| |
| |||||||
Log-Analyse und Auswertung: Avira meldet Fund von Trojaner 'TR/Crypt.XPACK.Gen', 'JAVA/Lamar.ltg.35' und 5 weitere WarnungenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
28.05.2013, 07:56
| #1 |
 |  Avira meldet Fund von Trojaner 'TR/Crypt.XPACK.Gen', 'JAVA/Lamar.ltg.35' und 5 weitere Warnungen Liebe HelferInnen vom Trojaner-Board Auf meinem Laptop meldet Avira den Fund des Trojaners 'TR/Crypt.XPACK.Gen' sowie der Malware 'JAVA/Lamar.ltg.35'. Zudem hat Avira auch noch 5 weitere Warnungen ausgesprochen, bei denen ich jedoch nicht verstehe, ob etwas gefunden wurde bzw. was denn genau. Ich bin sehr verunsichert, was dies Funde denn nun für meinen Laptop bedeuten! In der Hoffnung, dass ihr mir helfen könnt, poste ich hier einmal den Report von AVIRA, sowie die Logs von OTL, Extra und Gmer. Report von AVIRA: Code:
ATTFilter Avira Free Antivirus
Erstellungsdatum der Reportdatei: Montag, 27. Mai 2013 18:13
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows Vista (TM) Home Premium
Windowsversion : (Service Pack 1) [6.0.6001]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : SILVAN-LAPTOP
Versionsinformationen:
BUILD.DAT : 13.0.0.3640 54852 Bytes 18.04.2013 13:29:00
AVSCAN.EXE : 13.6.0.1262 636984 Bytes 07.05.2013 13:01:29
AVSCANRC.DLL : 13.4.0.360 64800 Bytes 26.03.2013 19:35:31
LUKE.DLL : 13.6.0.1262 65080 Bytes 07.05.2013 13:01:53
AVSCPLR.DLL : 13.6.0.1262 92216 Bytes 07.05.2013 13:01:29
AVREG.DLL : 13.6.0.1262 247864 Bytes 07.05.2013 13:01:28
avlode.dll : 13.6.2.1262 432184 Bytes 07.05.2013 13:01:27
avlode.rdf : 13.0.1.12 25921 Bytes 16.05.2013 19:50:15
VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 20:16:47
VBASE001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 13:18:13
VBASE002.VDF : 7.11.74.227 2048 Bytes 30.04.2013 13:18:13
VBASE003.VDF : 7.11.74.228 2048 Bytes 30.04.2013 13:18:13
VBASE004.VDF : 7.11.74.229 2048 Bytes 30.04.2013 13:18:13
VBASE005.VDF : 7.11.74.230 2048 Bytes 30.04.2013 13:18:13
VBASE006.VDF : 7.11.74.231 2048 Bytes 30.04.2013 13:18:13
VBASE007.VDF : 7.11.74.232 2048 Bytes 30.04.2013 13:18:13
VBASE008.VDF : 7.11.74.233 2048 Bytes 30.04.2013 13:18:13
VBASE009.VDF : 7.11.74.234 2048 Bytes 30.04.2013 13:18:13
VBASE010.VDF : 7.11.74.235 2048 Bytes 30.04.2013 13:18:13
VBASE011.VDF : 7.11.74.236 2048 Bytes 30.04.2013 13:18:13
VBASE012.VDF : 7.11.74.237 2048 Bytes 30.04.2013 13:18:13
VBASE013.VDF : 7.11.74.238 2048 Bytes 30.04.2013 13:18:13
VBASE014.VDF : 7.11.75.97 181248 Bytes 02.05.2013 10:59:36
VBASE015.VDF : 7.11.75.183 217600 Bytes 03.05.2013 11:48:39
VBASE016.VDF : 7.11.76.27 183808 Bytes 04.05.2013 07:41:23
VBASE017.VDF : 7.11.76.101 194048 Bytes 06.05.2013 19:41:24
VBASE018.VDF : 7.11.76.213 163328 Bytes 07.05.2013 05:21:38
VBASE019.VDF : 7.11.77.41 134656 Bytes 08.05.2013 19:16:35
VBASE020.VDF : 7.11.77.145 141312 Bytes 10.05.2013 19:16:35
VBASE021.VDF : 7.11.77.225 155648 Bytes 12.05.2013 19:16:36
VBASE022.VDF : 7.11.78.21 202752 Bytes 13.05.2013 14:43:59
VBASE023.VDF : 7.11.78.71 140800 Bytes 13.05.2013 07:12:58
VBASE024.VDF : 7.11.78.147 167936 Bytes 15.05.2013 06:26:18
VBASE025.VDF : 7.11.78.207 147456 Bytes 16.05.2013 19:50:09
VBASE026.VDF : 7.11.79.17 198656 Bytes 17.05.2013 20:51:47
VBASE027.VDF : 7.11.79.194 659968 Bytes 23.05.2013 13:40:36
VBASE028.VDF : 7.11.80.1 288256 Bytes 25.05.2013 11:48:30
VBASE029.VDF : 7.11.80.2 2048 Bytes 25.05.2013 11:48:30
VBASE030.VDF : 7.11.80.3 2048 Bytes 25.05.2013 11:48:30
VBASE031.VDF : 7.11.80.36 258560 Bytes 27.05.2013 15:39:47
Engineversion : 8.2.12.48
AEVDF.DLL : 8.1.2.10 102772 Bytes 14.07.2012 16:51:01
AESCRIPT.DLL : 8.1.4.118 487805 Bytes 23.05.2013 13:40:54
AESCN.DLL : 8.1.10.4 131446 Bytes 26.03.2013 19:34:47
AESBX.DLL : 8.2.5.12 606578 Bytes 27.06.2012 08:53:31
AERDL.DLL : 8.2.0.88 643444 Bytes 13.01.2013 21:53:27
AEPACK.DLL : 8.3.2.12 754040 Bytes 12.05.2013 19:16:49
AEOFFICE.DLL : 8.1.2.56 205180 Bytes 09.03.2013 11:28:27
AEHEUR.DLL : 8.1.4.378 5910905 Bytes 23.05.2013 13:40:51
AEHELP.DLL : 8.1.25.10 258425 Bytes 12.05.2013 19:16:39
AEGEN.DLL : 8.1.7.4 442741 Bytes 12.05.2013 19:16:38
AEEXP.DLL : 8.4.0.32 201078 Bytes 23.05.2013 13:40:59
AEEMU.DLL : 8.1.3.2 393587 Bytes 14.07.2012 16:50:54
AECORE.DLL : 8.1.31.2 201080 Bytes 23.02.2013 11:57:04
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 15:20:28
AVWINLL.DLL : 13.6.0.480 26480 Bytes 26.03.2013 19:34:38
AVPREF.DLL : 13.6.0.480 51056 Bytes 26.03.2013 19:35:29
AVREP.DLL : 13.6.0.480 178544 Bytes 26.03.2013 19:37:16
AVARKT.DLL : 13.6.0.1262 258104 Bytes 07.05.2013 13:01:20
AVEVTLOG.DLL : 13.6.0.1262 164920 Bytes 07.05.2013 13:01:26
SQLITE3.DLL : 3.7.0.1 397704 Bytes 26.03.2013 19:36:36
AVSMTP.DLL : 13.6.0.480 62832 Bytes 26.03.2013 19:35:33
NETNT.DLL : 13.6.0.480 16240 Bytes 26.03.2013 19:36:19
RCIMAGE.DLL : 13.4.0.360 4780832 Bytes 26.03.2013 19:34:40
RCTEXT.DLL : 13.6.0.976 69344 Bytes 01.04.2013 21:00:33
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Montag, 27. Mai 2013 18:13
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '104' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'AcroRd32.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'AcroRd32.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'opera.exe' - '103' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'WINWORD.EXE' - '113' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCC.exe' - '144' Modul(e) wurden durchsucht
Durchsuche Prozess 'Apntex.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'HidFind.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'ApMsgFwd.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTTray.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnscfg.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'momclnt.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'ZuneLauncher.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'MOM.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdobeARM.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'sttray.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLTRAY.EXE' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'Apoint.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '166' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'DashBoardS.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'SecMIPService.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'btwdins.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'aestsrv.exe' - '5' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '99' Modul(e) wurden durchsucht
Durchsuche Prozess 'bcmwltry.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLTRYSVC.EXE' - '15' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '98' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ati2evxx.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '91' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'STacSV.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '153' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '116' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ati2evxx.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1586' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <SYSTEM>
C:\Users\Silvan\AppData\Local\Temp\0.30662022067813843.bfg
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen
[0] Archivtyp: Portable Executable Resource
--> id_99
[1] Archivtyp: CAB (Microsoft)
--> C:\Program Files\Zune\Drivers\Zune\WUDFUpdate_01009.dll
[2] Archivtyp: RSRC
--> C:\Users\Silvan\AppData\Local\Temp\jar_cache8797580636335720296.tmp
[3] Archivtyp: ZIP
--> QSkXTtJnF/aNGXf.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Klaslod.K
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> QSkXTtJnF/dJmWRWzsr.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-1723.KN
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> QSkXTtJnF/iZpFtg.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.ltg.34
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> QSkXTtJnF/pAiwuOuQF.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-1723.JX
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> QSkXTtJnF/WAbmOChS.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.ltg.35
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Silvan\AppData\Local\Temp\jar_cache8797580636335720296.tmp
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.ltg.35
Beginne mit der Suche in 'D:\' <DATA>
Beginne mit der Desinfektion:
C:\Users\Silvan\AppData\Local\Temp\jar_cache8797580636335720296.tmp
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.ltg.35
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '55a03f6e.qua' verschoben!
C:\Users\Silvan\AppData\Local\Temp\0.30662022067813843.bfg
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4ef41016.qua' verschoben!
Ende des Suchlaufs: Montag, 27. Mai 2013 20:00
Benötigte Zeit: 1:38:32 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
23193 Verzeichnisse wurden überprüft
575715 Dateien wurden geprüft
7 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
2 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
575708 Dateien ohne Befall
10773 Archive wurden durchsucht
5 Warnungen
2 Hinweise
495373 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
OTL.txt: Code:
ATTFilter OTL logfile created on: 27.05.2013 22:14:03 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\Benutzer\Silvan\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 3.50 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 47.90% Memory free 7.22 Gb Paging File | 5.41 Gb Available in Paging File | 75.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 40.04 Gb Total Space | 1.01 Gb Free Space | 2.52% Space Free | Partition Type: NTFS Drive D: | 257.91 Gb Total Space | 191.67 Gb Free Space | 74.32% Space Free | Partition Type: NTFS Computer Name: SILVAN-LAPTOP | User Name: Silvan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.27 22:10:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Benutzer\Silvan\Desktop\OTL.exe PRC - [2013.05.27 22:09:12 | 000,050,477 | ---- | M] () -- D:\Benutzer\Silvan\Desktop\Defogger.exe PRC - [2013.05.15 08:58:53 | 000,879,456 | ---- | M] (Opera Software) -- C:\Programme\Opera\opera.exe PRC - [2013.05.07 15:01:27 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.04.01 23:01:02 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2013.04.01 23:00:47 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2013.04.01 23:00:44 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2013.02.16 00:31:18 | 001,430,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe PRC - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.08.05 13:29:56 | 000,159,456 | ---- | M] (Microsoft Corporation) -- C:\Programme\Zune\ZuneLauncher.exe PRC - [2009.12.10 19:40:08 | 000,128,296 | R--- | M] (Swisscom) -- C:\Programme\Swisscom\Unlimited Data Manager\DashBoardS.exe PRC - [2009.11.16 12:41:02 | 001,414,440 | ---- | M] (Swisscom) -- C:\Programme\Swisscom\Sesam\BIN\SecMIPService.exe PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.09.01 14:41:26 | 000,668,960 | ---- | M] () -- C:\Programme\uniFLOW_Client\momclnt.exe PRC - [2008.02.28 02:01:20 | 000,221,239 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\stacsv.exe PRC - [2008.02.28 01:58:34 | 000,442,433 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe PRC - [2008.02.13 10:05:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\AEstSrv.exe PRC - [2008.02.08 16:18:16 | 000,752,168 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 04:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2007.10.11 23:49:14 | 000,163,840 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\Apoint.exe PRC - [2007.06.06 17:44:44 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApntEx.exe PRC - [2007.05.22 15:18:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApMsgFwd.exe PRC - [2006.09.08 16:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\hidfind.exe ========== Modules (No Company Name) ========== MOD - [2013.05.27 22:09:12 | 000,050,477 | ---- | M] () -- D:\Benutzer\Silvan\Desktop\Defogger.exe MOD - [2013.05.15 08:59:05 | 000,312,832 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstoggdec.dll MOD - [2013.05.15 08:59:05 | 000,158,208 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstffmpegcolorspace.dll MOD - [2013.05.15 08:59:05 | 000,101,888 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstwebmdec.dll MOD - [2013.05.15 08:59:05 | 000,096,256 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstcoreplugins.dll MOD - [2013.05.15 08:59:05 | 000,073,728 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstwavparse.dll MOD - [2013.05.15 08:59:05 | 000,067,072 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstdirectsound.dll MOD - [2013.05.15 08:59:05 | 000,062,976 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstdecodebin2.dll MOD - [2013.05.15 08:59:05 | 000,057,344 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstautodetect.dll MOD - [2013.05.15 08:59:05 | 000,038,912 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstwaveform.dll MOD - [2013.05.15 08:59:04 | 000,835,584 | ---- | M] () -- C:\Programme\Opera\gstreamer\gstreamer.dll MOD - [2013.05.15 08:59:04 | 000,094,208 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstaudioresample.dll MOD - [2013.05.15 08:59:04 | 000,093,696 | ---- | M] () -- C:\Programme\Opera\gstreamer\plugins\gstaudioconvert.dll MOD - [2013.03.10 13:58:54 | 000,014,336 | ---- | M] () -- C:\Users\Silvan\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_Updater.DEU MOD - [2013.03.10 13:58:19 | 009,390,592 | ---- | M] () -- C:\Users\Silvan\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_rdlang32.deu MOD - [2012.12.18 16:28:12 | 000,305,880 | ---- | M] () -- C:\Programme\Adobe\Reader 10.0\Reader\sqlite.dll MOD - [2012.10.18 16:52:53 | 009,814,968 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_287.dll MOD - [2011.12.24 10:44:26 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll MOD - [2011.12.24 10:43:53 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll MOD - [2011.12.24 10:37:33 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll MOD - [2011.12.24 10:37:17 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll MOD - [2011.12.24 10:37:09 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll MOD - [2011.12.24 10:36:02 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll MOD - [2011.12.24 10:35:53 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll MOD - [2011.12.21 00:14:49 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2977.39064__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2011.12.21 00:14:49 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2977.39118__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2011.12.21 00:14:49 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2977.39097__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2011.12.21 00:14:49 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2977.39084__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2011.12.21 00:14:48 | 001,679,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2977.39104__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2011.12.21 00:14:48 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2977.39334__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2011.12.21 00:14:48 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2977.39340__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2011.12.21 00:14:48 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2977.39300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2011.12.21 00:14:48 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2977.39076__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2011.12.21 00:14:48 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2977.39263__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2011.12.21 00:14:48 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2977.39217__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2011.12.21 00:14:47 | 000,352,256 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2977.39271__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2011.12.21 00:14:47 | 000,147,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.2977.39332__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll MOD - [2011.12.21 00:14:47 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2977.39277__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2011.12.21 00:14:47 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2977.39270__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2011.12.21 00:14:47 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2977.39331__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2011.12.21 00:14:46 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2977.39227__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2011.12.21 00:14:46 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2977.39292__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2011.12.21 00:14:46 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2977.39226__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2011.12.21 00:14:45 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2977.39131__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2011.12.21 00:14:45 | 000,479,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2977.39219__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2011.12.21 00:14:45 | 000,442,368 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2977.39211__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2011.12.21 00:14:45 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2977.39085__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2011.12.21 00:14:45 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2977.39256__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2011.12.21 00:14:45 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2977.39138__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2011.12.21 00:14:45 | 000,217,088 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2977.39124__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2011.12.21 00:14:45 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2977.39244__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2011.12.21 00:14:45 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2977.39218__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2011.12.21 00:14:45 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2977.39137__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2011.12.21 00:14:45 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2977.39226__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2011.12.21 00:14:45 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2977.39243__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2011.12.21 00:14:45 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2977.39255__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2011.12.21 00:14:45 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2011.12.21 00:14:45 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2011.12.21 00:14:45 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2011.12.21 00:14:44 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2011.12.21 00:14:44 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2011.12.21 00:14:44 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2011.12.21 00:14:43 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll MOD - [2011.12.21 00:14:43 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2011.12.21 00:14:43 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2011.12.21 00:14:43 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll MOD - [2011.12.21 00:14:43 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2011.12.21 00:14:43 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2011.12.21 00:14:43 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2011.12.21 00:14:43 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2011.12.21 00:14:43 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2011.12.21 00:14:43 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2011.12.21 00:14:43 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll MOD - [2011.12.21 00:14:43 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll MOD - [2011.12.21 00:14:43 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2011.12.21 00:14:43 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll MOD - [2011.12.21 00:14:43 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2011.12.21 00:14:43 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2011.12.21 00:14:43 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2011.12.21 00:14:43 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2011.12.21 00:14:42 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2011.12.21 00:14:42 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2011.12.21 00:14:42 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2939.23763__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2011.12.21 00:14:41 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2965.22300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2011.12.21 00:14:41 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2011.12.21 00:14:41 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2939.23740__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2011.12.21 00:14:41 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2011.12.21 00:14:41 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2011.12.21 00:14:41 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2011.12.21 00:14:41 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2011.12.21 00:14:41 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2011.12.21 00:14:41 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2939.23741__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2011.12.21 00:14:41 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2011.12.21 00:14:41 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll MOD - [2011.12.21 00:14:41 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2011.12.21 00:14:41 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll MOD - [2011.12.21 00:14:41 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2011.12.21 00:14:40 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2011.12.21 00:14:39 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2977.39353__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2011.12.21 00:14:39 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll MOD - [2011.12.21 00:14:39 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2977.39056__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2011.12.21 00:14:38 | 001,507,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2977.39071__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2011.12.21 00:14:38 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2977.39091__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2011.12.21 00:14:38 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2977.39324__90ba9c70f846762e\MOM.Implementation.dll MOD - [2011.12.21 00:14:38 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2977.39056__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2011.12.21 00:14:38 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2977.39057__90ba9c70f846762e\ATIDEMOS.dll MOD - [2011.12.21 00:14:38 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2977.39322__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2011.12.21 00:14:38 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2011.12.21 00:14:38 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2011.12.21 00:14:38 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2011.12.21 00:14:38 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2011.12.21 00:14:38 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2977.39323__90ba9c70f846762e\CCC.Implementation.dll MOD - [2011.12.21 00:14:38 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2011.12.21 00:14:38 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2011.12.21 00:14:38 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2011.12.21 00:14:38 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2011.12.21 00:14:37 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.2977.39055__90ba9c70f846762e\APM.Server.dll MOD - [2011.12.21 00:14:37 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2977.39055__90ba9c70f846762e\AEM.Server.dll MOD - [2011.12.21 00:14:37 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2011.05.28 23:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2008.09.01 14:41:26 | 000,668,960 | ---- | M] () -- C:\Programme\uniFLOW_Client\momclnt.exe MOD - [2008.07.27 20:03:09 | 000,167,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll MOD - [2008.07.27 20:03:08 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2008.07.27 20:03:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2008.07.27 20:03:08 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2008.03.12 18:34:50 | 000,055,808 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll MOD - [2008.02.25 23:10:12 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2008.02.08 15:44:32 | 000,126,976 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll ========== Services (SafeList) ========== SRV - [2013.05.24 13:19:28 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.04.01 23:01:02 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.04.01 23:00:44 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.08.05 13:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc) SRV - [2011.08.05 13:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Zune\WMZuneComm.exe -- (WMZuneComm) SRV - [2011.08.05 13:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Zune\ZuneNss.exe -- (ZuneNetworkSvc) SRV - [2009.12.10 19:40:08 | 000,128,296 | R--- | M] (Swisscom) [Auto | Running] -- C:\Programme\Swisscom\Unlimited Data Manager\DashBoardS.exe -- (UDM Service) SRV - [2009.11.16 12:41:02 | 001,414,440 | ---- | M] (Swisscom) [Auto | Running] -- C:\Programme\Swisscom\Sesam\BIN\SecMIPService.exe -- (SesamService) SRV - [2008.02.28 02:01:20 | 000,221,239 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\stacsv.exe -- (STacSV) SRV - [2008.02.13 10:05:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c204e27d\AEstSrv.exe -- (AESTFilters) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2006.10.26 20:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\frmupgr.sys -- (DFUBTUSB) DRV - [2013.04.01 23:01:07 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2013.04.01 23:01:07 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2013.04.01 23:01:07 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2013.03.26 21:37:15 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.12.10 18:06:28 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2009.12.10 18:06:28 | 000,103,040 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake) DRV - [2009.12.10 18:06:28 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.07.20 16:32:06 | 000,286,760 | ---- | M] (Swisscom) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wtsmpflt.sys -- (WtSmpFlt) DRV - [2009.07.20 16:32:06 | 000,039,720 | ---- | M] (Swisscom) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wtsmpadap.sys -- (wtsmpadap) DRV - [2008.03.12 18:34:48 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY) DRV - [2008.02.28 02:06:32 | 000,374,784 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2008.02.26 01:53:22 | 003,520,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008.02.16 02:00:00 | 000,277,624 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid) DRV - [2008.02.15 19:01:18 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2008.01.31 16:37:04 | 000,149,208 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd) DRV - [2008.01.29 21:08:46 | 000,203,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) DRV - [2008.01.21 04:23:26 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB) DRV - [2007.12.12 19:01:30 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2007.07.30 12:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007.07.30 11:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2007.07.16 23:29:33 | 000,017,432 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hpfxbulk.sys -- (HPFXBULK) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=110824&tt=4812_7&babsrc=HP_ss&mntrId=14c8aad100000000000000ade1ac1c1a IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110824&tt=4812_7&babsrc=SP_ss&mntrId=14c8aad100000000000000ade1ac1c1a IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "www.google.ch" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{E4D8AFFF-DA7C-412F-A976-05ED142C7806}: C:\Program Files\Swisscom\Unlimited Data Manager\FireFox_Remote\ [2012.06.30 15:22:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2013.01.30 14:31:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.24 13:19:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.02 21:16:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Silvan\AppData\Roaming\mozilla\Extensions [2012.12.24 10:52:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Silvan\AppData\Roaming\mozilla\Firefox\Profiles\m70kb871.default\extensions [2012.01.02 21:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.05.24 13:19:29 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013.05.24 13:19:25 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.30 16:33:11 | 000,002,349 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2013.05.24 13:19:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.05.24 13:19:25 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.05.24 13:19:25 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.05.24 13:19:25 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.05.24 13:19:25 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Dashboard] File not found O4 - HKLM..\Run: [MOMCLIENT] C:\Programme\uniFLOW_Client\momclnt.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube Download - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93D1DB22-F6A3-43C1-98F9-C218A236305B}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Silvan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Silvan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{7c212527-2b59-11e1-83ae-0021707eda31}\Shell - "" = AutoRun O33 - MountPoints2\{7c212527-2b59-11e1-83ae-0021707eda31}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{90ebfeeb-9a6c-11e1-9570-0021707eda31}\Shell - "" = AutoRun O33 - MountPoints2\{90ebfeeb-9a6c-11e1-9570-0021707eda31}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{90ebff28-9a6c-11e1-9570-0021707eda31}\Shell - "" = AutoRun O33 - MountPoints2\{90ebff28-9a6c-11e1-9570-0021707eda31}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{b540bdd8-c2b7-11e1-9fd4-001e101f2c0e}\Shell - "" = AutoRun O33 - MountPoints2\{b540bdd8-c2b7-11e1-9fd4-001e101f2c0e}\Shell\AutoRun\command - "" = F:\Start.exe O33 - MountPoints2\{ca4342fc-c282-11e1-b288-0021707eda31}\Shell - "" = AutoRun O33 - MountPoints2\{ca4342fc-c282-11e1-b288-0021707eda31}\Shell\AutoRun\command - "" = F:\Start.exe O33 - MountPoints2\{d231ed89-55bc-11e2-84fc-0021707eda31}\Shell - "" = AutoRun O33 - MountPoints2\{d231ed89-55bc-11e2-84fc-0021707eda31}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.05.27 22:10:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\Benutzer\Silvan\Desktop\OTL.exe [2013.05.24 13:19:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013.05.24 13:19:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2013.05.15 17:12:04 | 000,000,000 | ---D | C] -- D:\Benutzer\Silvan\Desktop\Terzi-Schmid%20Ursula [2013.05.13 15:54:10 | 000,000,000 | ---D | C] -- C:\Users\Silvan\AppData\Local\Macromedia [2 D:\Benutzer\Silvan\Desktop\*.tmp files -> D:\Benutzer\Silvan\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.27 22:10:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Benutzer\Silvan\Desktop\OTL.exe [2013.05.27 22:09:46 | 000,000,000 | ---- | M] () -- C:\Users\Silvan\defogger_reenable [2013.05.27 22:09:12 | 000,050,477 | ---- | M] () -- D:\Benutzer\Silvan\Desktop\Defogger.exe [2013.05.27 21:56:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.27 21:34:11 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.27 21:34:11 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.27 20:56:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.27 11:40:55 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.27 11:40:55 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.27 11:40:55 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.27 11:40:55 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.27 11:34:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.27 11:34:01 | 3755,974,656 | -HS- | M] () -- C:\hiberfil.sys [2013.05.14 15:14:34 | 000,016,384 | ---- | M] () -- D:\Benutzer\Silvan\Documents\Resultate_6.v12 [2013.05.09 10:29:52 | 000,061,440 | ---- | M] () -- C:\Users\Silvan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2 D:\Benutzer\Silvan\Desktop\*.tmp files -> D:\Benutzer\Silvan\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.27 22:09:46 | 000,000,000 | ---- | C] () -- C:\Users\Silvan\defogger_reenable [2013.05.27 22:09:12 | 000,050,477 | ---- | C] () -- D:\Benutzer\Silvan\Desktop\Defogger.exe [2012.12.12 12:50:12 | 000,000,393 | ---- | C] () -- C:\Users\Silvan\AppData\Local\HamsterVideoConverterSettings.cfg [2012.09.18 20:32:32 | 000,002,651 | ---- | C] () -- C:\Users\Silvan\AppData\Local\recently-used.xbel [2012.01.27 12:18:04 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2012.01.08 14:09:20 | 000,095,406 | ---- | C] () -- C:\Users\Silvan\Antrag Strafregisterauszug.pdf [2012.01.02 18:40:16 | 000,000,608 | -HS- | C] () -- C:\Windows\System32\winzvprt5.sys [2012.01.02 18:33:11 | 000,000,861 | ---- | C] () -- C:\Windows\hpntwksetup.ini [2012.01.02 18:05:05 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI [2011.12.24 12:59:11 | 000,061,440 | ---- | C] () -- C:\Users\Silvan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.22 10:41:03 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.12.22 10:41:03 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011.12.21 08:43:59 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2011.12.21 08:43:59 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2011.12.21 08:43:59 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2011.12.21 08:43:59 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2011.12.21 00:25:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.12.21 00:11:48 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2011.12.21 00:11:47 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2011.12.21 00:11:46 | 000,166,450 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011.12.21 00:07:34 | 000,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll [2011.12.21 00:07:33 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE [2011.12.20 23:56:10 | 000,001,356 | ---- | C] () -- C:\Users\Silvan\AppData\Local\d3d9caps.dat ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 17:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 06:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.21 04:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.11.30 16:33:01 | 000,000,000 | ---D | M] -- C:\Users\Silvan\AppData\Roaming\Babylon [2012.09.18 09:12:31 | 000,000,000 | ---D | M] -- C:\Users\Silvan\AppData\Roaming\Ciamti [2013.01.30 14:32:41 | 000,000,000 | ---D | M] -- C:\Users\Silvan\AppData\Roaming\DVDVideoSoft [2013.01.30 14:32:42 | 000,000,000 | ---D | M] -- C:\Users\Silvan\AppData\Roaming\DVDVideoSoftIEHelpers [2012.09.18 08:56:06 | 000,000,000 | ---D | M] -- C:\Users\Silvan\AppData\Roaming\Epos [2013.03.21 23:09:38 | 000,000,000 | ---D | M] -- C:\Users\Silvan\AppData\Roaming\Mp3tag [2011.12.21 00:42:49 | 000,000,000 | ---D | M] -- C:\Users\Silvan\AppData\Roaming\Opera [2012.01.27 12:18:09 | 000,000,000 | ---D | M] -- C:\Users\Silvan\AppData\Roaming\pdfforge [2012.11.30 16:33:27 | 000,000,000 | ---D | M] -- C:\Users\Silvan\AppData\Roaming\VideoConverterPackages ========== Purity Check ========== < End of report > EXTRAS.txt: Code:
ATTFilter OTL Extras logfile created on: 27.05.2013 22:21:13 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Benutzer\Silvan\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
3.50 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 47.90% Memory free
7.22 Gb Paging File | 5.41 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 40.04 Gb Total Space | 1.01 Gb Free Space | 2.52% Space Free | Partition Type: NTFS
Drive D: | 257.91 Gb Total Space | 191.67 Gb Free Space | 74.32% Space Free | Partition Type: NTFS
Computer Name: SILVAN-LAPTOP | User Name: Silvan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\CEWE\posterjack CEWE Fotobuch und Kalender\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [posterjack CEWE Fotobuch und Kalender] -- "C:\Program Files\CEWE\posterjack CEWE Fotobuch und Kalender\posterjack CEWE Fotobuch und Kalender.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{42C7F14F-4549-491E-98E8-A7CA6DD706B5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5491A70B-824F-49A8-AEFB-FFD54216ECB0}" = lport=445 | protocol=6 | dir=in | app=system |
"{6AA58A3E-1B19-4CD2-BD5C-A43BFE0BC2F3}" = lport=138 | protocol=17 | dir=in | app=system |
"{7BE1E0F5-E3CE-4E06-9BCB-99C36F1CEE50}" = rport=445 | protocol=6 | dir=out | app=system |
"{86CB44E4-2291-41F6-9A26-547FB87DB6E3}" = rport=138 | protocol=17 | dir=out | app=system |
"{A460B3C4-B6AE-4F1F-A407-CF8818BD0899}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B7A0769B-F33E-46F7-91A1-47438535476D}" = lport=139 | protocol=6 | dir=in | app=system |
"{D8403272-4731-4FEC-A6AE-5FD0EF137E69}" = rport=137 | protocol=17 | dir=out | app=system |
"{DB9BC383-5C75-4851-A213-0ACFF0E47D98}" = rport=139 | protocol=6 | dir=out | app=system |
"{EA14573B-CC8D-4277-B487-940D818C4BF2}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09238BAA-86C7-4627-B7FA-2CD1543C5CBC}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{20D69B94-65B9-4689-8C59-858A0230CADE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2513CB07-BE88-4585-9215-3C57D557C7BB}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe |
"{2E4ECBF2-7E08-41D9-9115-DAB84CD89D78}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe |
"{393D49B0-77B7-44CE-917F-A890DBA8A8EE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3D503407-E085-4729-B6D2-4BA33BD9E14D}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{54DA02EA-3B75-4BF4-AC15-E09A7505C03A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{67EA6843-84E9-4960-A7BD-64573CB9862C}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe |
"{7AE86CC4-3014-472E-BE9F-A4E8EC734CF8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9E6FB224-4474-4B34-A2C3-1AE5C947689C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A4BE9BB9-042A-4DF7-B7E8-6979D34AC77D}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe |
"{A98C5575-2AA4-46AB-87EE-4180E87CD896}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe |
"{ABEB807C-0182-47F8-99BD-1FF8B6D8CE1D}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe |
"{E106E9BA-6D0C-450F-9F84-E90952E6310D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E853A449-88D8-480F-8DC8-96D23EE9FED8}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{FC4FF036-7D1A-48CD-9E9D-FB580544463D}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{08A043E8-9D38-4392-9086-8B8D5D8BB3CF}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{6FD16C74-6CC2-43E6-BE18-F265016FF3C5}C:\program files\pinnacle\videospin\programs\videospin.exe" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe |
"TCP Query User{7FD7A8C1-A8F1-4EBE-961E-B5F1C2839162}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{9380E611-C924-45E6-9101-A4AAA6A36E14}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{F04DC46E-AE5B-4C5E-8470-CC8BC1868E20}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{3F7002AE-7648-4CBF-853E-E24F8D3F7A67}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{640A32D7-7DB1-423E-B49A-B62509A27F6F}C:\program files\pinnacle\videospin\programs\videospin.exe" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe |
"UDP Query User{714FE910-2DDE-463B-99CA-80A622B0EEA8}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{7D121028-573D-458B-8DD6-F0F010CAA079}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{F309D81F-DC46-4C92-864C-A0CF89A279AE}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.4400
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{07EF2D4D-6EF5-4066-7A2A-1321FBE3A14D}" = Catalyst Control Center Graphics Previews Common
"{0E75B023-0320-75F2-0B8E-23B27B799367}" = Catalyst Control Center Graphics Full New
"{1EA02FAC-4A8C-C0F8-C55C-46AF4CF6EB19}" = ccc-utility
"{241A1B40-03B3-A765-5664-F5CA987875B0}" = CCC Help German
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FCB5BAD-937E-FAD6-147B-6BBC44491A50}" = Skins
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CA09BF7-1CFC-44B8-80EA-7B4D15D12DC5}" = Catalyst Control Center - Branding
"{4E62807B-3EB4-4817-96DE-82DA97F9C547}" = uniFLOW Client
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{58213F22-17C7-3594-D02A-09F798513D71}" = Catalyst Control Center Core Implementation
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{6553F4A8-B67F-49BA-A882-FF499C83CF4B}" = 32 Bit HP CIO Components Installer
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{7E350663-86D3-466A-AB79-28156A9ABF6E}_is1" = Hamster Free Video Converter
"{832F40BE-F620-3974-B9F0-CEC4501248BE}" = Catalyst Control Center Graphics Full Existing
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{886BE51A-3420-49AB-A6D0-E868D11E519B}" = On s'entraîne 6
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A155B015-7FBB-41C1-8277-D88623310F2A}" = Unlimited Data Manager 9.1.0
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{DAD54070-AD45-8451-7509-09344D95D976}" = ccc-core-static
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E6046DDA-2E4C-1443-DBF2-4DE211C413C8}" = Catalyst Control Center Localization German
"{E859F800-75F2-F1B1-8E9D-12B3A514240B}" = Catalyst Control Center Graphics Previews Vista
"{EBEF6999-FFD3-1E0A-F989-BF3E35694C91}" = Catalyst Control Center Graphics Light
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7F4C2EC-DFDC-59F0-CC21-3937B1B2A0B3}" = ATI Catalyst Install Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Broadcom 802.11b Network Adapter" = Dienstprogramm für Dell Wireless WLAN Karte
"Creative OA001" = Integrated Webcam Driver (1.00.08.0216)
"Free Studio_is1" = Free Studio version 2013
"GIMP-2_is1" = GIMP 2.8.0
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ifolor-Designer" = ifolor Designer
"LehrerOffice Easy_is1" = LehrerOffice Easy
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.54
"Opera 12.15.1748" = Opera 12.15
"posterjack CEWE Fotobuch und Kalender" = posterjack CEWE Fotobuch und Kalender
"SopCast" = SopCast 3.5.0
"VideoPad" = VideoPad Videobearbeitungs-Software
"VLC media player" = VLC media player 2.0.1
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"Zune" = Zune
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 24.05.2013 17:56:26 | Computer Name = Silvan-Laptop | Source = EventSystem | ID = 4622
Description =
Error - 24.05.2013 17:56:26 | Computer Name = Silvan-Laptop | Source = EventSystem | ID = 4621
Description =
Error - 25.05.2013 01:43:06 | Computer Name = Silvan-Laptop | Source = LPR Print Monitor | ID = 2007
Description =
Error - 25.05.2013 01:43:06 | Computer Name = Silvan-Laptop | Source = LPR Print Monitor | ID = 2007
Description =
Error - 25.05.2013 01:44:35 | Computer Name = Silvan-Laptop | Source = WinMgmt | ID = 10
Description =
Error - 27.05.2013 05:34:16 | Computer Name = Silvan-Laptop | Source = LPR Print Monitor | ID = 2007
Description =
Error - 27.05.2013 05:34:16 | Computer Name = Silvan-Laptop | Source = LPR Print Monitor | ID = 2007
Description =
Error - 27.05.2013 05:35:43 | Computer Name = Silvan-Laptop | Source = WinMgmt | ID = 10
Description =
Error - 27.05.2013 05:40:02 | Computer Name = Silvan-Laptop | Source = Application Hang | ID = 1002
Description = Programm wmplayer.exe, Version 11.0.6001.7010 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 1164 Anfangszeit: 01ce5abdef50b61d Zeitpunkt
der Beendigung: 60000
Error - 27.05.2013 05:46:37 | Computer Name = Silvan-Laptop | Source = Application Hang | ID = 1002
Description = Programm opera.exe, Version 12.15.1748.0 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 11a4 Anfangszeit: 01ce5abdf22be1cd Zeitpunkt der Beendigung:
74
[ OSession Events ]
Error - 18.02.2013 18:26:15 | Computer Name = Silvan-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 25439
seconds with 2820 seconds of active time. This session ended with a crash.
Error - 07.03.2013 05:15:04 | Computer Name = Silvan-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1352
seconds with 1320 seconds of active time. This session ended with a crash.
Error - 21.05.2013 15:13:40 | Computer Name = Silvan-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 19260
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 26.05.2013 13:39:21 | Computer Name = Silvan-Laptop | Source = DCOM | ID = 10010
Description =
Error - 26.05.2013 13:56:13 | Computer Name = Silvan-Laptop | Source = netbt | ID = 4321
Description = Der Name "E-NET :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.178.20 registriert werden. Der Computer mit IP-Adresse 192.168.178.1
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 27.05.2013 05:34:07 | Computer Name = Silvan-Laptop | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 26.05.2013 um 20:04:39 unerwartet heruntergefahren.
Error - 27.05.2013 05:34:13 | Computer Name = Silvan-Laptop | Source = HTTP | ID = 15016
Description =
Error - 27.05.2013 05:34:29 | Computer Name = Silvan-Laptop | Source = netbt | ID = 4321
Description = Der Name "E-NET :0" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.178.20 registriert werden. Der Computer mit IP-Adresse 192.168.178.1
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 27.05.2013 05:34:56 | Computer Name = Silvan-Laptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 27.05.2013 05:35:44 | Computer Name = Silvan-Laptop | Source = Service Control Manager | ID = 7000
Description =
Error - 27.05.2013 05:36:20 | Computer Name = Silvan-Laptop | Source = netbt | ID = 4321
Description = Der Name "E-NET :0" konnte nicht auf der Schnittstelle mit
IP-Adresse 169.254.145.224 registriert werden. Der Computer mit IP-Adresse 169.254.1.1
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 27.05.2013 05:36:42 | Computer Name = Silvan-Laptop | Source = netbt | ID = 4321
Description = Der Name "E-NET :0" konnte nicht auf der Schnittstelle mit
IP-Adresse 169.254.145.224 registriert werden. Der Computer mit IP-Adresse 169.254.1.1
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 27.05.2013 05:54:52 | Computer Name = Silvan-Laptop | Source = netbt | ID = 4321
Description = Der Name "E-NET :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.178.20 registriert werden. Der Computer mit IP-Adresse 192.168.178.1
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
< End of report >
Gmer.txt: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-28 07:58:39
Windows 6.0.6001 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543232L9A300 rev.FB4OC40C 298.09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Silvan\AppData\Local\Temp\fglirkob.sys
---- System - GMER 2.1 ----
SSDT 8D80FFBE ZwCreateSection
SSDT 8D80FFC8 ZwRequestWaitReplyPort
SSDT 8D80FFC3 ZwSetContextThread
SSDT 8D80FFCD ZwSetSecurityObject
SSDT 8D80FFD2 ZwSystemDebugControl
SSDT 8D80FF5F ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KeSetTimerEx + 448 82303A6C 4 Bytes [BE, FF, 80, 8D]
.text ntkrnlpa.exe!KeSetTimerEx + 76C 82303D90 4 Bytes [C8, FF, 80, 8D] {ENTER 0x80ff, 0x8d}
.text ntkrnlpa.exe!KeSetTimerEx + 7A0 82303DC4 4 Bytes [C3, FF, 80, 8D]
.text ntkrnlpa.exe!KeSetTimerEx + 804 82303E28 4 Bytes [CD, FF, 80, 8D]
.text ntkrnlpa.exe!KeSetTimerEx + 84C 82303E70 4 Bytes [D2, FF, 80, 8D]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x90A06000, 0x1F5F94, 0xE8000020]
---- Devices - GMER 2.1 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Processes - GMER 2.1 ----
Process (*** hidden *** ) [4] 848F2BD8
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0x2E 0xE8 0xE1 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x46 0x47 0x15 0xB0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xE9 0x02 0x6C 0xFA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0xAA 0x52 0xC6 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xB2 0x46 0x9A 0xE2 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xF8 0x31 0x0F 0xA9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x05 0x73 0x21 0xDD ...
---- EOF - GMER 2.1 ----
Beste Grüsse, Silvan P.S: Habe da noch eine Frage: Lohnt sich eine Bereinigung überhaupt, oder muss ich eher eine Neuaufsetzung des Systems in Betracht ziehen? |
| Themen zu Avira meldet Fund von Trojaner 'TR/Crypt.XPACK.Gen', 'JAVA/Lamar.ltg.35' und 5 weitere Warnungen |
| 32 bit, 7 viren, avira, converter, desktop, dvdvideosoft ltd., exp/cve-2012-1723.jx, firefox, flash player, helper, hewlett packard, iexplore.exe, install.exe, java/dldr.klaslod.k, java/lamar.ltg.34, java/lamar.ltg.35, logfile, mp3, plug-in, programm, qskxttjnf/angxf.class, search the web, security, software, sttray.exe, svchost.exe, tr/crypt.xpack.ge, tr/crypt.xpack.gen, tr/crypt.xpack.gen', tr/symmi.15280.1, trojaner, trojaner 'tr/crypt.xpack.gen', windows, wrapper, wuauclt.exe |
Baum-Darstellung