)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{640A1755-1574-460B-A3C5-87CA296F14DD}" = protocol=6 | dir=in | app=e:\programme (x86, hdd)\origin games\mass effect 3\binaries\win32\masseffect3.exe |
"{64DA73EA-7C7F-4A04-9B46-2004768839A0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{6658D25B-439E-4206-A945-62E1B6CB824C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6781FFEF-E1D6-46AB-BB32-3C9574140594}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{688C79C3-EE41-4738-8F79-00D53476012F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6B1902A5-D13E-42AE-99AE-DAFAC4460176}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{6CB5BAF3-6670-42BC-AF98-386E13DDA289}" = dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\allsharedms.exe |
"{6CE32060-9E4E-4E31-A8B9-D860750BCD65}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6E859C61-B0B4-4AE3-B9D3-05A109A32390}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7B9697F4-26EC-47D3-915D-E14F99D1387F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7EB8C43A-DB87-4499-8745-D42BFD5BE435}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7F708DB7-BF5D-4728-A7C4-7AF37DD407D2}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{8EE3F319-B3F6-4BD5-996E-F70133653AD1}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{9396B61B-D62C-495D-BBEF-119F79E9632A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{94998B10-D9BB-4704-9043-7053EB87CED2}" = protocol=17 | dir=in | app=e:\programme (x86, hdd)\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{976284CE-0F90-4217-824C-8E27009D6FEA}" = protocol=17 | dir=in | app=e:\programme (x86, hdd)\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"{98FEDE2D-F0A9-41D9-8E86-326B51CE6BF3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9BBD810C-D3A8-455C-B4BA-90EF562ED67D}" = protocol=17 | dir=in | app=e:\programme (x86, hdd)\ubisoft\related designs\anno 1404\anno4.exe |
"{A3E90030-CD33-486A-9425-30D274BA7499}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshare.exe |
"{A5B7B329-09EB-4F7C-A5AD-4DBE46A62A32}" = protocol=6 | dir=out | app=system |
"{AC04C0C1-2896-4ED8-9CDF-29A7DF54ED56}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{AD0C6E5B-CA95-4F26-9328-5165AAEB0C98}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AE19FF22-0515-4DA8-A221-24C5E49B01C5}" = protocol=17 | dir=in | app=e:\programme (x86, hdd)\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{B40C780E-C719-4DE4-9242-46E7CA9992B2}" = protocol=6 | dir=in | app=c:\program files\serviio\bin\serviioconsole.exe |
"{BBC786EB-5B51-47E9-B9CD-0201939CAE63}" = protocol=6 | dir=in | app=e:\programme (x86, hdd)\steam\steam.exe |
"{BC308061-2372-45E5-863C-C0D68C91F6D5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C5905A0C-52A8-42FC-9B2A-AB5A5F6DEDD8}" = protocol=6 | dir=in | app=e:\programme (x86, hdd)\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{C8C91754-081F-41B6-AE81-6DF8E5794F25}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshareagent.exe |
"{D48CC1C4-19A7-47D8-9EB4-BE444CFE8585}" = protocol=6 | dir=in | app=e:\programme (x86, hdd)\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{EA45FB32-C09C-4A6E-96D2-6161D45934DA}" = protocol=17 | dir=in | app=e:\programme (x86, hdd)\steam\steam.exe |
"{EA79C7D6-1507-4B9F-9C3E-F9F53B754927}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EC345C24-3A64-4124-B256-609FA6DA58F0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ED2D006F-6140-4C40-A2A4-3612C77DE2EC}" = protocol=17 | dir=in | app=c:\users\****\appdata\roaming\icqm\icq.exe |
"{EDC5317A-77EF-41AD-9D93-C31608A5AFB4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F1A454B7-F122-4E02-86E6-41D1293914BE}" = protocol=6 | dir=in | app=c:\users\****\appdata\roaming\icqm\icq.exe |
"{F7DFE7FC-6BBC-46EB-B105-3387243E36F2}" = protocol=17 | dir=in | app=e:\programme (x86, hdd)\origin games\mass effect 3\binaries\win32\masseffect3.exe |
"{FD88834B-FB10-4D37-A968-0904A26EAFB3}" = protocol=6 | dir=in | app=c:\program files\serviio\bin\serviioservice.exe |
"TCP Query User{8A399D68-A838-47FC-914C-68A55EA1751F}C:\program files (x86)\gigabyte\updmanager\gbtupd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\updmanager\gbtupd.exe |
"TCP Query User{BA3F1E74-04D6-47EF-93F6-7A663AE6FBB7}C:\program files (x86)\gigabyte\updmanager\runupd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\updmanager\runupd.exe |
"TCP Query User{D221EEC6-C8B6-4EDD-88C7-DC53268CFDD8}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{E8B7D228-723F-433E-9642-E150F8553EF4}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{246EBC39-CDB0-4A6D-84A0-733143E44C38}C:\program files (x86)\gigabyte\updmanager\gbtupd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\updmanager\gbtupd.exe |
"UDP Query User{612D8C9C-0F3C-449D-87E6-8FE2E740ECB8}C:\program files (x86)\gigabyte\updmanager\runupd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\updmanager\runupd.exe |
"UDP Query User{944089AF-BE00-492A-8818-9BBDF69C50AA}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{DF84F7E9-7F80-494C-9583-C28B0E1E3BC3}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06CB0DD1-71A5-F352-E0A9-FE6016380A8F}" = AMD Drag and Drop Transcoding
"{14297226-E0A0-3781-8911-E9D529552663}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{20384EBF-4F10-13F0-07C6-7A6C87FD83DF}" = AMD Catalyst Install Manager
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{477D05CA-C151-9CF5-22A1-9DF6DF543CD4}" = AMD Media Foundation Decoders
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9069EE0A-7615-4D86-AD80-CA263E936DA6}" = UltraMon
"{C1ACBDBF-6F86-185A-E158-AB07893968FC}" = AMD Accelerated Video Transcoding
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D61EB116-6878-9676-F28F-54F6B647023C}" = ccc-utility64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Serviio" = Serviio
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{009B1E9D-38AB-8B9E-DB07-8318DAAE1941}" = CCC Help Greek
"{01159E8A-44F7-4885-A7F9-872CE4D74063}" = Steuer 2012
"{022BC727-ACB7-4C1D-109C-177515714A32}" = Catalyst Control Center
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{07E46A4A-F2BA-FE48-9464-E11250502C6A}" = CCC Help Swedish
"{07E5C16F-9194-E31B-BB6C-C3E8FBD79C30}" = CCC Help English
"{0F2CF890-D101-6CFA-8D99-0CFBF7EF4AD0}" = CCC Help Chinese Standard
"{10CFB5DF-985A-8320-B4D8-461CC1F83CBF}" = CCC Help Japanese
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22D071EF-A06A-6341-DFDA-FE448659A63C}" = CCC Help Portuguese
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2913C8E7-612B-47DA-B18D-A23E1A1B16E3}" = Update Manager B12.0822.1
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot 3
"{2BD6DD47-D5BA-49B1-A91F-C716CD8EF016}" = Brother HL-2030
"{30909F74-4B46-2842-DECF-1C66F355338C}" = CCC Help Turkish
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{365E16A2-FE3B-EA13-4EE0-88D570F82497}" = CCC Help Korean
"{3D8AB6C1-3932-F551-2AF0-ED0612AD4B26}" = CCC Help Dutch
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.1102.1
"{40AD5E62-A31A-C414-01BA-310100577C7E}" = CCC Help Chinese Traditional
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4F9E0D27-5525-E8C8-43D0-BA15C1A22E03}" = CCC Help Czech
"{534A31BD-20F4-46b0-85CE-09778379663C}" = Mass Effect™ 3
"{647E62F0-F1BC-E0C3-EDF5-67716EE75014}" = CCC Help Hungarian
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{667DB2C0-AF52-021A-7CF6-DA8DD27AC215}" = CCC Help Italian
"{69BCC264-0D43-469F-8434-31E738982E7B}" = Cisco AnyConnect Secure Mobility Client
"{6A4C6C0F-8791-B753-742E-06C40A6E023C}" = CCC Help Polish
"{6B1F9121-5599-47F9-9F82-9FEA0F03C47F}" = 3DPower B12.0619.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{79C61902-F44E-4190-A2B9-9B467B0380CE}" = CCC Help French
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing-Desktop
"{8444E466-CE54-4D77-BC84-0007C7B4710B}" = PureSync
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91A3CEFE-A2C1-3E83-3789-F2BF8EC82106}" = CCC Help Thai
"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
"{96CAEB1D-7BFB-2A98-EBB2-414C894F694F}" = CCC Help Danish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A664A708-E454-4416-7D19-D0F10879522C}" = CCC Help German
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{D6F46E2D-4FE2-5FAB-5C30-230E99563DEE}" = Catalyst Control Center InstallProxy
"{D9DA23F5-CE0B-EE04-B498-7EC8AFC9F232}" = CCC Help Finnish
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.4.1
"{DF5182CB-192B-A6C8-9707-D7214557691C}" = CCC Help Norwegian
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6757654-CE6A-0D0B-BBE6-F6247F05B7CD}" = Catalyst Control Center Localization All
"{E8759AD8-3A58-77F1-D16D-F3C8F9E98722}" = Catalyst Control Center Graphics Previews Common
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F1C39CBE-4521-BEC8-5238-4A8B55FEB6B7}" = CCC Help Russian
"{FBFA39D2-C55A-56DC-7EBB-767FC31B04A3}" = CCC Help Spanish
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"a-squared HiJackFree_is1" = a-squared HiJackFree 3.1
"Avira AntiVir Desktop" = Avira Free Antivirus
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"CrypTool" = CrypTool 1.4.30
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Netzmanager" = Netzmanager
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Opera 12.15.1748" = Opera 12.15
"Origin" = Origin
"PureSync" = PureSync 3.7.5
"Star Wars: The Force Unleashed_is1" = Star Wars: The Force Unleashed
"Steam App 72850" = The Elder Scrolls V: Skyrim
"TrueCrypt" = TrueCrypt
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-617984047-1022462007-3006896860-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ICQ" = ICQ 8.0 (build 5981, für aktuellen Benutzer)
"MyFreeCodec" = MyFreeCodec
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 05.04.2013 15:24:17 | Computer Name = ****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmplayer.exe, Version: 12.0.7601.17514,
Zeitstempel: 0x4ce7a485 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften
Prozesses: 0xd40 Startzeit der fehlerhaften Anwendung: 0x01ce32332895bde0 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Windows Media Player\wmplayer.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 6832bdfe-9e26-11e2-ac8f-902b34a70c96
Error - 11.04.2013 13:17:00 | Computer Name = ****-PC | Source = WinMgmt | ID = 10
Description =
Error - 12.04.2013 14:45:28 | Computer Name = ****-PC | Source = WinMgmt | ID = 10
Description =
Error - 13.04.2013 13:09:51 | Computer Name = ****-PC | Source = WinMgmt | ID = 10
Description =
Error - 15.04.2013 13:57:43 | Computer Name = ****-PC | Source = WinMgmt | ID = 10
Description =
Error - 16.04.2013 15:05:27 | Computer Name = ****-PC | Source = WinMgmt | ID = 10
Description =
Error - 17.04.2013 13:14:22 | Computer Name = ****-PC | Source = WinMgmt | ID = 10
Description =
Error - 18.04.2013 15:37:07 | Computer Name = ****-PC | Source = WinMgmt | ID = 10
Description =
Error - 20.04.2013 15:19:08 | Computer Name = ****-PC | Source = WinMgmt | ID = 10
Description =
Error - 21.04.2013 13:08:15 | Computer Name = ****-PC | Source = WinMgmt | ID = 10
Description =
Error - 23.04.2013 13:35:33 | Computer Name = ****-PC | Source = WinMgmt | ID = 10
Description =
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 23.04.2013 13:34:21 | Computer Name = ****-PC | Source = acvpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
303 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31588307
(0xFE1E002D) Description: SOCKETTRANSPORT_ERROR_CONNECT_CANCELED:An asynchronous
connection has been canceled during its initiation.
Error - 23.04.2013 13:34:21 | Computer Name = ****-PC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp
Line:
1323 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28966899
(0xFE46000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could
not contact target
Error - 23.04.2013 13:34:21 | Computer Name = ****-PC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
772 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28966899 (0xFE46000D)
Description:
NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target
Error - 23.04.2013 13:34:51 | Computer Name = ****-PC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::analyzeHttpResponse File: .\NetEnvironment.cpp
Line:
1509 Invoked Function: CCertHelper::VerifyServerCertificate Return Code: -31391706
(0xFE210026) Description: CERTIFICATE_ERROR_VERIFY_POLICY_FAILED:Certificate failed
a policy check server name: vpn-unidsl.rwth-aachen.de
Error - 23.04.2013 13:34:53 | Computer Name = ****-PC | Source = acvpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
303 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31588307
(0xFE1E002D) Description: SOCKETTRANSPORT_ERROR_CONNECT_CANCELED:An asynchronous
connection has been canceled during its initiation.
Error - 23.04.2013 13:34:53 | Computer Name = ****-PC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp
Line:
1323 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28966899
(0xFE46000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could
not contact target
Error - 23.04.2013 13:34:53 | Computer Name = ****-PC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
772 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28966899 (0xFE46000D)
Description:
NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target
Error - 23.04.2013 13:38:44 | Computer Name = ****-PC | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
274 m_pIServicePlugin is NULL
Error - 23.04.2013 13:38:44 | Computer Name = ****-PC | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
274 m_pIServicePlugin is NULL
Error - 23.04.2013 13:38:44 | Computer Name = ****-PC | Source = acvpnagent | ID = 67108865
Description = Function: CTelemetryPluginMgr::GetSettings File: .\TelemetryPluginMgr.cpp
Line:
311 m_pITelemetryPlugin is NULL
[ System Events ]
Error - 21.03.2013 12:50:56 | Computer Name = ****-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR4 gefunden.
Error - 21.03.2013 12:50:56 | Computer Name = ****-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR4 gefunden.
Error - 21.03.2013 12:50:57 | Computer Name = ****-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR4 gefunden.
Error - 02.04.2013 17:31:25 | Computer Name = ****-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR4 gefunden.
Error - 02.04.2013 17:31:26 | Computer Name = ****-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR4 gefunden.
Error - 02.04.2013 17:31:27 | Computer Name = ****-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR4 gefunden.
Error - 11.04.2013 13:39:30 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.
Error - 11.04.2013 13:39:30 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 23.04.2013 14:08:56 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.
Error - 23.04.2013 14:08:56 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-23 22:12:41
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 Samsung_SSD_840_Series rev.DXT06B0Q 111,79GB
Running: h4ucxbhr.exe; Driver: C:\Users\CHRIST~1\AppData\Local\Temp\kgtiruod.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 696 fffff800037b9088 7 bytes [04, AD, 69, 02, 0D, AD, 69]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3200] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 0000000076fd000c 1 byte [C3]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3200] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 000000007705f85a 5 bytes JMP 000000017700d571
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe[6048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b21465 2 bytes [B2, 75]
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe[6048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b214bb 2 bytes [B2, 75]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\SysWOW64\ntdll.dll [1764:1768] 00000000001bd227
Thread C:\Windows\SysWOW64\ntdll.dll [1764:2456] 000000007291e2db
Thread C:\Windows\SysWOW64\ntdll.dll [1764:2596] 0000000070b58df0
Thread C:\Windows\SysWOW64\ntdll.dll [1764:2600] 0000000070b58df0
Thread C:\Windows\SysWOW64\ntdll.dll [1764:2604] 0000000070b58df0
Thread C:\Windows\SysWOW64\ntdll.dll [1764:2608] 0000000070b54e70
Thread C:\Windows\SysWOW64\ntdll.dll [4068:5576] 0000000000652870
Thread C:\Windows\SysWOW64\ntdll.dll [4068:2760] 0000000000406a04
Thread C:\Windows\SysWOW64\ntdll.dll [4068:1392] 0000000000406a04
Thread C:\Windows\SysWOW64\ntdll.dll [4068:2148] 0000000000406a04
Thread C:\Windows\SysWOW64\ntdll.dll [4068:4292] 0000000000406a04
Thread C:\Windows\SysWOW64\ntdll.dll [4068:4188] 0000000000406a04
Thread C:\Windows\SysWOW64\ntdll.dll [4068:6052] 0000000000406a04
Thread C:\Windows\SysWOW64\ntdll.dll [4068:4960] 0000000000406a04
Thread C:\Windows\SysWOW64\ntdll.dll [4068:4668] 0000000000406a04
Thread C:\Windows\SysWOW64\ntdll.dll [4068:4756] 0000000000406a04
Thread C:\Windows\SysWOW64\ntdll.dll [4068:4980] 0000000000406a04
Thread C:\Windows\SysWOW64\ntdll.dll [4068:5924] 0000000000406a04
Thread C:\Windows\SysWOW64\ntdll.dll [4068:3468] 0000000000406a04
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
|
24.04.2013, 14:08
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | TR/Crypt.ZPACK.Gen nach Anschließen vom Handy gefunden Hallo und
__________________ Zitat:
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner? Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
24.04.2013, 19:43
| #3 |
| | TR/Crypt.ZPACK.Gen nach Anschließen vom Handy gefunden Hallo cosinus,
__________________schon einmal vielen Dank. Ich hab nach der Meldung noch einen Suchlauf von Antivir und einen von Emisoft Anti-Malware machen lassen. Die aber beide meiner Meinung nach nichts gefunden haben. Hier kommen die beiden: Antivir: Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Dienstag, 23. April 2013 19:40
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Professional
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : ****
Computername : ****-PC
Versionsinformationen:
BUILD.DAT : 13.0.0.3499 49286 Bytes 19.03.2013 16:29:00
AVSCAN.EXE : 13.6.0.986 639712 Bytes 02.04.2013 18:03:24
AVSCANRC.DLL : 13.4.0.360 64800 Bytes 28.11.2012 14:09:15
LUKE.DLL : 13.6.0.902 67808 Bytes 02.04.2013 18:03:30
AVSCPLR.DLL : 13.6.0.986 94944 Bytes 19.03.2013 16:53:52
AVREG.DLL : 13.6.0.940 250592 Bytes 19.03.2013 16:53:52
avlode.dll : 13.6.2.940 434912 Bytes 02.04.2013 18:03:24
avlode.rdf : 13.0.0.46 15591 Bytes 02.04.2013 18:03:33
VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 20:08:47
VBASE001.VDF : 7.11.70.1 2048 Bytes 04.04.2013 20:08:48
VBASE002.VDF : 7.11.70.2 2048 Bytes 04.04.2013 20:08:48
VBASE003.VDF : 7.11.70.3 2048 Bytes 04.04.2013 20:08:48
VBASE004.VDF : 7.11.70.4 2048 Bytes 04.04.2013 20:08:48
VBASE005.VDF : 7.11.70.5 2048 Bytes 04.04.2013 20:08:48
VBASE006.VDF : 7.11.70.6 2048 Bytes 04.04.2013 20:08:49
VBASE007.VDF : 7.11.70.7 2048 Bytes 04.04.2013 20:08:49
VBASE008.VDF : 7.11.70.8 2048 Bytes 04.04.2013 20:08:49
VBASE009.VDF : 7.11.70.9 2048 Bytes 04.04.2013 20:08:49
VBASE010.VDF : 7.11.70.10 2048 Bytes 04.04.2013 20:08:49
VBASE011.VDF : 7.11.70.11 2048 Bytes 04.04.2013 20:08:49
VBASE012.VDF : 7.11.70.12 2048 Bytes 04.04.2013 20:08:49
VBASE013.VDF : 7.11.70.13 2048 Bytes 04.04.2013 20:08:50
VBASE014.VDF : 7.11.70.103 136192 Bytes 05.04.2013 15:55:38
VBASE015.VDF : 7.11.70.183 183808 Bytes 06.04.2013 15:55:45
VBASE016.VDF : 7.11.71.9 145920 Bytes 08.04.2013 17:21:17
VBASE017.VDF : 7.11.71.115 169472 Bytes 10.04.2013 17:21:17
VBASE018.VDF : 7.11.71.197 172544 Bytes 11.04.2013 17:21:18
VBASE019.VDF : 7.11.72.17 135168 Bytes 12.04.2013 18:49:25
VBASE020.VDF : 7.11.72.103 158208 Bytes 15.04.2013 18:02:04
VBASE021.VDF : 7.11.72.137 152064 Bytes 15.04.2013 18:02:04
VBASE022.VDF : 7.11.72.223 159232 Bytes 16.04.2013 19:08:40
VBASE023.VDF : 7.11.73.59 204288 Bytes 18.04.2013 19:40:19
VBASE024.VDF : 7.11.73.133 164864 Bytes 19.04.2013 19:22:19
VBASE025.VDF : 7.11.73.201 225792 Bytes 22.04.2013 17:38:44
VBASE026.VDF : 7.11.73.251 161280 Bytes 23.04.2013 17:38:45
VBASE027.VDF : 7.11.73.252 2048 Bytes 23.04.2013 17:38:45
VBASE028.VDF : 7.11.73.253 2048 Bytes 23.04.2013 17:38:45
VBASE029.VDF : 7.11.73.254 2048 Bytes 23.04.2013 17:38:45
VBASE030.VDF : 7.11.73.255 2048 Bytes 23.04.2013 17:38:45
VBASE031.VDF : 7.11.74.24 19456 Bytes 23.04.2013 17:38:45
Engineversion : 8.2.12.30
AEVDF.DLL : 8.1.2.10 102772 Bytes 19.09.2012 13:42:55
AESCRIPT.DLL : 8.1.4.106 483709 Bytes 11.04.2013 17:21:20
AESCN.DLL : 8.1.10.4 131446 Bytes 02.04.2013 18:03:22
AESBX.DLL : 8.2.5.12 606578 Bytes 28.08.2012 15:58:06
AERDL.DLL : 8.2.0.88 643444 Bytes 10.01.2013 23:39:20
AEPACK.DLL : 8.3.2.6 827767 Bytes 02.04.2013 18:03:22
AEOFFICE.DLL : 8.1.2.56 205180 Bytes 09.03.2013 16:11:34
AEHEUR.DLL : 8.1.4.302 5890425 Bytes 18.04.2013 19:40:22
AEHELP.DLL : 8.1.25.2 258423 Bytes 12.10.2012 14:52:32
AEGEN.DLL : 8.1.7.2 442741 Bytes 02.04.2013 18:03:20
AEEXP.DLL : 8.4.0.22 196982 Bytes 18.04.2013 19:40:22
AEEMU.DLL : 8.1.3.2 393587 Bytes 19.09.2012 13:42:55
AECORE.DLL : 8.1.31.2 201080 Bytes 19.02.2013 19:00:08
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 14:00:38
AVWINLL.DLL : 13.6.0.480 26480 Bytes 16.02.2013 20:06:28
AVPREF.DLL : 13.6.0.480 51056 Bytes 16.02.2013 20:06:38
AVREP.DLL : 13.6.0.480 178544 Bytes 05.02.2013 18:25:51
AVARKT.DLL : 13.6.0.902 260832 Bytes 02.04.2013 18:03:22
AVEVTLOG.DLL : 13.6.0.902 167648 Bytes 02.04.2013 18:03:23
SQLITE3.DLL : 3.7.0.1 397088 Bytes 19.09.2012 17:17:40
AVSMTP.DLL : 13.6.0.480 62832 Bytes 16.02.2013 20:06:38
NETNT.DLL : 13.6.0.480 16240 Bytes 16.02.2013 20:06:45
RCIMAGE.DLL : 13.4.0.360 4780832 Bytes 28.11.2012 14:09:40
RCTEXT.DLL : 13.6.0.976 69344 Bytes 02.04.2013 18:03:18
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, E:, F:, G:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+SPR,
Beginn des Suchlaufs: Dienstag, 23. April 2013 19:40
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD2
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'E:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'F:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'G:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Fehler in der ARK Library
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'a2service.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '97' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '111' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '157' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'vpnagent.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'BingDesktopUpdater.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'HeciServer.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'jhi_service.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'Netzmanager_Service.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'ServiioService.exe' - '15' Modul(e) wurden durchsucht
Durchsuche Prozess 'ServiioService.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'viakaraokesrv.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '190' Modul(e) wurden durchsucht
Durchsuche Prozess 'StikyNot.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '156' Modul(e) wurden durchsucht
Durchsuche Prozess 'KiesPDLR.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'PureSyncTray.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'Kies.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'UltraMon.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'ONENOTEM.EXE' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'UltraMonTaskbar.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'VDeck.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'iusb3mon.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '95' Modul(e) wurden durchsucht
Durchsuche Prozess 'vpnui.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'MOM.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '90' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCC.exe' - '221' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '116' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'opera.exe' - '131' Modul(e) wurden durchsucht
Durchsuche Prozess 'RTSHookInterop.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '113' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_7_700_169.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_7_700_169.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'jbUpdater.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'UltraMonUiAcc.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'sppsvc.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'TrustedInstaller.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '157' Modul(e) wurden durchsucht
Durchsuche Prozess 'notepad.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '113' Modul(e) wurden durchsucht
Durchsuche Prozess 'RTSHookInterop.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '2807' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\'
Beginne mit der Suche in 'E:\' <Data>
Beginne mit der Suche in 'F:\' <Volumen>
Beginne mit der Suche in 'G:\' <Backup>
Ende des Suchlaufs: Dienstag, 23. April 2013 21:19
Benötigte Zeit: 1:38:25 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
38212 Verzeichnisse wurden überprüft
1250481 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
1250481 Dateien ohne Befall
19209 Archive wurden durchsucht
0 Warnungen
0 Hinweise
80 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
Code:
ATTFilter
Emsisoft Anti-Malware - Version 7.0
Letztes Update: 23.04.2013 20:00:32
Scan Einstellungen:
Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, E:\, F:\, G:\
Riskware-Erkennung: Aus
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus
Scan Beginn: 23.04.2013 20:02:54
Gescannt 584454
Gefunden 0
Scan Ende: 23.04.2013 21:08:38
Scan Zeit: 1:05:44
Antivir zeig mir noch an, dass es am 19.01.2013 eine Datei in Quarantäne geschoben hat (DR/Dldr.DNSChanger.Gen in C:\Users\***\AppData\Local\Opera\Opera\cache\g007D\opr00P14.tmp), da hab ich aber kein log zu gefunden und kann mich auch nicht dran erinnern was angezeigt bekommen zu haben. Vielen Dank PS: Zur Windows-Version, da hab ich Professional, weil ich das kostenlos über die Uni beziehen kann. |
|
24.04.2013, 23:21
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.ZPACK.Gen nach Anschließen vom Handy gefunden Ok, danke für die Erklärung  Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.04.2013, 18:02
| #5 |
| | TR/Crypt.ZPACK.Gen nach Anschließen vom Handy gefunden Hallo, habe die drei Programme wie beschrieben ausgeführt. Allerdings wollte sich mein Rechner kein mal neu starten. Hier kommen die Logs: MBAR: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.04.25.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Christoph :: ****-PC [administrator]
25.04.2013 18:39:22
mbar-log-2013-04-25 (18-39-22).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29453
Time elapsed: 2 minute(s), 57 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-25 18:42:54
-----------------------------
18:42:54.526 OS Version: Windows x64 6.1.7601 Service Pack 1
18:42:54.526 Number of processors: 4 586 0x3A09
18:42:54.526 ComputerName: ***-PC UserName: ****
18:42:54.534 Initialze error 1
18:44:05.242 AVAST engine defs: 13042500
18:45:42.817 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:45:42.820 Disk 0 Vendor: SAMSUNG_HD103UJ 1AA01118 Size: 953869MB BusType: 3
18:45:42.822 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
18:45:42.825 Disk 1 Vendor: Samsung_SSD_840_Series DXT06B0Q Size: 114473MB BusType: 3
18:45:42.827 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T1L0-3
18:45:42.830 Disk 2 Vendor: WDC_WD20EARS-00MVWB0 51.0AB51 Size: 1907729MB BusType: 3
18:45:42.834 Disk 1 MBR read successfully
18:45:42.837 Disk 1 MBR scan
18:45:42.843 Disk 1 unknown MBR code
18:45:42.847 Disk 1 Partition 1 00 EE GPT 2097151 MB offset 1
18:45:42.851 Disk 1 scanning C:\Windows\system32\drivers
18:45:42.853 Service scanning
18:45:43.701 Modules scanning
18:45:43.705 Disk 1 trace - called modules:
18:45:43.708 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
18:45:43.711 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8006eeb060]
18:45:43.713 3 CLASSPNP.SYS[fffff880018b743f] -> nt!IofCallDriver -> [0xfffffa8006c94520]
18:45:43.715 5 ACPI.sys[fffff88000f6e7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8006a85060]
18:45:43.718 AVAST engine scan C:\Windows
18:45:43.721 AVAST engine scan C:\Windows\system32
18:45:43.723 AVAST engine scan C:\Windows\system32\drivers
18:45:43.725 AVAST engine scan C:\Users\****
18:45:43.728 AVAST engine scan C:\ProgramData
18:45:43.730 Scan finished successfully
18:45:59.384 Disk 1 MBR has been saved successfully to "C:\Users\****\Desktop\MBR.dat"
18:45:59.387 The log file has been saved successfully to "C:\Users\****\Desktop\aswMBR.txt"
Code:
ATTFilter 18:52:44.0300 6016 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:52:44.0300 6016 UEFI system
18:52:44.0487 6016 ============================================================
18:52:44.0487 6016 Current date / time: 2013/04/25 18:52:44.0487
18:52:44.0487 6016 SystemInfo:
18:52:44.0487 6016
18:52:44.0487 6016 OS Version: 6.1.7601 ServicePack: 1.0
18:52:44.0487 6016 Product type: Workstation
18:52:44.0487 6016 ComputerName: ****-PC
18:52:44.0487 6016 UserName: ****
18:52:44.0487 6016 Windows directory: C:\Windows
18:52:44.0487 6016 System windows directory: C:\Windows
18:52:44.0487 6016 Running under WOW64
18:52:44.0487 6016 Processor architecture: Intel x64
18:52:44.0487 6016 Number of processors: 4
18:52:44.0487 6016 Page size: 0x1000
18:52:44.0487 6016 Boot type: Normal boot
18:52:44.0487 6016 ============================================================
18:52:44.0779 6016 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:52:44.0779 6016 Drive \Device\Harddisk1\DR1 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:52:44.0779 6016 Drive \Device\Harddisk2\DR2 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:52:44.0782 6016 ============================================================
18:52:44.0782 6016 \Device\Harddisk0\DR0:
18:52:44.0782 6016 MBR partitions:
18:52:44.0782 6016 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
18:52:44.0782 6016 \Device\Harddisk1\DR1:
18:52:44.0782 6016 GPT partitions:
18:52:44.0782 6016 \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {89635EA0-D93D-4EE1-999A-359E5F58AFC5}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x32000
18:52:44.0782 6016 \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {EC4CECC4-F58B-4E50-92D3-E369B02226B3}, Name: Microsoft reserved partition, StartLBA 0x32800, BlocksNum 0x40000
18:52:44.0782 6016 \Device\Harddisk1\DR1\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {D0D467DA-B24C-47BE-8040-1EBACE9DA159}, Name: Basic data partition, StartLBA 0x72800, BlocksNum 0xDF22000
18:52:44.0782 6016 MBR partitions:
18:52:44.0782 6016 \Device\Harddisk2\DR2:
18:52:44.0782 6016 MBR partitions:
18:52:44.0782 6016 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAA607800
18:52:44.0783 6016 \Device\Harddisk2\DR2\Partition2: MBR, Type 0x7, StartLBA 0xAA608000, BlocksNum 0x3E7FF800
18:52:44.0783 6016 ============================================================
18:52:44.0783 6016 C: <-> \Device\Harddisk1\DR1\Partition3
18:52:45.0214 6016 F: <-> \Device\Harddisk2\DR2\Partition1
18:52:45.0225 6016 E: <-> \Device\Harddisk0\DR0\Partition1
18:52:45.0253 6016 G: <-> \Device\Harddisk2\DR2\Partition2
18:52:45.0253 6016 ============================================================
18:52:45.0253 6016 Initialize success
18:52:45.0253 6016 ============================================================
18:53:08.0605 4532 ============================================================
18:53:08.0605 4532 Scan started
18:53:08.0605 4532 Mode: Manual; SigCheck; TDLFS;
18:53:08.0605 4532 ============================================================
18:53:08.0756 4532 ================ Scan system memory ========================
18:53:08.0756 4532 System memory - ok
18:53:08.0757 4532 ================ Scan services =============================
18:53:08.0789 4532 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:53:08.0830 4532 1394ohci - ok
18:53:08.0835 4532 [ 2D6434E957F7CFA0035C20890F77BBC6 ] a2acc C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys
18:53:09.0267 4532 a2acc - ok
18:53:09.0289 4532 [ A7F08A73F2668FCD2B51A66751FA7FF3 ] a2AntiMalware C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
18:53:09.0323 4532 a2AntiMalware - ok
18:53:09.0326 4532 [ D27A8B7BB0E15DFBFC6B4E774EE17AD9 ] A2DDA C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys
18:53:09.0331 4532 A2DDA - ok
18:53:09.0335 4532 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:53:09.0343 4532 ACPI - ok
18:53:09.0345 4532 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:53:09.0353 4532 AcpiPmi - ok
18:53:09.0356 4532 [ E5568164C070A4988BD79C896920B3C6 ] acsock C:\Windows\system32\DRIVERS\acsock64.sys
18:53:09.0362 4532 acsock - ok
18:53:09.0364 4532 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:53:09.0369 4532 AdobeARMservice - ok
18:53:09.0393 4532 [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:53:09.0400 4532 AdobeFlashPlayerUpdateSvc - ok
18:53:09.0405 4532 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:53:09.0415 4532 adp94xx - ok
18:53:09.0419 4532 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:53:09.0427 4532 adpahci - ok
18:53:09.0431 4532 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:53:09.0437 4532 adpu320 - ok
18:53:09.0440 4532 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:53:09.0459 4532 AeLookupSvc - ok
18:53:09.0464 4532 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:53:09.0473 4532 AFD - ok
18:53:09.0476 4532 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:53:09.0482 4532 agp440 - ok
18:53:09.0484 4532 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:53:09.0493 4532 ALG - ok
18:53:09.0495 4532 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:53:09.0500 4532 aliide - ok
18:53:09.0503 4532 [ 4EAAAAB8759644D572522FBCDD196A13 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
18:53:09.0513 4532 AMD External Events Utility - ok
18:53:09.0516 4532 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:53:09.0521 4532 amdide - ok
18:53:09.0523 4532 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:53:09.0530 4532 AmdK8 - ok
18:53:09.0595 4532 [ 22A14DF59FB8D0BE918C597988AF4296 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
18:53:09.0666 4532 amdkmdag - ok
18:53:09.0672 4532 [ EE22D3ED6D55A855E709F811CCCA97ED ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
18:53:09.0684 4532 amdkmdap - ok
18:53:09.0686 4532 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
18:53:09.0692 4532 AmdPPM - ok
18:53:09.0695 4532 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:53:09.0701 4532 amdsata - ok
18:53:09.0704 4532 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
18:53:09.0710 4532 amdsbs - ok
18:53:09.0712 4532 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:53:09.0717 4532 amdxata - ok
18:53:09.0722 4532 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
18:53:09.0727 4532 AntiVirSchedulerService - ok
18:53:09.0730 4532 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
18:53:09.0734 4532 AntiVirService - ok
18:53:09.0737 4532 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:53:09.0755 4532 AppID - ok
18:53:09.0757 4532 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:53:09.0776 4532 AppIDSvc - ok
18:53:09.0779 4532 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
18:53:09.0797 4532 Appinfo - ok
18:53:09.0799 4532 [ BA957E7ACD2B44FA3B01FAA64F6A9060 ] AppleCharger C:\Windows\system32\DRIVERS\AppleCharger.sys
18:53:09.0804 4532 AppleCharger - ok
18:53:09.0806 4532 [ 95EF7247C50C7241FDAE39A9B3AFF4AE ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe
18:53:09.0810 4532 AppleChargerSrv - ok
18:53:09.0813 4532 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
18:53:09.0820 4532 AppMgmt - ok
18:53:09.0823 4532 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
18:53:09.0828 4532 arc - ok
18:53:09.0831 4532 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:53:09.0836 4532 arcsas - ok
18:53:09.0845 4532 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:53:09.0851 4532 aspnet_state - ok
18:53:09.0853 4532 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:53:09.0871 4532 AsyncMac - ok
18:53:09.0873 4532 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:53:09.0878 4532 atapi - ok
18:53:09.0882 4532 [ 437F55435623D4D54D36197F5AD8B435 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
18:53:09.0888 4532 AtiHDAudioService - ok
18:53:09.0892 4532 [ FC0E8778C000291CAF60EB88C011E931 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
18:53:09.0900 4532 atksgt - ok
18:53:09.0906 4532 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:53:09.0929 4532 AudioEndpointBuilder - ok
18:53:09.0935 4532 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:53:09.0955 4532 AudioSrv - ok
18:53:09.0958 4532 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
18:53:09.0964 4532 avgntflt - ok
18:53:09.0967 4532 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
18:53:09.0972 4532 avipbb - ok
18:53:09.0974 4532 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
18:53:09.0979 4532 avkmgr - ok
18:53:09.0981 4532 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:53:09.0996 4532 AxInstSV - ok
18:53:10.0001 4532 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
18:53:10.0009 4532 b06bdrv - ok
18:53:10.0013 4532 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:53:10.0020 4532 b57nd60a - ok
18:53:10.0024 4532 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:53:10.0030 4532 BDESVC - ok
18:53:10.0032 4532 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:53:10.0050 4532 Beep - ok
18:53:10.0057 4532 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
18:53:10.0078 4532 BFE - ok
18:53:10.0081 4532 [ 85D5E6AC46A2AE4672C1AC813AE45B95 ] BingDesktopUpdate C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
18:53:10.0088 4532 BingDesktopUpdate - ok
18:53:10.0096 4532 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
18:53:10.0118 4532 BITS - ok
18:53:10.0120 4532 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:53:10.0127 4532 blbdrive - ok
18:53:10.0129 4532 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:53:10.0135 4532 bowser - ok
18:53:10.0137 4532 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
18:53:10.0144 4532 BrFiltLo - ok
18:53:10.0146 4532 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
18:53:10.0153 4532 BrFiltUp - ok
18:53:10.0156 4532 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
18:53:10.0163 4532 Browser - ok
18:53:10.0167 4532 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:53:10.0175 4532 Brserid - ok
18:53:10.0177 4532 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:53:10.0185 4532 BrSerWdm - ok
18:53:10.0187 4532 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:53:10.0194 4532 BrUsbMdm - ok
18:53:10.0196 4532 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:53:10.0202 4532 BrUsbSer - ok
18:53:10.0204 4532 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:53:10.0212 4532 BTHMODEM - ok
18:53:10.0215 4532 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:53:10.0233 4532 bthserv - ok
18:53:10.0236 4532 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:53:10.0254 4532 cdfs - ok
18:53:10.0257 4532 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:53:10.0263 4532 cdrom - ok
18:53:10.0266 4532 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:53:10.0284 4532 CertPropSvc - ok
18:53:10.0286 4532 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
18:53:10.0294 4532 circlass - ok
18:53:10.0298 4532 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:53:10.0306 4532 CLFS - ok
18:53:10.0311 4532 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:53:10.0316 4532 clr_optimization_v2.0.50727_32 - ok
18:53:10.0321 4532 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:53:10.0326 4532 clr_optimization_v2.0.50727_64 - ok
18:53:10.0333 4532 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:53:10.0339 4532 clr_optimization_v4.0.30319_32 - ok
18:53:10.0341 4532 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:53:10.0347 4532 clr_optimization_v4.0.30319_64 - ok
18:53:10.0349 4532 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
18:53:10.0355 4532 CmBatt - ok
18:53:10.0357 4532 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:53:10.0362 4532 cmdide - ok
18:53:10.0367 4532 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
18:53:10.0379 4532 CNG - ok
18:53:10.0381 4532 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
18:53:10.0386 4532 Compbatt - ok
18:53:10.0388 4532 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
18:53:10.0395 4532 CompositeBus - ok
18:53:10.0397 4532 COMSysApp - ok
18:53:10.0422 4532 [ 78AF1C499BF02F9814DF959A04A4F9C9 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
18:53:10.0430 4532 cphs - ok
18:53:10.0433 4532 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:53:10.0439 4532 crcdisk - ok
18:53:10.0443 4532 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:53:10.0450 4532 CryptSvc - ok
18:53:10.0456 4532 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
18:53:10.0465 4532 CSC - ok
18:53:10.0471 4532 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
18:53:10.0481 4532 CscService - ok
18:53:10.0487 4532 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:53:10.0509 4532 DcomLaunch - ok
18:53:10.0513 4532 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:53:10.0533 4532 defragsvc - ok
18:53:10.0536 4532 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:53:10.0554 4532 DfsC - ok
18:53:10.0557 4532 [ 41AC348DBD378F618CB4FDEE54270692 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
18:53:10.0563 4532 dg_ssudbus - ok
18:53:10.0567 4532 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:53:10.0575 4532 Dhcp - ok
18:53:10.0577 4532 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:53:10.0595 4532 discache - ok
18:53:10.0598 4532 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
18:53:10.0603 4532 Disk - ok
18:53:10.0605 4532 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
18:53:10.0612 4532 dmvsc - ok
18:53:10.0615 4532 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:53:10.0622 4532 Dnscache - ok
18:53:10.0626 4532 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:53:10.0645 4532 dot3svc - ok
18:53:10.0648 4532 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:53:10.0666 4532 DPS - ok
18:53:10.0668 4532 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:53:10.0676 4532 drmkaud - ok
18:53:10.0683 4532 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:53:10.0696 4532 DXGKrnl - ok
18:53:10.0698 4532 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:53:10.0717 4532 EapHost - ok
18:53:10.0739 4532 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
18:53:10.0763 4532 ebdrv - ok
18:53:10.0765 4532 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:53:10.0772 4532 EFS - ok
18:53:10.0779 4532 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:53:10.0791 4532 ehRecvr - ok
18:53:10.0793 4532 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:53:10.0800 4532 ehSched - ok
18:53:10.0805 4532 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:53:10.0814 4532 elxstor - ok
18:53:10.0816 4532 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:53:10.0823 4532 ErrDev - ok
18:53:10.0826 4532 [ 3DBC10CBC436288801FAEE66DE91AE47 ] EtronHub3 C:\Windows\system32\Drivers\EtronHub3.sys
18:53:10.0832 4532 EtronHub3 - ok
18:53:10.0835 4532 [ DE261095A2220D400D9603E1E42D4185 ] EtronXHCI C:\Windows\system32\Drivers\EtronXHCI.sys
18:53:10.0840 4532 EtronXHCI - ok
18:53:10.0846 4532 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:53:10.0867 4532 EventSystem - ok
18:53:10.0871 4532 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:53:10.0890 4532 exfat - ok
18:53:10.0894 4532 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:53:10.0913 4532 fastfat - ok
18:53:10.0919 4532 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:53:10.0930 4532 Fax - ok
18:53:10.0932 4532 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
18:53:10.0938 4532 fdc - ok
18:53:10.0940 4532 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:53:10.0958 4532 fdPHost - ok
18:53:10.0960 4532 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:53:10.0978 4532 FDResPub - ok
18:53:10.0981 4532 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:53:10.0986 4532 FileInfo - ok
18:53:10.0988 4532 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:53:11.0006 4532 Filetrace - ok
18:53:11.0012 4532 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:53:11.0019 4532 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
18:53:11.0019 4532 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
18:53:11.0021 4532 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
18:53:11.0026 4532 flpydisk - ok
18:53:11.0030 4532 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:53:11.0037 4532 FltMgr - ok
18:53:11.0046 4532 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
18:53:11.0059 4532 FontCache - ok
18:53:11.0062 4532 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:53:11.0066 4532 FontCache3.0.0.0 - ok
18:53:11.0068 4532 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:53:11.0073 4532 FsDepends - ok
18:53:11.0076 4532 [ DDEE99DC54EFA20BD5A442CD733C4462 ] FsUsbExDisk C:\Windows\SysWOW64\FsUsbExDisk.SYS
18:53:11.0078 4532 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
18:53:11.0078 4532 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
18:53:11.0081 4532 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:53:11.0086 4532 Fs_Rec - ok
18:53:11.0089 4532 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:53:11.0097 4532 fvevol - ok
18:53:11.0099 4532 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:53:11.0105 4532 gagp30kx - ok
18:53:11.0106 4532 gdrv - ok
18:53:11.0113 4532 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:53:11.0135 4532 gpsvc - ok
18:53:11.0137 4532 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:53:11.0143 4532 hcw85cir - ok
18:53:11.0147 4532 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:53:11.0157 4532 HdAudAddService - ok
18:53:11.0160 4532 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:53:11.0168 4532 HDAudBus - ok
18:53:11.0170 4532 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
18:53:11.0176 4532 HidBatt - ok
18:53:11.0178 4532 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:53:11.0186 4532 HidBth - ok
18:53:11.0188 4532 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
18:53:11.0195 4532 HidIr - ok
18:53:11.0197 4532 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
18:53:11.0216 4532 hidserv - ok
18:53:11.0218 4532 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:53:11.0224 4532 HidUsb - ok
18:53:11.0226 4532 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:53:11.0244 4532 hkmsvc - ok
18:53:11.0248 4532 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:53:11.0255 4532 HomeGroupListener - ok
18:53:11.0259 4532 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:53:11.0266 4532 HomeGroupProvider - ok
18:53:11.0268 4532 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:53:11.0273 4532 HpSAMD - ok
18:53:11.0280 4532 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:53:11.0302 4532 HTTP - ok
18:53:11.0304 4532 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:53:11.0309 4532 hwpolicy - ok
18:53:11.0312 4532 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:53:11.0318 4532 i8042prt - ok
18:53:11.0324 4532 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:53:11.0332 4532 iaStorV - ok
18:53:11.0340 4532 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:53:11.0351 4532 idsvc - ok
18:53:11.0383 4532 [ A1CF07D24EDCDC6870535471654D957C ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
18:53:11.0422 4532 igfx - ok
18:53:11.0425 4532 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:53:11.0430 4532 iirsp - ok
18:53:11.0438 4532 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:53:11.0460 4532 IKEEXT - ok
18:53:11.0465 4532 [ F5495B38BFB9149925F54F65AB40EFBF ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
18:53:11.0472 4532 IntcDAud - ok
18:53:11.0479 4532 [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
18:53:11.0488 4532 Intel(R) Capability Licensing Service Interface - ok
18:53:11.0490 4532 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:53:11.0496 4532 intelide - ok
18:53:11.0498 4532 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:53:11.0505 4532 intelppm - ok
18:53:11.0507 4532 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:53:11.0527 4532 IPBusEnum - ok
18:53:11.0529 4532 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:53:11.0547 4532 IpFilterDriver - ok
18:53:11.0569 4532 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:53:11.0578 4532 iphlpsvc - ok
18:53:11.0581 4532 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:53:11.0587 4532 IPMIDRV - ok
18:53:11.0590 4532 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:53:11.0608 4532 IPNAT - ok
18:53:11.0610 4532 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:53:11.0618 4532 IRENUM - ok
18:53:11.0621 4532 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:53:11.0626 4532 isapnp - ok
18:53:11.0629 4532 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:53:11.0636 4532 iScsiPrt - ok
18:53:11.0638 4532 [ D596D915CF091DA1F8CE4BD38BB5D509 ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
18:53:11.0643 4532 iusb3hcs - ok
18:53:11.0647 4532 [ 023896E23B61543A15A230EED996D911 ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
18:53:11.0653 4532 iusb3hub - ok
18:53:11.0661 4532 [ 7FAEC13F1ADD619F4B5B2D2CBF841E8E ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
18:53:11.0671 4532 iusb3xhc - ok
18:53:11.0675 4532 [ 78ABBE558F57144047F10A0F50FE4B2F ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
18:53:11.0680 4532 jhi_service - ok
18:53:11.0682 4532 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:53:11.0687 4532 kbdclass - ok
18:53:11.0689 4532 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:53:11.0695 4532 kbdhid - ok
18:53:11.0697 4532 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:53:11.0703 4532 KeyIso - ok
18:53:11.0706 4532 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:53:11.0712 4532 KSecDD - ok
18:53:11.0715 4532 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:53:11.0720 4532 KSecPkg - ok
18:53:11.0723 4532 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:53:11.0741 4532 ksthunk - ok
18:53:11.0745 4532 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:53:11.0766 4532 KtmRm - ok
18:53:11.0769 4532 [ A43A9920D2409BB9DA747D2FD20A2E61 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
18:53:11.0773 4532 L1C - ok
18:53:11.0777 4532 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
18:53:11.0796 4532 LanmanServer - ok
18:53:11.0800 4532 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:53:11.0818 4532 LanmanWorkstation - ok
18:53:11.0822 4532 [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
18:53:11.0827 4532 lirsgt - ok
18:53:11.0829 4532 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:53:11.0847 4532 lltdio - ok
18:53:11.0851 4532 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:53:11.0871 4532 lltdsvc - ok
18:53:11.0873 4532 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:53:11.0892 4532 lmhosts - ok
18:53:11.0895 4532 [ 2C24DC448DBE8DB9BE1441B824C57E79 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
18:53:11.0901 4532 LMS - ok
18:53:11.0905 4532 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:53:11.0911 4532 LSI_FC - ok
18:53:11.0913 4532 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:53:11.0918 4532 LSI_SAS - ok
18:53:11.0921 4532 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
18:53:11.0926 4532 LSI_SAS2 - ok
18:53:11.0928 4532 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:53:11.0934 4532 LSI_SCSI - ok
18:53:11.0936 4532 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:53:11.0955 4532 luafv - ok
18:53:11.0957 4532 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:53:11.0964 4532 Mcx2Svc - ok
18:53:11.0966 4532 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
18:53:11.0971 4532 megasas - ok
18:53:11.0975 4532 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
18:53:11.0982 4532 MegaSR - ok
18:53:11.0984 4532 [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
18:53:11.0989 4532 MEIx64 - ok
18:53:11.0994 4532 Microsoft SharePoint Workspace Audit Service - ok
18:53:11.0996 4532 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:53:12.0015 4532 MMCSS - ok
18:53:12.0017 4532 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:53:12.0035 4532 Modem - ok
18:53:12.0038 4532 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:53:12.0045 4532 monitor - ok
18:53:12.0047 4532 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:53:12.0052 4532 mouclass - ok
18:53:12.0054 4532 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:53:12.0061 4532 mouhid - ok
18:53:12.0063 4532 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:53:12.0069 4532 mountmgr - ok
18:53:12.0071 4532 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:53:12.0076 4532 MozillaMaintenance - ok
18:53:12.0079 4532 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:53:12.0085 4532 mpio - ok
18:53:12.0087 4532 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:53:12.0105 4532 mpsdrv - ok
18:53:12.0112 4532 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:53:12.0134 4532 MpsSvc - ok
18:53:12.0137 4532 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:53:12.0146 4532 MRxDAV - ok
18:53:12.0150 4532 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:53:12.0156 4532 mrxsmb - ok
18:53:12.0160 4532 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:53:12.0167 4532 mrxsmb10 - ok
18:53:12.0170 4532 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:53:12.0176 4532 mrxsmb20 - ok
18:53:12.0183 4532 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:53:12.0188 4532 msahci - ok
18:53:12.0190 4532 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:53:12.0196 4532 msdsm - ok
18:53:12.0199 4532 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:53:12.0206 4532 MSDTC - ok
18:53:12.0210 4532 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:53:12.0228 4532 Msfs - ok
18:53:12.0230 4532 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:53:12.0248 4532 mshidkmdf - ok
18:53:12.0250 4532 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:53:12.0255 4532 msisadrv - ok
18:53:12.0258 4532 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:53:12.0277 4532 MSiSCSI - ok
18:53:12.0279 4532 msiserver - ok
18:53:12.0281 4532 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:53:12.0300 4532 MSKSSRV - ok
18:53:12.0302 4532 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:53:12.0321 4532 MSPCLOCK - ok
18:53:12.0323 4532 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:53:12.0341 4532 MSPQM - ok
18:53:12.0345 4532 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:53:12.0352 4532 MsRPC - ok
18:53:12.0355 4532 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:53:12.0360 4532 mssmbios - ok
18:53:12.0362 4532 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:53:12.0380 4532 MSTEE - ok
18:53:12.0382 4532 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
18:53:12.0388 4532 MTConfig - ok
18:53:12.0391 4532 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:53:12.0396 4532 Mup - ok
18:53:12.0401 4532 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:53:12.0421 4532 napagent - ok
18:53:12.0425 4532 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:53:12.0435 4532 NativeWifiP - ok
18:53:12.0443 4532 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:53:12.0455 4532 NDIS - ok
18:53:12.0457 4532 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:53:12.0475 4532 NdisCap - ok
18:53:12.0477 4532 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:53:12.0495 4532 NdisTapi - ok
18:53:12.0497 4532 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:53:12.0516 4532 Ndisuio - ok
18:53:12.0519 4532 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:53:12.0538 4532 NdisWan - ok
18:53:12.0540 4532 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:53:12.0558 4532 NDProxy - ok
18:53:12.0561 4532 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:53:12.0580 4532 NetBIOS - ok
18:53:12.0583 4532 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:53:12.0601 4532 NetBT - ok
18:53:12.0603 4532 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:53:12.0609 4532 Netlogon - ok
18:53:12.0613 4532 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:53:12.0633 4532 Netman - ok
18:53:12.0640 4532 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:53:12.0646 4532 NetMsmqActivator - ok
18:53:12.0648 4532 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:53:12.0653 4532 NetPipeActivator - ok
18:53:12.0658 4532 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:53:12.0679 4532 netprofm - ok
18:53:12.0681 4532 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:53:12.0686 4532 NetTcpActivator - ok
18:53:12.0689 4532 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:53:12.0693 4532 NetTcpPortSharing - ok
18:53:12.0822 4532 [ 82FFC84EC3AFC2F2D38DB880F50157C0 ] Netzmanager Service E:\Programme (x86, HDD)\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
18:53:12.0853 4532 Netzmanager Service ( UnsignedFile.Multi.Generic ) - warning
18:53:12.0853 4532 Netzmanager Service - detected UnsignedFile.Multi.Generic (1)
18:53:12.0856 4532 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:53:12.0862 4532 nfrd960 - ok
18:53:12.0865 4532 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:53:12.0874 4532 NlaSvc - ok
18:53:12.0876 4532 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:53:12.0894 4532 Npfs - ok
18:53:12.0896 4532 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:53:12.0916 4532 nsi - ok
18:53:12.0918 4532 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:53:12.0936 4532 nsiproxy - ok
18:53:12.0948 4532 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:53:12.0965 4532 Ntfs - ok
18:53:12.0968 4532 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:53:12.0986 4532 Null - ok
18:53:12.0989 4532 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:53:12.0994 4532 nvraid - ok
18:53:12.0997 4532 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:53:13.0003 4532 nvstor - ok
18:53:13.0006 4532 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:53:13.0012 4532 nv_agp - ok
18:53:13.0014 4532 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:53:13.0020 4532 ohci1394 - ok
18:53:13.0024 4532 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:53:13.0029 4532 ose - ok
18:53:13.0059 4532 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:53:13.0102 4532 osppsvc - ok
18:53:13.0108 4532 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:53:13.0116 4532 p2pimsvc - ok
18:53:13.0121 4532 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:53:13.0130 4532 p2psvc - ok
18:53:13.0133 4532 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
18:53:13.0139 4532 Parport - ok
18:53:13.0141 4532 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:53:13.0147 4532 partmgr - ok
18:53:13.0150 4532 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:53:13.0160 4532 PcaSvc - ok
18:53:13.0163 4532 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:53:13.0169 4532 pci - ok
18:53:13.0171 4532 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:53:13.0176 4532 pciide - ok
18:53:13.0179 4532 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:53:13.0185 4532 pcmcia - ok
18:53:13.0187 4532 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:53:13.0193 4532 pcw - ok
18:53:13.0198 4532 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:53:13.0220 4532 PEAUTH - ok
18:53:13.0230 4532 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
18:53:13.0244 4532 PeerDistSvc - ok
18:53:13.0268 4532 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:53:13.0276 4532 PerfHost - ok
18:53:13.0289 4532 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:53:13.0316 4532 pla - ok
18:53:13.0321 4532 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:53:13.0330 4532 PlugPlay - ok
18:53:13.0332 4532 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:53:13.0338 4532 PNRPAutoReg - ok
18:53:13.0342 4532 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:53:13.0350 4532 PNRPsvc - ok
18:53:13.0355 4532 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:53:13.0375 4532 PolicyAgent - ok
18:53:13.0379 4532 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:53:13.0399 4532 Power - ok
18:53:13.0402 4532 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:53:13.0419 4532 PptpMiniport - ok
18:53:13.0422 4532 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
18:53:13.0428 4532 Processor - ok
18:53:13.0431 4532 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
18:53:13.0439 4532 ProfSvc - ok
18:53:13.0441 4532 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:53:13.0447 4532 ProtectedStorage - ok
18:53:13.0450 4532 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:53:13.0467 4532 Psched - ok
18:53:13.0478 4532 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:53:13.0495 4532 ql2300 - ok
18:53:13.0497 4532 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:53:13.0503 4532 ql40xx - ok
18:53:13.0507 4532 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:53:13.0517 4532 QWAVE - ok
18:53:13.0519 4532 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:53:13.0529 4532 QWAVEdrv - ok
18:53:13.0531 4532 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:53:13.0550 4532 RasAcd - ok
18:53:13.0552 4532 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:53:13.0571 4532 RasAgileVpn - ok
18:53:13.0573 4532 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:53:13.0593 4532 RasAuto - ok
18:53:13.0596 4532 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:53:13.0614 4532 Rasl2tp - ok
18:53:13.0618 4532 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:53:13.0638 4532 RasMan - ok
18:53:13.0640 4532 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:53:13.0658 4532 RasPppoe - ok
18:53:13.0661 4532 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:53:13.0680 4532 RasSstp - ok
18:53:13.0684 4532 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:53:13.0703 4532 rdbss - ok
18:53:13.0705 4532 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:53:13.0712 4532 rdpbus - ok
18:53:13.0714 4532 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:53:13.0732 4532 RDPCDD - ok
18:53:13.0736 4532 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
18:53:13.0743 4532 RDPDR - ok
18:53:13.0745 4532 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:53:13.0762 4532 RDPENCDD - ok
18:53:13.0765 4532 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:53:13.0783 4532 RDPREFMP - ok
18:53:13.0786 4532 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
18:53:13.0792 4532 RdpVideoMiniport - ok
18:53:13.0796 4532 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:53:13.0812 4532 RDPWD - ok
18:53:13.0821 4532 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:53:13.0827 4532 rdyboost - ok
18:53:13.0830 4532 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:53:13.0849 4532 RemoteAccess - ok
18:53:13.0852 4532 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:53:13.0872 4532 RemoteRegistry - ok
18:53:13.0874 4532 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:53:13.0893 4532 RpcEptMapper - ok
18:53:13.0895 4532 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:53:13.0902 4532 RpcLocator - ok
18:53:13.0907 4532 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
18:53:13.0927 4532 RpcSs - ok
18:53:13.0930 4532 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:53:13.0948 4532 rspndr - ok
18:53:13.0950 4532 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
18:53:13.0955 4532 s3cap - ok
18:53:13.0957 4532 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:53:13.0963 4532 SamSs - ok
18:53:13.0966 4532 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:53:13.0971 4532 sbp2port - ok
18:53:13.0974 4532 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:53:13.0994 4532 SCardSvr - ok
18:53:13.0996 4532 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:53:14.0013 4532 scfilter - ok
18:53:14.0022 4532 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:53:14.0046 4532 Schedule - ok
18:53:14.0049 4532 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:53:14.0066 4532 SCPolicySvc - ok
18:53:14.0069 4532 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:53:14.0077 4532 SDRSVC - ok
18:53:14.0079 4532 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:53:14.0097 4532 secdrv - ok
18:53:14.0099 4532 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:53:14.0117 4532 seclogon - ok
18:53:14.0119 4532 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
18:53:14.0138 4532 SENS - ok
18:53:14.0140 4532 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:53:14.0148 4532 SensrSvc - ok
18:53:14.0150 4532 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:53:14.0156 4532 Serenum - ok
18:53:14.0158 4532 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:53:14.0165 4532 Serial - ok
18:53:14.0167 4532 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:53:14.0173 4532 sermouse - ok
18:53:14.0180 4532 [ 40F201C37C2CC052E188C989493715DC ] Serviio C:\Program Files\Serviio\bin\ServiioService.exe
18:53:14.0184 4532 Serviio ( UnsignedFile.Multi.Generic ) - warning
18:53:14.0184 4532 Serviio - detected UnsignedFile.Multi.Generic (1)
18:53:14.0187 4532 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:53:14.0206 4532 SessionEnv - ok
18:53:14.0208 4532 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:53:14.0215 4532 sffdisk - ok
18:53:14.0217 4532 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:53:14.0224 4532 sffp_mmc - ok
18:53:14.0226 4532 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:53:14.0234 4532 sffp_sd - ok
18:53:14.0236 4532 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:53:14.0242 4532 sfloppy - ok
18:53:14.0246 4532 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:53:14.0266 4532 SharedAccess - ok
18:53:14.0271 4532 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:53:14.0291 4532 ShellHWDetection - ok
18:53:14.0293 4532 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
18:53:14.0298 4532 SiSRaid2 - ok
18:53:14.0301 4532 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:53:14.0306 4532 SiSRaid4 - ok
18:53:14.0310 4532 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
18:53:14.0316 4532 SkypeUpdate - ok
18:53:14.0318 4532 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:53:14.0337 4532 Smb - ok
18:53:14.0342 4532 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:53:14.0348 4532 SNMPTRAP - ok
18:53:14.0350 4532 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:53:14.0355 4532 spldr - ok
18:53:14.0361 4532 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
18:53:14.0370 4532 Spooler - ok
18:53:14.0393 4532 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:53:14.0430 4532 sppsvc - ok
18:53:14.0433 4532 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:53:14.0452 4532 sppuinotify - ok
18:53:14.0457 4532 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:53:14.0465 4532 srv - ok
18:53:14.0470 4532 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:53:14.0478 4532 srv2 - ok
18:53:14.0481 4532 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:53:14.0487 4532 srvnet - ok
18:53:14.0491 4532 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:53:14.0510 4532 SSDPSRV - ok
18:53:14.0512 4532 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:53:14.0531 4532 SstpSvc - ok
18:53:14.0535 4532 [ B4C983DA20E2970E21893BF0E4EE2AD8 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
18:53:14.0540 4532 ssudmdm - ok
18:53:14.0542 4532 Steam Client Service - ok
18:53:14.0545 4532 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
18:53:14.0551 4532 stexstor - ok
18:53:14.0556 4532 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:53:14.0569 4532 stisvc - ok
18:53:14.0572 4532 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
18:53:14.0577 4532 storflt - ok
18:53:14.0580 4532 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
18:53:14.0586 4532 StorSvc - ok
18:53:14.0588 4532 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
18:53:14.0594 4532 storvsc - ok
18:53:14.0596 4532 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:53:14.0601 4532 swenum - ok
18:53:14.0606 4532 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:53:14.0627 4532 swprv - ok
18:53:14.0640 4532 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:53:14.0659 4532 SysMain - ok
18:53:14.0662 4532 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:53:14.0672 4532 TabletInputService - ok
18:53:14.0675 4532 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:53:14.0695 4532 TapiSrv - ok
18:53:14.0698 4532 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:53:14.0716 4532 TBS - ok
18:53:14.0729 4532 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:53:14.0749 4532 Tcpip - ok
18:53:14.0763 4532 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:53:14.0783 4532 TCPIP6 - ok
18:53:14.0795 4532 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:53:14.0801 4532 tcpipreg - ok
18:53:14.0805 4532 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:53:14.0819 4532 TDPIPE - ok
18:53:14.0823 4532 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:53:14.0836 4532 TDTCP - ok
18:53:14.0838 4532 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:53:14.0856 4532 tdx - ok
18:53:14.0891 4532 [ 4283D7125BA4BD0CB50BB0F78B54257A ] TelekomNM6 E:\Programme (x86, HDD)\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys
18:53:14.0901 4532 TelekomNM6 - ok
18:53:14.0906 4532 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:53:14.0918 4532 TermDD - ok
18:53:14.0926 4532 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:53:14.0955 4532 TermService - ok
18:53:14.0957 4532 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:53:14.0967 4532 Themes - ok
18:53:14.0969 4532 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:53:14.0988 4532 THREADORDER - ok
18:53:14.0990 4532 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:53:15.0010 4532 TrkWks - ok
18:53:15.0014 4532 [ 370A6907DDF79532A39319492B1FA38A ] truecrypt C:\Windows\system32\drivers\truecrypt.sys
18:53:15.0020 4532 truecrypt - ok
18:53:15.0023 4532 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:53:15.0041 4532 TrustedInstaller - ok
18:53:15.0044 4532 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:53:15.0062 4532 tssecsrv - ok
18:53:15.0064 4532 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:53:15.0071 4532 TsUsbFlt - ok
18:53:15.0073 4532 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
18:53:15.0079 4532 TsUsbGD - ok
18:53:15.0081 4532 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:53:15.0099 4532 tunnel - ok
18:53:15.0102 4532 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:53:15.0107 4532 uagp35 - ok
18:53:15.0111 4532 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:53:15.0130 4532 udfs - ok
18:53:15.0134 4532 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:53:15.0141 4532 UI0Detect - ok
18:53:15.0144 4532 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:53:15.0149 4532 uliagpkx - ok
18:53:15.0151 4532 [ 694BCF23662F97D987CF4C6739C35F8B ] UltraMonUtility C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys
18:53:15.0155 4532 UltraMonUtility - ok
18:53:15.0157 4532 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:53:15.0164 4532 umbus - ok
18:53:15.0166 4532 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
18:53:15.0172 4532 UmPass - ok
18:53:15.0175 4532 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
18:53:15.0182 4532 UmRdpService - ok
18:53:15.0187 4532 [ E1A119AD21F5AFE22EB516C549306D3D ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
18:53:15.0194 4532 UNS - ok
18:53:15.0198 4532 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:53:15.0219 4532 upnphost - ok
18:53:15.0222 4532 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:53:15.0229 4532 usbccgp - ok
18:53:15.0231 4532 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:53:15.0239 4532 usbcir - ok
18:53:15.0241 4532 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
18:53:15.0247 4532 usbehci - ok
18:53:15.0251 4532 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:53:15.0259 4532 usbhub - ok
18:53:15.0261 4532 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:53:15.0267 4532 usbohci - ok
18:53:15.0269 4532 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:53:15.0276 4532 usbprint - ok
18:53:15.0279 4532 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:53:15.0285 4532 USBSTOR - ok
18:53:15.0287 4532 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:53:15.0293 4532 usbuhci - ok
18:53:15.0295 4532 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:53:15.0314 4532 UxSms - ok
18:53:15.0316 4532 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:53:15.0322 4532 VaultSvc - ok
18:53:15.0324 4532 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:53:15.0330 4532 vdrvroot - ok
18:53:15.0335 4532 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:53:15.0357 4532 vds - ok
18:53:15.0359 4532 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:53:15.0366 4532 vga - ok
18:53:15.0368 4532 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:53:15.0386 4532 VgaSave - ok
18:53:15.0390 4532 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:53:15.0396 4532 vhdmp - ok
18:53:15.0412 4532 [ 3CCC0D9607419AC28B4216C18F6FA5E9 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
18:53:15.0433 4532 VIAHdAudAddService - ok
18:53:15.0435 4532 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:53:15.0440 4532 viaide - ok
18:53:15.0442 4532 [ 888450E821E7A66CB8A4E5B7A01BA5C5 ] VIAKaraokeService C:\Windows\system32\viakaraokesrv.exe
18:53:15.0447 4532 VIAKaraokeService - ok
18:53:15.0450 4532 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
18:53:15.0456 4532 vmbus - ok
18:53:15.0459 4532 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
18:53:15.0464 4532 VMBusHID - ok
18:53:15.0467 4532 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:53:15.0472 4532 volmgr - ok
18:53:15.0476 4532 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:53:15.0483 4532 volmgrx - ok
18:53:15.0487 4532 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:53:15.0494 4532 volsnap - ok
18:53:15.0500 4532 [ E23BC9B12EF85B58083A6985F9BE3C44 ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
18:53:15.0508 4532 vpnagent - ok
18:53:15.0510 4532 [ A8D4FED106B4BD337DF3DA20BA44E18E ] vpnva C:\Windows\system32\DRIVERS\vpnva64.sys
18:53:15.0515 4532 vpnva - ok
18:53:15.0518 4532 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:53:15.0524 4532 vsmraid - ok
18:53:15.0534 4532 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:53:15.0562 4532 VSS - ok
18:53:15.0565 4532 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
18:53:15.0572 4532 vwifibus - ok
18:53:15.0577 4532 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:53:15.0598 4532 W32Time - ok
18:53:15.0601 4532 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:53:15.0607 4532 WacomPen - ok
18:53:15.0610 4532 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:53:15.0629 4532 WANARP - ok
18:53:15.0630 4532 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:53:15.0648 4532 Wanarpv6 - ok
18:53:15.0660 4532 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:53:15.0676 4532 wbengine - ok
18:53:15.0679 4532 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:53:15.0690 4532 WbioSrvc - ok
18:53:15.0694 4532 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:53:15.0705 4532 wcncsvc - ok
18:53:15.0708 4532 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:53:15.0715 4532 WcsPlugInService - ok
18:53:15.0717 4532 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
18:53:15.0722 4532 Wd - ok
18:53:15.0729 4532 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:53:15.0741 4532 Wdf01000 - ok
18:53:15.0743 4532 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:53:15.0753 4532 WdiServiceHost - ok
18:53:15.0755 4532 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:53:15.0765 4532 WdiSystemHost - ok
18:53:15.0768 4532 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:53:15.0779 4532 WebClient - ok
18:53:15.0783 4532 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:53:15.0803 4532 Wecsvc - ok
18:53:15.0806 4532 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:53:15.0825 4532 wercplsupport - ok
18:53:15.0827 4532 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:53:15.0846 4532 WerSvc - ok
18:53:15.0848 4532 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:53:15.0866 4532 WfpLwf - ok
18:53:15.0868 4532 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:53:15.0873 4532 WIMMount - ok
18:53:15.0874 4532 WinDefend - ok
18:53:15.0878 4532 WinHttpAutoProxySvc - ok
18:53:15.0884 4532 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:53:15.0903 4532 Winmgmt - ok
18:53:15.0917 4532 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:53:15.0946 4532 WinRM - ok
18:53:15.0950 4532 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:53:15.0958 4532 WinUsb - ok
18:53:15.0966 4532 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:53:15.0979 4532 Wlansvc - ok
18:53:15.0982 4532 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:53:15.0987 4532 WmiAcpi - ok
18:53:15.0991 4532 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:53:15.0999 4532 wmiApSrv - ok
18:53:16.0000 4532 WMPNetworkSvc - ok
18:53:16.0003 4532 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:53:16.0009 4532 WPCSvc - ok
18:53:16.0012 4532 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:53:16.0021 4532 WPDBusEnum - ok
18:53:16.0024 4532 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:53:16.0041 4532 ws2ifsl - ok
18:53:16.0044 4532 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
18:53:16.0054 4532 wscsvc - ok
18:53:16.0056 4532 WSearch - ok
18:53:16.0073 4532 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:53:16.0098 4532 wuauserv - ok
18:53:16.0101 4532 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:53:16.0107 4532 WudfPf - ok
18:53:16.0110 4532 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:53:16.0117 4532 WUDFRd - ok
18:53:16.0119 4532 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:53:16.0126 4532 wudfsvc - ok
18:53:16.0129 4532 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:53:16.0140 4532 WwanSvc - ok
18:53:16.0143 4532 ================ Scan global ===============================
18:53:16.0145 4532 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:53:16.0147 4532 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:53:16.0151 4532 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:53:16.0154 4532 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:53:16.0158 4532 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:53:16.0160 4532 [Global] - ok
18:53:16.0160 4532 ================ Scan MBR ==================================
18:53:16.0161 4532 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
18:53:16.0221 4532 \Device\Harddisk0\DR0 - ok
18:53:16.0223 4532 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
18:53:16.0245 4532 \Device\Harddisk1\DR1 - ok
18:53:16.0247 4532 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
18:53:16.0814 4532 \Device\Harddisk2\DR2 - ok
18:53:16.0815 4532 ================ Scan VBR ==================================
18:53:16.0817 4532 [ 03697D92839E95FE1EE777621A3075BA ] \Device\Harddisk0\DR0\Partition1
18:53:16.0819 4532 \Device\Harddisk0\DR0\Partition1 - ok
18:53:16.0821 4532 [ 4E3C40D1F4C6A15592188DA493EA256F ] \Device\Harddisk1\DR1\Partition1
18:53:16.0822 4532 \Device\Harddisk1\DR1\Partition1 - ok
18:53:16.0825 4532 [ A1A1CC4BA4AE1C51FC0245E9B1587FFB ] \Device\Harddisk1\DR1\Partition2
18:53:16.0825 4532 \Device\Harddisk1\DR1\Partition2 - ok
18:53:16.0829 4532 [ C0201E368FD8F763B96304B39DBFA53A ] \Device\Harddisk1\DR1\Partition3
18:53:16.0831 4532 \Device\Harddisk1\DR1\Partition3 - ok
18:53:16.0833 4532 [ 387EB7AD01460ADEE17491502E3973E9 ] \Device\Harddisk2\DR2\Partition1
18:53:16.0835 4532 \Device\Harddisk2\DR2\Partition1 - ok
18:53:16.0837 4532 [ 20ACABED10EB501C7BB4C6D2CF74AAC8 ] \Device\Harddisk2\DR2\Partition2
18:53:16.0838 4532 \Device\Harddisk2\DR2\Partition2 - ok
18:53:16.0838 4532 ============================================================
18:53:16.0838 4532 Scan finished
18:53:16.0838 4532 ============================================================
18:53:16.0843 4400 Detected object count: 4
18:53:16.0843 4400 Actual detected object count: 4
18:54:10.0403 4400 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:54:10.0403 4400 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:54:10.0404 4400 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
18:54:10.0404 4400 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:54:10.0404 4400 Netzmanager Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:54:10.0404 4400 Netzmanager Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:54:10.0405 4400 Serviio ( UnsignedFile.Multi.Generic ) - skipped by user
18:54:10.0405 4400 Serviio ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:54:19.0696 4604 Deinitialize success
|
|
25.04.2013, 22:29
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.ZPACK.Gen nach Anschließen vom Handy gefunden Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ --> TR/Crypt.ZPACK.Gen nach Anschließen vom Handy gefunden |
|
26.04.2013, 15:58
| #7 |
| | TR/Crypt.ZPACK.Gen nach Anschließen vom Handy gefunden Habe ich gemacht. Das Log folgt. Was hat das jetzt gemacht? Combofix Logfile: Code:
ATTFilter ComboFix 13-04-26.01 - **** 26.04.2013 16:48:36.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8150.6307 [GMT 2:00]
ausgeführt von:: c:\users\****\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-03-26 bis 2013-04-26 ))))))))))))))))))))))))))))))
.
.
2013-04-26 14:50 . 2013-04-26 14:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-25 16:35 . 2013-04-25 16:35 -------- d-----w- c:\programdata\Malwarebytes
2013-04-23 17:37 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-18 20:07 . 2013-04-18 20:07 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-04-16 19:32 . 2013-04-16 19:32 -------- d-----w- c:\users\****\AppData\Roaming\Red Alert 3
2013-04-16 19:31 . 2013-04-16 19:31 -------- d--h--r- c:\users\****\AppData\Roaming\SecuROM
2013-04-12 18:46 . 2013-04-12 18:46 -------- d-----w- c:\program files (x86)\PureSync
2013-04-12 18:46 . 2013-04-12 18:46 -------- d-----w- c:\program files (x86)\Common Files\Jumping Bytes
2013-04-11 17:27 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-11 17:27 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-04-11 17:27 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-11 17:27 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-11 17:27 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-04-11 17:27 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-04-11 17:27 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-04-11 17:27 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-04-10 15:23 . 2013-04-10 15:23 5664768 ----a-w- c:\programdata\Microsoft\BingDesktop\Updater\BingDesktop.msi
2013-04-03 18:23 . 2004-02-22 08:11 719872 --sh--w- c:\windows\SysWow64\devil.dll
2013-04-03 18:23 . 2009-09-27 07:39 369152 --sh--w- c:\windows\SysWow64\avisynth.dll
2013-04-03 18:23 . 2005-07-14 10:31 32256 --sh--w- c:\windows\SysWow64\AVSredirect.dll
2013-04-03 18:23 . 2004-01-24 22:00 70656 --sh--w- c:\windows\SysWow64\yv12vfw.dll
2013-04-03 18:23 . 2004-01-24 22:00 70656 --sh--w- c:\windows\SysWow64\i420vfw.dll
2013-04-03 18:23 . 2013-04-03 18:23 -------- d-----w- c:\program files (x86)\AviSynth 2.5
2013-04-03 18:21 . 2004-07-01 22:00 327749 ----a-w- c:\windows\SysWow64\drvc.dll
2013-04-03 17:56 . 2013-04-05 19:24 -------- d-----w- c:\users\****\AppData\Roaming\vlc
2013-04-03 17:37 . 2013-04-05 15:50 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2013-04-02 18:03 . 2013-04-02 18:03 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-04-02 18:03 . 2013-04-02 18:03 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-04-02 18:03 . 2013-04-02 18:03 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-26 14:41 . 2013-03-06 17:02 11972 ----a-w- c:\users\****\Network_Meter_Data.js
2013-04-12 18:48 . 2013-01-12 00:57 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-12 18:48 . 2013-01-12 00:57 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-11 21:05 . 2013-01-11 00:08 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-04-04 03:35 . 2013-03-07 23:37 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-16 22:42 . 2013-03-16 22:42 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-03-16 22:42 . 2013-03-16 22:42 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-03-16 22:42 . 2013-03-16 22:42 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-03-16 22:42 . 2013-03-16 22:42 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-03-16 22:42 . 2013-03-16 22:42 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-03-16 22:42 . 2013-03-16 22:42 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-03-16 22:42 . 2013-03-16 22:42 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-03-16 22:42 . 2013-03-16 22:42 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-16 22:42 . 2013-03-16 22:42 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-03-16 22:42 . 2013-03-16 22:42 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-16 22:42 . 2013-03-16 22:42 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-03-16 22:42 . 2013-03-16 22:42 81408 ----a-w- c:\windows\system32\icardie.dll
2013-03-16 22:42 . 2013-03-16 22:42 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-03-16 22:42 . 2013-03-16 22:42 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-03-16 22:42 . 2013-03-16 22:42 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-16 22:42 . 2013-03-16 22:42 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-03-16 22:42 . 2013-03-16 22:42 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-03-16 22:42 . 2013-03-16 22:42 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-03-16 22:42 . 2013-03-16 22:42 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-03-16 22:42 . 2013-03-16 22:42 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-03-16 22:42 . 2013-03-16 22:42 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-03-16 22:42 . 2013-03-16 22:42 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-03-16 22:42 . 2013-03-16 22:42 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-03-16 22:42 . 2013-03-16 22:42 441856 ----a-w- c:\windows\system32\html.iec
2013-03-16 22:42 . 2013-03-16 22:42 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-03-16 22:42 . 2013-03-16 22:42 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-03-16 22:42 . 2013-03-16 22:42 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-03-16 22:42 . 2013-03-16 22:42 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-16 22:42 . 2013-03-16 22:42 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-03-16 22:42 . 2013-03-16 22:42 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-03-16 22:42 . 2013-03-16 22:42 235008 ----a-w- c:\windows\system32\url.dll
2013-03-16 22:42 . 2013-03-16 22:42 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-03-16 22:42 . 2013-03-16 22:42 216064 ----a-w- c:\windows\system32\msls31.dll
2013-03-16 22:42 . 2013-03-16 22:42 197120 ----a-w- c:\windows\system32\msrating.dll
2013-03-16 22:42 . 2013-03-16 22:42 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-16 22:42 . 2013-03-16 22:42 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-03-16 22:42 . 2013-03-16 22:42 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-16 22:42 . 2013-03-16 22:42 149504 ----a-w- c:\windows\system32\occache.dll
2013-03-16 22:42 . 2013-03-16 22:42 144896 ----a-w- c:\windows\system32\wextract.exe
2013-03-16 22:42 . 2013-03-16 22:42 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-03-16 22:42 . 2013-03-16 22:42 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-03-16 22:42 . 2013-03-16 22:42 13824 ----a-w- c:\windows\system32\mshta.exe
2013-03-16 22:42 . 2013-03-16 22:42 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-03-16 22:42 . 2013-03-16 22:42 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-03-16 22:42 . 2013-03-16 22:42 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-03-16 22:42 . 2013-03-16 22:42 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-03-16 22:42 . 2013-03-16 22:42 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-03-16 22:42 . 2013-03-16 22:42 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-03-16 22:42 . 2013-03-16 22:42 102912 ----a-w- c:\windows\system32\inseng.dll
2013-03-07 23:37 . 2013-01-12 00:18 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-07 23:37 . 2013-01-12 00:18 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-07 17:25 . 2013-02-03 14:20 92248 ----a-w- c:\programdata\Microsoft\BingDesktop\Updater\BingDesktopRestarter.exe
2013-02-12 05:45 . 2013-03-16 11:34 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-16 11:34 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-16 11:34 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-16 11:34 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-16 11:34 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-16 11:34 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-16 11:34 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-06 06:42 . 2013-02-06 06:42 203544 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2013-02-06 06:42 . 2013-02-06 06:42 102936 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2013-02-05 08:54 . 2013-02-20 20:52 37344 ----a-w- c:\windows\SysWow64\FsUsbExDisk.Sys
2013-02-05 08:54 . 2013-02-20 20:52 233472 ----a-w- c:\windows\SysWow64\FsUsbExService.Exe
2009-09-27 07:39 369152 --sh--w- c:\windows\SysWOW64\avisynth.dll
2005-07-14 10:31 32256 --sh--w- c:\windows\SysWOW64\AVSredirect.dll
2004-02-22 08:11 719872 --sh--w- c:\windows\SysWOW64\devil.dll
2004-01-24 22:00 70656 --sh--w- c:\windows\SysWOW64\i420vfw.dll
2004-01-24 22:00 70656 --sh--w- c:\windows\SysWOW64\yv12vfw.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"PureSync"="c:\program files (x86)\PureSync\PureSyncTray.exe" [2013-04-09 903712]
"icq"="c:\users\****\AppData\Roaming\ICQM\icq.exe" [2013-01-19 26606072]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-02-13 1509232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-08-09 5263504]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-20 291648]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-04-02 345312]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-10-17 684024]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2013-04-10 2387088]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2013-1-8 228448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat - Schnellstart.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2013-1-12 295606]
Adobe Reader Synchronizer.lnk - e:\programme (x86, hdd)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
UltraMon.lnk - c:\windows\Installer\{9069EE0A-7615-4D86-AD80-CA263E936DA6}\IcoUltraMon.ico [2013-1-12 29310]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"BingDesktop"=c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2012-04-30 66320]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [2012-10-17 107432]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2013-02-06 102936]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS [2013-02-05 37344]
R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-06-19 342528]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2012-07-19 110744]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2013-02-06 203544]
R3 TelekomNM6;Telekom Netzmanager Packet Filter Driver;e:\programme (x86, hdd)\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [2010-09-16 45664]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-05-20 19264]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2013-04-23 26176]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-11-02 21616]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-04-02 28600]
S2 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2013-04-23 3089856]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-04-02 86752]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2013-04-10 168592]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-04-20 635104]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-06-25 166720]
S2 Serviio;Serviio;c:\program files\Serviio\bin\ServiioService.exe [2012-12-19 348160]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2012-08-24 20512]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-07-17 365376]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2012-08-03 27792]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-10-17 544248]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2012-08-07 65152]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2012-08-07 88832]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-05-20 357184]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-05-20 789824]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2012-08-03 2206352]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-12 18:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 441888]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Citavi Picker... - file://c:\programdata\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: An vorhandenes PDF anfügen - e:\programme (x86, hdd)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - e:\programme (x86, hdd)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - e:\programme (x86, hdd)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - e:\programme (x86, hdd)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - e:\programme (x86, hdd)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - e:\programme (x86, hdd)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - e:\programme (x86, hdd)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - e:\programme (x86, hdd)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\****\AppData\Roaming\Mozilla\Firefox\Profiles\rcllbwy7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.de/search?q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.campus.rwth-aachen.de/office/default.asp
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=302398&p=
FF - prefs.js: network.proxy.type - 2
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-CrypTool - E:\Programme (x86
AddRemove-MozBackup - E:\Programme (x86
AddRemove-Origin - E:\Programme (x86
AddRemove-Star Wars: The Force Unleashed_is1 - E:\Programme (x86
AddRemove-Steam App 72850 - E:\Programme (x86
AddRemove-{DDA3C325-47B2-4730-9672-BF3771C08799}_is1 - E:\Programme (x86
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-617984047-1022462007-3006896860-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:0c,c2,7d,ab,0b,4c,77,52,83,80,f8,19,17,73,46,65,4f,eb,5f,fe,7f,
92,14,7b,3e,73,46,b6,8f,95,34,38,a6,6c,88,ee,0d,e9,df,4a,8c,06,92,71,61,ab,\
"rkeysecu"=hex:d3,94,f1,ec,f3,6a,12,e1,4f,e4,3d,d8,44,bb,d5,f9
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-04-26 16:51:10
ComboFix-quarantined-files.txt 2013-04-26 14:51
.
Vor Suchlauf: 8 Verzeichnis(se), 65.032.192.000 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 65.332.625.408 Bytes frei
.
- - End Of File - - 68EF9CC73C40394B956C8F6A1047FB6A
|
|
26.04.2013, 16:26
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.ZPACK.Gen nach Anschließen vom Handy gefunden JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.04.2013, 16:57
| #9 |
| | TR/Crypt.ZPACK.Gen nach Anschließen vom Handy gefunden Gut, habe die Schritte gemacht. Hier kommen mal wieder die Logs: JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.9 (04.22.2013:1)
OS: Windows 7 Professional x64
Ran by **** on 26.04.2013 at 17:39:43,13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\rcllbwy7.default\minidumps [1 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.04.2013 at 17:41:15,61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.202 - Datei am 26/04/2013 um 17:42:53 erstellt
# Aktualisiert am 23/04/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : **** - ****-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\****\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Users\****\AppData\Local\PackageAware
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16537
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v20.0.1 (de)
Datei : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\rcllbwy7.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Opera v12.15.1748.0
Datei : C:\Users\****\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [1594 octets] - [26/04/2013 17:42:53]
########## EOF - C:\AdwCleaner[S1].txt - [1654 octets] ##########
OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 26.04.2013 17:46:57 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\****\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,96 Gb Total Physical Memory | 5,66 Gb Available Physical Memory | 71,14% Memory free 15,92 Gb Paging File | 13,23 Gb Available in Paging File | 83,15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111,57 Gb Total Space | 60,52 Gb Free Space | 54,25% Space Free | Partition Type: NTFS Drive D: | 7,17 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive E: | 931,51 Gb Total Space | 761,49 Gb Free Space | 81,75% Space Free | Partition Type: NTFS Drive F: | 1363,01 Gb Total Space | 410,43 Gb Free Space | 30,11% Space Free | Partition Type: NTFS Drive G: | 500,00 Gb Total Space | 332,64 Gb Free Space | 66,53% Space Free | Partition Type: NTFS Computer Name: ****-PC | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\****\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) PRC - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.) PRC - C:\Program Files (x86)\PureSync\PureSyncTray.exe (Jumping Bytes) PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe (Realtime Soft Ltd) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) PRC - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe (Adobe Systems Incorporated) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\07753c0a8ed7f9bc61b0ee718f3c779d\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll () MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (VIAKaraokeService) -- C:\Windows\SysNative\ViakaraokeSrv.exe (VIA Technologies, Inc.) SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe () SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (a2AntiMalware) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (BingDesktopUpdate) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Serviio) -- C:\Programme\Serviio\bin\ServiioService.exe () SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (Netzmanager Service) -- E:\Programme (x86, HDD)\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.) DRV:64bit: - (acsock) -- C:\Windows\SysNative\drivers\acsock64.sys (Cisco Systems, Inc.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc) DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc) DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Qualcomm Atheros Co., Ltd.) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation) DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation) DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys () DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (A2DDA) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys (Emsisoft GmbH) DRV - (FsUsbExDisk) -- C:\Windows\SysWOW64\FsUsbExDisk.Sys () DRV - (UltraMonUtility) -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys (Realtime Soft Ltd) DRV - (a2acc) -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys (Emsisoft GmbH) DRV - (TelekomNM6) -- E:\Programme (x86, HDD)\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-617984047-1022462007-3006896860-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-617984047-1022462007-3006896860-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-617984047-1022462007-3006896860-1000\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}: "URL" = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb IE - HKU\S-1-5-21-617984047-1022462007-3006896860-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.de/search?q=" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/search?q=" FF - prefs.js..extensions.enabledAddons: %7B8AA36F4F-6DC7-4c06-77AF-5035170634FE%7D:2012.09.13 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.11.18 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=302398&p=" FF - prefs.js..network.proxy.type: 2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013.01.12 15:39:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 21:02:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.03 19:37:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 21:02:05 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.03 19:37:05 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013.01.11 01:45:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions [2013.04.12 21:02:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.01.12 15:39:54 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX [2013.04.12 21:02:05 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.03.07 21:54:33 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.03.07 21:54:33 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.03.07 21:54:33 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.03.07 21:54:33 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.07 21:54:33 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.03.07 21:54:33 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.04.26 16:50:19 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-617984047-1022462007-3006896860-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKU\S-1-5-21-617984047-1022462007-3006896860-1000..\Run: [icq] C:\Users\****\AppData\Roaming\ICQM\icq.exe (ICQ) O4 - HKU\S-1-5-21-617984047-1022462007-3006896860-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - HKU\S-1-5-21-617984047-1022462007-3006896860-1000..\Run: [PureSync] C:\Program Files (x86)\PureSync\PureSyncTray.exe (Jumping Bytes) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-617984047-1022462007-3006896860-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-617984047-1022462007-3006896860-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: An vorhandenes PDF anfügen - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Auswahl in Adobe PDF konvertieren - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: An vorhandenes PDF anfügen - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - E:\Programme (x86, HDD)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F567656-F6F6-47E2-BD84-CD79F2FBE344}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.04.30 18:10:55 | 000,000,000 | R--D | M] - D:\Autorun -- [ UDF ] O32 - AutoRun File - [2008.10.10 16:51:07 | 001,586,176 | R--- | M] () - D:\autorun.dat -- [ UDF ] O32 - AutoRun File - [2008.10.10 16:51:06 | 000,447,752 | R--- | M] (Electronic Arts, Inc.) - D:\AutoRun.exe -- [ UDF ] O32 - AutoRun File - [2008.10.10 16:51:01 | 000,000,137 | R--- | M] () - D:\autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.26 17:39:41 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.04.26 17:39:35 | 000,000,000 | ---D | C] -- C:\JRT [2013.04.26 17:38:29 | 000,535,764 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\****\Desktop\JRT.exe [2013.04.26 16:56:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.04.26 16:48:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.04.26 16:48:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.04.26 16:48:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.04.26 16:48:06 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.04.26 16:47:59 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.04.26 16:43:48 | 005,059,946 | R--- | C] (Swearware) -- C:\Users\****\Desktop\ComboFix.exe [2013.04.25 18:46:57 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\****\Desktop\tdsskiller.exe [2013.04.25 18:41:12 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\****\Desktop\aswMBR.exe [2013.04.25 18:35:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.25 18:35:31 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\mbar-1.05.0.1001 [2013.04.23 21:36:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2013.04.18 22:07:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.04.16 21:32:00 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Red Alert 3 [2013.04.16 21:31:53 | 000,000,000 | RH-D | C] -- C:\Users\****\AppData\Roaming\SecuROM [2013.04.12 21:02:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.04.12 20:46:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PureSync [2013.04.12 20:46:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PureSync [2013.04.12 20:46:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Jumping Bytes [2013.04.11 23:04:35 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.04.11 23:04:35 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.04.11 23:04:34 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.04.11 23:04:34 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.04.11 23:04:34 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.04.11 23:04:34 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.04.11 23:04:34 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.04.11 23:04:34 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.04.11 23:04:34 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.04.11 23:04:34 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.04.11 23:04:34 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.04.11 23:04:34 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.04.11 23:04:33 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.04.11 23:04:33 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.04.11 23:04:32 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.04.11 19:27:24 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.04.11 19:27:23 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.04.11 19:27:23 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.04.11 19:27:23 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2013.04.11 19:27:23 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013.04.11 19:27:23 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2013.04.03 21:02:17 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\hjsplit3 [2013.04.03 20:23:55 | 000,719,872 | -HS- | C] (Abysmal Software) -- C:\Windows\SysWow64\devil.dll [2013.04.03 20:23:54 | 000,369,152 | -HS- | C] (The Public) -- C:\Windows\SysWow64\avisynth.dll [2013.04.03 20:23:53 | 000,070,656 | -HS- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll [2013.04.03 20:23:53 | 000,070,656 | -HS- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\i420vfw.dll [2013.04.03 20:23:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5 [2013.04.03 20:21:35 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\eRightSoft [2013.04.03 20:21:26 | 000,327,749 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\drvc.dll [2013.04.03 20:21:26 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll [2013.04.03 19:56:51 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\vlc [2013.04.03 19:56:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.04.03 19:37:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.04.02 20:03:42 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.04.02 20:03:42 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.04.02 20:03:42 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys ========== Files - Modified Within 30 Days ========== [2013.04.26 17:44:20 | 000,000,111 | ---- | M] () -- C:\.dir [2013.04.26 17:44:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.26 17:44:14 | 2114,625,535 | -HS- | M] () -- C:\hiberfil.sys [2013.04.26 17:38:53 | 000,619,461 | ---- | M] () -- C:\Users\****\Desktop\adwcleaner.exe [2013.04.26 17:38:30 | 000,535,764 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\****\Desktop\JRT.exe [2013.04.26 17:33:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.26 17:04:16 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.26 17:04:16 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.26 17:04:16 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.26 17:04:16 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.26 17:04:16 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.26 17:03:15 | 000,021,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.26 17:03:15 | 000,021,680 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.26 17:00:00 | 000,012,006 | ---- | M] () -- C:\Users\****\Network_Meter_Data.js [2013.04.26 16:57:13 | 000,001,340 | ---- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2013.04.26 16:55:38 | 000,000,024 | ---- | M] () -- C:\Users\****\AppData\Roaming\Network Meter_Usage.ini [2013.04.26 16:50:19 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.04.26 16:43:55 | 005,059,946 | R--- | M] (Swearware) -- C:\Users\****\Desktop\ComboFix.exe [2013.04.25 18:46:59 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\****\Desktop\tdsskiller.exe [2013.04.25 18:45:59 | 000,000,512 | ---- | M] () -- C:\Users\****\Desktop\MBR.dat [2013.04.25 18:42:37 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\****\Desktop\aswMBR.exe [2013.04.25 18:34:57 | 012,917,756 | ---- | M] () -- C:\Users\****\Desktop\mbar-1.05.0.1001.zip [2013.04.23 22:06:31 | 000,000,000 | ---- | M] () -- C:\Users\****\defogger_reenable [2013.04.23 22:06:05 | 000,377,856 | ---- | M] () -- C:\Users\****\Desktop\h4ucxbhr.exe [2013.04.23 22:02:42 | 000,050,477 | ---- | M] () -- C:\Users\****\Desktop\Defogger.exe [2013.04.23 21:36:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2013.04.20 21:19:17 | 000,000,040 | ---- | M] () -- C:\ProgramData\ra3.ini [2013.04.12 20:48:15 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.04.12 20:48:15 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.04.12 20:43:40 | 000,418,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.04 05:35:05 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.04.04 05:30:10 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.04.04 05:29:44 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.04.02 23:32:09 | 000,000,274 | ---- | M] () -- C:\Windows\Brownie.ini [2013.04.02 23:32:06 | 000,000,600 | ---- | M] () -- C:\Users\****\AppData\Local\PUTTY.RND [2013.04.02 20:03:33 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.04.02 20:03:33 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.04.02 20:03:33 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys ========== Files Created - No Company Name ========== [2013.04.26 17:38:53 | 000,619,461 | ---- | C] () -- C:\Users\****\Desktop\adwcleaner.exe [2013.04.26 16:48:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.04.26 16:48:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.04.26 16:48:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.04.26 16:48:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.04.26 16:48:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.04.25 18:45:59 | 000,000,512 | ---- | C] () -- C:\Users\****\Desktop\MBR.dat [2013.04.25 18:34:51 | 012,917,756 | ---- | C] () -- C:\Users\****\Desktop\mbar-1.05.0.1001.zip [2013.04.23 22:06:31 | 000,000,000 | ---- | C] () -- C:\Users\****\defogger_reenable [2013.04.23 22:06:05 | 000,377,856 | ---- | C] () -- C:\Users\****\Desktop\h4ucxbhr.exe [2013.04.23 22:02:42 | 000,050,477 | ---- | C] () -- C:\Users\****\Desktop\Defogger.exe [2013.04.20 21:19:17 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini [2013.04.03 20:23:54 | 000,032,256 | -HS- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2013.03.23 20:12:17 | 000,000,600 | ---- | C] () -- C:\Users\****\AppData\Local\PUTTY.RND [2013.03.06 19:05:27 | 000,000,024 | ---- | C] () -- C:\Users\****\AppData\Roaming\Network Meter_Usage.ini [2013.03.06 19:02:51 | 000,012,006 | ---- | C] () -- C:\Users\****\Network_Meter_Data.js [2013.02.20 22:52:55 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDevice.Dll [2013.02.20 22:52:55 | 000,037,344 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDisk.Sys [2013.02.04 23:00:00 | 000,003,382 | ---- | C] () -- C:\ProgramData\Network_Meter_Data.csv [2013.02.03 19:55:31 | 000,000,531 | ---- | C] () -- C:\Windows\wiso.ini [2013.01.13 15:55:37 | 000,000,576 | ---- | C] () -- C:\Users\****\AppData\Roaming\All CPU MeterV3_Settings.ini [2013.01.12 16:19:04 | 000,000,252 | ---- | C] () -- C:\Users\****\AppData\Roaming\GPU MeterV2_Settings.ini [2013.01.12 16:17:44 | 000,001,130 | ---- | C] () -- C:\Users\****\AppData\Roaming\Network Meter_Settings.ini [2013.01.12 16:15:05 | 000,000,839 | ---- | C] () -- C:\Users\****\AppData\Roaming\Drives Meter_Settings.ini [2013.01.12 03:28:40 | 000,009,030 | ---- | C] () -- C:\Windows\HL-2030.INI [2013.01.12 03:28:40 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini [2013.01.12 03:28:40 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini [2013.01.12 03:28:22 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2013.01.12 03:27:15 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\bd2030.dat [2013.01.12 03:26:50 | 000,000,274 | ---- | C] () -- C:\Windows\Brownie.ini [2013.01.11 23:24:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2013.01.11 23:23:06 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2013.01.11 23:23:06 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2013.01.11 23:23:06 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2013.01.11 08:06:57 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.01.11 08:03:48 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2013.01.11 02:04:50 | 000,007,597 | ---- | C] () -- C:\Users\****\AppData\Local\Resmon.ResmonCfg [2012.12.18 11:06:10 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.12.18 11:06:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.12.18 11:06:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.12.18 11:06:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.12.18 11:06:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.10.10 03:22:34 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.10.10 03:22:32 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin [2012.10.10 03:22:16 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin [2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.04.20 14:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > OTL, Extras.txt: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 26.04.2013 17:46:57 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\****\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,96 Gb Total Physical Memory | 5,66 Gb Available Physical Memory | 71,14% Memory free
15,92 Gb Paging File | 13,23 Gb Available in Paging File | 83,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,57 Gb Total Space | 60,52 Gb Free Space | 54,25% Space Free | Partition Type: NTFS
Drive D: | 7,17 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 931,51 Gb Total Space | 761,49 Gb Free Space | 81,75% Space Free | Partition Type: NTFS
Drive F: | 1363,01 Gb Total Space | 410,43 Gb Free Space | 30,11% Space Free | Partition Type: NTFS
Drive G: | 500,00 Gb Total Space | 332,64 Gb Free Space | 66,53% Space Free | Partition Type: NTFS
Computer Name: ****-PC | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
[HKEY_USERS\S-1-5-21-617984047-1022462007-3006896860-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Programme (HDD)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Programme (HDD)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Programme (HDD)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Programme (HDD)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FBF198B-F15B-46BA-82FB-92FFA30D6F04}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{276528C3-138A-40E8-94E2-D4CE7915232C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2B7C1642-C074-4CD1-BC3C-9AA620B1D11A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{33419E14-F998-4B7D-A469-392C235B423E}" = lport=138 | protocol=17 | dir=in | app=system |
"{36863865-CBBF-4332-B77A-27AEF1FC2D29}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{41B6DA0D-FBA5-418C-8E44-1E27234799EC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{445B7FDB-640F-4AE2-800B-E1A4B1DD634B}" = lport=137 | protocol=17 | dir=in | app=system |
"{446BA78A-E9EE-439A-A766-869133DB011C}" = rport=137 | protocol=17 | dir=out | app=system |
"{6D90640A-80AD-497A-98B4-375D75B907F8}" = rport=445 | protocol=6 | dir=out | app=system |
"{7DDECE48-4282-439E-9DCE-280A73F2120B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{83473D52-B2FF-4320-95F3-68C3D97BE3D8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{977C4F7F-7CC7-4C31-945B-E63677D20320}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9A22A678-02DB-46C4-AC3D-B4F8ECB710CB}" = lport=445 | protocol=6 | dir=in | app=system |
"{B335EA8E-FA8C-48A2-8A2E-907589A99774}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B72162FF-9286-41FD-97C5-88EFFC22DA08}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BF139E0B-34AD-4742-9956-152ECB5F35B1}" = rport=138 | protocol=17 | dir=out | app=system |
"{CC78DAB5-72B3-4C4B-86F5-76110A887BCD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D1D0F3DC-3BF8-4D05-95D0-E83DBE06B701}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DAA03A09-9085-4486-869F-353AAE029215}" = lport=139 | protocol=6 | dir=in | app=system |
"{F147F9A6-DB05-4866-B041-253FD9014F20}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F7137B38-B7D9-4612-B40A-1E15D6AA362F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F787289C-744A-4DBD-AB24-9FA6E8410F94}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F9C9B2E8-D777-48A9-8F99-D7F4D8A00B3E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FC9DF6D5-C58D-4447-9B3D-09547C25D3D8}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03C3E11A-6316-42E7-807F-551758A16E75}" = protocol=17 | dir=in | app=e:\programme (x86, hdd)\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{04D1FF61-772E-4067-B24F-129E87C25F2F}" = protocol=17 | dir=in | app=c:\program files\serviio\bin\serviioservice.exe |
"{04FFCD75-C9CB-45F6-86D5-27609860036D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{082722F1-3FEF-4EB4-A02F-D5A7879079A8}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{1AD950F7-5A18-47DA-8848-697EF43D6C33}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2873A3CE-4070-4421-8378-36532BB1426E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2BFF4593-7BAD-42EA-9E0F-1BE15EB14982}" = protocol=6 | dir=in | app=e:\programme (x86, hdd)\ubisoft\related designs\anno 1404\anno4.exe |
"{2FF35E24-0B5F-4765-AF6B-9828431656CE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3E8715B4-6409-43EC-87AE-473BAE226FE4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{44770D65-590E-4D39-8904-36861AFA0A54}" = protocol=6 | dir=in | app=e:\programme (x86, hdd)\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"{4514F9C8-6470-4AA1-B9B1-679828C2B67C}" = protocol=6 | dir=in | app=e:\programme (x86, hdd)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{47EC13A9-1BC1-4C08-9F95-BA7499F98EA2}" = protocol=6 | dir=in | app=e:\programme (x86, hdd)\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{4F56AE84-2B70-4C22-B41C-82588963BF12}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5082D0AF-64D0-4D8A-AA05-9A8DC0EF514D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{53C17DAA-19C8-4653-843F-33DCA502F61E}" = protocol=17 | dir=in | app=e:\programme (x86, hdd)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{640A1755-1574-460B-A3C5-87CA296F14DD}" = protocol=6 | dir=in | app=e:\programme (x86, hdd)\origin games\mass effect 3\binaries\win32\masseffect3.exe |
"{64DA73EA-7C7F-4A04-9B46-2004768839A0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{6658D25B-439E-4206-A945-62E1B6CB824C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6781FFEF-E1D6-46AB-BB32-3C9574140594}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{688C79C3-EE41-4738-8F79-00D53476012F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6B1902A5-D13E-42AE-99AE-DAFAC4460176}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{6CB5BAF3-6670-42BC-AF98-386E13DDA289}" = dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\allsharedms.exe |
"{6CE32060-9E4E-4E31-A8B9-D860750BCD65}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6E859C61-B0B4-4AE3-B9D3-05A109A32390}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7B9697F4-26EC-47D3-915D-E14F99D1387F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7EB8C43A-DB87-4499-8745-D42BFD5BE435}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7F708DB7-BF5D-4728-A7C4-7AF37DD407D2}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{8EE3F319-B3F6-4BD5-996E-F70133653AD1}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{9396B61B-D62C-495D-BBEF-119F79E9632A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{94998B10-D9BB-4704-9043-7053EB87CED2}" = protocol=17 | dir=in | app=e:\programme (x86, hdd)\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{976284CE-0F90-4217-824C-8E27009D6FEA}" = protocol=17 | dir=in | app=e:\programme (x86, hdd)\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"{98FEDE2D-F0A9-41D9-8E86-326B51CE6BF3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9BBD810C-D3A8-455C-B4BA-90EF562ED67D}" = protocol=17 | dir=in | app=e:\programme (x86, hdd)\ubisoft\related designs\anno 1404\anno4.exe |
"{A3E90030-CD33-486A-9425-30D274BA7499}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshare.exe |
"{A5B7B329-09EB-4F7C-A5AD-4DBE46A62A32}" = protocol=6 | dir=out | app=system |
"{AC04C0C1-2896-4ED8-9CDF-29A7DF54ED56}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{AD0C6E5B-CA95-4F26-9328-5165AAEB0C98}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AE19FF22-0515-4DA8-A221-24C5E49B01C5}" = protocol=17 | dir=in | app=e:\programme (x86, hdd)\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{B40C780E-C719-4DE4-9242-46E7CA9992B2}" = protocol=6 | dir=in | app=c:\program files\serviio\bin\serviioconsole.exe |
"{BBC786EB-5B51-47E9-B9CD-0201939CAE63}" = protocol=6 | dir=in | app=e:\programme (x86, hdd)\steam\steam.exe |
"{BC308061-2372-45E5-863C-C0D68C91F6D5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C5905A0C-52A8-42FC-9B2A-AB5A5F6DEDD8}" = protocol=6 | dir=in | app=e:\programme (x86, hdd)\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{C8C91754-081F-41B6-AE81-6DF8E5794F25}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshareagent.exe |
"{D48CC1C4-19A7-47D8-9EB4-BE444CFE8585}" = protocol=6 | dir=in | app=e:\programme (x86, hdd)\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{EA45FB32-C09C-4A6E-96D2-6161D45934DA}" = protocol=17 | dir=in | app=e:\programme (x86, hdd)\steam\steam.exe |
"{EA79C7D6-1507-4B9F-9C3E-F9F53B754927}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EC345C24-3A64-4124-B256-609FA6DA58F0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ED2D006F-6140-4C40-A2A4-3612C77DE2EC}" = protocol=17 | dir=in | app=c:\users\****\appdata\roaming\icqm\icq.exe |
"{EDC5317A-77EF-41AD-9D93-C31608A5AFB4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F1A454B7-F122-4E02-86E6-41D1293914BE}" = protocol=6 | dir=in | app=c:\users\****\appdata\roaming\icqm\icq.exe |
"{F7DFE7FC-6BBC-46EB-B105-3387243E36F2}" = protocol=17 | dir=in | app=e:\programme (x86, hdd)\origin games\mass effect 3\binaries\win32\masseffect3.exe |
"{FD88834B-FB10-4D37-A968-0904A26EAFB3}" = protocol=6 | dir=in | app=c:\program files\serviio\bin\serviioservice.exe |
"TCP Query User{8A399D68-A838-47FC-914C-68A55EA1751F}C:\program files (x86)\gigabyte\updmanager\gbtupd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\updmanager\gbtupd.exe |
"TCP Query User{BA3F1E74-04D6-47EF-93F6-7A663AE6FBB7}C:\program files (x86)\gigabyte\updmanager\runupd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\updmanager\runupd.exe |
"TCP Query User{D221EEC6-C8B6-4EDD-88C7-DC53268CFDD8}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{E8B7D228-723F-433E-9642-E150F8553EF4}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{246EBC39-CDB0-4A6D-84A0-733143E44C38}C:\program files (x86)\gigabyte\updmanager\gbtupd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\updmanager\gbtupd.exe |
"UDP Query User{612D8C9C-0F3C-449D-87E6-8FE2E740ECB8}C:\program files (x86)\gigabyte\updmanager\runupd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\updmanager\runupd.exe |
"UDP Query User{944089AF-BE00-492A-8818-9BBDF69C50AA}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{DF84F7E9-7F80-494C-9583-C28B0E1E3BC3}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06CB0DD1-71A5-F352-E0A9-FE6016380A8F}" = AMD Drag and Drop Transcoding
"{14297226-E0A0-3781-8911-E9D529552663}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{20384EBF-4F10-13F0-07C6-7A6C87FD83DF}" = AMD Catalyst Install Manager
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{477D05CA-C151-9CF5-22A1-9DF6DF543CD4}" = AMD Media Foundation Decoders
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9069EE0A-7615-4D86-AD80-CA263E936DA6}" = UltraMon
"{C1ACBDBF-6F86-185A-E158-AB07893968FC}" = AMD Accelerated Video Transcoding
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D61EB116-6878-9676-F28F-54F6B647023C}" = ccc-utility64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Serviio" = Serviio
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{009B1E9D-38AB-8B9E-DB07-8318DAAE1941}" = CCC Help Greek
"{01159E8A-44F7-4885-A7F9-872CE4D74063}" = Steuer 2012
"{022BC727-ACB7-4C1D-109C-177515714A32}" = Catalyst Control Center
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{07E46A4A-F2BA-FE48-9464-E11250502C6A}" = CCC Help Swedish
"{07E5C16F-9194-E31B-BB6C-C3E8FBD79C30}" = CCC Help English
"{0F2CF890-D101-6CFA-8D99-0CFBF7EF4AD0}" = CCC Help Chinese Standard
"{10CFB5DF-985A-8320-B4D8-461CC1F83CBF}" = CCC Help Japanese
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22D071EF-A06A-6341-DFDA-FE448659A63C}" = CCC Help Portuguese
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2913C8E7-612B-47DA-B18D-A23E1A1B16E3}" = Update Manager B12.0822.1
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot 3
"{2BD6DD47-D5BA-49B1-A91F-C716CD8EF016}" = Brother HL-2030
"{30909F74-4B46-2842-DECF-1C66F355338C}" = CCC Help Turkish
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{365E16A2-FE3B-EA13-4EE0-88D570F82497}" = CCC Help Korean
"{3D8AB6C1-3932-F551-2AF0-ED0612AD4B26}" = CCC Help Dutch
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.1102.1
"{40AD5E62-A31A-C414-01BA-310100577C7E}" = CCC Help Chinese Traditional
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4F9E0D27-5525-E8C8-43D0-BA15C1A22E03}" = CCC Help Czech
"{534A31BD-20F4-46b0-85CE-09778379663C}" = Mass Effect™ 3
"{647E62F0-F1BC-E0C3-EDF5-67716EE75014}" = CCC Help Hungarian
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{667DB2C0-AF52-021A-7CF6-DA8DD27AC215}" = CCC Help Italian
"{69BCC264-0D43-469F-8434-31E738982E7B}" = Cisco AnyConnect Secure Mobility Client
"{6A4C6C0F-8791-B753-742E-06C40A6E023C}" = CCC Help Polish
"{6B1F9121-5599-47F9-9F82-9FEA0F03C47F}" = 3DPower B12.0619.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{79C61902-F44E-4190-A2B9-9B467B0380CE}" = CCC Help French
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing-Desktop
"{8444E466-CE54-4D77-BC84-0007C7B4710B}" = PureSync
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91A3CEFE-A2C1-3E83-3789-F2BF8EC82106}" = CCC Help Thai
"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
"{96CAEB1D-7BFB-2A98-EBB2-414C894F694F}" = CCC Help Danish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A664A708-E454-4416-7D19-D0F10879522C}" = CCC Help German
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{D6F46E2D-4FE2-5FAB-5C30-230E99563DEE}" = Catalyst Control Center InstallProxy
"{D9DA23F5-CE0B-EE04-B498-7EC8AFC9F232}" = CCC Help Finnish
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.4.1
"{DF5182CB-192B-A6C8-9707-D7214557691C}" = CCC Help Norwegian
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6757654-CE6A-0D0B-BBE6-F6247F05B7CD}" = Catalyst Control Center Localization All
"{E8759AD8-3A58-77F1-D16D-F3C8F9E98722}" = Catalyst Control Center Graphics Previews Common
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F1C39CBE-4521-BEC8-5238-4A8B55FEB6B7}" = CCC Help Russian
"{FBFA39D2-C55A-56DC-7EBB-767FC31B04A3}" = CCC Help Spanish
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"a-squared HiJackFree_is1" = a-squared HiJackFree 3.1
"Avira AntiVir Desktop" = Avira Free Antivirus
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"CrypTool" = CrypTool 1.4.30
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Netzmanager" = Netzmanager
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Opera 12.15.1748" = Opera 12.15
"Origin" = Origin
"PureSync" = PureSync 3.7.5
"Star Wars: The Force Unleashed_is1" = Star Wars: The Force Unleashed
"Steam App 72850" = The Elder Scrolls V: Skyrim
"TrueCrypt" = TrueCrypt
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-617984047-1022462007-3006896860-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ICQ" = ICQ 8.0 (build 5981, für aktuellen Benutzer)
"MyFreeCodec" = MyFreeCodec
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 26.04.2013 11:46:07 | Computer Name = ****-PC | Source = WinMgmt | ID = 10
Description =
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 26.04.2013 11:44:54 | Computer Name = ****-PC | Source = acvpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
303 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31588307
(0xFE1E002D) Description: SOCKETTRANSPORT_ERROR_CONNECT_CANCELED:An asynchronous
connection has been canceled during its initiation.
Error - 26.04.2013 11:44:54 | Computer Name = ****-PC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp
Line:
1323 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28966899
(0xFE46000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could
not contact target
Error - 26.04.2013 11:44:54 | Computer Name = ****-PC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
772 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28966899 (0xFE46000D)
Description:
NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target
Error - 26.04.2013 11:45:25 | Computer Name = ****-PC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::analyzeHttpResponse File: .\NetEnvironment.cpp
Line:
1509 Invoked Function: CCertHelper::VerifyServerCertificate Return Code: -31391706
(0xFE210026) Description: CERTIFICATE_ERROR_VERIFY_POLICY_FAILED:Certificate failed
a policy check server name: vpn-unidsl.rwth-aachen.de
Error - 26.04.2013 11:45:27 | Computer Name = ****-PC | Source = acvpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
303 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31588307
(0xFE1E002D) Description: SOCKETTRANSPORT_ERROR_CONNECT_CANCELED:An asynchronous
connection has been canceled during its initiation.
Error - 26.04.2013 11:45:27 | Computer Name = ****-PC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp
Line:
1323 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28966899
(0xFE46000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could
not contact target
Error - 26.04.2013 11:45:27 | Computer Name = ****-PC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
772 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28966899 (0xFE46000D)
Description:
NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target
Error - 26.04.2013 11:49:18 | Computer Name = ****-PC | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
274 m_pIServicePlugin is NULL
Error - 26.04.2013 11:49:18 | Computer Name = ****-PC | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
274 m_pIServicePlugin is NULL
Error - 26.04.2013 11:49:18 | Computer Name = ****-PC | Source = acvpnagent | ID = 67108865
Description = Function: CTelemetryPluginMgr::GetSettings File: .\TelemetryPluginMgr.cpp
Line:
311 m_pITelemetryPlugin is NULL
< End of report >
|
|
26.04.2013, 22:42
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.ZPACK.Gen nach Anschließen vom Handy gefunden Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.04.2013, 02:19
| #11 |
| | TR/Crypt.ZPACK.Gen nach Anschließen vom Handy gefunden Ok, danke. Das hört sich ja ganz gut an. Hab beide Programme drüber laufen lassen. Sie haben zwar jeweils was gefunden, was aber meiner Meinung nach harmlos ist (alte selbstgeschriebene Programme aus Schulzeiten). Anti-Malware: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.04.26.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16540 **** :: ****-PC [Administrator] 27.04.2013 00:32:31 MBAM-log-2013-04-27 (01-08-25).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|G:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 473287 Laufzeit: 31 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 10 E:\Eigene Dateien\Dokumente\Schule\Informatik\Dezember 06\Netzwerke\NetzwerkRatespiel\NetzwerkRatespiel\Rate_Client\Project1.exe (Trojan.Agent.DF) -> Keine Aktion durchgeführt. E:\Eigene Dateien\Dokumente\Schule\Informatik\Dezember 06\Netzwerke\NetzwerkRatespiel\NetzwerkRatespiel\Rate_Server\Project1.exe (Trojan.Agent.DF) -> Keine Aktion durchgeführt. E:\Eigene Dateien\Dokumente\Schule\Informatik\Letztes Backup 12.3.07\Informatik\Netzwerke\NetzwerkRatespiel\Rate_Client\Project1.exe (Trojan.Agent.DF) -> Keine Aktion durchgeführt. E:\Eigene Dateien\Dokumente\Schule\Informatik\Letztes Backup 12.3.07\Informatik\Netzwerke\NetzwerkRatespiel\Rate_Server\Project1.exe (Trojan.Agent.DF) -> Keine Aktion durchgeführt. E:\Eigene Dateien\Dokumente\Schule\Informatik\Letztes Backup 12.3.07\Informatik\Serverprogrammierung\Project1.exe (Trojan.Agent.DF) -> Keine Aktion durchgeführt. G:\Backup-PC\Dokumente\Schule\Informatik\Dezember 06\Netzwerke\NetzwerkRatespiel\NetzwerkRatespiel\Rate_Client\Project1.exe (Trojan.Agent.DF) -> Keine Aktion durchgeführt. G:\Backup-PC\Dokumente\Schule\Informatik\Dezember 06\Netzwerke\NetzwerkRatespiel\NetzwerkRatespiel\Rate_Server\Project1.exe (Trojan.Agent.DF) -> Keine Aktion durchgeführt. G:\Backup-PC\Dokumente\Schule\Informatik\Letztes Backup 12.3.07\Informatik\Netzwerke\NetzwerkRatespiel\Rate_Client\Project1.exe (Trojan.Agent.DF) -> Keine Aktion durchgeführt. G:\Backup-PC\Dokumente\Schule\Informatik\Letztes Backup 12.3.07\Informatik\Netzwerke\NetzwerkRatespiel\Rate_Server\Project1.exe (Trojan.Agent.DF) -> Keine Aktion durchgeführt. G:\Backup-PC\Dokumente\Schule\Informatik\Letztes Backup 12.3.07\Informatik\Serverprogrammierung\Project1.exe (Trojan.Agent.DF) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=30ec20c787082b46bbe9678cbf2a390e
# engine=13707
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-27 01:10:03
# local_time=2013-04-27 03:10:03 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 9425 232448293 0 0
# compatibility_mode=5893 16776574 100 94 64430780 118654853 0 0
# scanned=267642
# found=2
# cleaned=0
# scan_time=6859
sh=B0F814458AAC78B9BBD2E5B190C9E19A1EE3E766 ft=1 fh=b582ecd5cb28c9a7 vn="probably a variant of Win32/Delf.NPR trojan" ac=I fn="E:\Eigene Dateien\Dokumente\Schule\Informatik\Letztes Backup 12.3.07\Informatik\Serverprogrammierung\Project1.exe"
sh=B0F814458AAC78B9BBD2E5B190C9E19A1EE3E766 ft=1 fh=b582ecd5cb28c9a7 vn="probably a variant of Win32/Delf.NPR trojan" ac=I fn="G:\Backup-PC\Dokumente\Schule\Informatik\Letztes Backup 12.3.07\Informatik\Serverprogrammierung\Project1.exe"
|
|
27.04.2013, 03:01
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.ZPACK.Gen nach Anschließen vom Handy gefunden Sieht soweit ok aus Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.04.2013, 10:50
| #13 |
| | TR/Crypt.ZPACK.Gen nach Anschließen vom Handy gefunden Hi, ja, wie es aussieht ist alles wieder in Ordnung, zumindest soweit wie ich das sagen kann. Also vielen Dank für deine Hilfe! Eine Frage hätte ich allerdings noch: Wenn ich in so einem Fall jetzt den Schädling radikal durchs neu Aufsetzen des ganzen Rechners loswerden möchte, müsste ich dann alle Platten Formatieren, oder nur meine Systemplatte? Noch mal herzlichen Dank |
|
27.04.2013, 17:08
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.ZPACK.Gen nach Anschließen vom Handy gefundenZitat:
Es ist aber eine naive Idee man kommt um das Formatieren der Datenpartitionen herum, denn man sollte immer ein Backup auf min. einem externen Datenträger haben falls man im Setup versehentlich das falsche löscht/formatiert oder sonst irgndetwas schiefgeht bei der Installation. Dann wären wir durch! Falls du noch Lob oder Kritik loswerden möchtest => http://www.trojaner-board.de/lob-kritik-wuensche/ Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Combofix entfernen (nur relevant wenn es hier benutzt wurde!) : Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Start, Systemsteuerung, Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks findest du hier => Browsers and Plugins - FilePony.de Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.04.2013, 13:42
| #15 |
| | TR/Crypt.ZPACK.Gen nach Anschließen vom Handy gefunden Ok, ist alles wieder runter. Also nochmal vielen Dank für deine Hilfe! Ich back-uppe (was ein komisches Wort) meine Daten schon, allerdings auf eine zweite Platte im Rechner. Das sollte ich vll im Ganzen mal überdenken. Es ging mehr generell darum, ob man durch das Auslagern seiner Daten auf eine separate Platte oder Partition das diese im Falle eines Schädlingsbefalls nicht auch formatieren muss. Ich werde mich da mal ein bisschen schlau machen, ob ich die Konfiguration meines Rechner vll verbessern kann. Vielen Dank für deine ganze Hilfe! |
|
| Themen zu TR/Crypt.ZPACK.Gen nach Anschließen vom Handy gefunden |
| adobe reader xi, antivir, autorun, bho, blockiert, cpu, desktop, dllhost.exe, emsisoft, error, failed, flash player, frage, helper, iexplore.exe, install.exe, logfile, mozilla, ntdll.dll, plug-in, problem, programm, prozesse, registry, rundll, security, senden, svchost.exe, taskhost.exe, trojaner, udp, windows |
Linear-Darstellung
